I was talking about a DOS attack in https://bitcointalk.org/index.php?topic=458608.0 (ofcourse only applicable to entitys doing the tracking with txids).

Amazing how I did not get a response from any of the devs (except Greg's response https://bitcointalk.org/index.php?topic=458608.msg5063789#msg5063789 but that too was short and not concerning the attack scenario plausibiity as I replied to him).

Today they are apparently at work here https://github.com/bitcoin/bitcoin/pull/3651

Amazing how nobody acknowledges it until later when the attack already happens. The devs need to show some greater level of responsibility.

Don't get me wrong - I am not trying to claim credit for the attack scheme described (though I do not know of any other place where this was mentioned earlier as an attack scheme), but I am trying to make the point that people should just be around and at least make others feel that their concerns are being read. Now putting this on some place like reddit will only give the community a bad name.

On a lighter note I messaged some of the devs (as my previous mail says) saying the attack should be called "thenoblebot" attack (after my handle, which would inspire me to pursue crypto studies further). It was meant to be a lame joke. But I had no idea how it would start causing so much disruption in the ecosystem.

Regards 
thenoblebot 


On Tue, Feb 11, 2014 at 2:03 AM, Vocatus Gate <vocatus.gate@gmail.com> wrote:
It's quite simple, really:

Unique transaction == (Inputs+Outputs+ReceivingAddress)

Problem solved. Simply don't rely on TxID for tracking. Can we put this issue to rest and move on?




On 2014-02-10 12:40 PM, Peter Todd wrote:
On Tue, Feb 11, 2014 at 01:00:21AM +0530, naman naman wrote:

Hi guys,

Please check this thread
https://bitcointalk.org/index.php?topic=458608.0for a possible attack
scenario.

Already mailed Gavin, Mike Hearn and Adam about this :

See if it makes sense.

That's basically what appears to have happened with Mt. Gox.

Preventing the attack is as simple as training your customer service
people to ask the customer if their wallet software shows a payment to a
specific address of a specific amount at some approximate time. Making
exact payment amounts unique - add a few satoshis - is a trivial if
slightly ugly way of making sure payments can be identified uniquely
over the phone. That the procedure at Mt. Gox let front-line customer
service reps manually send funds to customers without a proper
investigation of why the funds didn't arrive was a serious mistake on
their part.

Ultimately this is more of a social engineering attack than a technical
one, and a good example of why well-thought-out payment protocols are
helpful. Though the BIP70 payment protocol doesn't yet handle busines to
individual, or individual to indivudal, payments a future iteration can
and this kind of problem will be less of an issue.

Similarly stealth addresses have an inherent per-tx unique identifier,
the derived pubkey, which a UI might be able to take advantage of.




------------------------------------------------------------------------------
Androi apps run on BlackBerry 10
Introducing the new BlackBerry 10.2.1 Runtime for Android apps.
Now with support for Jelly Bean, Bluetooth, Mapview and more.
Get your Android app in front of a whole new audience.  Start now.
http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk


_______________________________________________
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development