From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1XFXCn-0002c8-CB for bitcoin-development@lists.sourceforge.net; Thu, 07 Aug 2014 23:34:45 +0000 X-ACL-Warn: Received: from mail-la0-f52.google.com ([209.85.215.52]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1XFXCm-0007qU-8s for bitcoin-development@lists.sourceforge.net; Thu, 07 Aug 2014 23:34:45 +0000 Received: by mail-la0-f52.google.com with SMTP id b17so3027325lan.11 for ; Thu, 07 Aug 2014 16:34:37 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to :content-type; bh=lYmiKm4Ad2Dsicq4NBQekjLqXGBCa9Id5OFhd4SpHPc=; b=gyyB5/xTmOgmD35pybKSf2xWEldpXJaC5YuZACnvUWacWpCxiNM7kqvo+w09AntYaQ EYKQzzXvkWOfe+Mdsi9ILxqm1YWk1lZIUD1pa6RrQwcbTMA0qS6p2VM1+luppYmrQgNt Bhqqjt7sIGlanAiIBGTAfwsCGb/u6CTuA5lNi//PSgKZQGKZHVJTRb+CSe/+v+XMQvMQ idK0Wl5xPT90ZAga+axiKIyvjEWisC+odBiNwiU6VDNu2R1f/ovVVaQuqoiKHOSg0Xkl 0pqsX02Qd+zndwLO9KNyneJAZeYUGnfLYT03psuZYT3V6svkFWIGSxxNznpsKBzDRgA1 TsTw== X-Gm-Message-State: ALoCoQmDe/csJbzVDGUqmGWBx2It2+rkRmKjdcXeWVmWFS/0JwyuoRcBeFgJD+/26Ow81/fLPrDt X-Received: by 10.112.205.200 with SMTP id li8mr3966719lbc.70.1407452581314; Thu, 07 Aug 2014 16:03:01 -0700 (PDT) MIME-Version: 1.0 Received: by 10.112.136.131 with HTTP; Thu, 7 Aug 2014 16:02:21 -0700 (PDT) From: Pedro Worcel Date: Fri, 8 Aug 2014 11:02:21 +1200 Message-ID: To: bitcoin-development@lists.sourceforge.net Content-Type: multipart/alternative; boundary=001a11c3c84425d9a305001217f6 X-Spam-Score: 1.0 (+) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 1.0 HTML_MESSAGE BODY: HTML included in message X-Headers-End: 1XFXCm-0007qU-8s Subject: [Bitcoin-development] Miners MiTM X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Aug 2014 23:34:45 -0000 --001a11c3c84425d9a305001217f6 Content-Type: text/plain; charset=UTF-8 Hi there, I was wondering if you guys have come across this article: http://www.wired.com/2014/08/isp-bitcoin-theft/ The TL;DR is that somebody is abusing the BGP protocol to be in a position where they can intercept the miner traffic. The concerning point is that they seem to be having some degree of success in their endeavour and earning profits from it. I do not understand the impact of this (I don't know much about BGP, the mining protocol nor anything else, really), but I thought it might be worth putting it up here. Ta, Pedro --001a11c3c84425d9a305001217f6 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hi there,

I was wondering if you guys have come across = this article:

http://www.= wired.com/2014/08/isp-bitcoin-theft/

The TL;DR is that somebody= is abusing the BGP protocol to be in a position where they can intercept t= he miner traffic. The concerning point is that they seem to be having some = degree of success in their endeavour and earning profits from it.

I do not understand the impact of this (I don't know much about BGP= , the mining protocol nor anything else, really), but I thought it might be= worth putting it up here.

Ta,
Pedro

--001a11c3c84425d9a305001217f6-- From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1XFXNb-00071o-3k for bitcoin-development@lists.sourceforge.net; Thu, 07 Aug 2014 23:45:55 +0000 X-ACL-Warn: Received: from zinan.dashjr.org ([192.3.11.21]) by sog-mx-4.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1XFXNY-0006Dy-HY for bitcoin-development@lists.sourceforge.net; Thu, 07 Aug 2014 23:45:55 +0000 Received: from ishibashi.localnet (unknown [IPv6:2001:470:5:265:be5f:f4ff:febf:4f76]) (Authenticated sender: luke-jr) by zinan.dashjr.org (Postfix) with ESMTPSA id 3757B1080209; Thu, 7 Aug 2014 23:36:47 +0000 (UTC) From: Luke Dashjr To: bitcoin-development@lists.sourceforge.net Date: Thu, 7 Aug 2014 23:45:44 +0000 User-Agent: KMail/1.13.7 (Linux/3.15.5-gentoo; KDE/4.12.5; x86_64; ; ) References: In-Reply-To: X-PGP-Key-Fingerprint: E463 A93F 5F31 17EE DE6C 7316 BD02 9424 21F4 889F X-PGP-Key-ID: BD02942421F4889F X-PGP-Keyserver: hkp://pgp.mit.edu MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-15" Content-Transfer-Encoding: 7bit Message-Id: <201408072345.45363.luke@dashjr.org> X-Spam-Score: -0.7 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.7 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain X-Headers-End: 1XFXNY-0006Dy-HY Subject: Re: [Bitcoin-development] Miners MiTM X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Aug 2014 23:45:55 -0000 On Thursday, August 07, 2014 11:02:21 PM Pedro Worcel wrote: > Hi there, > > I was wondering if you guys have come across this article: > > http://www.wired.com/2014/08/isp-bitcoin-theft/ > > The TL;DR is that somebody is abusing the BGP protocol to be in a position > where they can intercept the miner traffic. The concerning point is that > they seem to be having some degree of success in their endeavour and > earning profits from it. > > I do not understand the impact of this (I don't know much about BGP, the > mining protocol nor anything else, really), but I thought it might be worth > putting it up here. This is old news; both BFGMiner and Eloipool were hardened against it a long time ago (although no Bitcoin pools have deployed it so far). I'm not aware of any actual case of it being used against Bitcoin, though - the target has always been scamcoins. From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1XFY4P-0007KB-Ad for bitcoin-development@lists.sourceforge.net; Fri, 08 Aug 2014 00:30:09 +0000 X-ACL-Warn: Received: from mail-vc0-f174.google.com ([209.85.220.174]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1XFY4N-0002Z0-6P for bitcoin-development@lists.sourceforge.net; Fri, 08 Aug 2014 00:30:09 +0000 Received: by mail-vc0-f174.google.com with SMTP id la4so7484875vcb.33 for ; Thu, 07 Aug 2014 17:30:01 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc:content-type; bh=x7BGLjNTOoPiWXU1vOR/J6cLpaxqCsOlA4BPuf56KX8=; b=OmngdCYSfHMapB9bHVl7mpMD/qFcij2hrGph07K+aCcgxnMP8+FIfqEIZXbXjohH7D /H/znjbRoAle3uXhXR+b7D+KuE6wM7fgg7Ti7IXTjLsWTrKbQVVgi0zL3HZdSAozCFr9 qW2tOJjtZIatCBUh34e0opAufOUNmmZIyHX7vGO5wiEurasGoKo3IbyGlQZhx8rzEKKi c/Y2swR7e/YucPm3eaQPtPT3yb8BCT9lLv2P9DWq0yifAL8HJQjUE7KuhEteydDkj5DR 8hiFtB40iugd3ww5+gweQE3ZebwKIN7uZ2Jvg9L9QXQx96FkKCqZaDrxymcdtlWk4ImC 3lUg== X-Gm-Message-State: ALoCoQnl4yRsXe5urosl9zE2GqVE9sfAMRkoAEdrSCbY8D3nTU7mOgpggS6Uf0gWFpxKQLfOLeOI X-Received: by 10.220.167.9 with SMTP id o9mr7293588vcy.8.1407457801461; Thu, 07 Aug 2014 17:30:01 -0700 (PDT) MIME-Version: 1.0 Sender: marek@palatinus.cz Received: by 10.58.173.226 with HTTP; Thu, 7 Aug 2014 17:29:31 -0700 (PDT) In-Reply-To: <201408072345.45363.luke@dashjr.org> References: <201408072345.45363.luke@dashjr.org> From: slush Date: Fri, 8 Aug 2014 02:29:31 +0200 X-Google-Sender-Auth: NK_5zoxwt5woSY-AEyM446X7Wzw Message-ID: To: Luke Dashjr Content-Type: multipart/alternative; boundary=089e015366884af5ed0500134e1e X-Spam-Score: 2.7 (++) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (slush[at]centrum.cz) 1.7 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist [URIs: dashjr.org] 1.0 HTML_MESSAGE BODY: HTML included in message X-Headers-End: 1XFY4N-0002Z0-6P Cc: "bitcoin-development@lists.sourceforge.net" Subject: Re: [Bitcoin-development] Miners MiTM X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Aug 2014 00:30:09 -0000 --089e015366884af5ed0500134e1e Content-Type: text/plain; charset=ISO-8859-1 AFAIK the only protection is SSL + certificate validation on client side. However certificate revocation and updates in miners are pain in the ass, that's why majority of pools (mine including) don't want to play with that... slush On Fri, Aug 8, 2014 at 1:45 AM, Luke Dashjr wrote: > On Thursday, August 07, 2014 11:02:21 PM Pedro Worcel wrote: > > Hi there, > > > > I was wondering if you guys have come across this article: > > > > http://www.wired.com/2014/08/isp-bitcoin-theft/ > > > > The TL;DR is that somebody is abusing the BGP protocol to be in a > position > > where they can intercept the miner traffic. The concerning point is that > > they seem to be having some degree of success in their endeavour and > > earning profits from it. > > > > I do not understand the impact of this (I don't know much about BGP, the > > mining protocol nor anything else, really), but I thought it might be > worth > > putting it up here. > > This is old news; both BFGMiner and Eloipool were hardened against it a > long > time ago (although no Bitcoin pools have deployed it so far). I'm not > aware of > any actual case of it being used against Bitcoin, though - the target has > always been scamcoins. > > > ------------------------------------------------------------------------------ > Infragistics Professional > Build stunning WinForms apps today! > Reboot your WinForms applications with our WinForms controls. > Build a bridge from your legacy apps to the future. > > http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > --089e015366884af5ed0500134e1e Content-Type: text/html; charset=ISO-8859-1
AFAIK the only protection is SSL + certificate validation on client side. However certificate revocation and updates in miners are pain in the ass, that's why majority of pools (mine including) don't want to play with that...

slush


On Fri, Aug 8, 2014 at 1:45 AM, Luke Dashjr <luke@dashjr.org> wrote:
On Thursday, August 07, 2014 11:02:21 PM Pedro Worcel wrote:
> Hi there,
>
> I was wondering if you guys have come across this article:
>
> http://www.wired.com/2014/08/isp-bitcoin-theft/
>
> The TL;DR is that somebody is abusing the BGP protocol to be in a position
> where they can intercept the miner traffic. The concerning point is that
> they seem to be having some degree of success in their endeavour and
> earning profits from it.
>
> I do not understand the impact of this (I don't know much about BGP, the
> mining protocol nor anything else, really), but I thought it might be worth
> putting it up here.

This is old news; both BFGMiner and Eloipool were hardened against it a long
time ago (although no Bitcoin pools have deployed it so far). I'm not aware of
any actual case of it being used against Bitcoin, though - the target has
always been scamcoins.

------------------------------------------------------------------------------
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls.
Build a bridge from your legacy apps to the future.
http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
_______________________________________________
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

--089e015366884af5ed0500134e1e-- From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1XFYBa-0004Rs-8T for bitcoin-development@lists.sourceforge.net; Fri, 08 Aug 2014 00:37:34 +0000 Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.213.174 as permitted sender) client-ip=209.85.213.174; envelope-from=chrisjfranko@gmail.com; helo=mail-ig0-f174.google.com; Received: from mail-ig0-f174.google.com ([209.85.213.174]) by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1XFYBY-0007Sn-VY for bitcoin-development@lists.sourceforge.net; Fri, 08 Aug 2014 00:37:34 +0000 Received: by mail-ig0-f174.google.com with SMTP id c1so251253igq.7 for ; Thu, 07 Aug 2014 17:37:27 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.42.114.130 with SMTP id g2mr8349558icq.46.1407458247673; Thu, 07 Aug 2014 17:37:27 -0700 (PDT) Received: by 10.42.210.138 with HTTP; Thu, 7 Aug 2014 17:37:27 -0700 (PDT) In-Reply-To: References: <201408072345.45363.luke@dashjr.org> Date: Thu, 7 Aug 2014 20:37:27 -0400 Message-ID: From: Christopher Franko Cc: "bitcoin-development@lists.sourceforge.net" Content-Type: multipart/alternative; boundary=20cf303bf576e38c43050013686e X-Spam-Score: 2.3 (++) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 1.7 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist [URIs: dashjr.org] -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (chrisjfranko[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.2 MISSING_HEADERS Missing To: header 1.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1XFYBY-0007Sn-VY Subject: Re: [Bitcoin-development] Miners MiTM X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Aug 2014 00:37:34 -0000 --20cf303bf576e38c43050013686e Content-Type: text/plain; charset=UTF-8 What exactly makes bitcoin less of a target than a "scamcoin" which I suspect means anything that != bitcoin? On 7 August 2014 20:29, slush wrote: > AFAIK the only protection is SSL + certificate validation on client side. > However certificate revocation and updates in miners are pain in the ass, > that's why majority of pools (mine including) don't want to play with > that... > > slush > > > On Fri, Aug 8, 2014 at 1:45 AM, Luke Dashjr wrote: > >> On Thursday, August 07, 2014 11:02:21 PM Pedro Worcel wrote: >> > Hi there, >> > >> > I was wondering if you guys have come across this article: >> > >> > http://www.wired.com/2014/08/isp-bitcoin-theft/ >> > >> > The TL;DR is that somebody is abusing the BGP protocol to be in a >> position >> > where they can intercept the miner traffic. The concerning point is that >> > they seem to be having some degree of success in their endeavour and >> > earning profits from it. >> > >> > I do not understand the impact of this (I don't know much about BGP, the >> > mining protocol nor anything else, really), but I thought it might be >> worth >> > putting it up here. >> >> This is old news; both BFGMiner and Eloipool were hardened against it a >> long >> time ago (although no Bitcoin pools have deployed it so far). I'm not >> aware of >> any actual case of it being used against Bitcoin, though - the target has >> always been scamcoins. >> >> >> ------------------------------------------------------------------------------ >> Infragistics Professional >> Build stunning WinForms apps today! >> Reboot your WinForms applications with our WinForms controls. >> Build a bridge from your legacy apps to the future. >> >> http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk >> _______________________________________________ >> Bitcoin-development mailing list >> Bitcoin-development@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/bitcoin-development >> > > > > ------------------------------------------------------------------------------ > Want fast and easy access to all the code in your enterprise? Index and > search up to 200,000 lines of code with a free copy of Black Duck > Code Sight - the same software that powers the world's largest code > search on Ohloh, the Black Duck Open Hub! Try it now. > http://p.sf.net/sfu/bds > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > --20cf303bf576e38c43050013686e Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
What exactly makes bitcoin less of a target than a "s= camcoin" which I suspect means anything that !=3D bitcoin?


On 7 August 2014 20= :29, slush <slush@centrum.cz> wrote:
AFAIK the only protection i= s SSL + certificate validation on client side. However certificate revocati= on and updates in miners are pain in the ass, that's why majority of po= ols (mine including) don't want to play with that...

slush


On= Fri, Aug 8, 2014 at 1:45 AM, Luke Dashjr <luke@dashjr.org> wr= ote:
On Thursday, August 07, 2014 11:02= :21 PM Pedro Worcel wrote:
> Hi there,
>
> I was wondering if you guys have come across this article:
>
> http://www.wired.com/2014/08/isp-bitcoin-theft/
>
> The TL;DR is that somebody is abusing the BGP protocol to be in a posi= tion
> where they can intercept the miner traffic. The concerning point is th= at
> they seem to be having some degree of success in their endeavour and > earning profits from it.
>
> I do not understand the impact of this (I don't know much about BG= P, the
> mining protocol nor anything else, really), but I thought it might be = worth
> putting it up here.

This is old news; both BFGMiner and Eloipool were hardened agai= nst it a long
time ago (although no Bitcoin pools have deployed it so far). I'm not a= ware of
any actual case of it being used against Bitcoin, though - the target has always been scamcoins.

---------------------------------------------------------------------------= ---
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls.
Build a bridge from your legacy apps to the future.
http://pubads.g.doubleclick.net/gam= pad/clk?id=3D153845071&iu=3D/4140/ostg.clktrk
_______________________________________________
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-de= velopment


-----------------------------------------------------------= -------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/b= ds
_______________________________________________
Bitcoin-development mailing list
Bitcoin-develo= pment@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-de= velopment


--20cf303bf576e38c43050013686e-- From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1XFYYf-00006p-1l for bitcoin-development@lists.sourceforge.net; Fri, 08 Aug 2014 01:01:25 +0000 X-ACL-Warn: Received: from zinan.dashjr.org ([192.3.11.21]) by sog-mx-3.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1XFYYd-0002ZN-Cp for bitcoin-development@lists.sourceforge.net; Fri, 08 Aug 2014 01:01:24 +0000 Received: from ishibashi.localnet (unknown [IPv6:2001:470:5:265:be5f:f4ff:febf:4f76]) (Authenticated sender: luke-jr) by zinan.dashjr.org (Postfix) with ESMTPSA id 3AB6010836AE; Fri, 8 Aug 2014 00:52:18 +0000 (UTC) From: Luke Dashjr To: slush Date: Fri, 8 Aug 2014 01:01:15 +0000 User-Agent: KMail/1.13.7 (Linux/3.15.5-gentoo; KDE/4.12.5; x86_64; ; ) References: <201408072345.45363.luke@dashjr.org> In-Reply-To: X-PGP-Key-Fingerprint: E463 A93F 5F31 17EE DE6C 7316 BD02 9424 21F4 889F X-PGP-Key-ID: BD02942421F4889F X-PGP-Keyserver: hkp://pgp.mit.edu MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-15" Content-Transfer-Encoding: 7bit Message-Id: <201408080101.16453.luke@dashjr.org> X-Spam-Score: -0.7 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.7 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain X-Headers-End: 1XFYYd-0002ZN-Cp Cc: "bitcoin-development@lists.sourceforge.net" Subject: Re: [Bitcoin-development] Miners MiTM X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Aug 2014 01:01:25 -0000 On Friday, August 08, 2014 12:29:31 AM slush wrote: > AFAIK the only protection is SSL + certificate validation on client side. > However certificate revocation and updates in miners are pain in the ass, > that's why majority of pools (mine including) don't want to play with > that... Certificate validation isn't needed unless the attacker can do a direct MITM at connection time, which is a lot harder to maintain than injecting a client.reconnect. This, combined with your concern about up to date certs/revokes/etc, is why BFGMiner defaults to TLS without cert checking for stratum. Luke From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1XFYew-0005Hs-HY for bitcoin-development@lists.sourceforge.net; Fri, 08 Aug 2014 01:07:54 +0000 X-ACL-Warn: Received: from mail-lb0-f175.google.com ([209.85.217.175]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1XFYeu-0003b7-R6 for bitcoin-development@lists.sourceforge.net; Fri, 08 Aug 2014 01:07:54 +0000 Received: by mail-lb0-f175.google.com with SMTP id 10so3249821lbg.6 for ; Thu, 07 Aug 2014 18:07:45 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=VIpoUebX6pTObFVokhzJJyFm93YcqExq8o5XtPD+wNc=; b=AiD/8+7zDd4av0G46AkhVkKfiGikNXL0zTBAm1xw1fAefUipSZik62233atuVSd7uE 32xslp6/VFZ7lsFIzMNOBxad+EKUEI+UqnThwa1Ky99D4SD/UNeM76pyiN8s036lb5yB 3Lg79PeDKEJ1U9lj4RDKRH4f+s9Fu01s8JPiNVi/8y2y4EPU+xUCd0vzHEfp/3x6oIZW BlIaHjHu8n1F5KnILkIe0sq2X9WPtgHIxinZesdKjZMD6Kd7AWABMXjleGEVPYiBC5OL 54/PeLs7le4Gf8+AsDpd/AUEQI1c4RGT0nJF7sHeJlSLrzU1czljSF+uxpJ86qrAsU+L 3L2w== X-Gm-Message-State: ALoCoQm4If8qTDO7/UsXxvneD6Jug8Qi2uyQC367oiamyPF2Z6lpquYZcdNGGIZ68ysG/wI8Tm91 X-Received: by 10.153.11.162 with SMTP id ej2mr19340945lad.15.1407460065689; Thu, 07 Aug 2014 18:07:45 -0700 (PDT) MIME-Version: 1.0 Received: by 10.112.136.131 with HTTP; Thu, 7 Aug 2014 18:07:04 -0700 (PDT) In-Reply-To: References: <201408072345.45363.luke@dashjr.org> From: Pedro Worcel Date: Fri, 8 Aug 2014 13:07:04 +1200 Message-ID: To: Christopher Franko Content-Type: multipart/alternative; boundary=001a11346d604057e9050013d549 X-Spam-Score: 2.7 (++) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 1.7 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist [URIs: dashjr.org] 1.0 HTML_MESSAGE BODY: HTML included in message X-Headers-End: 1XFYeu-0003b7-R6 Cc: "bitcoin-development@lists.sourceforge.net" Subject: Re: [Bitcoin-development] Miners MiTM X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Aug 2014 01:07:54 -0000 --001a11346d604057e9050013d549 Content-Type: text/plain; charset=UTF-8 > the only protection is SSL + certificate validation on client side. However certificate revocation and updates in miners are pain in the ass, that's why majority of pools (mine including) don't want to play with that... Another solution which would have less overhead would be to implement something akin to what openssh does. The OpenSSH client stores a certificate fingerprint, which is then verified automatically upon further connections to the server. The initial connection needs to be verified manually by the operator, though. > Certificate validation isn't needed unless the attacker can do a direct MITM at connection time, which is a lot harder to maintain than injecting a client.reconnect. This, combined with your concern about up to date certs/revokes/etc, is why BFGMiner defaults to TLS without cert checking for stratum. Seems to me that it would correctly mitigate the attack mentioned in the wired article. I am surprised that miners are not worried about losing their profits, I would personally be quite annoyed. 2014-08-08 12:37 GMT+12:00 Christopher Franko : > What exactly makes bitcoin less of a target than a "scamcoin" which I > suspect means anything that != bitcoin? > > > On 7 August 2014 20:29, slush wrote: > >> AFAIK the only protection is SSL + certificate validation on client side. >> However certificate revocation and updates in miners are pain in the ass, >> that's why majority of pools (mine including) don't want to play with >> that... >> >> slush >> >> >> On Fri, Aug 8, 2014 at 1:45 AM, Luke Dashjr wrote: >> >>> On Thursday, August 07, 2014 11:02:21 PM Pedro Worcel wrote: >>> > Hi there, >>> > >>> > I was wondering if you guys have come across this article: >>> > >>> > http://www.wired.com/2014/08/isp-bitcoin-theft/ >>> > >>> > The TL;DR is that somebody is abusing the BGP protocol to be in a >>> position >>> > where they can intercept the miner traffic. The concerning point is >>> that >>> > they seem to be having some degree of success in their endeavour and >>> > earning profits from it. >>> > >>> > I do not understand the impact of this (I don't know much about BGP, >>> the >>> > mining protocol nor anything else, really), but I thought it might be >>> worth >>> > putting it up here. >>> >>> This is old news; both BFGMiner and Eloipool were hardened against it a >>> long >>> time ago (although no Bitcoin pools have deployed it so far). I'm not >>> aware of >>> any actual case of it being used against Bitcoin, though - the target has >>> always been scamcoins. >>> >>> >>> ------------------------------------------------------------------------------ >>> Infragistics Professional >>> Build stunning WinForms apps today! >>> Reboot your WinForms applications with our WinForms controls. >>> Build a bridge from your legacy apps to the future. >>> >>> http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk >>> _______________________________________________ >>> Bitcoin-development mailing list >>> Bitcoin-development@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development >>> >> >> >> >> ------------------------------------------------------------------------------ >> Want fast and easy access to all the code in your enterprise? Index and >> search up to 200,000 lines of code with a free copy of Black Duck >> Code Sight - the same software that powers the world's largest code >> search on Ohloh, the Black Duck Open Hub! Try it now. >> http://p.sf.net/sfu/bds >> >> _______________________________________________ >> Bitcoin-development mailing list >> Bitcoin-development@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/bitcoin-development >> >> > > > ------------------------------------------------------------------------------ > Want fast and easy access to all the code in your enterprise? Index and > search up to 200,000 lines of code with a free copy of Black Duck > Code Sight - the same software that powers the world's largest code > search on Ohloh, the Black Duck Open Hub! Try it now. > http://p.sf.net/sfu/bds > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > --001a11346d604057e9050013d549 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
> the only protection is SSL + certificate validation on cl= ient side.=20 However certificate revocation and updates in miners are pain in the=20 ass, that's why majority of pools (mine including) don't want to pl= ay=20 with that...

Another solution which would have less overhead would = be to implement something akin to what openssh does. The OpenSSH client sto= res a certificate fingerprint, which is then verified automatically upon fu= rther connections to the server.

The initial connection needs to be verified manually by the operator, t= hough.

> Certificate validation isn't needed unless the attac= ker can do a direct MITM
at connection time, which is a lot harder to maintain than injecting a
client.reconnect. This, combined with your concern about up to date
certs/revokes/etc, is why BFGMiner defaults to TLS without cert checking fo= r
stratum.

Seems to me that it would correctly mitigate the attack me= ntioned in the wired article. I am surprised that miners are not worried ab= out losing their profits, I would personally be quite annoyed.



2014-08-08 12:37 GMT+12:00 Christopher Franko <chrisjfranko@gmail= .com>:
What exactly makes bitcoin = less of a target than a "scamcoin" which I suspect means anything= that !=3D bitcoin?


On 7 August 2014 20:29, slush <slush@centrum.cz> wr= ote:
AFAIK the only protection is SSL + certificate validation on clien= t side. However certificate revocation and updates in miners are pain in th= e ass, that's why majority of pools (mine including) don't want to = play with that...

slush


On Fri, Aug 8, 2014 at 1:45 AM, = Luke Dashjr <luke@dashjr.org> wrote:
On Thursday, August 07, 2014 11:02= :21 PM Pedro Worcel wrote:
> Hi there,
>
> I was wondering if you guys have come across this article:
>
> http://www.wired.com/2014/08/isp-bitcoin-theft/
>
> The TL;DR is that somebody is abusing the BGP protocol to be in a posi= tion
> where they can intercept the miner traffic. The concerning point is th= at
> they seem to be having some degree of success in their endeavour and > earning profits from it.
>
> I do not understand the impact of this (I don't know much about BG= P, the
> mining protocol nor anything else, really), but I thought it might be = worth
> putting it up here.

This is old news; both BFGMiner and Eloipool were hardened agai= nst it a long
time ago (although no Bitcoin pools have deployed it so far). I'm not a= ware of
any actual case of it being used against Bitcoin, though - the target has always been scamcoins.

---------------------------------------------------------------------------= ---
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls.
Build a bridge from your legacy apps to the future.
http://pubads.g.doubleclick.net/gam= pad/clk?id=3D153845071&iu=3D/4140/ostg.clktrk
_______________________________________________
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-de= velopment


-----------------------------------------------= -------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/b= ds

_______________________________________________ Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-de= velopment



-----------------------------------------------------------------------= -------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/b= ds
_______________________________________________
Bitcoin-development mailing list
Bitcoin-develo= pment@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-de= velopment


--001a11346d604057e9050013d549-- From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1XFZpv-0006Mh-0f for bitcoin-development@lists.sourceforge.net; Fri, 08 Aug 2014 02:23:19 +0000 X-ACL-Warn: Received: from mail-vc0-f178.google.com ([209.85.220.178]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1XFZpt-0005mN-TR for bitcoin-development@lists.sourceforge.net; Fri, 08 Aug 2014 02:23:18 +0000 Received: by mail-vc0-f178.google.com with SMTP id la4so7569082vcb.9 for ; Thu, 07 Aug 2014 19:23:12 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc:content-type; bh=2m3QRwZeBm+CPZXmZraFwUyhJM6AssaQnS13K1Hm0gA=; b=C8MvEEDURWx71Xf5xXhj6JK1F5saXMswGX9MjbaA1x4OueA6hS1GpTRZTMlfStV62Z VVfYRsG0XcmTsNfed3J5DWrRXQZy306elKJZrK8oP1dUSa2GU92ppRGJ4Tb8aPJYABPd lIt8m5Ew+Y3PQ1ZxEdawSsS29WE5T3UUAbp8sS1+R1oqJCTvGn5J/3gpy07xJifsanc8 /WSJhBsXazT4TXUhunpKA5kQFtgZGHbiY99N6zRRmU8uqVIKVNS1eeVm6pmYaTn1IxMf aDdJrhpnDSPh19+CAAeK0uKm4/jFe7QCcPCJJkSjrPJ9ADXZomTx2wRymDTNJTGpdgwg 9frA== X-Gm-Message-State: ALoCoQmQK65dt2JDIbSQGaG3wLVLe5HWCskbJPZAFTm6U0+gxL1oCewy/9aAMDODH4TRmsSIBWmE X-Received: by 10.52.83.227 with SMTP id t3mr4887128vdy.20.1407464592242; Thu, 07 Aug 2014 19:23:12 -0700 (PDT) MIME-Version: 1.0 Sender: marek@palatinus.cz Received: by 10.58.173.226 with HTTP; Thu, 7 Aug 2014 19:22:42 -0700 (PDT) In-Reply-To: References: <201408072345.45363.luke@dashjr.org> From: slush Date: Fri, 8 Aug 2014 04:22:42 +0200 X-Google-Sender-Auth: GG3l5YfTWQ-GqU36Qf8do9UxINE Message-ID: To: Pedro Worcel Content-Type: multipart/alternative; boundary=001a11368e800e0fc3050014e36e X-Spam-Score: 1.0 (+) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (slush[at]centrum.cz) 1.0 HTML_MESSAGE BODY: HTML included in message X-Headers-End: 1XFZpt-0005mN-TR Cc: "bitcoin-development@lists.sourceforge.net" Subject: Re: [Bitcoin-development] Miners MiTM X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Aug 2014 02:23:19 -0000 --001a11368e800e0fc3050014e36e Content-Type: text/plain; charset=ISO-8859-1 Although 140 BTC sounds scary, actually it was very minor issue and most of miners aren't even aware about it. TLS would probably make the attack harder, that's correct. However if somebody controls ISP routers, then MITM with TLS is harder, yet possible. slush On Fri, Aug 8, 2014 at 3:07 AM, Pedro Worcel wrote: > > Seems to me that it would correctly mitigate the attack mentioned in the > wired article. I am surprised that miners are not worried about losing > their profits, I would personally be quite annoyed. > > --001a11368e800e0fc3050014e36e Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
Although 140 BTC sounds scary, actually it was very minor = issue and most of miners aren't even aware about it.

TLS would probably make the attack harder, that's correct. However if = somebody controls ISP routers, then MITM with TLS is harder, yet possible.<= /div>

slush


On Fri, Aug 8, 2014 at 3:07 AM, Pedro Worcel <pedro@worcel= .com> wrote:

Seems to me that it would correctly mitigate the attack mentioned in the wi= red article. I am surprised that miners are not worried about losing their = profits, I would personally be quite annoyed.

--001a11368e800e0fc3050014e36e-- From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1XFai2-0000Uf-2R for bitcoin-development@lists.sourceforge.net; Fri, 08 Aug 2014 03:19:14 +0000 Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of bitpay.com designates 209.85.213.176 as permitted sender) client-ip=209.85.213.176; envelope-from=jgarzik@bitpay.com; helo=mail-ig0-f176.google.com; Received: from mail-ig0-f176.google.com ([209.85.213.176]) by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1XFai0-0003LZ-TG for bitcoin-development@lists.sourceforge.net; Fri, 08 Aug 2014 03:19:14 +0000 Received: by mail-ig0-f176.google.com with SMTP id hn18so395388igb.9 for ; Thu, 07 Aug 2014 20:19:07 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=7p3jh8ZKbiqgh2woiwfQyMhzJ6oxBPl1w3NTWDad+oo=; b=inRWAxGSKEqrQIKd9M/tJcCFC1iTHtE7a3uZXocegrsj/jHpdq5TqCJmxay6Q/axJO MKscaybkX6J7mg25AA+akpN1gwmiRF0HKdDadPwo7fhHP0OPeL58Bak//qMT1Xxvbll7 WxNiymVhLH23wCDt2U6hvcbeTQMuwzdrYF0SERFz6/JsEyCYpOpYROyMVMhAW/RIAfEv rrDtTtSDjkhkLRfO/z8+Gq+JjDqQ17vaNg7IJFvy0RwyjX08NjAEAfv6Wb/4/nI71TO7 joejNEmtdaUMVQbVf43s0nfhv9td2EIVqgL4/zIEUlhAlJ9TrI4QYWSC5VWevatdcpKp c6iA== X-Gm-Message-State: ALoCoQmiOzM14TaNdrxUpckxRE2GNJ1HGzrBbpxw0PnautVE0Uh1ifcbjr+7fee2w6GmFUNAnWe6 X-Received: by 10.50.178.172 with SMTP id cz12mr1311954igc.22.1407467947461; Thu, 07 Aug 2014 20:19:07 -0700 (PDT) MIME-Version: 1.0 Received: by 10.107.10.78 with HTTP; Thu, 7 Aug 2014 20:18:47 -0700 (PDT) In-Reply-To: References: <201408072345.45363.luke@dashjr.org> From: Jeff Garzik Date: Thu, 7 Aug 2014 23:18:47 -0400 Message-ID: To: slush Content-Type: multipart/alternative; boundary=089e0149c57e0b49a4050015abd1 X-Spam-Score: 1.1 (+) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record 1.7 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist [URIs: dashjr.org] 1.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1XFai0-0003LZ-TG Cc: "bitcoin-development@lists.sourceforge.net" Subject: Re: [Bitcoin-development] Miners MiTM X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Aug 2014 03:19:14 -0000 --089e0149c57e0b49a4050015abd1 Content-Type: text/plain; charset=UTF-8 You don't necessarily need the heavy weight of SSL. You only need digitally signed envelopes between miner and pool[1]. [1] Unless the pool is royally stupid and will somehow credit miner B, if miner B provides to the pool a copy of miner A's work. On Thu, Aug 7, 2014 at 8:29 PM, slush wrote: > AFAIK the only protection is SSL + certificate validation on client side. > However certificate revocation and updates in miners are pain in the ass, > that's why majority of pools (mine including) don't want to play with > that... > > slush > > > On Fri, Aug 8, 2014 at 1:45 AM, Luke Dashjr wrote: > >> On Thursday, August 07, 2014 11:02:21 PM Pedro Worcel wrote: >> > Hi there, >> > >> > I was wondering if you guys have come across this article: >> > >> > http://www.wired.com/2014/08/isp-bitcoin-theft/ >> > >> > The TL;DR is that somebody is abusing the BGP protocol to be in a >> position >> > where they can intercept the miner traffic. The concerning point is that >> > they seem to be having some degree of success in their endeavour and >> > earning profits from it. >> > >> > I do not understand the impact of this (I don't know much about BGP, the >> > mining protocol nor anything else, really), but I thought it might be >> worth >> > putting it up here. >> >> This is old news; both BFGMiner and Eloipool were hardened against it a >> long >> time ago (although no Bitcoin pools have deployed it so far). I'm not >> aware of >> any actual case of it being used against Bitcoin, though - the target has >> always been scamcoins. >> >> >> ------------------------------------------------------------------------------ >> Infragistics Professional >> Build stunning WinForms apps today! >> Reboot your WinForms applications with our WinForms controls. >> Build a bridge from your legacy apps to the future. >> >> http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk >> _______________________________________________ >> Bitcoin-development mailing list >> Bitcoin-development@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/bitcoin-development >> > > > > ------------------------------------------------------------------------------ > Want fast and easy access to all the code in your enterprise? Index and > search up to 200,000 lines of code with a free copy of Black Duck > Code Sight - the same software that powers the world's largest code > search on Ohloh, the Black Duck Open Hub! Try it now. > http://p.sf.net/sfu/bds > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > -- Jeff Garzik Bitcoin core developer and open source evangelist BitPay, Inc. https://bitpay.com/ --089e0149c57e0b49a4050015abd1 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
You don't necessarily need the heavy weight = of SSL.

You only need digitally signed envelopes between miner= and pool[1].

[1] Unless the pool is royally stupid and will s= omehow credit miner B, if miner B provides to the pool a copy of miner A= 9;s work.



On = Thu, Aug 7, 2014 at 8:29 PM, slush <slush@centrum.cz> wrote:<= br>
AFAIK the only protection is SSL + certificate validation = on client side. However certificate revocation and updates in miners are pa= in in the ass, that's why majority of pools (mine including) don't = want to play with that...
slush


On= Fri, Aug 8, 2014 at 1:45 AM, Luke Dashjr <luke@dashjr.org> wr= ote:
On Thursday, August 07, 2014 11:02= :21 PM Pedro Worcel wrote:
> Hi there,
>
> I was wondering if you guys have come across this article:
>
> http://www.wired.com/2014/08/isp-bitcoin-theft/
>
> The TL;DR is that somebody is abusing the BGP protocol to be in a posi= tion
> where they can intercept the miner traffic. The concerning point is th= at
> they seem to be having some degree of success in their endeavour and > earning profits from it.
>
> I do not understand the impact of this (I don't know much about BG= P, the
> mining protocol nor anything else, really), but I thought it might be = worth
> putting it up here.

This is old news; both BFGMiner and Eloipool were hardened agai= nst it a long
time ago (although no Bitcoin pools have deployed it so far). I'm not a= ware of
any actual case of it being used against Bitcoin, though - the target has always been scamcoins.

---------------------------------------------------------------------------= ---
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls.
Build a bridge from your legacy apps to the future.
http://pubads.g.doubleclick.net/gam= pad/clk?id=3D153845071&iu=3D/4140/ostg.clktrk
_______________________________________________
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-de= velopment


-----------------------------------------------------------= -------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/b= ds
_______________________________________________
Bitcoin-development mailing list
Bitcoin-develo= pment@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-de= velopment




--
Jeff Garzik
Bitc= oin core developer and open source evangelist
BitPay, Inc. =C2=A0 =C2=A0= =C2=A0https://bitpay.com= / --089e0149c57e0b49a4050015abd1-- From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1XFghO-0005dG-OS for bitcoin-development@lists.sourceforge.net; Fri, 08 Aug 2014 09:42:58 +0000 Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.218.49 as permitted sender) client-ip=209.85.218.49; envelope-from=mh.in.england@gmail.com; helo=mail-oi0-f49.google.com; Received: from mail-oi0-f49.google.com ([209.85.218.49]) by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1XFghN-0006BZ-Sz for bitcoin-development@lists.sourceforge.net; Fri, 08 Aug 2014 09:42:58 +0000 Received: by mail-oi0-f49.google.com with SMTP id u20so3435415oif.8 for ; Fri, 08 Aug 2014 02:42:52 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.60.158.8 with SMTP id wq8mr29000656oeb.40.1407490972398; Fri, 08 Aug 2014 02:42:52 -0700 (PDT) Sender: mh.in.england@gmail.com Received: by 10.76.35.234 with HTTP; Fri, 8 Aug 2014 02:42:52 -0700 (PDT) In-Reply-To: References: <201408072345.45363.luke@dashjr.org> Date: Fri, 8 Aug 2014 11:42:52 +0200 X-Google-Sender-Auth: 2ctu7aWlnn599iKF8edu2A2-gzA Message-ID: From: Mike Hearn To: slush Content-Type: multipart/alternative; boundary=047d7bd6ac486f3d5a05001b0787 X-Spam-Score: -0.5 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (mh.in.england[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1XFghN-0006BZ-Sz Cc: "bitcoin-development@lists.sourceforge.net" Subject: Re: [Bitcoin-development] Miners MiTM X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Aug 2014 09:42:58 -0000 --047d7bd6ac486f3d5a05001b0787 Content-Type: text/plain; charset=UTF-8 > > AFAIK the only protection is SSL + certificate validation on client side. > However certificate revocation and updates in miners are pain in the ass, > that's why majority of pools (mine including) don't want to play with > that... > Why would miners need updates? If they implement the standard SSL infrastructure you can change certificates and keys without needing to update miners. Besides, when it comes to financial services SSL is essential, I'm kind of surprised it wasn't already used everywhere. I wouldn't use an online bank that didn't support SSL, I would see it as a a sign of serious problems. Heck I wouldn't even use webmail that didn't support SSL these days. --047d7bd6ac486f3d5a05001b0787 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
AFAIK the only protection is SS= L + certificate validation on client side. However certificate revocation a= nd updates in miners are pain in the ass, that's why majority of pools = (mine including) don't want to play with that...

Why would miners need updates? If they imp= lement the standard SSL infrastructure you can change certificates and keys= without needing to update miners.

Besides, when i= t comes to financial services SSL is essential, I'm kind of surprised i= t wasn't already used everywhere. I wouldn't use an online bank tha= t didn't support SSL, I would see it as a a sign of serious problems. H= eck I wouldn't even use webmail that didn't support SSL these days.=


--047d7bd6ac486f3d5a05001b0787-- From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1XFgrb-000783-8P for bitcoin-development@lists.sourceforge.net; Fri, 08 Aug 2014 09:53:31 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.218.48 as permitted sender) client-ip=209.85.218.48; envelope-from=mh.in.england@gmail.com; helo=mail-oi0-f48.google.com; Received: from mail-oi0-f48.google.com ([209.85.218.48]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1XFgra-0002HV-F1 for bitcoin-development@lists.sourceforge.net; Fri, 08 Aug 2014 09:53:31 +0000 Received: by mail-oi0-f48.google.com with SMTP id h136so3499930oig.35 for ; Fri, 08 Aug 2014 02:53:24 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.182.210.195 with SMTP id mw3mr1555351obc.82.1407491604939; Fri, 08 Aug 2014 02:53:24 -0700 (PDT) Sender: mh.in.england@gmail.com Received: by 10.76.35.234 with HTTP; Fri, 8 Aug 2014 02:53:24 -0700 (PDT) In-Reply-To: <201408080101.16453.luke@dashjr.org> References: <201408072345.45363.luke@dashjr.org> <201408080101.16453.luke@dashjr.org> Date: Fri, 8 Aug 2014 11:53:24 +0200 X-Google-Sender-Auth: w5QC-f1vvC_mQMqI1x3fgqWhra4 Message-ID: From: Mike Hearn To: Luke Dashjr Content-Type: multipart/alternative; boundary=001a11c2a022230b5805001b2da5 X-Spam-Score: -0.5 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (mh.in.england[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1XFgra-0002HV-F1 Cc: "bitcoin-development@lists.sourceforge.net" Subject: Re: [Bitcoin-development] Miners MiTM X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Aug 2014 09:53:31 -0000 --001a11c2a022230b5805001b2da5 Content-Type: text/plain; charset=UTF-8 > > Certificate validation isn't needed unless the attacker can do a direct > MITM > at connection time, which is a lot harder to maintain than injecting a > client.reconnect. > Surely the TCP connection will be reset once the route reconfiguration is completed, either by the MITM server or by the client TCP stack when it discovers the server doesn't know about the connection anymore? TLS without cert validation defeats the point, you can still be connected to a MITM at any point by anyone who can simply interrupt or corrupt the stream, forcing a reconnect. --001a11c2a022230b5805001b2da5 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Certificate validation isn't= needed unless the attacker can do a direct MITM
at connection time, which is a lot harder to maintain than injecting a
client.reconnect.

Surely the TCP connec= tion will be reset once the route reconfiguration is completed, either by t= he MITM server or by the client TCP stack when it discovers the server does= n't know about the connection anymore?=C2=A0

TLS without cert validation defeats the point, you can = still be connected to a MITM at any point by anyone who can simply interrup= t or corrupt the stream, forcing a reconnect.
--001a11c2a022230b5805001b2da5-- From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1XFonR-0001Ez-Kk for bitcoin-development@lists.sourceforge.net; Fri, 08 Aug 2014 18:21:45 +0000 Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of bitpay.com designates 209.85.223.172 as permitted sender) client-ip=209.85.223.172; envelope-from=jgarzik@bitpay.com; helo=mail-ie0-f172.google.com; Received: from mail-ie0-f172.google.com ([209.85.223.172]) by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1XFonQ-0006hl-Ar for bitcoin-development@lists.sourceforge.net; Fri, 08 Aug 2014 18:21:45 +0000 Received: by mail-ie0-f172.google.com with SMTP id lx4so6919942iec.3 for ; Fri, 08 Aug 2014 11:21:39 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=PUVR7duUDOXUje/L0al7PXsAAJfLpseaOrV+fbBdBnM=; b=hXnp+yNutdGA6l5wXLXIw4VR1O6gUaKkite7TNZ2vVB04awLG0psmDgVUliKq0Eun6 7i9mmLx1ZizqcgwhErc/V/iUacnyRlVONCxIOKszl9xdtmho1wYI90rp6lYu6NPRxbE1 SIUUgRVv84s68oQgPofGkvSi23lcWm6FlTqnz4pAzcZ2qrdU919w2qv7Q+sHyuGBboFc FiOYc9Bqx55p9qiVp3toNyP8dXxDj+gEunfp6kOA2jGvP6W9Eeg6EsG0bvZsX5YjMrpf ixhjCc7rFnC1zJNSDFPRVHl3nr4MzC44KXt/uWuP3mo0VYAH7Mp0OA4tlI0uGkEVzSLB JMIg== X-Gm-Message-State: ALoCoQky8suqDD7GADueBqczqr+pFth+PvWdOGoTKAvKvZsfK1nTaW5+zAXiBPXWCvuolF2PX2AI X-Received: by 10.50.107.7 with SMTP id gy7mr7515442igb.15.1407522098984; Fri, 08 Aug 2014 11:21:38 -0700 (PDT) MIME-Version: 1.0 Received: by 10.107.10.78 with HTTP; Fri, 8 Aug 2014 11:21:18 -0700 (PDT) In-Reply-To: References: <201408072345.45363.luke@dashjr.org> <201408080101.16453.luke@dashjr.org> From: Jeff Garzik Date: Fri, 8 Aug 2014 14:21:18 -0400 Message-ID: To: Mike Hearn Content-Type: text/plain; charset=UTF-8 X-Spam-Score: -1.6 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1XFonQ-0006hl-Ar Cc: "bitcoin-development@lists.sourceforge.net" Subject: Re: [Bitcoin-development] Miners MiTM X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Aug 2014 18:21:45 -0000 gmaxwell noted on IRC that enabling TLS could be functionally, if not literally, a DoS on the pool servers. Hence the thought towards a more lightweight method that simply prevents client payout redirection + server impersonation. On Fri, Aug 8, 2014 at 5:53 AM, Mike Hearn wrote: >> Certificate validation isn't needed unless the attacker can do a direct >> MITM >> at connection time, which is a lot harder to maintain than injecting a >> client.reconnect. > > > Surely the TCP connection will be reset once the route reconfiguration is > completed, either by the MITM server or by the client TCP stack when it > discovers the server doesn't know about the connection anymore? > > TLS without cert validation defeats the point, you can still be connected to > a MITM at any point by anyone who can simply interrupt or corrupt the > stream, forcing a reconnect. > > ------------------------------------------------------------------------------ > Want fast and easy access to all the code in your enterprise? Index and > search up to 200,000 lines of code with a free copy of Black Duck > Code Sight - the same software that powers the world's largest code > search on Ohloh, the Black Duck Open Hub! Try it now. > http://p.sf.net/sfu/bds > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > -- Jeff Garzik Bitcoin core developer and open source evangelist BitPay, Inc. https://bitpay.com/ From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1XFot8-0006WW-Iz for bitcoin-development@lists.sourceforge.net; Fri, 08 Aug 2014 18:27:38 +0000 X-ACL-Warn: Received: from zinan.dashjr.org ([192.3.11.21]) by sog-mx-1.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1XFot7-0004GW-PX for bitcoin-development@lists.sourceforge.net; Fri, 08 Aug 2014 18:27:38 +0000 Received: from ishibashi.localnet (unknown [IPv6:2001:470:5:265:be5f:f4ff:febf:4f76]) (Authenticated sender: luke-jr) by zinan.dashjr.org (Postfix) with ESMTPSA id B5C011080209; Fri, 8 Aug 2014 18:18:32 +0000 (UTC) From: Luke Dashjr To: Jeff Garzik Date: Fri, 8 Aug 2014 18:27:29 +0000 User-Agent: KMail/1.13.7 (Linux/3.15.5-gentoo; KDE/4.12.5; x86_64; ; ) References: In-Reply-To: X-PGP-Key-Fingerprint: E463 A93F 5F31 17EE DE6C 7316 BD02 9424 21F4 889F X-PGP-Key-ID: BD02942421F4889F X-PGP-Keyserver: hkp://pgp.mit.edu MIME-Version: 1.0 Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <201408081827.30783.luke@dashjr.org> X-Spam-Score: -0.7 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.7 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain X-Headers-End: 1XFot7-0004GW-PX Cc: "bitcoin-development@lists.sourceforge.net" Subject: Re: [Bitcoin-development] Miners MiTM X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Aug 2014 18:27:38 -0000 On Friday, August 08, 2014 6:21:18 PM Jeff Garzik wrote: > gmaxwell noted on IRC that enabling TLS could be functionally, if not > literally, a DoS on the pool servers. Hence the thought towards a > more lightweight method that simply prevents client payout redirection > + server impersonation. My thought for GBT2 a while ago was to use simple ECDSA signatures for messages. It'd be nice to use the same as Bitcoin, but then we'd hit problems with RedHat/Fedora legal being stupid. :( Luke From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1XFpHt-0007PG-0E for bitcoin-development@lists.sourceforge.net; Fri, 08 Aug 2014 18:53:13 +0000 Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of heliacal.net designates 91.234.48.203 as permitted sender) client-ip=91.234.48.203; envelope-from=laszlo@heliacal.net; helo=mail3.heliacal.net; Received: from mail3.heliacal.net ([91.234.48.203]) by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.76) id 1XFpHr-0001qm-Jz for bitcoin-development@lists.sourceforge.net; Fri, 08 Aug 2014 18:53:12 +0000 Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\)) From: Laszlo Hanyecz In-Reply-To: Date: Fri, 8 Aug 2014 18:34:01 +0000 Content-Transfer-Encoding: quoted-printable Message-Id: References: <201408072345.45363.luke@dashjr.org> <201408080101.16453.luke@dashjr.org> To: Jeff Garzik X-Mailer: Apple Mail (2.1510) X-Spam-Score: -2.3 (--) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record -0.7 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1XFpHr-0001qm-Jz Cc: "bitcoin-development@lists.sourceforge.net" Subject: Re: [Bitcoin-development] Miners MiTM X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Aug 2014 18:53:13 -0000 Mutual CHAP could work. This is commonly done in PPP and iSCSI. The = idea is simply that both sides authenticate. The server expects the = client to provide a password, and the client expects the server to = provide a (different) password. If you masquerade as the server, you = won't be able to authenticate because every client has a different = password they expect from the server, so they won't do work for you. = MITM on the server can capture the exchange but CHAP protects against = replay. = https://en.wikipedia.org/wiki/Challenge-Handshake_Authentication_Protocol -Laszlo On Aug 8, 2014, at 6:21 PM, Jeff Garzik wrote: > gmaxwell noted on IRC that enabling TLS could be functionally, if not > literally, a DoS on the pool servers. Hence the thought towards a > more lightweight method that simply prevents client payout redirection > + server impersonation. >=20 >=20 > On Fri, Aug 8, 2014 at 5:53 AM, Mike Hearn wrote: >>> Certificate validation isn't needed unless the attacker can do a = direct >>> MITM >>> at connection time, which is a lot harder to maintain than injecting = a >>> client.reconnect. >>=20 >>=20 >> Surely the TCP connection will be reset once the route = reconfiguration is >> completed, either by the MITM server or by the client TCP stack when = it >> discovers the server doesn't know about the connection anymore? >>=20 >> TLS without cert validation defeats the point, you can still be = connected to >> a MITM at any point by anyone who can simply interrupt or corrupt the >> stream, forcing a reconnect. >>=20 >> = --------------------------------------------------------------------------= ---- >> Want fast and easy access to all the code in your enterprise? Index = and >> search up to 200,000 lines of code with a free copy of Black Duck >> Code Sight - the same software that powers the world's largest code >> search on Ohloh, the Black Duck Open Hub! Try it now. >> http://p.sf.net/sfu/bds >> _______________________________________________ >> Bitcoin-development mailing list >> Bitcoin-development@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/bitcoin-development >>=20 >=20 >=20 >=20 > --=20 > Jeff Garzik > Bitcoin core developer and open source evangelist > BitPay, Inc. https://bitpay.com/ >=20 > = --------------------------------------------------------------------------= ---- > Want fast and easy access to all the code in your enterprise? Index = and > search up to 200,000 lines of code with a free copy of Black Duck > Code Sight - the same software that powers the world's largest code > search on Ohloh, the Black Duck Open Hub! Try it now. > http://p.sf.net/sfu/bds > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1XG5kq-0007Tm-Gr for bitcoin-development@lists.sourceforge.net; Sat, 09 Aug 2014 12:28:12 +0000 X-ACL-Warn: Received: from p3plsmtpa11-04.prod.phx3.secureserver.net ([68.178.252.105]) by sog-mx-4.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1XG5kp-00033P-GP for bitcoin-development@lists.sourceforge.net; Sat, 09 Aug 2014 12:28:12 +0000 Received: from [192.168.0.23] ([201.231.95.129]) by p3plsmtpa11-04.prod.phx3.secureserver.net with id ccFV1o00B2nUpUh01cFWzW; Sat, 09 Aug 2014 05:15:31 -0700 Message-ID: <53E610DE.4070903@certimix.com> Date: Sat, 09 Aug 2014 09:15:26 -0300 From: Sergio Lerner User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20121026 Thunderbird/16.0.2 MIME-Version: 1.0 To: bitcoin-development@lists.sourceforge.net References: <201408072345.45363.luke@dashjr.org> <201408080101.16453.luke@dashjr.org> In-Reply-To: X-Enigmail-Version: 1.4.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Spam-Score: 0.0 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [68.178.252.105 listed in list.dnswl.org] X-Headers-End: 1XG5kp-00033P-GP Subject: Re: [Bitcoin-development] Miners MiTM X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Aug 2014 12:28:12 -0000 Since the information exchanged between the pool and the miner is public, all that's needed is a mutual private MAC key that authenticates messages. This requires a registration step, that can be done only once using a simple web interface over https to the miner website. But the miner website is not the miner server, so the worst DoS would be preventing new miners to join the pool, which is not very often. The MAC key can be provided directly by the miner. And the pool associates the MAC key with a Bitcoin public address. The overhead would be minimal. -Sergio. From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1XGCMt-00011j-9m for bitcoin-development@lists.sourceforge.net; Sat, 09 Aug 2014 19:31:55 +0000 X-ACL-Warn: Received: from nl.grid.coop ([50.7.166.116]) by sog-mx-3.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1XGCMl-0008Fo-Cy for bitcoin-development@lists.sourceforge.net; Sat, 09 Aug 2014 19:31:55 +0000 Received: from localhost (localhost [127.0.0.1]) (uid 1000) by nl.grid.coop with local; Sat, 09 Aug 2014 14:31:39 -0500 id 000000000006E26A.0000000053E6771B.00001A71 Date: Sat, 9 Aug 2014 14:31:39 -0500 From: Troy Benjegerdes To: Luke Dashjr Message-ID: <20140809193139.GH22640@nl.grid.coop> References: <201408072345.45363.luke@dashjr.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline In-Reply-To: <201408072345.45363.luke@dashjr.org> User-Agent: Mutt/1.5.21 (2010-09-15) X-Spam-Score: -0.7 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.7 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain X-Headers-End: 1XGCMl-0008Fo-Cy Cc: bitcoin-development@lists.sourceforge.net Subject: Re: [Bitcoin-development] Miners MiTM X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Aug 2014 19:31:55 -0000 On Thu, Aug 07, 2014 at 11:45:44PM +0000, Luke Dashjr wrote: > On Thursday, August 07, 2014 11:02:21 PM Pedro Worcel wrote: > > Hi there, > > > > I was wondering if you guys have come across this article: > > > > http://www.wired.com/2014/08/isp-bitcoin-theft/ > > > > The TL;DR is that somebody is abusing the BGP protocol to be in a position > > where they can intercept the miner traffic. The concerning point is that > > they seem to be having some degree of success in their endeavour and > > earning profits from it. > > > > I do not understand the impact of this (I don't know much about BGP, the > > mining protocol nor anything else, really), but I thought it might be worth > > putting it up here. > > This is old news; both BFGMiner and Eloipool were hardened against it a long > time ago (although no Bitcoin pools have deployed it so far). I'm not aware of > any actual case of it being used against Bitcoin, though - the target has > always been scamcoins. That statement right there is all the evidence I need to convince myself that Bitcoin is under continuous and active BGP feed manipulation by organized crime elements. Just the phrase of referring to !bitcoin as 'scamcoins' is a signal of an organized marketing/psychological operations effort to marginalize other competitors, and the documented altcoin BGP highjacks were most likely testing of the system to confirm both a) that it works b) how to hide it below the detection threshhold From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1XGCUl-0007U5-Ar for bitcoin-development@lists.sourceforge.net; Sat, 09 Aug 2014 19:40:03 +0000 X-ACL-Warn: Received: from nl.grid.coop ([50.7.166.116]) by sog-mx-1.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1XGCUk-0007x1-7x for bitcoin-development@lists.sourceforge.net; Sat, 09 Aug 2014 19:40:03 +0000 Received: from localhost (localhost [127.0.0.1]) (uid 1000) by nl.grid.coop with local; Sat, 09 Aug 2014 14:39:54 -0500 id 000000000006E26A.0000000053E6790A.00001A89 Date: Sat, 9 Aug 2014 14:39:54 -0500 From: Troy Benjegerdes To: Mike Hearn Message-ID: <20140809193954.GI22640@nl.grid.coop> References: <201408072345.45363.luke@dashjr.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-Spam-Score: -0.7 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.7 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain X-Headers-End: 1XGCUk-0007x1-7x Cc: "bitcoin-development@lists.sourceforge.net" Subject: Re: [Bitcoin-development] Miners MiTM X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Aug 2014 19:40:03 -0000 On Fri, Aug 08, 2014 at 11:42:52AM +0200, Mike Hearn wrote: > > > > AFAIK the only protection is SSL + certificate validation on client side. > > However certificate revocation and updates in miners are pain in the ass, > > that's why majority of pools (mine including) don't want to play with > > that... > > > > Why would miners need updates? If they implement the standard SSL > infrastructure you can change certificates and keys without needing to > update miners. > > Besides, when it comes to financial services SSL is essential, I'm kind of > surprised it wasn't already used everywhere. I wouldn't use an online bank > that didn't support SSL, I would see it as a a sign of serious problems. > Heck I wouldn't even use webmail that didn't support SSL these days. Because turning on SSL gives pool operators a way to hack your miners. http://www.symantec.com/connect/blogs/openssl-patches-critical-vulnerabilities-two-months-after-heartbleed Just because SSL is the answer for financial services regulated security theatre, where fraud means you just roll-back the transaction, it does not mean it is actually a good cryptographic solution. There are far better mechanisms that could be implemented using ECDSA keys (aka bitcoin addresses) to authenticate both miners and pools, but the problem is there zero economic incentive to do so. As long as the BGP/SSL/zero-day-of-the-week man-in-the middle fraud cost is lower than the engineering cost to do some real cryptography and code audits, we'll keep having new 'security patches' every couple of months.