Qntra | Herald Of The Most Serene Republic

Blog Post On Insurance Disappears From BitGo Website

Posted on August 4, 2016 by Aaron 'BingoBoingo' Rogier

On February 25th 2015 BitGo, the firm which "held" the recently liberated Bitfinex customer coins in a sort of deviant escrow demanded by the United States Commodity and Futures Trading Commision, published a blog post on how they were insured against theft. That blog post is no longer available on BitGo's website. Bitstamp reportedly also uses BitGo in a similar capacity though they assure customers that the particulars of their arrangement are so different this could never happen to their customers.

P2SH considered harmful, sorry for your loss.

Phree Software Download Website Fosshub Distributed MBR Tainting Malware

Posted on August 4, 2016 by Aaron 'BingoBoingo' Rogier

This week the free software download website Fosshub distributed master boot record tainting malware after reportedly being compromised (archived). The alleged attackers are trumpeting that in spite of producing malware that infected the master boot record of affected machines, that bundling further malware with an impact beyond vandalizing machine start up output was too much for them. Such claims are to be taken with a grain of salt and affected machines cleansed with fire. Sorry for your loss.

Woman's Facebook Account Suspended During Fatal Standoff

Posted on August 4, 2016 by Aaron 'BingoBoingo' Rogier

Korryn Gaines (WOT:nonperson) was killed by Baltimore County police during a standoff. Before killing the 23 year old woman police requested that Facebook suspend the social media accounts she was using to broadcast her personal revolution. Facebook obliged, she died. Apparently the revolution will not be Facebooked, Instagrammed or Whatapp'd.¹ Peace in our time.

As these are all Facebook social media properties. ↩

First US Cop Faces Terrorism Charges, Crime: Buying Gift Cards

Posted on August 4, 2016 by Aaron 'BingoBoingo' Rogier

In what mainstream media is reporting as the first case of terrorism charges targeting a law enforcement officer in the United States, a DC area transit cop bought ~250 United States dollars worth of gift cards (archived). Prosecutors allege he then distributed the gift card codes to FBI agents so that those FBI agents could buy paid mobile messaging apps for the Islamic State.

Law enforcement officers not facing terrorism charges in the United States include:

Lon Horiuchi, member of civilian murdering death squad at Ruby Ridge and Waco (archived)
Carl Mark Force IV, extortionist and moved gift cards well in excess of 250 United States dollars
Shaun Bridges, moved gift cards well in excess of 250United States dollars, failed international man of mystery
Members of the FBI death squad that murdered Lavoy Finicum
Unconfirmed but probably FBI agents providing agar for the Rebel But Gangster Black Rebels
The Department of Homeland Security officer who went on a mass shooting spree back in May

Those most be some serious mobile messaging apps.

Shapeshift.io Unveils Ether Cleaver

Posted on August 3, 2016 by shinohai

ShapeShift.io has announced a new service making it easier to launder "clean" Ether-huffer's funds. (archived) The tool, located at split.shapeshift.io, says it can "safely separate or "clean" your Ethereum balances and avoid replay attacks and lost coins." The news comes too late to help chief ETH huffer Brian Armstrong of Coinbase, whose company is still rumored to be of questionable solvency due to not understanding how hard forks work.¹

Edit: Coinbase just announced it would be awarding users "credits" "soon" for the amount of Ethereum users have that wasn't subject to Buterin's time travel theft to bailout the DAO. ↩

Bitfinex Director Claims 119,756 Bitcoins Lost

Posted on August 2, 2016 by shinohai

Reddit user zanetackett, Director of Community and Product Development for Bitfinex, is now claiming that losses total 119,756 BTC in the hack reported on earlier today. Attackers were apparently able to obtain the offline keys used for the multisig setup used by the exchange, though Buttfinex officials have yet to comment on the exact attack vector. The company further states that "their insurance does not cover these losses" and that "Any settlements will be at the current market prices as of 18:00 UTC" which was just at $600 per coin.

Yet Another Underwhelming Effort To Fork Bitcoin Unveiled

Posted on August 2, 2016 by Aaron 'BingoBoingo' Rogier

After the grossly underwhelming reveal of last month's "Terminator Plan" hard fork buzz this month brings yet another social engineering attempt. A new subreddit named "btcfork" was publicly announced and it swiftly filled with a bunch of activity from people who won't attach names to the positions they are trying to advance. Apparently having people with names was the problem this whole time! This latest attempt comes after Ethereum hard forked with substantial lulz. The nameless posters however insist that this will be different and successful. Sorry fork, your loss.

Network Difficulty Experiences Modest Drop Of ~5.4% In Second Change Post Halving

Posted on August 2, 2016 by Aaron 'BingoBoingo' Rogier

Bitcoin network difficulty fell ~5.43 percent from 213492501107.51336670 to 201893210853.05895996 in its second adjustment following the second halving of the Bitcoin block reward subsidy. The first adjustment following the halving was a very slight increase in difficulty. Paired with the bleeding and breaking occurring among fiat/Bitcoin interfaces it looks like the short term forecast is "there will be lulz."

Phuctor Finds Seven Keys Produced With Null RNG, And Other Curiosities

Posted on August 2, 2016 by asciilifeform

Phuctor is a public service, operated by S.NSA. It catalogues extant RSA public keys which are known to be inexpensively breakable.¹

Recently, Phuctor's algorithmic arsenal was expanded to include a search for perfect squares, which was then further generalized to Fermat's factorization method. A perfect square RSA modulus results from an ill-conceived, subverted, or otherwise catastrophically-broken key generator where a cryptographic prime P is created and immediately re-used verbatim, as prime Q. An RSA modulus factorable via Fermat's method contains two factors which are dangerously (i.e., cheaply-discoverably) close together. This typically results from a lulzimplementation of RSA where prime Q is generated by finding NextPrime(P), rather than independently.

The perfect square finder immediately yielded up a modulus which consisted merely of the square of the next prime following 2^1023. This type of RSA public modulus is consistent with a scenario where a PGP client is operated on a system containing a null-outputting RNG. This trivially-breakable modulus was found to occur in no fewer than seven RSA public keys, claiming the following user IDs:

Mr. Pescador appears to be, or to have once been, an employee of the State of Hawaii, a curator of data.hawaii.gov (archived), and — apparently — of an empty GitHub repository. (archived). Mr. Khadeer is the President of the Muslim Association of Puget Sound (MAPS) in Redmond (archived), famous primarily for 'heartfelt condemnations' (archived) of this and that, published like clockwork for the past decade. Not much is publicly known about the other victims and/or perpetrators of brain-damaged cryptography in the above list.

The subsequent search for Fermat-factorable RSA moduli yielded exactly one additional result. This very peculiar PGP public key is suggestive of an aborted attempt at the development of a cross-site scripting (XSS) attack against PGP users who might decode the key and display its User ID field in certain WWW browsers.

Peace in our ctime();

For the comedic gold let it be pointed out that prior to Phuctor's existence this kind of key simply did not exist, as per official truth. Nowadays they "obviously" do exist, but after the failure of embrace-extend-hijack attempts spearheaded by Hanno Böck, the deceitful shitbag they're simply "not interesting" as per the same official narrative ; and moreover, systematic causes for their existence still do not exist, at any rate not past "Cosmic Rays did it". Certainly the involvement of the usual array of inept USG agencies can not possibly be suspected. Isn't official nonsense ever so fascinating ? ↩

Bitfinex Breaks: Fiat Exchange That Never Had Anything To Do With Bitcoin Finally Goes Away

Posted on August 2, 2016 by Mircea Popescu

To quote from 2013 :

I. Self-moderated "support thread", filled with a bunch of socks posting nonsense. This is standard scammer operating procedure.
II. Running stolen, bug ridden software (the old Bitcoinica codebase) that has already proven itself useless in the marketplace (three times!)
III. Scammers themselves admit to crediting "investors" infinite USD/BTC to execute the naive users.
It's true that scammer tags aren't really given out much anymore, but that's no reason to allow well known scammers run amok. You have been warned.

To quote from 2016 :

We are investigating the breach to determine what happened, but we know that some of our users have had their bitcoins stolen. We are undertaking a review to determine which users have been affected by the breach. While we conduct this initial investigation and secure our environment, bitfinex.com will be taken down and the maintenance page will be left up.

Sorry for your loss.