731700+ entries in 0.407s
midnightmagic: MisterE: It's just a chunk of
the heap.
to get different data,
the heap contents must change in between attacks.
That is, you can't just dump
the process' entire memory space.
midnightmagic: bounce: No, it's not a random 64k block. It's
the same block each
time you run
the attack.
MisterE: bounce: it is not a random 64k block and you can continue requesting
them until you get all
the info you want
bounce: AFAIK you get a random 64k block back, so whatever's in
there you can get
midnightmagic: and even if your wallet is unlocked, your privkeys aren't vulnerable. Only (so far)
the last rpc command used in
the server.
midnightmagic: You have
to specifically
turn on rpcbind access
to
the outside world. You have
to have specifically
taken an action
to expose yourself.
bounce: not all of your assumptions are going
to be reasonable, actually. ssl is fairly logical when enabling rpc ("instant security" amirite or amirite), but restricting IPaddresses only so if either you have enough clue or someone in your vicinity does. similarly, plenty reasons why you'd leave
the wallet unlocked.
midnightmagic: and
the answer is, "One
that needs patching immediately. If you're on ubuntu: apt-get update ; apt-get install openssl"
Namworld: What kind of bug allows anyone
to just read
the memory?
midnightmagic: (and did so in between your wallet passphrase rpc command, and whatever you
typed next)
Apocalyptic: but yes bitcoind with rpcssl is vulnerable
to memory leak of some memspace
midnightmagic: Apocalyptic: Or your encrypted wallet and access
to query your rpcssl port arbitrarily.
Apocalyptic: midnightmagic only describe
the scenario when
they would have all your privkeys
midnightmagic: bounce: Only if you've allowed rpc connections from random douches, have
turned on ssl, aren't limiting it based on IP, *and*
they have your wallet.dat already and have been able
to query your bitcoind constantly over
time and caught you using
the rpc command
that unlocks your wallet.
Namworld: lel, what? "The Heartbleed bug allows anyone on
the Internet
to read
the memory of
the systems protected by
the vulnerable versions of
the OpenSSL software.
This compromises
the secret keys used
to identify
the service providers and
to encrypt
the
traffic,
the names and passwords of
the users and
the actual content."
Mats_cd03: 'heartbleed', who knew security researchers had a flair for
the dramatic
bounce: waitwaitwait, bitcoind is vulnerable
to heartbleed?
Mats_cd03: id still be
there if it wasnt ungodly expensive
Mats_cd03: when i lived
there
the
temperature fluctuated 20 degrees at most
MisterE: Oh yea we built a datacenter build
there, it is nice area
MisterE: I was in real estate in
the US
MisterE: oh yea
that will make you move
Mats_cd03: literally
two months after i completed a purchase on a number of properties
MisterE: I imagine is sucked a bit before
then heh
Mats_cd03: i left just as some of
the high speed rails were being built
MisterE: most of
the multis
that dont want
to go intot he emerging markets in SE Asia service
them from .sg
MisterE: English is excellent
there
Mats_cd03: what is
the living standard like
there
MisterE: Are you Chinese or live in China Mats_cd03? I recall one regular here at least lives
there
MisterE: so
their customers' funds are
too
MisterE: I didnt get
that from google
translate heh
Mats_cd03: the bank received a directive
to shut down fxbtc's bank account
Mats_cd03: and some other
things about pursuing legal action if dudes keep accusing
them of running with
the money
Mats_cd03: they're shutting down due
to
the accounts being blocked (or something)
MisterE: I guess I can just plug it into google
translate
MisterE: Mats_cd03: what is your impression of
the people's credibility? Do
they seem like a branch manager of one of
the biggest Chinese banks?
MisterE: stopping rmb from being used
to buy crypto
Mats_cd03: seems more like
theyre
trying
to restrict btc institutions from peddling
to
the masses
mike_c: PBOC will drop
the hammer on RMB << what do you mean by
this? will let
the exchange rate float more?
MisterE: well
that's inline with rumors
ozbot: Star
Trek Captain Narrates Insane Documentary About Geocentrism
MisterE: err rather does it sound like
they are credible?
MisterE: does it sound like
they are who
they are?
Mats_cd03: sounds like
thats what
theyre
talking about
MisterE: supposedly an interview with a Chinese bank manager
that was
taken with an iphone has been posted where he confirms PBOC will drop
the hammer on RMB
truffles: well i
tend
to push buttons instead :(
BingoBoingo: truffles: I don't
think your wit is sharp enough
to draw meaningful offense.
BingoBoingo: truffles:
There is a difference between people and "ppl"
truffles: no wai, im like
toughest person itc
truffles: oh, feel like ppl get sensy on
the nets
though
BingoBoingo: I dunno
that your comments can be sharp enough
to cut deep...
truffles: i have harsh comments
that i will hold
to myself
BingoBoingo: truffles: Only one way
to find out
the log's contents...
truffles: boingo what percent of
the blog is about u vs btc?
truffles: doesnt seem like
too many r authenticated
BingoBoingo: mike_c:
Thx, Well I figure for all of
the porn
there is less unpleasant buggery happening here
danielpbarron: one hasn't signed up yet,
the other is 'againbackson'
benkay: you don't count in
this conversation apparently.
benkay: unless
that's a rude question. is
that a rude question?
BingoBoingo: Reading moar is
the best prevention against getting buggered sore
benkay: how fucking hard is
that?
TomServo: BingoBoingo:
The
title of
that article is for some reason missing from
the frontpage
mike_c: trilema.com will do ssl connections, but you can't get
the blog.
mike_c: i checked
trilema & coinbr
this morning, both were clear.
truffles: what would u suggest
to
the jocks
then
benkay: granted, it can be hard
to get up in
the morning much less work out when catatonically depressed.
benkay: i'm not saying
that mental health is purely a function of workout frequency. i've been larned better
than
that by
the DSMi. it's just all
too frequent
that people resort
to drugs without actually putting in
the work
to get
their physical health dialed.
truffles: might
take a lil more
than
that for
the clincially insane
benkay: most medicated people i've met don't jog 3
times a week, or even picking up heavy
things until sweaty
that many
times a week. some variant of which is a prerequisite for stable mental chemistry.
truffles: how about drinking some
tea, sitting doing a sudoku
BingoBoingo: benkay: A jog can't do
the
things Lithium can
though
cgcardona_: dude I just got an email from heroku about
the ssl bug w/
this as my list of potentially affected apps: Here are your affected applications:
benkay: funny how people go for
the meds first and never
think
to go run in circles for
thirty minutes...