Forgot your password?

+ - Ask Slashdot: Bitcoin over Tor is a bad idea?->

Submitted by jd
jd (1658) writes "Researchers studying Bitcoin have determined that the level of anonymity of the cryptocurrency is low and that using Bitcoin over Tor provides an opportunity for a Man-in-the-Middle attack against Bitcoin users. (I must confess, at this point, that I can certainly see anonymity limitations helping expose what machine is linked to what Bitcoin ID, putting users at risk of exposure, but I don't see how this is a function of Tor, as the paper implies.)

It would seem worthwhile to examine both the Tor and Bitcoin protocols to establish if there is an actual threat there, as it must surely apply to any semi-anonymous protocol over Tor and Bitcoin has limited value as a cryptocurrency if all transactions have to be carried out in plain sight.

What are the opinions of other Slashdottians on this announcement? Should we be working on an entirely new cryptocurrency system? Is this a problem with Tor? Is this a case of the Scarlett Fish (aka: a red herring) or something to take seriously?"

Link to Original Source

Comment: No, I really don't need to get a hackintosh. (Score 1) 229

by ciroknight (#48147099) Attached to: The Subtle Developer Exodus From the Mac App Store
> You really need to get a hackintosh

No I don't. I either need Apple to get its head out of its ass, or to vote with my dollars and buy something I'd actually use. Going out of my way to support Apple's OS, which they barely support on their own hardware, and to circumvent their random SMC half-assed secure boot nonsense is doing extra work that I don't need to be doing.

But even still, Apple's never going to learn that lesson because Apple doesn't sell PCs anymore. They sell shitty appliances that break and go out of date every year, because they know you'll just keep coming back to them for more.
Open Source

Confidence Shaken In Open Source Security Idealism 265

Posted by Soulskill
from the with-many-eyes-something-something dept.
iONiUM writes: According to a few news articles, the general public has taken notice of all the recent security breaches in open source software. From the article: "Hackers have shaken the free-software movement that once symbolized the Web's idealism. Several high-profile attacks in recent months exploited security flaws found in the "open-source" software created by volunteers collaborating online, building off each other's work."

While it's true that open source means you can review the actual code to ensure there's no data-theft, loggers, or glaring security holes, that idealism doesn't really help out most people who simply don't have time, or the knowledge, to do it. As such, the trust is left to the open source community, and is that really so different than leaving it to a corporation with closed source?"

Comment: Mimicking a theory, not a phenomenon (Score 4, Insightful) 64

by RWerp (#48130127) Attached to: Hawking Radiation Mimicked In the Lab
Because of the scale of the experimental setup, it is quite obvious that no gravitational effects are involved. Hence, there is no possibility for this experiment to recreate phenomena at the intersection of quantum mechanics and general relativity. What the Steinbauer does is he replicates a particular model of the black hole. If his setup works, fine, but it doesn't prove a single thing about how black holes behave - because he did not create one.

Comment: Re:Only if I ad my own hominem. Mellow is the purp (Score 2) 263

by Shakrai (#48107495) Attached to: Carl Sagan, as "Mr. X," Extolled Benefits of Marijuana

The main purpose of smoking pot is to chill out, to be mellow. If you smoke a bunch of pot and you feel wound up, driven, ambitious and motivated you might want a refund.

Different strains of pot have different effects. Sativa blends are usually more of an intellectual high, indica blends tend to give the mellow "do nothing" couchlock high. In my experience smoking a sativa blend will make mundane tasks more tolerable (one can actually be more productive whilst stoned) and occasionally provides problem solving inspiration for more complicated tasks.

Comment: Time for anew distro? (Score 1) 303

by jd (#48100237) Attached to: What's Been the Best Linux Distro of 2014?

I have often wondered if it would be worth building a new distribution. The existing ones all seem to make weird design decisions, none have conquered the desktop (I blame OSDL), they're nowhere near as high performance as they could/should be, and Linux Base is not necessarily the most secure layout. It's certainly problematic for multi-versioning.

Comment: Re:If true - imagine the consequenses (Score 1) 335

by jd (#48095359) Attached to: US Says It Can Hack Foreign Servers Without Warrants

The US are only allowed access to the SWIFT criminal database in Europe because Europe got fed up with the US hacking into it.

The US stands accused of unlawfully accessing Airbus commercially sensitive documents and selling them to Boeing, during the Echelon affair.

So, yes, they do believe they can break into any server at any time, for law enforcement purposes or financial gain through unlawful activity. I see no evidence of any serious attempt to keep this within any sort of reason. Indeed, the Manning Files and Snowden Files, together with the John Poindexter/Oliver North scandal and strong implications of CIA drug smuggling, suggest industrial espionage and economic crime are a mainstay of government activity.

I have no objections to espionage for genuine security, but accusations of CIA drug running when combined with the takedown of Silk Road sounds to be much less about anyone's security and much more about protecting market prices. If that is the case, then this isn't law enforcement but white collar crime. Further, Silk Road - whilst certainly a criminal enterprise - was not a matter of national or world security. It was also not a legally recognized context for extra-jurisdictional action.

This was a situation that could have been resolved lawfully and with integrity. The authorities chose neither, which is suggestive of them being incompetent or corrupt. Now, one should never ascribe to malice that which is adequately explained by incompetence, but corruption isn't really malice, it's just a perversion and everyone has at least one of those.

Comment: Search and seizure (Score 1) 335

by jd (#48094929) Attached to: US Says It Can Hack Foreign Servers Without Warrants

I was unaware that the Fourth Amendment stipulated geographical boundaries. I was rather under the impression that the rules stating what the government and its agents shall not do were quite explicit about it being the actions that were prohibited, not where or to whom.

In fact, I see nothing in the Constitution that grants any exemptions for the government or its agents with regards to extraterritorial activities or the affairs of extranational citizens. Now, there are reasonable limits (well, there are supposed to be) on interpreting the Constitution. No rational person believes politicians should be free to say anything at all. But this isn't a claim of fair exception, but of inapplicability. Quite a different matter. The Constitution defines what the government may lawfully do. It does not say "except on weekends", it does not say "except on the Internet", it does not say "except when it's convenient". Reasonable situations are, by definition, reasonable. If you choose to argue reasonable situations do not exist, that is fine. Zero is still a number. But the government cannot simply argue (with any validity) that it can arbitrarily create entire classes of exemption with no reasonableness shown or claimed.

I'm purposefully ignoring the Silk Road aspect. If that isn't claimed as a legitimate exemption, then that is immaterial to the debate.

"Don't discount flying pigs before you have good air defense." -- jvh@clinet.FI