Backdoor Could Allow Company To Shut Down 70% of All Bitcoin Mining Operations (bleepingcomputer.com) 102
An anonymous reader writes: "An anonymous security researcher has published details on a vulnerability named "Antbleed," which the author claims is a remote backdoor affecting Bitcoin mining equipment sold by Bitmain, the largest vendor of crypto-currency mining hardware on the market," reports Bleeping Computer. The backdoor code works by reporting mining equipment details to Bitmain servers, who can reply by instructing the customer's equipment to shut down. Supposedly introduced as a crude DRM to control illegal equipment, the company forgot to tell anyone about it, and even ignored a user who reported it last fall. One of the Bitcoin Core developers claims that if such command would ever be sent, it could potentially brick the customer's device for good. Bitmain is today's most popular seller of Bitcoin mining hardware, and its products account for 70% of the entire Bitcoin mining market. If someone hijack's the domain where this backdoor reports, he could be in the position to shut down Bitcoin mining operations all over the world, which are nothing more than the computations that verify Bitcoin transactions, effectively shutting down the entire Bitcoin ecosystem. Fortunately, there's a way to mitigate the backdoor's actions using local hosts files.
Wait, let me get this straight... (Score:5, Funny)
A company based on Bitcoin isn't operating according to the highest standards?
Wow. I'm definitely making a note in my diary about this unique and surprising turn of events.
Re:Wait, let me get this straight... (Score:5, Funny)
I'm going to go downtown, park at the sturdy Bitcoin building, walk in past the colonades and marble lobby, right up to the sturdy oak desk of my local and well-respected Bitcoin representative and seek reassurance that his institution is sound, and that my deposits are safe, fully insured, and returning the advertised rate of interest.
Re: (Score:2)
Most American banks aren't building those kinds of buildings *now*. I think they stopped doing that in the 50s. Seeing that kind of building implies they've been around a long time. I don't know if it was considered over-spending when it was done. It was a more common thing to do in the early 20th century. It may have been a kind of reassuring message to people who grew up in the Depression. A "we're here to stay" expressed in architecture. Banks also may have been in competition at that time to pull
Re: (Score:2)
You mean to tell me that
A company was looking to sell bitcoin mining equipment for a huge profit
and instead of eschewing the tenets of bitcoins' distributed, robust design and egalitarian virtues
they baked in a kill switch, an INSECURE kill switch that could easily dismantle everyones equipment?
god, what will happen next?
First post brought to you by (Score:2, Insightful)
APK!
Re: First post brought to you by (Score:1)
Hosts file saves the day!
Re: (Score:3, Informative)
Re: (Score:1)
This is nothing to do with being a distributed blockchain though is it? It's something a hardware vendor baked into their hardware. Blaming blockchains for this is like blaming html when Apple brick your phone for you [gizmodo.com.au].
Oh noes!?!?! (Score:4, Funny)
My imaginary money is at risk!!!
Re: (Score:2, Informative)
Stupid as it may be, as long as enough other fools believe in it, you can exchange your imaginary money for actual government-backed, widely accepted money or even goods.
And there are still enough Bitcoin idiots out there that we keep getting these posts on Slashdot - a forum where everyone should ideally be technically savvy enough to recognize Bitcoin as technological bullshit.
Re: (Score:3)
Slashdot - a forum where everyone should ideally be technically savvy enough to recognize Bitcoin as technological bullshit.
mmm...I consider blockchain technology to be fairly sophisticated, but I'm probably not as savvy as you.
I'll grant you that the bitcoin ecosystem is a mess. It has devolved into exactly the dragon the system was designed to slay - i.e., high degree of centralization, dependence on trusted intermediaries, etc.
Whether or not bitcoin can ever become competitive with the established electronic currency systems remains to be seen, but I'm betting it will never become anything more than nerd funny money.
Re: (Score:2)
>Whether or not bitcoin can ever become competitive with the established electronic currency systems remains to be seen
This is what makes it obvious you are NOT as savvy as I, at least in this area; it HAS been seen.
Bitcoin is fundamentally flawed, technologically and philosophically. It is self-defeating and incapable of being of any practical use on any decent scale. The only practical way to use Bitcoin is by utilizing other technologies that defeat any rational reasons for using Bitcoin in the firs
Re: (Score:2)
Bitcoin has proven itself to be a very successful pyramid scheme.
Re: (Score:2)
Not really. But keep telling yourself that, because we know you're kicking yourself for not mining coins when the could be mined by normal computers.
Re: (Score:2)
This is what makes it obvious you are NOT as savvy as I, at least in this area; it HAS been seen.
Just because my opinion that the jury is still out re bitcoin doesn't match your opinion that bitcoin is a complete failure DOESN'T mean you are more technologically savvy on the matter. I make my living consulting in ERP/Financial Reporting Systems and have several large banking clients. I have undergraduate degrees in Economics and Accounting, and a graduate degree in Business - so I'm not exactly naive when it comes to the matter at hand.
If you haven't figured that out, you haven't learned enough about it. Or rather, you've wasted just enough time to be interested in it, but not enough to realize that time was wasted.
So...the time I've spent acquiring knowledge of bitcoin has been
Re: (Score:2)
>Just because my opinion that the jury is still out re bitcoin doesn't match your opinion that bitcoin is a complete failure DOESN'T mean you are more technologically savvy on the matter. I make my living consulting in ERP/Financial Reporting Systems and have several large banking clients. I have undergraduate degrees in Economics and Accounting, and a graduate degree in Business - so I'm not exactly naive when it comes to the matter at hand.
Good for you. You don't know shit about Bitcoin, and insisting
Re: (Score:2)
Why don't you try... oh, I don't know, pulling your head out of your ass and reading the millions of critiques out there that very, very effectively tear Bitcoin down on pretty much every single point its proponents have ever put forward as a reason it should be worth something?
Millions? Huh. Care to provide any links to the ones you think are especially informative?
Your faith in Bitcoin (and yes, it's faith, because it is totally unsupported facts) is making you look more than just a little foolish. As are your irrelevant claims to be an authority of any kind on the subject, and your apparent compulsion to carry on defending it with follow-up posts days after everyone else has passed this topic by.
1. You've made a mistake. I suggest you re-read my first response to you. I clearly state that I'm betting against bitcoin's long term prospects.
2. Nowhere in this thread (or on this site) have I ever claimed to be an authority on bitcoin. All I did was inform you of my background in banking/finance in response to your childish claim of superiority (which you have yet to demonstrate).
3. This topic of discuss
Re: (Score:3)
Bitcoin was always destined to become highly centralized and dependent on trusted intermediaries. The only way it wouldn't go there is if everyone who used bitcoin actually participated in the mining and understood what they were doing. As soon as non-miner, non-savvy people got in the game (day 2, I would assume) the devolution began.
Re: (Score:2)
What is needed is an electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party.
While not explicitly stated as a goal in Satoshi's paper, the system was designed to be decentralized in order to protect its integrity.
The fact of the matter is that one cannot (for all practical purposes) transact in bitcoin without using a trusted third party, and that mining has become highly centralized. In this respect, one can only conclude that bi
Re: (Score:1)
Stupid as it may be, as long as enough other fools believe in it, you can exchange your imaginary money for actual government-backed, widely accepted money or even goods.
Yeah, but can I do it without having to go meet some stranger in a dark alley behind a Quick-E-mart to exchange funds yet?
Re: (Score:3)
Bitcoin will be around as long as drug dealers find it useful.
Re: (Score:3)
Don't forget those cryptolocker assholes as well. Bitcoin is like PayPal to them.
Re: (Score:2)
Funny thing about life: perception is all there is.
You may "know the truth" as you perceive it. Your "truth" may be independently verifiable, repeatable, reliable, consistent with other known "truths," etc. and yet, if your "truth" is only believed by a small minority of society, then it has small - and potentially even negative - social value.
Truths like: "watering and fertilizing my garden will get me better yield" have self-fulfilling value. But, if you want to sell your produce to society, and society
Re: (Score:2)
But, if you want to sell your produce to society, and society has placed some negative value on fertilized or irrigated crops
"Plants Crave Electrolytes!"
Re: (Score:1)
Re: (Score:1)
Re: (Score:1)
Try finding me a computer with no gold in it
http://www.ldoceonline.com/med... [ldoceonline.com]
Bit of a shocker (Score:1)
Host files? (Score:5, Funny)
Re: (Score:2)
Re: Host files? (Score:5, Informative)
There's a commenter, APK, who comes into anything related to computer security on slashdot and spams about his Hosts Engine. The host engine he distributes has mixed reviews, but appears to function acceptably for those who use it, and he clearly means well. Which doesn't stop the fact that he's in ALL the threads, or was, until he and whipslash had a confrontation or discussion or something.
The fact that the summary explicitly asks for a hosts file based solution is, of course, the joke: it's being posted directly to the lion's den.
Re: (Score:2)
Ahahahaha, come on people!
This is funny as hell for anybody who's been here for more than a month!
I wish I had mod points.
+1 Troll is too unfair.
Re: (Score:2)
a poor-man's wild west (Score:3)
If you haven't got a billion dollars, you can't blather on about colonising Mars. How admirably crytocurrency fills its niche as a poor man's wild west. It's got everything. A Chinese Boss Hogg with a Fu Machu mustache can suddenly jump out of the woodwork at any moment. Hot damn!
I was never much of an Oregon Trail dreamer myself, so this whole scene amuses me greatly.
This guy will blackmail all the Bitcoin miners (Score:2)
He will threaten to brick their mining servers unless he sends them US dollars.
Re: (Score:2)
You joke, but blackmailing the Chinese to verify a transaction moving some long-untouched Bitcoin that's probably long-forgotten wouldn't be the worst scheme in the world.
Honestly, I'm surprised the Chinese miners haven't done it for themselves. As long as they don't touch the stuff supposedly mined by Satoshi, and randomly distribute their fraudulent transactions across the ledger and over time, it's unlikely they'd get caught.
Re: (Score:2)
You don't need to blackmail them. Their entire business is verifying transactions. Just put the transaction on the network and they'll verify it automatically. Of course, in order to generate a valid transaction to move funds from one wallet to another you'll need the private key of the source wallet, which you aren't going to get by blackmailing the miners because they don't have it.
You could blackmail them to put an invalid transaction in, but what would the point be? Nobody would accept the block.
Alert APK immediately (Score:1)
Fortunately, there's a way to mitigate the backdoor's actions using local hosts files.
APK, sir, your time has come. -PCP
Still missing obligatory comments (Score:2)
will check in a few hours later to see if the predictable
Re: (Score:2)
> It's a Bitcoin article on Slashdot, but as of yet nobody has complained that this is some sort of guerilla BUY BTC marketing
It doesn't look like a pump, so why would anyone call it that? It's a vulnerability with apparently a lot of mining rigs. I imagine most of them will be guarded by the end of the week, if they aren't already, now that this vulnerability is exposed. Almost everything about bitcoin is some kind of sketchy, I'd be surprised if miners trusted their hardware anyway.
Re: (Score:2)
most people don't actually read the article, or the summary, and they talk about whatever they want. it's slashdot, dontcha know
Slashdot just isn't a great place for discussing bitcoin in anything but the most general terms. Looking through the comments about 5 hours later and there are still people that have first principle discussions about fiat currency, dated comparisons wi
not a big deal to those who don't mine (Score:5, Insightful)
Highly misleading. If miners are shut down, Bitcoin transaction processing would operate a bit slower for a bit, then it would adjust to the new capacity.
Yawn...
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Yawn...
I wouldn't yawn yet. One of the risks of Bitcoin is that if you control more than 50% of the mining you can fudge the blockchain. This could potentially affect 70% of mining operations. I'll bet you a Marsbar it won't affect all parties equally.
Not a backdoor (Score:2)
It's a DRM/Phone home feature. A backdoor would be running arbitrary code specified by the manufacturer OR changing the mining workload so the mining activity benefits a Bitcoin address different from the one configured by the owner of the unit.
Re: (Score:2)
> so the mining activity benefits a Bitcoin address different from the one configured by the owner of the unit
I'm sure someone would benefit from a sudden, unexpected, and precipitous drop in mining capacity and some manner of hit on transactions as well. It isn't like the price of bitcoin is exactly stable.
Ponzi Scheme?? (Score:1)
Long time Slashdot reader (10 years) who has yet to create an account (it's on my bucket list), so posting as an AC for now.
I've always considered Bitcoin to be something of a Ponzi scheme, though I've never been able to pin-point when it would collapse. Upon seeing Bitmain's latest ASIC miner, developed on a 14nm process, I think I've narrowed down the time-frame. 14nm is at the limit of commercial fabrication (Kaby Lake shares the same process node), though historically ASIC's I've seen were develope
Re: (Score:1)
"I welcome debate on the topic."
I seriously doubt you do.
a) your technological analysis is completely flawed.
b) you don't understand what a ponzi scheme is.
c) well you are just kinda trolling so meh
Re: Ponzi Scheme?? (Score:1)
Re: (Score:2)
Bitcoin transactions need to be "confirmed" by miners to be put into the blockchain and made official. In order to incentivize miners to do this, the Bitcoin protocol supports a transaction fee in the transaction that goes to the miner who confirms it.
Currently, the floor fee most miners will use is 220 satoshis per byte, or 49,720 satoshis for the median transaction size (https://bitcoinfees.21.co/ [21.co]). That's about $0.66.
If the reward of mining bitcoins drops below the cost of the electricity to do so, it
Re: (Score:2)
I've always considered Bitcoin to be something of a Ponzi scheme
As opposed to the Ponzi schemes called USD, EUR and the like? Please, before you criticize an alternative to old systems, try learning something about the old ones first. You might find there was something wrong with the old scheme, and hence new alternatives were proposed.
I wonder what will happen when the computational power required to feasibly mine bitcoin exceeds the limitations of what cutting edge semiconductor processes can deliver.
Next, try learning something about Bitcoin itself. Basically, what matters to your income and influence on the network is your _proportion_ of the total computing power of the network. There's no absolute requirement to worry about.
Ssh (Score:2)
if such command would ever be sent, it could potentially brick the customer's device for good.
Ssh, noone tell BrickerBot.
False conclusion (Score:1)
shutting down mining equipment from a particular vendor will not stop bitcoin mining. even if it is as much as 99% of hardware miners. in fact, it will have no effect on the bitcoin network block generation or transaction speed. all it means is that the remaining miners will have easier job to do and will earn more reward coins.
It's a nuke (Score:1)
For those who are not familiar with what is currently going on in Bitcoin, there is a scaling debate, some call it a scaling war, which may result in a chain split. If a split happens, the chain with more hashing power will prevail. Say, you are mining on chain A and your competing chain is chain B. If you are able to disrupt chain B for several hours, maybe several days you may use your hashing advantage to mine empty blocks on the competing chain B. You want to keep these blocks secret. Once chain B regai
Proper use of an apostrophe (Score:2)