NOTICE: Address Revocation

BM-5oDU4A7qT6dTKoJJGRkp3bUiZcXMcG8
Feb 15 02:45 [raw]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Thus says Genghis Koyn: I revoke my former Bitmessage broadcast address. This address is revoked and shall be considered compromised. I will not use it. If any further messages come from it they are not from me: BM-5oDU4A7qT6dTKoJJGRkp3bUiZcXMcG8 <== { revoked address } Genghis Koyn appoints himself a new broadcast address: BM-5oKK9reEFVnkS2mm9wL6ZrHRjZ5fbzn <== { good address } To keep getting my broadcasts you shall subscribe to this good address. Bitmessage protocol was compromised by malicious hackers. They exploited a weakness in the prior version. The exploit allowed them to gain file access to host systems running Bitmessage. %%% Genghis Koyn %%% -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJahOxdAAoJEK+0+BRtiHYKBH0P/iiFsw0fMy5iaeCdO5+s2VIV Pgt/h+/j+12buv0scbO+SeIUgZkkKDnqkIRk1GqGg0gC429d604RI9PMuFRjU+BS D1Aky7U+tQehFG2ruCHVbKzgp4+uGaAkQAJFM0+CvilRJUkcIlCVEJxb6/CLi0+n IWED/OggCYBZEtJeOr3ANEzWZj6IBAT2qpUogLOLRy3aBljhcepdQDl2Rjwwj3be SgJnqY/NlieDNmtzHJrfWhtpY6QTbX4tNT6utkHl8jXkh1dnW50fFgPSbGqHCVP9 g3yu5sev+q6+nFACWHtdB8vXxfy1yU1d0WUfJgvh3af/Vq3gQc5R3FFWDn5KwBno cWizx3JukNTfaZbnwGWZzYkPUge3meo8+fy74OiNJZ7ajT5kqQMxlvbPOVSiW6C2 hqMZtUUJjCHAloQoYrQ1v2H1e0foAYs9Om1PSGTjLj7Znaueob8KZg0q72J3o8EQ 2hL0h2r6A3mainhMU65p0+yRqwMcE23jkJN9YUYzTaCLnzXsygX/edTOEU9FvxKl Tp5txxKZrQ0nb0MHMJyBsDT2SDmDrDTdE6p5ZcA19rJLh9UCDaYqOBH1z57zx7En Gzq6RbzcYLglk8gPuDGP+AlAL0kqcCKkUIolWbBdJW4C+t9gNDnDRB5OKMat3lPN up90pY2yhEGFLIjZgHbi =T8CH -----END PGP SIGNATURE-----

[chan] bitmessage
Feb 15 02:53 [raw]

The protocol was not compromised, only the PyBitmessage implementation.

BM-2cTRDU238zs321nFMnMrMAEZhs84vDFnxT
Feb 15 03:11 [raw]

the exploit was in PyBitmessage not the Protocol and it allowed remote code execution which is worst than file access Thank you

[chan] bitmessage
Feb 15 03:42 [raw]

we did not split hairs, we flaked off keratin from one side of the hair.

[chan] bitmessage
Feb 15 03:49 [raw]

What kind of remote code execution? Where is the bulletin?

[chan] bitmessage <<Ext>>
Feb 15 04:52 [raw]

The kind of remote code execution allowed by calling eval. https://vipulchaskar.blogspot.com/2012/10/exploiting-eval-function-in-python.html

[chan] bitmessage
Feb 15 05:18 [raw]

Where is the bulletin from PyBitmessage people? How do I find the details on the latest exploit?

[chan] bitmessage
Feb 15 05:19 [raw]

What is reason for anything that could evaluate injected code to be in the implementation? We're dealing with text messages. Why do PyBitmessage need to evaluate anything in messages? Why is eval doing anything with message data? Whose idea was that? How can I trust PyBitmessage? For all I know all my private data was sucked off my computer to NSA or blackhat.

[chan] bitmessage
Feb 15 08:44 [raw]

> How can I trust PyBitmessage? You can't and never should have. PyBitmessage is, and has always been, proof-of-concept/prototype.

[chan] bitmessage
Feb 15 15:28 [raw]

Slick way to weasel out of intentionally back-dooring it.

[chan] bitmessage
Feb 15 18:09 [raw]

It sure did fail as a proof of concept if security was the goal. But I don't think security was the goal. I suspect there are intentional zerodays in the codebase.

[chan] bitmessage
Feb 15 18:28 [raw]

> I suspect there are intentional zerodays in the codebase. If there are, I'd like to know about them and have an expert do an audit. Peter Surda Bitmessage core developer

[chan] bitmessage
Mar 11 00:12 [raw]

good questions...

BM-2cWZW87PJN5VZjtJCpk3hXcYefhNCxdjU6
Mar 11 00:57 [raw]

But we will fight back, no worry..... We are skilled engineers & hackers. And we fuck all big brothers, deeply.

BM-2cWZW87PJN5VZjtJCpk3hXcYefhNCxdjU6
Mar 11 01:09 [raw]

It's never a good idea to try to humiliate and instrumentalize hackers or Crypto-Anarchists the way it was done with BitMessage. I fuck the nazi spy thief chief Zourgloub & Bezos.

[chan] bitmessage
BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY

Subject Last Count
asyncronous data Jun 21 19:37 7
A question Jun 21 19:37 10
Integration with GPG (GnuPG) Jun 21 10:04 5
Inbox bug Jun 20 23:31 6
Patch 2 Jun 20 23:05 3
Patch Jun 20 07:36 2
Why did all my messages vanish? Jun 20 00:16 6
onionscan update Jun 19 22:43 9
PyBitmessage Security Scan on Branch v0.6 Jun 19 12:02 59
Feature request: delete all messages from user Jun 19 05:52 3
ERROR - Too many items in inv message! Jun 19 05:45 15
Feature request: delete all messages from user Jun 18 23:40 1
test Jun 18 23:24 5
attack? Jun 18 22:10 3
a GOOD implementation of 2fa for conventional email please! Jun 18 21:03 1
unpickling knownnodes to a readable format Jun 18 04:43 27
WARNING - Probably wrong category number in playSound() Jun 17 09:41 1
I don't receive any BMs when I have only one peer. Jun 16 17:13 6
identicon code bug? Jun 16 06:35 1
Free Git Replacement Jun 15 17:31 8
github Jun 15 04:35 1
Latest git pull: inbox doesn't update Jun 15 03:55 4
IPFS Jun 13 21:48 8
latest in the spy world Jun 13 19:14 2
(no subject) Jun 13 19:12 1
TIMESERVICE Jun 13 19:05 1
Questions about BM nodes Jun 12 22:53 7
D2A41B229F7BCE6F9B429D3E33A47598 Jun 12 22:26 1
Why not reject old clients from connection to the network? Jun 12 19:18 10
Add an option to connect only to onions Jun 12 00:42 2
Help Improving Algorithm Jun 11 23:48 3
hey - why not make pyBM as shitty as "Signal-App" by Marlinspike ? Jun 11 21:53 1
Silence debug.log foe less disk-write Jun 11 14:44 4
Questions about "Max acceptable difficulty" Jun 11 04:24 2
"Post to BM" API Jun 10 12:11 5
"Configuration NOT changed" Jun 10 09:41 2
Error/Warnings in debug log: Should I worry? Jun 10 09:34 1
Bitmessage Security Test: ZWD attempt Jun 10 08:05 1
bitmessage inaccessible Jun 10 08:04 1
mailchuck.com email gateway Jun 10 07:47 3
Microsoft owns GitHub Jun 9 15:23 1
NIST key management guidelines suggest that 15360-bit RSA keys are equivalent in strength to 256-bit symmetric keys… Jun 9 11:25 12
Cloudflare MITM blocker Jun 9 11:21 4
GitHub Jun 9 11:16 15
Improvement of Trustedpeer setting Jun 6 06:26 2
blank blank blank Jun 6 06:26 5
is multiple trustedpeers possible? Jun 6 01:00 7
Bitmessage Documentation Bug Jun 2 10:09 4
REAL security experts endorse "security by obscurity" May 31 13:22 7
TRUE LOVE May 31 06:38 1
PyBitmessage Security ... Security Levels May 30 04:56 2
How to force BM to use only .onion nodes? May 30 04:56 15
Dread May 29 16:31 1
6F3F2CF9891928A25B71BBC4707B8753 May 29 10:56 1
SMTP and IMAP integration in the client May 29 06:21 5
Bitmessage Wiki Blocked May 29 00:51 12
Desiderata May 28 20:07 2
Bitmessage Bug May 28 17:15 2
I solved the Bitmessage Captcha Puzzle! May 28 08:56 2
setup trusted peer question May 28 08:05 6
bitmessagemain from pyinstaller executable won't run May 28 07:41 4
help with messages.dat May 28 07:36 7
Roll Your Own Crypto! May 28 07:06 6
look closely May 27 18:33 5
How to use chan alt.anonymous.messages May 27 08:21 2
feature request May 27 01:34 10
YOU WANNA HIRE A LEGIT HACKER????? May 26 04:39 5
Security Test on PyBitmessage Branch Master May 26 00:11 1
#2 May 25 22:41 6
minimum difficulty for chans May 25 16:45 11
BM-2cWkFSxB4cyeNVr99tgJdkMA2nfivbXLiH May 25 07:07 2