[Bitcoin-development] Dedicated server for bitcoin.org, your thoughts?

Drak drak at zikula.org
Tue Dec 31 13:39:30 UTC 2013


Has anyone seen the talk at 30c3 on the current NSA capabilities?
https://www.youtube.com/watch?v=b0w36GAyZIA

Specifically they are able to "beat the speed of light" between you and a
website such that if you communicate with Bob, they can sent competing
packets that will arrive before Bob's packets. They have  realtime deep
packet insertion able to inject arbitrary data into an TCP streams and can
change file downloads **on the fly**. This can be done remotely.

Sourceforge do not have https downloads, so this is yet another reason to
move downloads to somewhere that does - like github.
The NSA has the ability, right now to change every download of bitcoin-qt,
on the fly and the only cure is encryption.

Revealed as part of the presentation is the fact that if the NSA has access
to these capabilities, then so do others and in fact one of the things
revealed yesterday was independently discovered already and published.

Same goes for the bitcoin.org site - why are we dragging our feet on
installing an SSL certificate and redirecting all http to https? While no
solution is perfect, it's a lot better than zero defense.

You can see the irony of disseminating the bitcoin crypto-currency client
 in the clear.

For anyone who has not seen the video. You will be shocked by what is
actually in the wild being used today. It goes way beyond anything
imaginable even in science fiction.

https://www.youtube.com/watch?v=b0w36GAyZIA

Drak
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20131231/351419ac/attachment.html>


More information about the bitcoin-dev mailing list