HackerTrans
TopNewTrendsCommentsPastAskShowJobs

pbear2k21

no profile record

Submissions

[untitled]

1 points·by pbear2k21·4 anni fa·0 comments

[untitled]

1 points·by pbear2k21·4 anni fa·0 comments

New Bitcoin DDoS Technique

github.com
49 points·by pbear2k21·4 anni fa·35 comments

[untitled]

1 points·by pbear2k21·4 anni fa·0 comments

Martin Shkreli just released a crypto for drug discovery

apnews.com
4 points·by pbear2k21·4 anni fa·2 comments

Bypassing Google search rate limits and captcha

g.livejournal.com
2 points·by pbear2k21·4 anni fa·0 comments

[untitled]

1 points·by pbear2k21·4 anni fa·0 comments

“Toxic Hackers” Argue About C

youtube.com
1 points·by pbear2k21·4 anni fa·0 comments

Connecting to AOL 3.0 in 2022 [video]

youtube.com
1 points·by pbear2k21·4 anni fa·0 comments

Using AOL 3.0 in 2022

g.livejournal.com
1 points·by pbear2k21·4 anni fa·0 comments

Social engineering GoDaddy (2021)

g.livejournal.com
76 points·by pbear2k21·4 anni fa·17 comments

[untitled]

1 points·by pbear2k21·4 anni fa·0 comments

Reversing AOL 3.0 (1996) – A Deeper Dive

g.livejournal.com
3 points·by pbear2k21·4 anni fa·0 comments

AOL 3.0 Reverse Engineered in TempleOS

g.livejournal.com
3 points·by pbear2k21·4 anni fa·1 comments

AOL Keyword Hacks (1990s – 2001)

g.livejournal.com
1 points·by pbear2k21·4 anni fa·0 comments

AOL 3.0 reverse engineered

g.livejournal.com
294 points·by pbear2k21·4 anni fa·130 comments

comments

pbear2k21
·4 anni fa·discuss
pbear2k21
·4 anni fa·discuss
pbear2k21
·4 anni fa·discuss
you may be correct. the issue has been closed for further review. a scaled attack might only prevent new nodes from entering the network as existing connections would be spared even when the maximum limit of peers is reached.

however - and i mean this - you need to watch your mouth buddy. you've been unnecessarily rude. i have decided not to respond with force - so either stfu or press your luck
pbear2k21
·4 anni fa·discuss
i don't guard my reputation. this isn't 48 laws of power. i'd never become a blockchain socialite to the extent of social climbing to become blockstream's cto. i answer to no one and don't try to mold how others perceive me. interesting insults though - though i can assure you wholeheartedly that you don't want to make it personal. just so you know where you stand, who i am and who pulls rank on who. i rce'd slack too. bitcoin is food now. there is a dos here regardless - but thanks for the motivation
pbear2k21
·4 anni fa·discuss
>Do your homework! You're not the first person who ever thought of attacking a bitcoin node. While I'm sure there are areas for improvement, you're not likely to be able to make useful suggestions from a position of almost total ignorance.

again, i've successfully found remote crashes and dos issues in 25 - 30 blockchains. i don't care if you're a biased developer who takes this to heart. i'm going to see to brutalizing bitcoind and making it clear to you what happens when i attack nodes. cocky academics like you motivate me. he who laughs last etc.
pbear2k21
·4 anni fa·discuss
i've popped 25 - 30+ blockchains. from anecdotal experience i suspect that there could be something here and need to see it through with a sync'd node and more firepower. you seem overconfident.
pbear2k21
·4 anni fa·discuss
inaccessible to external machines that are not participating in the attack. it's yet to be seen what happens to a node that's sync'd with active peers and whether a node under attack is kicked out of the network for timeouts or how bitcoind behaves in general while tcp/8333 is under fire.
pbear2k21
·4 anni fa·discuss
i considered this and needed clarification. i didn't know whether the p2p connections remained open or made frequent disconnect/reconnects. what happens to sync'd nodes with active peers is yet to be seen. it's too early, at least for me, to know whether peers would drop a node under attack over timeouts, how bitcoind behaves with peers while tcp/8333 is experiencing stress, etc.
pbear2k21
·4 anni fa·discuss
node operators can implement their own throttling - sure - but how many bitcoin node operators are doing that to deflect a p2p ddos attack? even if some are, most aren't - and finality in the network could potentially suffer as a result of a massively scaled botnet attack.

edit: interesting child comment here. not pushing a patch just leaves the bulk of the network vulnerable to being ddos'd by a botnet - potentially resulting in severely lagged finality at best. ip throttling can/should be implemented by being baked into bitcoind.
pbear2k21
·4 anni fa·discuss
bitcoind not having ip associated throttling edit: BUILT IN* is questionable. this attack shouldn't work on out-of-the-box installs of bitcoin. as i mentioned earlier - there is no rationale behind a single machine making 1k handshake requests per second.
pbear2k21
·4 anni fa·discuss
it is
pbear2k21
·4 anni fa·discuss
50k sockets looping requests make the p2p port entirely inaccessible at times. with more attacking machines it is reasonable to suspect that the target node(s) could be held down in perpetuity.

edit: re: child comment / syn flood; sure. bitcoind needs ip associated throttling baked in. there is no rationale behind a single machine attempting 1k handshakes a second. the attack shouldn't work at all.
pbear2k21
·4 anni fa·discuss
yes - testing his own node. that is how pen testing blockchain nodes works. from there you can make projections of scaled attacks.

it's not an rpc port - and the computer in the screen shot using telnet is an external machine that isn't participating in the attack.
pbear2k21
·4 anni fa·discuss
Oops - The title was meant to say 2007. However GoDaddy still suffers from social engineering attacks, e.g. https://www.zdnet.com/article/godaddy-staff-fall-prey-to-soc...
pbear2k21
·4 anni fa·discuss
No it isn't? That was RE'd in Python - this was a RE of an RE in TempleOS. Plead read before commenting.
pbear2k21
·4 anni fa·discuss
That's planned. Would be blasphemy not to.
pbear2k21
·4 anni fa·discuss
Yes. That was done with an internal test build.
pbear2k21
·4 anni fa·discuss
Yeah livejournal is pretty bad. I only use it because of the 1 character username "g" I cracked 20+ years ago. It's an ad trap.
pbear2k21
·4 anni fa·discuss
If anyone wants to check it out or take a deeper technical dive our discord is https://discord.gg/reaol
pbear2k21
·5 anni fa·discuss
dear admins,

this guy is baiting me

dear readers,

that is what gaslighting looks like

this guy wasn't even around yet when whaops was hacked by dime. that's how new he is. i've been chatting with dime and he confirmed his friend didn't "help him code" anything

"null" here is slandering me over a personal beef spanning 15 years, and on reddit he was doing it in conjunction with xyrix and/or virus - due to the same 15+ year personal beef i have with that whole crew - or they have with me, rather. they follow me around the internet and attack like hyenas when i write or do anything public facing. these dudes are factually obsessed with me and i'm still not entirely sure why. it's flattering at least

null, you're not an authority on some shit you weren't even around for. calling me a groupie spectator to aol hacking, or to imply i didn't surf lan and wreck 500 - 1,000+ ints throughout my ao-career. you're out of your mind. nobody actually in the know would make the claim that pad wasn't deeply involved in ao-hacking. i was there in 1997 loading up punters for aol 2.5 - whereas you didn't come around until 2004. an authority. ha

as far as what's written about me - none of it was planted, or because i was caught for ridiculous bullshit like bothering celebrities and people with lexnex xs