Post
Topic
Board Bitcoin Discussion
Re: [Full Disclosure] Live mtgox.com trade matching bug.
by
vragnaroda
on 28/06/2011, 04:11:27 UTC
After making yourself look like such an ass, you should really reconsider that.

By having MagicalTux confirm that one of the possibilities I explicitly posted was indeed the case? Not following you.

Just so you know this was disclosed to Tux at the same time it was posted. He considers it a problem and is working to fix it.

Hate me all you want.

I still believe that people not disclosing these issues to the public is what led to the last major compromise. Would you rather not be made aware of the issues and blindly assume that everything in the world of bitcoin is perfect?

Additionally. At jgarzik's request I wont be posting these to the bitcoin-dev list going forward. There is talk of a separate bitcoin-vendor-sec (or similarly named) list being created.

Erm, no it doesn't mean this.  If it's well designed, there is a semaphore or lock to prevent this.  No sense jumping to conclusions based on what is essentially little more than a display bug.
You're right, that should say possibly, not actually.

Um, maybe you missed something:

It will not execute, and I told you it'll be fixed in a couple of hours. Thanks for disclosing this before.

I don't hate you (and please don't mischaracterize what I say). Where is this purported acknowledgment that this was a vulnerability? From what I've seen you've completely overstated the case (and I'm not exactly MagicalTux's biggest fan right now). Yes, you just made yourself look like an ass.