Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Altcoin Discussion
Re: Digitalcoin Dev ROBBED!
by
samson
on 13/04/2014, 01:00:06 UTC
Quote from: memecoin on April 13, 2014, 12:38:03 AM
This timeline doesn't make sense:
  • 16 March 2014: Baritus announces closure of CryptoAve citing security concerns.
  • 03 April 2014: OpenSSL vulnerability (dubbed Heartbleed) is uncovered by team of security engineers.
  • 07 April 2014: Knowledge of Heartbleed is made public.
  • 09 April 2014: Baritus makes the claim that Heartbleed was exploited to attack CryptoAve.

Baritus has claimed that CryptoAve was attacked with the Heartbleed vulnerability roughly one month prior to the vulnerability being uncovered and made public. If an individual had knowledge of this flaw before the the entire world, why would that individual choose to attack CryptoAve of all places? Why not go after a much larger website? Why not sell the knowledge of this vulnerability to the highest bidder?

This does not make any rational sense.

Sources:
http://digitalcoin.co/forums/index.php/topic,951.0.html
http://heartbleed.com/
http://digitalcoin.co/forums/index.php/topic,1010.0.html

Things are a lot more complicated than the above simplicity and we know for sure that Heartbleed was known before April 3rd.

Did you know that CloudFlare were notified of the Heartbleed bug at the end of March ? I'm going to assume you didn't know this due to the incorrect information in your above post.

So what could have happened with Heartbleed and how come some people knew about it way before others ?

Why did Cloudflare and who knows who else receive advance warnings when pretty much most of the rest of the world didn't ?

I believe I know the answer to this question and it's all to do with who found it. They're a commercial security company with paying customers.

I'll bet this company (Codenomicon, google them) found the issue at some point over the last few months and have been 'hawking' it to their existing customers and maybe picking up a few new customers along the way - quite probably Cloudflare is one of these customers.

Codenomicon are a commercial entity so this is exactly how anyone would expect them to operate.

The golden question to which nobody knows the answer is when was it first discovered ? Who knew about it and when did they know ? It was definitely before March 30th but this information has not been published anywhere, not yet anyway.

I hope one day we find out when the vuln was first discovered, I'm sure it was way before it was made public.