Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from <dhuff@jrbobdobbs.org>) id 1QbYHP-0003mF-0V for bitcoin-development@lists.sourceforge.net; Tue, 28 Jun 2011 13:24:39 +0000 X-ACL-Warn: Received: from mail-gy0-f175.google.com ([209.85.160.175]) by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1QbYHL-0000oO-RZ for bitcoin-development@lists.sourceforge.net; Tue, 28 Jun 2011 13:24:36 +0000 Received: by gyd12 with SMTP id 12so90129gyd.34 for <bitcoin-development@lists.sourceforge.net>; Tue, 28 Jun 2011 06:24:30 -0700 (PDT) Received: by 10.100.255.2 with SMTP id c2mr8003516ani.41.1309267470243; Tue, 28 Jun 2011 06:24:30 -0700 (PDT) Received: from [10.253.253.32] (cpe-70-124-63-160.austin.res.rr.com [70.124.63.160]) by mx.google.com with ESMTPS id t14sm147804ani.42.2011.06.28.06.24.27 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 28 Jun 2011 06:24:28 -0700 (PDT) Sender: Doug <mith@jrbobdobbs.org> Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: multipart/signed; boundary=Apple-Mail-1-247785327; protocol="application/pkcs7-signature"; micalg=sha1 From: Doug Huff <dhuff@jrbobdobbs.org> In-Reply-To: <BANLkTi=RASna0vQ0bYGc8ApWC++PsNqSAg@mail.gmail.com> Date: Tue, 28 Jun 2011 08:24:26 -0500 Message-Id: <3AF78BB9-3D12-47B5-995E-387E489297ED@jrbobdobbs.org> References: <D024B465-AD6C-4AAD-A07F-956223929B6F@jrbobdobbs.org> <C9421AA2-D741-4989-9DA8-395D1F532F52@jrbobdobbs.org> <BANLkTi=RASna0vQ0bYGc8ApWC++PsNqSAg@mail.gmail.com> To: Mike Hearn <mike@plan99.net> X-Mailer: Apple Mail (2.1084) X-Spam-Score: -0.3 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.3 AWL AWL: From: address is in the auto white-list X-Headers-End: 1QbYHL-0000oO-RZ Cc: Bitcoin Dev Development <bitcoin-development@lists.sourceforge.net> Subject: Re: [Bitcoin-development] Fwd: Live mtgox.com trade matching bug. X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: <bitcoin-development.lists.sourceforge.net> List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>, <mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe> List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development> List-Post: <mailto:bitcoin-development@lists.sourceforge.net> List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help> List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>, <mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe> X-List-Received-Date: Tue, 28 Jun 2011 13:24:39 -0000 --Apple-Mail-1-247785327 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Begin forwarded message: > From: Doug Huff <dhuff@jrbobdobbs.org> > Date: June 27, 2011 11:28:28 PM CDT > To: Gavin Andresen <gavinandresen@gmail.com> > Subject: Re: [Bitcoin-development] Fwd: Live mtgox.com trade matching = bug. >=20 > Already talked to Jeff and agreed to stop posting them here. There is = just currently no other forum for such reports. I think he was going to = talk to you about starting a bitcoin-vendor-sec or similar list. >=20 > I agree it does not belong there. >=20 > On Jun 27, 2011, at 11:22 PM, Gavin Andresen wrote: >=20 >> The bitcoin-development list is for discussion of core bitcoin >> development, not about Mt.Gox or other sites or software that uses >> bitcoin. >>=20 >> --=20 >> -- >> Gavin Andresen >=20 > --=20 > Doug Huff >=20 >=20 --=20 Doug Huff On Jun 28, 2011, at 1:35 AM, Mike Hearn wrote: > Hi Doug, >=20 > Could we keep the Mt Gox related stuff off bitcoin-development please? > It's not related to the core software. >=20 > On Tue, Jun 28, 2011 at 4:48 AM, Doug Huff <dhuff@jrbobdobbs.org> = wrote: >>=20 >>=20 >> Begin forwarded message: >>=20 >>> From: Doug Huff <mith@jrbobdobbs.org> >>> Date: June 27, 2011 9:46:13 PM CDT >>> To: full-disclosure@lists.grok.org.uk, "Mt.Gox" <info@mtgox.com> >>> Cc: Bitcoin Dev Development = <bitcoin-development@lists.sourceforge.net> >>> Subject: Live mtgox.com trade matching bug. >>>=20 >>> Step 1: Have USD available for spending on mtgox.com. >>> Step 2: Put in a buy order large enough to drain your account. Low = enough under the current trading price that it will not execute = immediately. >>> Step 3: Withdraw all USD funds. >>> Step 4: Wait for market to fall enough to meet your order. >>> Step 5: ...(self explanatory)... >>>=20 >>> There's a bit of luck in being able to take advantage, obviously. >>>=20 >>> I would suggest you take the site down asap until this is corrected = or publicly show how this order will never execute: >>>=20 >>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >>> Welcome <username removed> 0.00000000 =E0=B8=BFTC 424.44901 >>> Buying 138468.901 0.01 Active 1384.69 06/26 15:27 cancel >>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >>>=20 >>> I cannot guarantee this order will execute but from everything I've = observed about the new trade matching code I have no reason to believe = it will not. >>>=20 >>> At the very least this could be used to influence market conditions = if it is only a display bug. >>>=20 >>> -- >>> Douglas Huff >>>=20 >>>=20 >>=20 >> -- >> Doug Huff >>=20 >>=20 >>=20 >> = --------------------------------------------------------------------------= ---- >> All of the data generated in your IT infrastructure is seriously = valuable. >> Why? It contains a definitive record of application performance, = security >> threats, fraudulent activity, and more. Splunk takes this data and = makes >> sense of it. IT sense. And common sense. >> http://p.sf.net/sfu/splunk-d2d-c2 >> _______________________________________________ >> Bitcoin-development mailing list >> Bitcoin-development@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/bitcoin-development >>=20 >>=20 --=20 Doug Huff --Apple-Mail-1-247785327 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIKXDCCBN0w ggPFoAMCAQICEHGS++YZX6xNEoV0cTSiGKcwDQYJKoZIhvcNAQEFBQAwezELMAkGA1UEBhMCR0Ix GzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBwwHU2FsZm9yZDEaMBgGA1UECgwR Q29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMMGEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczAeFw0w NDAxMDEwMDAwMDBaFw0yODEyMzEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQx FzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsx ITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1UEAxMtVVROLVVTRVJGaXJz dC1DbGllbnQgQXV0aGVudGljYXRpb24gYW5kIEVtYWlsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEAsjmFpPJ9q0E7YkY3rs3BYHW8OWX5ShpHornMSMxqmNVNNRm5pELlzkniii8efNIx B8dOtINknS4p1aJkxIW9hVE1eaROaJB7HHqkkqgX8pgV8pPMyaQylbsMTzC9mKALi+VuG6JG+ni8 om+rWV6lL8/K2m2qL+usobNqqrcuZzWLeeEeaYji5kbNoKXqvgvOdjp6Dpvq/NonWz1zHyLmSGHG TPNpsaguG7bUMSAsvIKKjqQOpdeJQ/wWWq8dcdcRWdq6hw2v+vPhwvCkxWeM1tZUOt4KpLoDd7Nl yP0e03RiqhjKaJMeoYV+9Udly/hNVyh00jT/MLbu9mIwFIws6wIDAQABo4IBJzCCASMwHwYDVR0j BBgwFoAUoBEKIz6W8Qfs4q8p74Klf9AwpLQwHQYDVR0OBBYEFImCZ33EnSZwAEu0UEh83j2uBG59 MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggr BgEFBQcDBDARBgNVHSAECjAIMAYGBFUdIAAwewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5j b21vZG9jYS5jb20vQUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwu Y29tb2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDARBglghkgBhvhCAQEEBAMCAQYw DQYJKoZIhvcNAQEFBQADggEBAJ2Vyzy4fqUJxB6/C8LHdo45PJTGEKpPDMngq4RdiVTgZTvzbRx8 NywlVF+WIfw3hJGdFdwUT4HPVB1rbEVgxy35l1FM+WbKPKCCjKbI8OLp1Er57D9Wyd12jMOCAU9s APMeGmF0BEcDqcZAV5G8ZSLFJ2dPV9tkWtmNH7qGL/QGrpxp7en0zykX2OBKnxogL5dMUbtGB8SK N04g4wkxaMeexIud6H4RvDJoEJYRmETYKlFgTYjrdDrfQwYyyDlWjDoRUtNBpEMD9O3vMyfbOeAU TibJ2PU54om4k123KSZB6rObroP8d3XK6Mq1/uJlSmM+RMTQw16Hc6mYHK9/FX8wggV3MIIEX6AD AgECAhEA3puo39RJhNVx/ssfdXafbjANBgkqhkiG9w0BAQUFADCBrjELMAkGA1UEBhMCVVMxCzAJ BgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVT VCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xNjA0BgNVBAMTLVVU Ti1VU0VSRmlyc3QtQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBFbWFpbDAeFw0xMTA1MDEwMDAw MDBaFw0xMjA0MzAyMzU5NTlaMCUxIzAhBgkqhkiG9w0BCQEWFGRodWZmQGpyYm9iZG9iYnMub3Jn MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ZPhVmPPoaj999EiZAp6e/giHUrh0Pq2 /LjCFtVgP7clqtoStYyz7i9LojgmRqKu6cswpltUICp+rRskK6ISYRYkNf9w587D2xtqHVVjmoH8 afW/B0db4v+wC7wjzh+hFlXZ3q7sZApMqsFgAS3mdF+iEe5nNt9kGD7OhNlVimvNqcpIhJhRBhpW 7vi7/Rt8uVciDOYVARJq7Tb1zZe88wTFkVri075/nFYfikCgU3GccxvcnR9QwC7xoyGFtE/z8qjv 1h1Tn+eS7eEYQveQxMFNnEPHfoihpiSQpQUzEAJK96dwj8ED2CXtNpV6pQ9PCu2HWjXIVpZj+YNN eOSRbwIDAQABo4ICFjCCAhIwHwYDVR0jBBgwFoAUiYJnfcSdJnAAS7RQSHzePa4Ebn0wHQYDVR0O BBYEFGBmA3ruGdgBmCodBzi9QrRBvjz/MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMCAG A1UdJQQZMBcGCCsGAQUFBwMEBgsrBgEEAbIxAQMFAjARBglghkgBhvhCAQEEBAMCBSAwRgYDVR0g BD8wPTA7BgwrBgEEAbIxAQIBAQEwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2Rv Lm5ldC9DUFMwgaUGA1UdHwSBnTCBmjBMoEqgSIZGaHR0cDovL2NybC5jb21vZG9jYS5jb20vVVRO LVVTRVJGaXJzdC1DbGllbnRBdXRoZW50aWNhdGlvbmFuZEVtYWlsLmNybDBKoEigRoZEaHR0cDov L2NybC5jb21vZG8ubmV0L1VUTi1VU0VSRmlyc3QtQ2xpZW50QXV0aGVudGljYXRpb25hbmRFbWFp bC5jcmwwbAYIKwYBBQUHAQEEYDBeMDYGCCsGAQUFBzAChipodHRwOi8vY3J0LmNvbW9kb2NhLmNv bS9VVE5BQUFDbGllbnRDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNv bTAfBgNVHREEGDAWgRRkaHVmZkBqcmJvYmRvYmJzLm9yZzANBgkqhkiG9w0BAQUFAAOCAQEAj/Ck hfsc3p7aoCSIMGOTVBzBjJBtCwWTUF1d/pnJ7ynWCiEOypIGGe0im5+Y1WH8+fVNgIwlifRSoZ1R oloxXRuqiraKCevG5OC41Evkp67HmrrhlerLxUvoKLg7sDWfYtmQ24whfYEsd3Fm2u6KxoXboyyb fdDhl5BLhWy+5kHHlIaoZjUoHHXOMuOZdhreIcJI54+wehddzwtdrhF0h2KUTm3tvA0e2kTX4Kzz 3JWIzFSsCmTdTx2UdiOBJmWZ8dgdskOSKRYByvSBT+/BsbF+JbJcjCHqDiEmmXQeTNuRDYeCPfkq /HRSrEZMi/RORls1HSA79IOXjvj8RkAKyDGCA/8wggP7AgEBMIHEMIGuMQswCQYDVQQGEwJVUzEL MAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRS VVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1UEAxMt VVROLVVTRVJGaXJzdC1DbGllbnQgQXV0aGVudGljYXRpb24gYW5kIEVtYWlsAhEA3puo39RJhNVx /ssfdXafbjAJBgUrDgMCGgUAoIICDzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3 DQEJBTEPFw0xMTA2MjgxMzI0MjdaMCMGCSqGSIb3DQEJBDEWBBR80oxO3w70uNw+LMRUybfvQdND QTCB1QYJKwYBBAGCNxAEMYHHMIHEMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAVBgNV BAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNV BAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1UEAxMtVVROLVVTRVJGaXJzdC1DbGll bnQgQXV0aGVudGljYXRpb24gYW5kIEVtYWlsAhEA3puo39RJhNVx/ssfdXafbjCB1wYLKoZIhvcN AQkQAgsxgceggcQwga4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVVDEXMBUGA1UEBxMOU2FsdCBM YWtlIENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEhMB8GA1UECxMYaHR0cDov L3d3dy51c2VydHJ1c3QuY29tMTYwNAYDVQQDEy1VVE4tVVNFUkZpcnN0LUNsaWVudCBBdXRoZW50 aWNhdGlvbiBhbmQgRW1haWwCEQDem6jf1EmE1XH+yx91dp9uMA0GCSqGSIb3DQEBAQUABIIBANiZ 0faUyN3Tbgw2uMTvOrTp9jLYH7CzoiX3KhD9SRHQmR0Hx2K4IKInd7oC0/Qk6Zp/Fs04ZEOUtnas SE+NFJr7bulyX/mScND0RvNcpCOw9rylPcHzBYjJMDlBxgndp6+8wlrI96fEt1jHc5zrLKhtpGC4 uZKzHELoZdHM64axEKvKieqLBYWpBGMuXGDiM31NWZ3tA2UbM9RkQ/EAhNO2B4Dh/Bdvm0swEEtG Vamx1EUnbShATk577XnJfcaQQ40e/iIoFmbK1EnOsOhU+U1LF8BmT9ENN39UIji9qvWKalCrek+f qTZK4mczrT9gWX5DuQIswkjFS72ezdlXEkcAAAAAAAA= --Apple-Mail-1-247785327--