IOTA

Security Researchers have rules about responsible disclosure, my dude.

At least if they want to not ruin their career

Quick rundown?
t. brainlet

>get someone to send you any amount of money(say, 10 miota or whatever the retarded unit is)
>replay that transaction which sends 10 miota from them to your address over and over, draining their wallet
It's that simple.

silver lining at least:

"Recommendation
All that needs to be done to fix this is keep track of the unique hash of each signed transaction bundle. With this information make a rule that the same bundle hash cannot be used twice within a subtangle.

Conclusion
As it stands at the time of writing IOTA has a security vulnerability consisting of replaying old transactions. It can be easily fixed as suggested in my recommendation."

To clarify, the vulnerable bit is that you don't need to prove ownership of the coins in order to replay the transactions, and the Coordinator™ doesn't check if that set of transactions(the subtangle technically) has been added to the tangle before.

Shouldn't it be crashing rn?

>The coordinator will repeatedly approve the same bundle hash over and over. This means that while you may have signed a transaction to send 500 Miota it can be attached to the network 10 times draining the account of 5000 Miota.

You can force the iota "coordinator" to send transactions over and over. So, if you receive IOTA from a person once, you can steal everything from them, probably?

The worst case would probably be that someone could rob an exchange of all their iota if you can replay transactions from their cold wallet, to their hot wallet, to your own wallet. I don't know much about iota though.

I wonder if this can drain exchanges

You cant use the same address twice when sending funds. This is intentional. It is what makes Iota quantum resistant. It has been knowm about forever, it is not new news or a discovered bug. It is being pushed today because the CDO of Volkswagon just announced how deeply they are integrating Iota. Pic related.

If it could, it would've happened already. It's FUD time again. Guess what got announced today? Official VW partnership by the CTO of VW in cooperation with Bosch. What a convenient time to announce huge security vulnerabilities, huh!

> the set of people who can perform and discover these kind of attacks
> which are slightly above amateur level
> are not in the set of people who can launder the stolen money
> are not in the set of people willing to steal money even if its so easy

>Decision to Publish
>The decision to publish this report publicly without first fully reaching out to the IOTA foundation was not taken lightly, however I decided to based on the following reasons.
>The IOTA foundations response to the MIT-DCI report, specifically Come-from-Beyond’s attitude (that he himself will occasionally categorize as trolling). As recently as saying they have "lawyers working on that already" calling their report fraud. I'm unsure if that is more trolling, but I would rather just post my thing here than dealing with any of that.

He didn't want to deal with their autism

Also
>I'm not a real trained programmer as you can probably tell from by github here. I would descibe myself as a sripter only.

as if car industry is known for their strong security and development in cryptocurrencies

the only good thing VW knows is how to cheat together with Bosch

this. IOTA is a piece of shit and has been proven so many times.

volkswagon and iota has already been in bed and the price is already priced it. It has been known about forever, it is not new.

forbes.com/sites/montymunford/2018/01/23/volkswagens-chief-digital-officer-joins-cryptocurrency-iota-foundations-supervisory-board/#45faf4996fd6

That was my point. Though responsible disclosure does not mean he can't profit in some other way.

Think of every iota transaction you make with your friends as a tree where each branch is a transaction between 2 people.

Normally for you to see if your friend has enough money to pay you after he paid his other friend, you have to walk over to the branch that has the data between your friend and his friend.

Now imagine my friends and I have transactions between ourselves too on a different tree. how do you know I have enough money to pay you after I paid my friend especially if my tree is 100m away from yours and the branches dont touch?

The awnser is a bundle. the bundle contains about my tree letting your tree know about payments and that went down in my tree. its essentially a connection between the 2 graphs at that point in time.

Think of the bundle as a branch that temporarily touches between the 2 trees updating the other tree from time to time.

The problem here, is that if I send some IOTA and a bundle was required. that bundle can be sent 4 more times and isnt verified.

if that bundle contained information on me sending 100 IOTA to my friend, it will incorrectly let your history think I have less IOTA than i really do.

It will also make you think the guy i sent the money to has 400 more IOTA than he actually does. He can then pay you with non existent money.

its literally creating money from thin air.
pretty bad.
you can also do shit like empty accounts if that happened and you are replaying the empty action.

>multibillion dollar businesses publicly declaring at an industry mega conference they will work with a cryptocurrency are the same as biz knowing things

Just saw this bug this guy found:
github.com/iotaledger/iota.lib.js/issues/180

YIKES.
I wonder if we can find more errors like this in other coin projects.

hows your XRB coins boys ?

>github.com/iotaledger/iota.lib.js/issues/180

No, other coin projects are not made by self-endorsed ego-maniacs
Besides Nano, and many other shitcoins.

ETH, BTC, BCH, ADA, XLM, are serious coins the rest is really shit like this.

>Advantages for the automative industry
>Feeless
>Quantum resistant

Ummm why do combustion engines on wheels need decentralised quantum resistant packet transmissions?

lol calling bcash a serious coin

too bad you don't own any ven, sorry

did anyone actually read this lol

It only affects you if you reuse an address. All spare change is moved to a new address so if you never reuse an address there should be nothing to "replay". Address reuse also results in other security shortcomings, this is nothing new.

i agree that the devs are still retarded though
>trying to get partnerships
>half-assed wallet still has no seed generator
>no address reuse protection
>no warnings about address reuse being risky after snapshots

devs should've pumped their coin AFTER they released trinity not afterwards this is fucking brainlet-tier behavior

That deranged face and desperate body language.

so somebody could drain an entire exchanges wallet. could be what happened with that italian exchange eh? or am i confusing things?

shut up blockstream pleb

all of you faggots saying iota is shit are absolutely fucking retarded lmao

>you cant short that shit anyways
You can short using CFDs on plus500.

Can't you short it on Bitfinex too? I know for sure that you can lend it out, so there have to be leveraged positions too.

This truly is the level of BitGrail.
Embarrassing. Truly embarrassing.

>why do government controlled death machines need ecentralised quantum resistant packet transmissions?

wolframalpha.com/input/?i=x * y = z / \iota

You guys are aware that IOTA is simply keeping all of its code 'internal' and allowing everyone to throw whatever abuse they want at it.

Then when they 'decentralize' or unhook the chainblock it will literally be bulletproof.

IOTA is using society and other 'crypto attackers' to secure their own service because humans love acting like 'I am so superior for disrupting a service'.

Whereas we all know that cryptocurrencies are just pointless 'units of trust' that we agree on by virtue of 'is this the right terminal, and am I the right user?'

Because that's all we care about as humans.

"Is this the right terminal to achieve human desire X?"
"Am I the right user at this terminal to achieve my human desire of Y?"
X * Y = Z / IOTA

You guys will never be able to beat maths, and IOTA is based on this amazingly simple mathematical truth.

2

>t. cfb
when moon

2018年3月1日(北京時間07:01)

The Alexa/Google Home cascade will occur in 2018 due to all the 'vocal' commands.

Mathematically speaking 'iota' is the shortest vocal message you can give that is 'three' syllables, but with the 't' having a predefined pronunciation always.

IOTA means 'half of self', so obviously the crypto that keeps halving itself will 'supermoon'.

Pluto will become a planet once more this crypto-contract will blow everyone's brains out.

IOTA is da wae to da wata.

Love you user.

wolframalpha.com/input/?i=\iota 1/2 \phi \pi

As you can see, Pi, the golden ratio, and my mathematical constant IOTA stays snugly above the number 2 forever.

2 infinity and IOTA!

數學提交碘白痴音

IOTA /“絲毫”=可擴展爆炸!

Replay attacks = Mathematical congruence testing.

Countering initial crypt blocks now.

[Restate] Bitcoin

IOTA = Internet Of Things Aggregation Blockchain

IOTA =物聯網聚集Blockchain

Linguistic conflicts removed.

Chinese/China/Asian languages are now tethered to Bitcoin.

English subsumes IOTA, Call name Simon (Mathematician); S. Vagus (Nobel Prize Winner: Literature).

All experiments successful.

Secondary candidate required for twin-prime isolate.

Verify: Jacinta Alice Richardson (Bureau of Meteorology; Software Architect & Senior Engineer).

The BOM super computers are now primed for IOTA tangle.

BOM computational speed QUEUE length, Lambda IOTA Execution.

158 IOTA ^ $50,000 = 個-美元

1 IOTA = $99,999

Scalar Weather Overlay Latitude Estate.

All initial purchasers pre-moon phase are complete.

Simon confirms. Jacinta confirms.

Stephen Hawking confirms.