1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
helo=mx.sourceforge.net)
by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <odinn.cyberguerrilla@riseup.net>) id 1WCen1-0002GZ-AD
for bitcoin-development@lists.sourceforge.net;
Mon, 10 Feb 2014 00:31:59 +0000
Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of riseup.net
designates 198.252.153.129 as permitted sender)
client-ip=198.252.153.129;
envelope-from=odinn.cyberguerrilla@riseup.net;
helo=mx1.riseup.net;
Received: from mx1.riseup.net ([198.252.153.129])
by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:AES256-SHA:256)
(Exim 4.76) id 1WCen0-0002kX-18
for bitcoin-development@lists.sourceforge.net;
Mon, 10 Feb 2014 00:31:59 +0000
Received: from fulvetta.riseup.net (fulvetta-pn.riseup.net [10.0.1.75])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "*.riseup.net",
Issuer "Gandi Standard SSL CA" (not verified))
by mx1.riseup.net (Postfix) with ESMTPS id 0A872512E8;
Sun, 9 Feb 2014 16:31:52 -0800 (PST)
Received: from [127.0.0.1] (localhost [127.0.0.1])
(Authenticated sender: odinn.cyberguerrilla@fulvetta.riseup.net)
with ESMTPSA id C38D217B
Received: from localhost (127.0.0.1)
(SquirrelMail authenticated user odinn.cyberguerrilla)
by fulvetta.riseup.net with HTTP; Sun, 9 Feb 2014 16:31:51 -0800
Message-ID: <e7fa1100d6d6077002a3c04f4fbf0f49.squirrel@fulvetta.riseup.net>
Date: Sun, 9 Feb 2014 16:31:51 -0800
From: "Odinn Cyberguerrilla" <odinn.cyberguerrilla@riseup.net>
To: unsystem@lists.dyne.org
User-Agent: SquirrelMail/1.4.21
MIME-Version: 1.0
Content-Type: text/plain;charset=utf-8
X-Priority: 3 (Normal)
Importance: Normal
X-Virus-Scanned: clamav-milter 0.97.8 at mx1
X-Virus-Status: Clean
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.1 (--)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/,
no trust [198.252.153.129 listed in list.dnswl.org]
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 SPF_PASS SPF: sender matches SPF record
-0.6 RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay
lines
X-Headers-End: 1WCen0-0002kX-18
Cc: bitcoin-development@lists.sourceforge.net
Subject: [Bitcoin-development] Malware authors and best practices for
addressing the issue from development / licensing perspective or other
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Mon, 10 Feb 2014 00:31:59 -0000
Hello,
I have a request, which is how do developers address the circumstance in
which someone utilizes your code as part of some effort to deprive (or
steal as the case may be) someone of their bitcoin?
This hasn't happened to me, but I have posed a question about it at
bitcointalk:
https://bitcointalk.org/index.php?topic=3D454903.msg5045596#msg5045596
It was prompted by the apparent use of sx by a malware author who then
generated something called Stealthbit (which is malware, and which no-one
should touch). [fortunately I have not tried to access or use
Stealthbit.) However, this is a question that also touches on bitcoin
development generally, due to that (it's happened before, it will happen
again, etc.) people may end up using bitcoin code (if they haven't
already) to develop something else that would then be used expressly to
deprive someone of their bitcoins (such as steal them, but I am not
thinking only of theft here). My question for developers is: Given that
code is open source and anything can be done with it, good or bad, what
are common development approaches to mitigate or potentially prevent
malware authors from being able to easily appropriate the code you
develop?
I realize this question may sound dumb and out of place being that it is
pretty obvious that code which is developed in a free, open source contex=
t
can technically be used for anything. However, beyond suggesting that
people just go to bitcoin.org for wallet technology, what can be done in
the development community that would lessen the likelihood that the code
you develop might be "misappropriated?" Please note: I am not sure how
this issue might be approached from a development perspective, or license
(MIT, Affero GPL, etc.) perspective, or any other perspective.. I'm just
asking the question. I support bitcoin and other decentralized currency
efforts including walled development such as darkwallet, and I appreciate
what you all are doing. Maybe I'm asking the wrong question and it shoul=
d
be put another way, but I hope you will rephrase my question(s) in a way
that makes more sense in the context of the list discussion here.
Thanks for your work.
|
