Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1WCxt3-0008Pi-2k for bitcoin-development@lists.sourceforge.net; Mon, 10 Feb 2014 20:55:29 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.215.44 as permitted sender) client-ip=209.85.215.44; envelope-from=gmaxwell@gmail.com; helo=mail-la0-f44.google.com; Received: from mail-la0-f44.google.com ([209.85.215.44]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1WCxt2-0005hd-BZ for bitcoin-development@lists.sourceforge.net; Mon, 10 Feb 2014 20:55:29 +0000 Received: by mail-la0-f44.google.com with SMTP id hr13so5258895lab.31 for ; Mon, 10 Feb 2014 12:55:21 -0800 (PST) MIME-Version: 1.0 X-Received: by 10.152.88.82 with SMTP id be18mr23365923lab.3.1392065721755; Mon, 10 Feb 2014 12:55:21 -0800 (PST) Received: by 10.112.198.34 with HTTP; Mon, 10 Feb 2014 12:55:21 -0800 (PST) In-Reply-To: References: <52F92CE3.7080105@olivere.de> Date: Mon, 10 Feb 2014 12:55:21 -0800 Message-ID: From: Gregory Maxwell To: Tier Nolan Content-Type: text/plain; charset=UTF-8 X-Spam-Score: -1.6 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (gmaxwell[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1WCxt2-0005hd-BZ Cc: Bitcoin Development Subject: Re: [Bitcoin-development] Malleability and MtGox's announcement X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Feb 2014 20:55:29 -0000 On Mon, Feb 10, 2014 at 12:47 PM, Tier Nolan wrote: > If the attacker has a direct connection to MtGox, they can receive the > transaction directly. MtGox had a php script that returned base64 data for all their stalled transactions. Not just attackers used that, some people trying to unstick their transactions tried manually fixing them with honest intent and no idea it would potentially confuse mtgox's software.