Hacker News new | past | comments | ask | show | jobs | submit login

>>The company was too reluctant at patching the exploit until they knew it was too late

Did they give Snapchat enough time to fix this before releasing this data?

NOTE: I've heavily edited this comment because when I first read the website I thought snapchat ignored the people who found an exploit but re-reading, it's no longer clear to me that releasing this data is not pure malice.

NOTE2: The link from couchdive's comment makes this more interesting - http://www.zdnet.com/researchers-publish-snapchat-code-allow... - but still, the webpage hosting the data said the exploit was fixed, so it wasn't ignored, so... I don't know what the purpose of releasing this data was.





Why would you donate to these people? Because they're hurting Snapchat users? What is wrong with the people posting in this thread like this is some kind of good thing? Real people can be hurt by this.


Maybe no one would ever send him snaps. Either Way I find it more disturbing that an address he claims to own [1] is on this list [2]

1. https://news.ycombinator.com/user?id=smtddr

2. https://github.com/mikispag/bitiodine/blob/master/classifier...


Um, I just want to say that I have _NO IDEA_ why my BTC address is on that list and I've never seen this git URL before in my life. That BTC address is my deposit address on BTC-e.com. This address has only ever received 2.25 BTC[1] and this was purchased fair & square from coinbase.com[2] with my hard-earned USD. I really do not know what in the world is going on or who put my BTC-e.com address on this alleged cryptolocker's known list. I have absolutely nothing to do with that software.

Pardon me while I go to BTC-e.com and have it generate a new address. I don't need to be getting mixed up in this.

1. https://blockchain.info/address/19ukXViVqQ2pVg63aeTmMNv6TBEZ...

2. http://i.imgur.com/6EKJvX9.png


Well, word to the wise, don't use BTC-e as a wallet.


I would have found it quite amusing/scary to suddenly see some huge balance on my account. BTC-e.com sends emails for any account activity and I haven't seen anything I didn't cause. Also, BTC-e.com is just too convenient not to use for now. It's the quickest way for me to get litecoin until coinbase.com supports it.


Did the snapchatdb.info guys change the donation address? Its now reporting as 1M7rREovDkdEh4mZrYNgcj1FECRknFLuRz

They have already got $1USD for this. https://blockchain.info/address/1M7rREovDkdEh4mZrYNgcj1FECRk...

When i first read your post smtddr i got worried we had a collision! Ive found the quality of blockchain auditing in 2013 highly inaccurate. I recently bring attention to the case recently on reddit where someone 'chased' the SMP thief through a tumbler and found... the 96k wallet allegedly owned by btc-e. Its a shame if a non published address of yours has been tainted in someones inaccurate blockchain analysis.


w-ll was talking about the original BTC address in my profile being on the known list for cryptolocker. The same address I linked to in my reply to her/him. When you say "we", who are you?

Also, that whole reddit thread about chasing the SMP stolen coins I thought was too hard to actually pull off. For example, I use coinbase to buy BTC, to send to BTC-e.com, to buy Litecoins and ultimately store them in the offline address that's in my HN profile. Can anyone show me the blockchain.info URLs that would prove my actions? If the SMP people changed coin-types, that's how it'd end up on BTC-e.com's wallet. In fact, maybe that same flawed logic is how my BTC-e.com address ended up in that list - capturing addresses that BTC-e.com uses for its customers or internal operations.


Please consider corresponding with the author of the Github repo to see if they can figure out why that address was included in the list.

Based on the page for that tool ( http://miki.it/articles/papers/#bitiodine ), it looks like they would be interested to know of the failure.


And done... https://github.com/mikispag/bitiodine/issues/3

This whole incident reminds me of Reddit doxxing. This could have ended up much worse for me. I'm just glad I found out this way instead of the police requesting info from Google about my youtube account and gmail inbox then busting down my door in the middle of the night.


Just to hoist things up thread, all your link boils down to is the software you link using a very inclusive heuristic (something like the size of a transaction with BTC-e).

So this particular 'accusations.txt' doesn't mean very much.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: