Silk Road Forums

It would take a pretty clever primary school kid to navigate the Tor network, purchase BTC, understand the escrow process, and finalizing an order.

At some point, you would have to blame the parents.

DOX!!!

Nice try, mate. I use Pandora myself.

Right because if we all are just really really quiet, the BBC and VICE will think we just went away...

The mods may or may not have the ability to fix it. I would imagine DPR would need to take care of it. In the meantime, there is no harm is letting the mods know so you don't get banned, running your script and attempting to brute force your own account. It is simple vuln testing.

Quote from: ManInTheMirror on November 09, 2013, 07:47:20 am

Quote from: Artist on November 09, 2013, 07:40:33 am

Quote from: ManInTheMirror on November 09, 2013, 07:23:48 am

I just wanted to say that there is no reason to panic.
The PGP verification seems to work as it is meant to be, the problems had been with the activation of this feature.
There are many things which determinate how easily you can bruteforce the password, that is why I said it is a point to argue about.

I doubt the market will be ready today and I see this stage more as a beta. So calm down, it is good if bugs are found now and I bet everyone will be advised to change his password before anything could be compromised.

I certainly agree that this is no reason to panic, though I do think it is a great reason to be cautious and more importantly CONCERNED.

The administration made a huge point of stating their belief that it is the user's responsibility to maintain their own personal security. I strongly disagree with this sentiment, though I still accept it. However I start to question this acceptance when it seems like there are issues left and right with the seemingly arbitrary security features they DO decide to provide. They give users the option to essentially fuck themselves over on important security that could land them in jail, but offer up or force security features through the website that are not nearly as vital.

Just some semi-relevant food for thought on the topic of security as it relates to the topic at hand.

Artist

I agree with you and I think you should test your script. There is no difference if you are doing this now with good intend or someone will run it to harm the market. Maybe you shouldn't test it on your own account as we don't know what will happen to an account with numerous false login.

I don't think there is much to gain out of testing it besides a potential ban. Even I did test it, I would not ethically be comfortable posting the results. If the results were bad news I wouldn't want to inspire "evil opportunists". Anyone that is curious should do so without posting before hand like I have. I just wanted to make it known that it is possible and remarkably easy to write a script that will test and see if there are any rate limiting factors and bruteforce if there are none.

For reference, I ironically opted to write the script in my language of choice: javascript

Artist

Just message the mods to let them know you are doing it and enable Javascript while it is underway. If you can do it to test security, LE can do it to break it...

The author issued an apology and redacted the word "fiending".

SRFilm - Care to comment?

I thought DPR stated on these forums that he refused to work with VICE after an incredibly rude article was written about the road on the 5th.

I could not reproduce this on my surface. After hitting the timeout, a simple tap on the screen brought the site right back without the need to refresh.