Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Dread Pirate Roberts

Pages: 1 2 [3] 4 5 ... 18
31
Bounties / [$3,000/Week] Penetration Testers / Hackers [OPEN]
« on: December 07, 2013, 07:21:26 pm »
Reports to: Dread Pirate Roberts
Remuneration: Up to $3,000/week + performance bonus

Summary:
We are seeking a highly skilled penetration tester/hacker who can work with the development team to find new exploits within the site and any other security problems. The selected candidate does not receive developer access but will be expected to return weekly reports on what actions they have taken to fulfill their role and also immediately notify developers of any arising security concerns. You may also be occasionally asked to work on other projects outside the market and forum as the administrators require.

Apply to: Dread Pirate Roberts. Please include what experience you have, a reasonable estimate of your skills and any analysis you have already performed on this site or any other black market. Applications sent without your professional analysis of Silk Road will be ignored as that is the only opportunity for us to see your level of competence within the field.

ID Check: No

Time Demands: 4-8 hours per day

Closing Application Date: Ongoing

32
Silk Road Discussion / Multi-signature Transactions & The Nature of Markets
« on: December 07, 2013, 05:54:08 pm »
This point has come up a lot recently and although I do not intend to get into any great detail on the subject in public, I do need to highlight some issues which this single suggestion encompasses well. Some of the points I wish to raise are similar to what would be discussed between staff and the very highest echelons of Silk Road when we consider new ideas.

I'm not aware of who first suggested it, but there is word spreading that multi-signature addresses are somehow the holy grail on online markets and that it would stop bugs, thefts and problems faced from law enforcements, but this severely overlooks a lot of the practical problems we face as an online market. Yes it is true that it is theoretically more secure than the current bitcoin system as it is backed by strong crypto - but in practice it does not convert so well given steps must be taken in addition to usual market practices.

Right now, as an approximate market figure, PGP uptake is between 8% and 12% (unknown reason for fluctuations but US timezones have the lowest PGP uptake of all). PGP is a relatively straight forward step towards protecting your privacy and as far as the learning curve goes, it is certainly below that of learning to sign multi-signature transactions. So the evidence right now to suggest implementing the idea would be more beneficial than harmful is not true as we find preventing customers from having an easy to use interface will drive them to other markets, ones which are usually less secure and less trustworthy as we have seen with Sheep marketplace. Do not forget, Sheep was cast the eye of doubt when it first come about but because it was an easier to use interface, it took the lions share of the market above Black Market Reloaded which has a long and stable history.

Another concern highlighted by my fellow staff is that to sign a transaction you have two options - local storage or remote services. Remote services would negate the point of the implementation so for this we shall disregard that consideration leaving us with local storage. If a person was to have their hardware seized, holding a bitcoin wallet will then tie you in to the block chain which cannot be concealed and is certainly one of the strongest pieces of evidence which could be presented against an individual. This risk can be significantly mitigated through the use of encryption layers but to the average user it is unlikely they would take such measures and so we are only actually leaving more evidence in less secure places.

Multi-signature transactions will also mean the transaction must be known to all 3 parties and therefore the bitcoin trail faces increased exposure. Silk Road operates and protects users by making it impossible for one party to identify which deposit or withdrawals belongs to which buyer or vendor, something not possible with multi-signature transactions. It could be argued that mixing services may be employed to mitigate such risks but our research has shown only a fraction of users actually mix their bitcoins effectively before placing them into our system and so I have no confidence in such a setup as it provides further evidence for "honeypot vendors" should they ever be set up looking to arrest buyers, and it further prevents lazy vendors from being caught if they do not take the proper precautions. Most users do not mix their bitcoins, but an even smaller user share is those who mix their bitcoins without a single point of failure (ie use more than 1 company/service to mix them) and so if law enforcement were to gain leverage over a mixing service or continued their program of illegally tapping into such services (a credible threat) then this brings the risk of huge exposure for tens of thousands of users.

I hope this has helped clarify at least some of the reasons the administration is reluctant to implement this suggestion in its current form. We do have some ideas to counter some of the above ourselves, but even with that it is difficult to see this as a step in the right direction just yet. We are all for making use of proven technology, but at the same time we must make it as accessible as possible to not drive away those who aren't comfortable with it just yet.

33
Security / Re: i2p's "themarketplace" is the most secure marketplace on the darknet
« on: December 06, 2013, 01:03:12 pm »
In some ways Loki you are correct, but you have made some very dangerous and illogical conclusions in saying so.

Silk Road will not be hosted on i2p for the foreseeable future for a number of reasons and we have already (in private) placed Silk Road on i2p for testing reasons before removing it. The issue with i2p right now is that it has no thorough research into it. Only two years ago Tor hidden services were believed to be very secure but once funding was thrown into proper research then a large number of attacks were uncovered - i2p has not had this attention and it is a poor step to assume because none have been publicly disclosed that none exist.

i2p is more ideal than Tor for peer to peer applications since that is the foundation of the network whereas Tor was designed to serve content to clients. Identification that you are a part of the i2p network is significantly easier than identifying users of the Tor network due to the peer to peer nature of it, all i2p users are in essence relays and so their IP is publicly available to connect to. However such a system makes traffic analysis against a server significantly easier.

i2p is designed to give users more protection than tor due to the relay to user ratio being significantly higher, but this comes at a cost of the traffic analysis risk. There is no chance any successful market such as Silk Road could run on i2p in it's current state and probably would be unable to do so without at least 40-50 other major services with an equal or larger sized userbase and in my view, at least x50-100 the current users. This is the primary reason behind our decision not to move onto i2p as it is far too small to host major services like ours.

We must remember, user security is imperative and right now Tor and i2p both provide similar levels of security to the end user, but the main target of any law enforcement attack will be the server of the service and the operator since it is more resource efficient to catch a central larger source of information than to chase individual users over theoretical network attacks. Let us not forget right now to our knowledge Tor is still safe and I personally believe with small improvements we can further protect the network, all attacks to date have hit the coding of the services targeted, the operators of the service or delivered an exploit through the user interface; none of which are network based flaws but human ones.

Silk Road is committed to protecting our network and we have actually already started to put relays online to help expand and improve Tor:
https://atlas.torproject.org/#search/SilkRoad

34
Silk Road Discussion / Re: SR2.0 vendor fees
« on: December 06, 2013, 12:04:27 pm »
Above posters: Thank you for pointing this out, we've found the problem (trivial one) and will push it out at next launch. Item pricing is currently set yes so we've just swapped the formula.

35
Silk Road Discussion / Re: Withdrawals Disabled For 1 Hour (Extended - Update)
« on: December 06, 2013, 09:25:49 am »
Withdrawals have now been re-enabled. Even if a person now takes over our entire server your bitcoins are secure.

36
Silk Road Discussion / Re: List of mods?
« on: December 06, 2013, 09:21:03 am »
Defcon is an administrator here and does not work in any public roles, he/she is one of the staff on Silk Road you generally do not see as all their work is directly with me and other staff only.

37
Silk Road Discussion / Re: List of mods?
« on: December 06, 2013, 04:19:30 am »
Administrators:
Dread Pirate Roberts
Defcon

Global Moderators:
Libertas
Synergy
Cirrus
Inigo
Sarge

Newbie Guide:
ChemCat

38
Silk Road Discussion / Re: SR2.0 vendor fees
« on: December 06, 2013, 02:54:28 am »
Fees are cumulative. So after a $300 and a $200 sale, another $200 sale would only pay 6%. $20,000 is a low amount for vendors on Silk Road to reach.

$0-$499: 8%
$500-$4,999: 6%
$5,000-$9,999: 5%
$10,000-$19,999: 4.5%
$20,000+: 4%

39
Silk Road Discussion / Withdrawals Disabled For 1 Hour - FIXED/ENABLED
« on: December 06, 2013, 02:23:40 am »
Withdrawals have been disabled, this should last approximately 1 hour whilst we conduct investigations surrounding the Black Market Reloaded hack to ensure it cannot be used against Silk Road. We will also take a measure to prevent the server holding more bitcoin than is needed immediately so even if we do suffer a loss, it will only be me who loses money. We take your security and money very seriously and feel you should not be made to bare the loss in the event SilkRoad does ever suffer such an attack.

UPDATE 1: We have found something of interest and have penned a whole host of ideas we are implementing now so we have decided to extend the time withdrawals are disabled as a matter of precaution. If we find this to take too long (more than 12 hours) we will temporarily open withdrawals again so not to cause too much trouble. Thank you for your patience with us and here is to a secure future.

UPDATE 2: Issues have been resolved and new security measures are now in effect. Withdrawals are now enabled.

40
Silk Road Discussion / Re: Imformative Freedom
« on: December 05, 2013, 11:06:10 pm »
Your topic was moved, not deleted: http://silkroad5v7dywlc.onion/index.php?topic=6470.0

EDIT: It has been moved back, there was a mistake it classifying the location of the topic.

41
Silk Road Discussion / Withdrawals & Deposits
« on: December 05, 2013, 05:25:06 pm »
I am aware some users (1%>) are having some issues with depositing or withdrawing their bitcoin, as well as random missing funds which is later re-credited and randomly low account balances. We are aware of the problems and we are looking into it but it is not a high priority issue, funds are not permanently changed or go missing so if this happens please wait a few hours and give the system time to sort itself out as we believe this is the result of expanding our infrastructure and the bitcoin process may be struggling to keep up with all the new deposits and bitcoin activity now that active connections and bitcoin commands have exceeded that of the first market already.

42
Newbie Discussion / Please place all "Spam to 50" posts here
« on: December 05, 2013, 12:00:15 pm »
Please keep the rest of the board tidy.

43
Silk Road Discussion / Planned Forum Downtime - 12/5/13
« on: December 05, 2013, 02:46:08 am »
Some time during the 5th we will experience a downtime which could last from 30 minutes to 2 hours. We have no fixed times for this yet.

44
Silk Road Discussion / Re: The $1,000 winner and $2,500 winner both have 1 post... really?
« on: December 04, 2013, 11:54:21 pm »
The $2.5k winner was adjusted before the end due to a spammer so we've decided to credit him/her with the prize. Both other winners are yet to claim and yes I do have the correct list at time of closure which unfortunately was swiftly changed by users deleting posts, but as per rules if those people do not step forth to claim it, I will announce a second competition tomorrow which is to be less chaotic and more a challenge of the mind over random luck.

45
Silk Road Discussion / Re: Answer the question twerp
« on: December 04, 2013, 09:09:36 pm »
Your accounts are being deleted for spam. Topic locked.

Pages: 1 2 [3] 4 5 ... 18