Friday, April 28, 2017

Ants Don't Have Blood

Ants have something called "hemolymph" which is a clear fluid that flows without the assistance of a circulatory system, but that's probably the least derpy thing to come out of the latest chapter in the anti-Jihan drama war.

There is no blood here..

Now, I love me some good bug hype as much as anyone, so when came online a couple days ago, I took notice.  Especially since I've got some ANTMINER S9s sitting in my garage that may be vulnerable to the issue.  Unfortunately, the number of red pixels on that website isn't really justified for this class of bug.  First off, the "bleed" suffix, referencing the old Heartbleed bug, has been reserved since then for memory disclosures.  This means vulnerable systems that you can hit in a funny way, and they disclose important information to you.  Most recently these are bugs like SSHBleed, or CloudBleed, etc.  There's no blood here though, both metaphorically in terms of urgency, and literally in terms of memory disclosure.  These miners have a feature built in that checks a web service to see if they are stolen, and if they are, they refuse to mine.  That's it.

Anti-Theft Telemetry

So what is Anti-Theft Telemetry?  This is a technology built into most phones, many new cars, and all sorts of embedded electronic gadgets that phone home regularly to determine if they are stolen, and if they are, the devices can be disabled.  If a mining rig gets stolen, the owner can report the theft to BITMAIN, and they can flip a switch, and your average thief will have a hard time getting the device working for them.
Now, I'll be the first to say that telemetry technologies are stupid, and in many ways, invasive, but it's also an extremely common, and often requested, theft deterrence feature.

Central Control

The thing that a lot of people have been freaking out over is the idea that Jihan, owner of BITMAIN, could shut down a huge part of the Bitcoin mining network if he wanted to, since a large portion of it is running on BITMAIN hardware.  While it is true that yes, he could screw over all his customers if he wanted to, it would damage his company irreparably, and for what?  A vast majority of the affected customers would be back online within a couple hours.  This, however, is no different than a large mining pool deciding to divert hashing power, or block users, except a mining pool could then steal its customers bitcoins as well.

The Man in the Middle

What I think is a much more serious concern is the Man in the Middle problem.  A malicious actor (and we've seen quite a few recently) could hijack the telemetry service and use it to make a political statement.  The derp-de-doo who implemented this feature didn't use HTTPS for the telemetry connection, which opens it up several points of attack.  Still though, the worst case scenario is denial of service, and since no one uses TLS for their mining traffic either, these points of attack are exactly the same as those that would hijack mining traffic itself, like the attacks we saw in 2014 that are still just as possible today.  Again, these attacks would net actual bitcoins, and are therefore much more likely for a profit driven attacker to go after.  The only threat (and it is a serious one) would be from those who would want to hurt BITMAIN's reputation.

Who done it?

One question that I feel isn't getting asked enough is, who did this?  We all know that Codenomicon found Heartbleed, Qualys found SshBleed, and Tavis found CloudBleed, but the AntBleed website has a distinct lack of identifying markers.

Besides there being nothing on the actual site, a quick whois will tell you that the site was registered with Namecheap, a registrar that allows you to register domains with Bitcoin.  It's also WhoisGuard protected, so whoever registered the domain didn't want anyone to know who they are.  The site is also being hosted on GitHub under an anonymous "antbleed" account which was used exclusively for setting up this site.  Luckily someone cloned the repo before the antbleed user deleted all their history, or we wouldn't even have that.

Clearly, whoever is promoting AntBleed doesn't want to be identified, which solidifies the suspicions that this was less of a bug report, and more of a pure political hit piece.  Jihan, owner of BITMAIN, upset a lot of people a couple months ago when he started speaking out against how the core Bitcoin developers were behaving, and began pointing the hashing power of his mining pool towards an alternative implementation, undermining the current core development team.  The retaliation has been swift, and strong, and most of all, shocking.


  1. شركة تنظيف
    تهتم شركة قمم التميز باعمال وخدمات التنظيف فى اى مكان فى تنظيف الشقق – البيوت – المنازل – المصانع واى مكان يحتاج الى اعمال التنظيف من اجل ان تساعد فى الوصول الى افضل ما تجدة من نتائج مميزة شركة تنظيف شقق بالرياض
    تنظيف يحتاج للاشياء معقدة من الادوات ، مثل الغرف المنزل لها ادوات التنظيف الخاصة، الصالون المدهب يحتاج لمنظف الخاص ، وسطح فى المنزل يتطلب مواد متخلفة ، فكثير من المنظفات المطلوبة حتى تكون عملية التنظيف سهلة ومن المنظفات : مبيض التواليت ، منظف الحمام، المطهرات ، المنظف للنوافذ شركة تنظيف فلل بالرياض
    والارضيات والغسيل ، سائل الغسيل واعمال المنزل الصغيرة يمكن انجازاها بفوطة جافة ومنظف جيد ، المنظف المصنوع بقل الامكنيات ، معلقتين من الخل الابيض مع لتر من الماء الساخن وضعهم فى بخاخة . بيكربونات الصوديم لتنظيف البلاط يمكن مزج ثلاثه اجزاء من الماء الساخن مع جزء من الصودا لتنطيف الفرن والثلاجة ، وبيكربونات الصوديم بقليل من سائل الجلى يتكون معجون سميك صالح لتنظيف الحمام ، يمكن استخدام بيكربونات الصوديم وضعه فى صحن صغير ولطرد الروائح الكريهة من الثلاجة ، كربونات الصوديم فعالة فى ازالة البقع الدهنية لانها قلوية ويجب لبس قفازات لاستخدامها . شركة تنظيف بالرياض
    الخل الابيض وعصير الليمون يمكن تنظيف السطوح الزجاجية والخشبية المصقولة ، ويمكن استخدام الخل الابيض والليمون للتخلص من الروائح الكريهة والتعطير .
    عند التنظيف يجب لبس القفازات لحماية الايدى من المواد المنظفه ، ويمكن لبس الفقازات عند غسيل الصحون وتكون مخصص لعمل فى المطبخ .
    والمنزل النظيفة من غير فوضوى أجمل بكثير وافضل ،وإذا توفر جميع الادوات النظافة داخل بيت تكون عمليه النظافة سهلة
    للتنظيف المنزل من اعلى الى اسفل ، اى تنظيف الغبار من اعلى الى اسفل ويمكن استخدام الاجهزة الكهربائية فى عملية التنظيف .
    تنظيف النوافذ باستخدام قطعة قطنية فى مسح الزجاج وللتجفيف بورقة من الجرائد ، وتنظيف الاسطح الزجاجية للمنضدة باستعمال عصير ليمون ودعكها ثم تجفيفها بفوطة ورقية. ويمكن استعمال معجون الاسنان فى ازالة الخدوش الصغيرة من الزجاج . شركة تنظيف منازل بالرياض
    لتنظيف الاثاث استعمال منظف على قليل من نشادر ، عدم وضع الاثاث فى أشعه الشمس فالشمس تجفف الأثاث ، للتخلص من الحلقات التى تكون على المنضدة بقليل من المنظف مع النشادر ثم مسحها بفوطة جافة ثم تلميعها بالملمع .
    يمكن وضع جدول زمنى لتنظيف المنزل : ترتيب السرير وتغير ملايات السرير كل اسبوع ، غسيل الملابس اذا كانت العائلة مكونة من الاطفال يقومون بتوسيخ ملابسهم بشكل متكرر فيجب تنظيف البقع سريعا . اسعار تنظيف الشقق بالرياض
    وغسل الاوانى الطعام باليد او فى غسالة الاطباق وغسلها يوميا لا نها تشكل العفن وقد تنيجة خطر ويسبب امراض .

  2. Thanks for the post and great tips: even I also think that hard work is the most important aspect of getting success. Seattle exterminators

  3. In the first place, auto title advances might be viewed as a secured advance since it requires a vow. In getting such advances, a borrower is required to give the title of his or her auto as guarantee. online car title loans chicago

  4. Quick Pest Control provide tailor-made pest control services dependent on your circumstances and budget.
    Quick Pest Control in Croydon

  5. It is interesting to read your blog post and I am going to share it with my friends. aybabg

  6. I like to read your article because it really helps me. Thank you for sharing this post with us.
    Togel Online

  7. Thank you for posting such a great article! I found your website perfect for my needs.
    fun games to download for pc

  8. penetration testing training This is very useful post for me. This will absolutely going to help me in my project.

  9. To do Not Pressure OR Anything, But Have Ever This considered post there is statement PT Lampung Service this is a
    Service HP Bandar Lampung whose looking to do day
    Service iPhone Lampung to this looking then to out standing that is
    Jasa Kursus Service HP I will try it.
    Jasa Kursus Service HP They have jumping places and so that the device other kid's activity.Youtuber Lampung , Thanks ! Visit Back.

  10. Pest control services are needed for the proper cleaning in house. Top pest control is one of the professional pest control service providers who help for the pest control services.

  11. شركة اللمسة الأخيرة تقدم لك الحل الأمثل فلا حشرات بعد اليوم ولن تعود مرة أخرى. فنحن نستخدم أفضل المبيدات العالمية الفعالة صديقة البيئة التي لا تترك رائحة ولا سيوثر على صحة الأنسان ويقوم باستخدامها عمال مدربون يقومون برش المبيدات بشكل علمي مما يضمن لك الراحة التامة نرجو التواصل على هذا الرقم 0580002467
    شركة رش مبيدات بأبها
    شركة مكافحة حشرات بأبها
    شركة مكافحة النمل الابيض بأبها
    شركة رش مبيدات بخميس مشيط
    شركة مكافحة حشرات بخميس مشيط
    شركة مكافحة النمل الابيض بخميس مشيط
    شركة رش مبيدات بالقصيم
    شركة مكافحة حشرات بالقصيم
    شركة مكافحة حشرات بجازان
    شركة رش مبيدات بجازان