Hacker News new | ask | show | jobs
by twexler 3344 days ago
I'm not sure what's worse about this:

1. The fact that it exists

2. The fact that they're using "something" bleed as the name (creativity, please)

3. That whoever created this page recommends the user alter the miner to point to some other, user-controlled HTTP server, effectively MITMing anyone who sees this page.

Shame.
3 comments
homakov 3344 days ago
>3. That whoever created this page recommends the user alter the miner to point to some other, user-controlled HTTP server, effectively MITMing anyone who sees this page.

>127.0.0.1 auth.minerlink.com

This is localhost.

link
lossolo 3344 days ago
> You can check if your Antminer is vulnerable to this attack by SSHing to the Antminer, and changing the /etc/hosts file on the device to include:

139.59.36.141 auth.minerlink.com

This will cause the Antminer to connect to our test server

link
CJefferson 3344 days ago
They admit that doing that redirection will make your miner shut down, that's basically worst case.

The main advantage i can see is that this provides an easy way of proving there really is a kill switch.

link
MichaelBurge 3344 days ago
That's to test if you're affected, not suggested as a solution.
link
lossolo 3344 days ago
And a lot of people would test to know if they need to use the solution, don't they?

Look at this site and twitter account. You can't get any info on who registered the site because it's protected by "privacy guard", why should anyone trust this site? And their twitter account looks more like marketing campaign from competition.

link
homakov 3344 days ago
You can install the fix no matter what, it's innocent. They should have offered source code for their test app instead, but that's definitely not malicious.
link
fourchette 3344 days ago
The test source code was made available here https://pastebin.com/2wd7GDTC.
link
benchaney 3344 days ago
>2. The fact that they're using "something" bleed as the name (creativity, please)

Seriously, it isn't even a data leak.

link
vortico 3344 days ago
And someone took the time to register a domain and design the page and logo...
link
acchow 3344 days ago
bleed is a nod to the vuln "heartbleed", not to leaks.
link
joshstrange 3344 days ago
Incorrect, heartbleed caused leaks from the servers affected. This is not even vulnerability it's just a stupid design decision that someone can MitM.
link
biot 3344 days ago
This issue should have been called Ant-in-the-Middle.
link
joshstrange 3344 days ago
That's actually a great name for it or something along the lines of killswitch. Maybe AntKill or MinerRaid.
link
benchaney 3344 days ago
Yes, and the "bleed" in "heartbleed" comes from the fact that data was being leaked (bleeding out).
link
hypervis0r 3344 days ago
Which leaked (bleed) core (heart) information.
link
lossolo 3344 days ago
Yes, it's interesting who made this site and why.

https://www.reddit.com/r/btc/comments/67rbyz/is_antbleed_the...

link
nadaviv 3344 days ago
> Do people run their mining equipment connected directly to the internet?

Yes, it is quite common to have the ASIC connect directly to the mining pool servers (over TCP with the Stratum protocol).

link
kahrkunne 3344 days ago
It's interesting who made /r/btc and why.

It's interest who made this comment and why.

link