whyusheep's methods are a danger to the community

Howdy,

Whyusheep had recently made claims which do have some merit but over blown and has not provided any security issues or exploits. If he really claims to be a great guy trying to help everyone, he should provide me privately with the IP that he claims he has obtained - I will do what's best: ask everyone to withdrawal any funds and I will shutdown BlackBank permanently - and wipe the harddrive for security.

However, he hasn't provided anything.

As stated in this post:

https://pay.reddit.com/r/DarkNetMarkets/comments/1zbsm0/proposal_dnm_rule_security_issues_must_be_backed/

All markets reveal a banner and some in the top 5 also reveals the versions. Out of all these markets, I am the only one who actually took what whyusheep said into consideration and made changes.

I care about security because we are a community. We look out for eachother - not post 'exploits' publicly on Reddit or forums where LE has access just to gratify a little ego.

Imagine the damage if he DID really find a huge exploit and posted it here. I'm sure LE would use that information immediately, find the location immediately, and take the market down and confiscate all vendor/buyer details they can find.

If one day he finds a script that DOES penetrate a system, he'll boast how he did it here first, giving the LE everything they need. Just as he was boasting how he can search Google for exploits for my webserver; LE can also do the same the moment they read the details.

The proper procedure for pentesting is to keep details discrete between the market and pentester:

  1. Announce a vulnerability exists to the members
  2. Take the site offline to repair any vulnerabilities
  3. After the patch is completed, the details of the vulnerability announced to the rest of the public

Not announce any details you have on you on your exploit first so LE has a chance to access the exploit, jeopardizing both the buyers and vendors information, simply to feed an ego.

I'm sure that everyone here knows that LE is constantly watching this subreddit.

If you come to BlackBank, you will see that I immediately announced the issue, even when it was just speculation. I believe that members of the community should always be made aware and informed of any security issue, whether they are small or big, whether if they are rumors or true.

Every detail counts.

Cheers,
MDParity


Comments


[3 Points] None:

I had forgotten about the whyusheep and the_avid subplot.

it was getting interesting with the dueling knights thing for a while but I got a bit bored with it after a while. Glad to see it back, though!


[3 Points] quickfixthrow:

"All markets reveal a banner and some in the top 5 also reveals the versions. Out of all these markets, I am the only one who actually took what whyusheep said into consideration and made changes."

Correction: TorEscrow in their thread say their banner shows only "Hi."


[2 Points] None:

Stand up move, I suppose.


[2 Points] grumpydoge:

I fail to see what whyusheep is waiting for right now. A sensible person who had the IP address and cared about the community would turn it over and threaten to dox if the market is not shut down ASAP. He/she would also clearly reveal desires and intentions, which has not been done. Or assuming sheep is just a troll and nothing more, it is doing a damned good job. Obviously a well fed creature given all the attention it is receiving.


[0 Points] None:

I like how you left out the part about threatening to kill yourself and others. You are a danger to your community

You run your service from your house, if I dox you, you will be really fucked. You basically said you would kill yourself and others if LE found you and if I leak your IP publically as you request. LE will read it and they will contact your ISP and find your address.

This is all besides the point anyways - you have fucked up multiple times by now and have shown you don't know how to administrate a server and are mentally unstable.

You didn't even know people shouldn't give out their private keys when building your multi-sig. You should quit now before you incite the wrath of someone who doesn't care if their actions cause people to live or die.


[1 Points] CDRCRDS:

They couldn't do it if the Market was in the Northwest territories or amsterdam or crimeria.


[1 Points] sapiophile:

  1. Announce a vulnerability exists to the members
  2. Take the site offline to repair any vulnerabilities
  3. After the patch is completed, the details of the vulnerability announced to the rest of the public

I would say that 1 and 2 should be reversed, there. LE are definitely "members" on every market they can discover.


[1 Points] shitstormy:

not very professional blackbank, dont feed the trolls


[-2 Points] whyushit:

My methods are better!