Cantina Market Mega Thread (Up vote for visibility, this is a self post I receive no karma)

Quite a bit of info is coming out right now about Cantina Market. I'll post all the links below, and please do the same with any new info.

(This is a live document that will be updated to reflect the current information, info subject to change :) Upvote good or interesting comments, downvote or report if it violates a rule!)

Update via /u/the_avid :

http://www.reddit.com/r/DarkNetMarkets/comments/1wkbnp/what_current_and_potential_future_cantina/

Threads :

/u/the_avid :

/u/IGetDankShit :

Official Response from /u/Cantina_Marketplace:


Comments


[18 Points] None:

[deleted]


[9 Points] IGetDankShit:

Great idea King! I'd like to take this moment to request our readers to not downvote people that they simply disagree with or people that lie. Please only downvote if it does not contribute to the discussion.

When you downvote things like Cantina's response thread you are only preventing future readers from seeing how much they make a fool of themselves. If anything, upvote it because it does contribute to the discussion and our readers can see for themselves how flimsy their argument is in the comment section. Thanks.


[6 Points] deepdot:

Do i smell a Doxx Brewing ?

And there is also our article with the sort of time line and the admin screenshots and link to the users dump:

http://www.deepdotweb.com/2014/01/29/cantina-marketplace-pwnd-admin-password-was-password1/


[8 Points] pronger:

DrugsList thanks you Cantina for taking the spotlight off of their shitty marketplace.


[6 Points] solaruk:

Cantina, just give up and go home, it's time to leave here. You are dealing with grown ups who are no longer at school as you appear to be. I don't even believe you are anything to do with sheep, I think you pinched some code and made your lame ass site with a bit of knowledge. It won't wash here it's over, stop embarrassing yourself !


[6 Points] pronger:

I don't know what is worse: Launching such a terribly written/secured marketplace, or completely ignoring the lessons learned from the DrugsList lynching that took place immediately before they launched?

They should be thankful this got ripped to shreds - I hear prison is a bitch.


[5 Points] deepdot:

As Expected, cantina was pretty much doxx'ed.

Not going to post this here of course. just FYI cantina to take care of your stuff. it involves coinbase API and linked yahoo email

MTgox account

clearnet forum user

home ip


[5 Points] throwmebone:

THIS
   IS
     SO
       EXCITING

I enjoy bathing in misfortunes of others.


[3 Points] None:

anybody want to upload the sourcecode to megaupload?


[2 Points] whats_that_sally:

What the hell is with all these market developers being assholes? Do they really think the "deny deny deny" method is going to win them support and business? All I can say is they are just kinda stupid. First they have huge security flaws and then they deal with people like the north korean government, ya man thats definately how to get business.....


[2 Points] goodnewsforbitcoin:

As I said somewhere else: the site is clearly using similar code as Sheep Marketplace, probably the same one. It is obvious from the source code and DOM elements

http://www.reddit.com/r/DarkNetMarkets/comments/1wbjzp/introducing_cantina_marketplace/cf0uowr

You can do the comparison yourself, gwern's maff archive (open it with firefox and https://addons.mozilla.org/cs/firefox/addon/mozilla-archive-format/ ) is here https://dl.dropboxusercontent.com/u/182368464/2013-11-03-sheepmarketplace-doxxing.maff

You can inspect DOM by right click->inspect element on both Tor browser and in Firefox.

Also I want to note that their lying and backtracking and lying again is very reminiscent of Sheep marketplace; unlike Sheep, they can form basic English sentences though.

I agree that Sheep did not have these vulnerabilities, so they probably changed the code somehow and introduced them.

edit:

according to some people, they use different backend; that is possible, however, the frontend is evidently the same and Cantina people had to have access to Sheep source code, and I kind of insist on that.

edit2:

OK, I admit I might have been wrong. From some other thread:

INSERT INTO users(username,password,PIN,account_type,UID,RegDate,BTC,Purse,btc_timestamp, About_me) VALUES ('" . $_POST["username"] . ", " . $_POST["password"] (...)

This is not Nette code at all. Nette doesn't give you access to $_POST (and uses nice sort-of-MVC instead), and has methods to do database stuff more easily.

I was wrong, Cantina is probably not Sheep. Sorry, Cantina marketplace, I have been wrong about you. You are even worse than SHeep.


[1 Points] py3:

What the fuck is going on here... honestly.


[-4 Points] None:

[deleted]