|
Title: Scammed by Johny1976 creator of coindice script. Not paying bug bounty. Post by: CryptoMrM on June 16, 2015, 06:00:57 AM If you agree with my report I would ask that you leave negative feedback to the user: Johny1976 https://bitcointalk.org/index.php?action=profile;u=143958 (https://bitcointalk.org/index.php?action=profile;u=143958) until he sends me the funds. I would very much appreciate it.
What happened: Johny1976 is known for his dice script coindice located here: https://bitcointalk.org/index.php?topic=507515.0 (https://bitcointalk.org/index.php?topic=507515.0). He had previously stated to all clients that he was willing to pay up to 1 BTC per client for any losses that his customers suffered as a result of his code having vulnerabilities. I discovered one major one called 'multi-threading', it's where a person is able to fire multiple page requests quickly at a specific url. The server processes these requests at the same time (hence the multi aspect) and since they are being processed at the same time, they take the same seed value, the same account balance etc (the problem). Johny implemented time restrictions within the javascript which is user side but he didn't in the php which is server side. This allows users to go to the direct url e.g. https://url.com/content/ajax/place.php?w=0&m=2&hl=1&_unique=12345 and effectively 'spam' it. Likewise with withdrawals. This allowed users to have multiple withdrawals without the funds. There were also a few minor bugs like users being able to go into negative balance. So I contacted johny via PM and he agreed to pay me (see figure 1 in logs). You can also see the attached in-formal skype conservation, after which he didn't respond to me (see figure 2 in logs) on April 19th. I then posted on his thread as he wasn't responding after a few days. He deleted my comments and requested I PM him, despite me doing so on the 17th May, 14 days ago. You can see the entire bitcointalk conversation in figure 3 in logs below. After this period of waiting I decided to lower the amount I wanted in the hope I would get a quick payment. Anyway it is now the 16th June, almost 2 months since I first reported this major bug and I would like to be paid. He hasn't responded to my PM's for over a week now despite being active. Scammers Profile Link: https://bitcointalk.org/index.php?action=profile;u=143958 (https://bitcointalk.org/index.php?action=profile;u=143958) Reference Link: https://bitcointalk.org/index.php?topic=507515.0 (https://bitcointalk.org/index.php?topic=507515.0) Amount Scammed: 0.6 BTC lowered by me from 1 BTC Payment Method: BTC Proof of Payment: N/A PM/Chat Logs: Figure 1 (alerting of bug): http://s24.postimg.org/ki0a1s7g5/Screen_Shot_2015_06_16_at_06_38_45.png Figure 2 (me reporting): http://s14.postimg.org/if3tlkxfl/Screen_Shot_2015_06_16_at_06_42_53.png Figure 3 (him avoiding payment): http://s11.postimg.org/l5jb4fhb7/Screen_Shot_2015_06_16_at_06_55_21.png Additional Notes: N/A Title: Re: Scammed by Johny1976 creator of coindice script. Not paying bug bounty. Post by: johny1976 on June 16, 2015, 06:11:50 AM My partner hasn't been online since then. Also the bugs were (again) found by a group of programmers fixing the script so we didn't really use your notes.. Anyway I need to wait until my partner shows up, until then I can do nothing :)
Title: Re: Scammed by Johny1976 creator of coindice script. Not paying bug bounty. Post by: CryptoMrM on June 16, 2015, 06:17:59 AM My partner hasn't been online since then. Also the bugs were (again) found by a group of programmers fixing the script so we didn't really use your notes.. Anyway I need to wait until my partner shows up, until then I can do nothing :) You are joking me. You knew nothing of the sort. I told you the bugs, posted on your thread after waiting and then you stop sales whilst you 'fix' problems with it. You expect me to believe you coincidently already had a group of programmers looking through your script and they found the same bug within the same timeframe and that you never thought to mention it? It's bullshit and even if that was the case you would still be subject to the liabilities of all your clients who were running the venerable versions whilst you quietly kept to yourself there was a HUGE exploit. I expect to be paid. Title: Re: Scammed by Johny1976 creator of coindice script. Not paying bug bounty. Post by: XinXan on June 16, 2015, 07:37:58 AM My partner hasn't been online since then. Also the bugs were (again) found by a group of programmers fixing the script so we didn't really use your notes.. Anyway I need to wait until my partner shows up, until then I can do nothing :) You are joking me. You knew nothing of the sort. I told you the bugs, posted on your thread after waiting and then you stop sales whilst you 'fix' problems with it. You expect me to believe you coincidently already had a group of programmers looking through your script and they found the same bug within the same timeframe and that you never thought to mention it? It's bullshit and even if that was the case you would still be subject to the liabilities of all your clients who were running the venerable versions whilst you quietly kept to yourself there was a HUGE exploit. I expect to be paid. Yep definitely bullshit, they say they knew about the bug but they never mentioned anything in the pms or skype, he even told you that he was going to pay you, if he knew about the bug why would he tell you that and not simply, we already know about it? Yeah.. Title: Re: Scammed by Johny1976 creator of coindice script. Not paying bug bounty. Post by: Xialla on June 16, 2015, 08:26:29 AM Anyway I need to wait until my partner shows up, until then I can do nothing :) sorry to say, but this seems not like some professional behaviour or something. honestly, I was about also to buy the script, but after this I will have to reconsider little bit again:( Title: Re: Scammed by Johny1976 creator of coindice script. Not paying bug bounty. Post by: johny1976 on June 16, 2015, 01:06:37 PM My partner hasn't been online since then. Also the bugs were (again) found by a group of programmers fixing the script so we didn't really use your notes.. Anyway I need to wait until my partner shows up, until then I can do nothing :) You are joking me. You knew nothing of the sort. I told you the bugs, posted on your thread after waiting and then you stop sales whilst you 'fix' problems with it. You expect me to believe you coincidently already had a group of programmers looking through your script and they found the same bug within the same timeframe and that you never thought to mention it? It's bullshit and even if that was the case you would still be subject to the liabilities of all your clients who were running the venerable versions whilst you quietly kept to yourself there was a HUGE exploit. I expect to be paid. I don't care if you believe me or not. If my partner confirms that the programmers didn't get your notes from us, you'll be paid nothing. If it shows up that the programmers had got your "bug analyse", you'll be paid like agreed. Also your notes were very general, more like a notices.. Title: Re: Scammed by Johny1976 creator of coindice script. Not paying bug bounty. Post by: GWGoods on June 16, 2015, 04:34:50 PM I don't care if you believe me or not. If my partner confirms that the programmers didn't get your notes from us, you'll be paid nothing. If it shows up that the programmers had got your "bug analyse", you'll be paid like agreed. Also your notes were very general, more like a notices.. Regardless, He let you know and you obviously didn't know. anyway You should have sent an email to all members who bought (I know you have this information, As I am a previous buyer and receive cointoli updates every so often). You should have alerted them of this issue, because you didn't you obviously didn't know. You are liable to pay, if you did know already and didn't tell people, I believe you are even more liable to pay. Either way... You lose this case. Title: Re: Scammed by Johny1976 creator of coindice script. Not paying bug bounty. Post by: OrangeSeller on June 16, 2015, 05:59:52 PM After so many scam accusations toward him, no one left him negative just for cautions? Lol all you default trust list are always so fast in leaving negative for a small rank member but you dare to do nothing to do Johnny
Oh grata johny you slip away from one scam accusation again Title: Re: Scammed by Johny1976 creator of coindice script. Not paying bug bounty. Post by: coinmaster222 on June 17, 2015, 06:05:29 AM We bought the script from johny and found a bug twice once coins were stolen because hackers found a new way to get into the dice and once we had to take it down a week to sort a fix and it was us that fixed it got no help.None of the bugs were major and have no probs with johny just saying there are bugs there.
Title: Re: Scammed by Johny1976 creator of coindice script. Not paying bug bounty. Post by: CryptoMrM on June 24, 2015, 08:47:52 AM Update: Jonny has agreed to pay me the 0.6 BTC.
https://blockchain.info/tx/fa0f9d4ca42766c29453a30c38f9af98d4c122de78e3e1144a00b6b7c3840033 (https://blockchain.info/tx/fa0f9d4ca42766c29453a30c38f9af98d4c122de78e3e1144a00b6b7c3840033) Title: Re: Scammed by Johny1976 creator of coindice script. Not paying bug bounty. Post by: kralle on June 24, 2015, 09:18:44 AM Good for you that you got paid :) next time just a bit patience :D
Title: Re: Scammed by Johny1976 creator of coindice script. Not paying bug bounty. Post by: coindicestand on August 06, 2015, 09:58:09 PM here is my topic of this scammer https://bitcointalk.org/index.php?topic=1065017.20
here is another bullshit script from this guy i guess https://bitcointalk.org/index.php?topic=1141261.0 nobody cant post negative feedback? lols. his ripper Title: Re: Scammed by Johny1976 creator of coindice script. Not paying bug bounty. Post by: coindicestand on April 20, 2016, 12:43:22 PM lol. this cocksucker still not banned? too much negative feedbacks asshole
|
