Bitcoin Forum

Hello everyone,

I would like to offer my services as an ethical hacker and vulnerability analyst. I have many years under my belt of doing security work for the financial industry, and I want to offer my skills to help harden the web applications and server infrastructures of those who participate in the bitcoin community.

For 95 BTC I can provide a Denial of Service test and fix. I will attempt to exploit poor server configurations in order to take your server offline remotely. If I am unsuccessful, your site is not vulnerable and I will refund your money immediately. If they server is vulnerable I will provide a detailed report that outlines the mitigation solutions and describe the problem in detail and work with you to fix the issue. The report will be delivered within the business day.

For 235 BTC I will do a comprehensive vulnerability analysis on your web application and will identify all avenues of exploitation, and I will compile a report detailing each issue and mitigation strategies. This test takes about 7 days to complete.

For 475 BTC I will do a complete analysis of the server and web application looking for ways to compromise the overall system. This is the most comprehensive option and I will work very closely with the developers and site owners to resolve all discovered issues. This test takes about 7 days to complete.

If you are interested in these services PM me or you can purchase them with BTC from http://www.amivulnerable.com

I think a lot of the gambling sites and financial services bitcoin sites would benefit greatly from these services. Bitcoin is such a new technology, we should do what we can in the ways of proper configurations and vulnerability analysis in order to protect our own assets from getting compromised. The decentralized nature of Bitcoin means we are responsible for our own security.

I look forward to working with you all. :)

Regards,

BitcoinExchange
AIM: BitcoinExchange
http://www.amivulnerable.com

Is there a prize if we compromise your site?  ;D

LOL sure I'll hire you as one of my testers.... I try to keep the site as stripped down as possible, it's mostly static HTML despite the .php extensions.

  ;) you should add your site here: https://en.bitcoin.it/wiki/Trade#Internet_services (https://en.bitcoin.it/wiki/Trade#Internet_services)

Nice idea. I hope someone posts back with their results.

Cool thanks for the heads up, I created a new section under Internet Services for security related shops.

I can pretty much guarantee that most any BitCoin based gambling site is vulnerable to a denial of service attack, and for any site operators who are interested, I would like to emphasize the test is FREE. You only have to pay if you want my assistance in fixing the problem.

Try me out, you have nothing to lose! :)

Except maybe an outage. I may be in touch this week as the school I work IT at is out for vacation and I can afford an outage this week (if you are that good).

Cool, the outage that is caused is only temporary. Our method of attack only confirms the vulnerability and samples the attack for no more than 5 minutes. Once the server is confirmed offline, we immediately restore service. Even if a full production environment there is no risk of any serious damage.

I'd say about 97% of websites are vulnerable to our attack methods, and if yours is not vulnerable you don't have to pay a single bitcoin.  :P

something doesn't smell right here

when i look up your domain it shows registrant "Web Scanners Inc" with a Miami, FL address.
 http://whois.domaintools.com/amivulnerable.com

the "Inc" means corporation, however my search through the State of Florida doesn't show any corporation with that name:
  http://www.sunbiz.org/corinam.html (http://www.sunbiz.org/corinam.html)

even if it was a "sole proprieter" with a fictitious business name filing it would appear here:  
  http://www.sunbiz.org/ficinam.html (http://www.sunbiz.org/ficinam.html)

nowhere here nor on your sites do you provide your legal name nor any other identification.

this could be legitimate but at this point, i would need more reassurance

AmIvulnerable.com / WebScanners is not a registered corporation in FL, but it does has an office in Miami. I have no interest in actually registering it as an entity, the paperwork hassles are too great, especially considering the majority of business is via BTC. Also I purposely made it difficult to backtrace the real names of the owners, so that the privacy of everyone involved is protected,

If you don't trust me, how about taking on the free assessment? You can also look at my history on here and see I have verified transactions from multiple services I offer that left everyone feeling very happy at the end. :)