|
I think the owner of that site is setting himself up for a fail.
The owner heard about my concerns and has taken the site offline.
His mybitcoin.com userid and 'secret' were also exposed in plain text javascript on the site...but I guess that don't matter anymore anyway.
If he has ANY of the game logic running in javascript on the client side, he is doomed. If the game runs in the client, it would be trivial to edit the code and cheat.
I think there are some firefox plugins that allow you to step through a javascript as its running and edit it along the way as you please.
|
|
|
|
|
The OP responded and said he will inform the site owner of my concerns.
The site is now down for maintenance.
|
|
|
|
You should change your title... It's not back up in a functioning way...and could possibly never be. This 'news' is hours old...there is a sticky in the discussion forum...but it's hard to notice. here: https://bitcointalk.org/index.php?topic=34517.0
|
|
|
|
|
Were you able to withdraw your winnings?
I took a look at the source code for that page ...its in javascript and wide open... the code shows he is using mybitcoin.com to do the transactions...and they are shut down.
I would be interested to hear if you are able to cash out.
|
|
|
|
WARNING! This site uses mybitcoin.com to process it's transactions! This site MAY not be secure! $("#mybitcoin_link").html("communicating with mybitcoin...")
$.post("/ajax/mybitcoinlink",{ secret: secret, amount: amount }, function (data) {
data = $.parseJSON(data)
if (data.responsecode == 0) {
$("#mybitcoin_link").html ("<a href='https://www.mybitcoin.com/sci/paypage.php?t=" + data.message + "'>pay</a>" )
} else {
$("#mybitcoin_link").html( data.message)
}You can visit the site, and click 'view source' for yourself. I'm not an expert javascript programmer, so if anyone else can confirm this, please post comments because the community would need to know if they should have concerns about using this site. EDIT: I sent the OP a PM about my concerns. |
|
|
|
|
If you're bored, I suggest going to youtube and searching for any of the following:
- Fat Kid on Bike
- Train verses Cow
- Or anything else with the words 'epic' or 'fail' or both in the title.
P.S. Searching for 'Train verses' anything usually turns up satisfactory results regardless of your personal preferences. Hmmm...Let me search for 'Train vs Fat Kid Epic Fail' and see what I come up with....
|
|
|
|
|
This reminds me of some movie I saw where some fat kid puts a jellybean up his nose then puts it back in the bag then shakes it up so that no one else will ask for his jellybeans.
|
|
|
|
|
A piece of string walks into a bar.
Bartender says, "Are you a piece of string? We don't serve pieces of string. You must leave"
The piece of string walks out of the bar, rolls around on the ground, then walks back in.
Bartender asks, "Are you a piece of string?"
"Nope. I'm a frayed knot!"
send lolz to: 142qpczfXX8VxaBx3MJFxMVkh9Yn8vKhUP
|
|
|
|
|
I live in Canada, so I watch the price of oil and gold.
I'm sooo glad I don't play on the forex exchange any more. I'd have a heart attack or be in some kind of fit. These wild price fluctuations must be breaking everyone stop loss and I bet only the big players are the ones cleaning up all the margin calls.
Oil tanked like crazy, and I'm surprised to see that. If you had oil, I pity you. The CAD is also down against the USD today from yesterday which is surprising because the CAD should be strong when the USD tanks.
All I can say is that I'm glad I'm not into it any more because I can't handle my stress level to fluctuate on a linear basis like the DOW.
lol...imagine your EKG looking like the DOW just before you die...not a pleasant thought.
|
|
|
|
|
See... I can see where he's coming from.
He doesn't want to open his system up to the public yet because he's concerned about being hacked and people breaking his shit, so he's having a limited invite.
If you want to make your site hack proof, open a demo site to the public then declare in a loud voice, "My Site is Un-Hackable!"
Then just wait for the 'loz' and the 'ur code sux cuz I haxored u' to roll in.
Once the drama is over and you fixed all your code, and you pay your bounty to those who helped...do it again...
Honestly.... I'm not opening my site up for business till every hack in these forums has had a go at it.
edit: Didn't see the updates to the OP before writing this...soz.
edit: edit: Just another quote to keep in mind:, "Good software does what it's supposed to do. Secure software does what it's supposed to do and nothing else"
|
|
|
|
|
Aww man... Rather see that girl in the car boot again.
"On Friday of last week we noticed that one of our pooled holding servers was missing a large amount of Bitcoins. After a prompt investigation we realized that the security of our SCI (Shopping Cart Interface) system had been breached by an unknown attacker."
Mmmhmmm..... by large amount you mean all... and by security you mean "Shopping Cart Interface"?
|
|
|
|
Hard to say..I've never used them. A green flag is that that they say they are licensed... http://www.technocash.com/pages/licence.cfmBut a big red flag is that their address is a P.O. Box. They do seem to appear to be a professional outfit at first glance. All I can say is, keep us posted. |
|
|
|
That isn't how investigations work.
They don't need to prove that step, they just need to be able to follow the connection which will surely lead them to stuff that they can prove. And there is always something that can be proven.
Right...thats not how investigations work...too much trouble. I'd be more worried about them finding the 'substance' in the mail en-route and sending a fed-ex truck loaded with a SAWT team to your door instead of goodies. After they charge with you with 20 bullshit offences, you will punk out, make a deal and take a plea and no one will give 2 shits about what the fuck a block explorer is. |
|
|
|
Just for shitz'n'giggles I updated the btc tracking data. Everything including the program I used to track the coins can be found at the link below (hope you find it useful somehow): http://allinvain.4shared.comJust want to say allinvain, that you arent alone anymore. +1 |
|
|
|
lol... Sorry to bump this and yank your chain again! Hope everyone is having a great day!  |
|
|
|
If people are willing to trust me, I will hold the bounty.
I'll hold the bitcoins while you guys search. I actually have quite a bit of experience in this area! lawlz |
|
|
|
|
You might have to do a few rounds of testing....find some bugs, fix some bugs...repeat.
Maybe offer a small bounty for reports. .05 BTC will get you 20 bug reports for a bitcoin. A good investment imho. And if you're cheap like me, it also gives you incentive to find them before the others do!
|
|
|
|
I always backup my wallet to my ram drive so I can get it faster when I need it.  ram drive i hope you are joking! Another great idea would be to backup your wallet into your GPU framebuffer. It's really fast! Even faster than CPU memory. Be careful that you don't accidentally overwrite it by moving the mouse over it, though... Well...I was going to back it up to /dev/null to save some hard drive space, but I didn't want to fill that up either. |
|
|
|
|
Meh...just went to the beerstore and beer is still the same price. No effect here.
|
|
|
|
|
Do what I do...just pay the guy a bounty!
I put out a bounty to find bugs on my demo site and Kokjo stepped up and found some things I would have never thought of....like who knew 'inf' as a form input gets parsed as a valid float?
He sent me some bugs in PM and I appreciate his help.
|
|
|
|
|
Show Posts
