Show Posts
|
Pages: « 1 [2] 3 »
|
![](https://ip.bitcointalk.org/?u=https%3A%2F%2Fi.imgur.com%2FY8BKzWI.png&t=663&c=zlokfkOGYzV-QA) | http://getclef.com/whitehatOur whitehat & bug bounty programAt Clef, we're building usable two-factor authentication for consumers. We take the security and privacy of our users very seriously, and we welcome working with security experts to make our product, and the Internet, better. If you believe you've found a vulnerability, we'd love to work with you through our Responsible Disclosure Program. Please include a detailed summary of the issue you discovered so we can reproduce it and assess its severity. RewardsThe minimum reward offered to whitehat researchers is $32 USD (paid in Bitcoin or USD, your choice). To earn a reward, you must report a previously unknown vulnerability of sufficient severity. EligibilityTo be eligible, you must: - Be the first person to responsibly disclose the bug.
- Report a bug that could compromise our users' private data, circumvent authentication or system protections, or enable access within
our infrastructure. - Assist in our review of the issue (on a case-by-case basis) to determine if you are eligible.
A good report has: - Detailed steps for reproducing the bug.
- A concrete attack scenario answering how the vulnerability in question would impact Clef or our customers.
Scope & rules of engagementThe following web properties owned by Clef are in scope for the program: - getclef.com (our main site).
- *.clef.io (our API server).
- We are especially interested in vulnerabilities in our API or vulnerabilities which may allow unauthorized access/logins.
The following web properties are not in scope for the program: - support.getclef.com (not hosted by us).
- docs.getclef.com (not hosted by us).
- blog.getclef.com (a WordPress site).
- Customer sites or sites which have integrated with Clef are also out of scope.
- Our mobile apps are also currently out of scope, but we are constantly re-evaluating this program.
The following conditions are also not in scope for this program. Any of the activities below will disqualify participation from the program: - Intentionally harming the experience or usefulness of Clef to others (i.e. Denial-of-service).
- Attempts to view, modify, or damage data belonging to others.
- Physical attacks against Clef employees, offices, and data centers.
- Social engineering of Clef employees, contractors, vendors, or service providers.
- Knowingly posting, transmitting, uploading, linking to, or sending any malware.
- Pursuing vulnerabilities which send unsolicited bulk messages (spam) or unauthorized messages.
- Any vulnerability obtained through the compromise of a Clef customer or employee accounts.
If you need to test a vulnerability, please create a free account. DisclosureTo disclose a security vulnerability, please email security@getclef.com with a detailed report on the issue. You can find our PGP public key below. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: SKS 1.1.4 Comment: Hostname: pgp.mit.edu
mQENBFH0CDYBCADQPUcOhTolB0sn1b265xqWnxINHyZoN6Qqf05aulFYmkFgK6wdicLBHcmP JYmi+mwpRgQ+ye5jYniE6ojM1hN4D+cOAQ/eTJ6nHDykSkV5RWeB65kWopSJQPeJwTGE0+Xr Sb5cRyxAdj2sVk8ri0gDxpL/E6c8CwRxsgCJKmnoUJCZsXp4MsguFbzZirRSLRSNkY3MV1Ui OQ92AVzpS+Er9atlYI0WjXWj1to8H6zXBdn59nO2kWYJIJo7cDDbbwjBi98cMTm3UFlvhH6q rI0ROV9yltikk9VjtvB6aaxPjEPb2lI2m7qY42YGXSpye6xmen8gYCeGxMkiA1jBaeStABEB AAG0JENsZWYgU2VjdXJpdHkgPHNlY3VyaXR5QGdldGNsZWYuY29tPokBPQQTAQoAJwUCUfQI NgIbLwUJB4YfgAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRDn3SaPdx/BZJ30CACYr5Xo YDENwHxRJ3RCA6e95FY3NUcHCRG5JHUgTX+m+YMDZG6ldJqZYsr036ODLQm/L37l2J13ddze 9mwZZDL+GOxHb4jN8FXoc7t6HGGIYqHCoTHl1i0cEXC6dxFeGlecLPDQOHS53NqvlzFOcsno QqwvFMm8ZmY+ZxyQ0+9IFOW9Z17OflYknlc3Nhy176yAwfEOqF9sQlqhFe+bu6O/RO8xjqss m/R42B+wOrEUPT93Vesqfk3TkytHdApLRkKYfimpn7/tAKddsMaIltO+rlUXuRgkaXOT8veO VXLf/6rOAcqvoB+uLazyY7OfBH2/P3j+SIROyIk8zVf1xGgouQENBFH0CDYBCAC+nb2nphOp eHCQXI9WtZoKnXHtsLMylAstBtjj99sF8a//vjj0N5lRaqBCZ/294E69EOQNiPcrMiR96vo9 y2symlK27/DZFMHnlM1J3eglaiRXKkdwgfVHBSDMJAaH3vB65sGr9WyigTUWTlfuM92BAwyM 5dz7U0FZWUpjP/mHumA6mFQ2CLmbBS60qpfb5Zg6ajkauoa7HhwbY/3l5SvnxAWdhldEDW37 mfNPlbBUcUJPz+6TaeVGwPe0PJaSDc3xcNO8dG7pt4+wGybE0yi3LnttRYyANUhrUNEHcxwg 0B2oa8tr3hcYpBdgI6wRhQGvYidkj9sYRaO6lPy/tNCvABEBAAGJAkQEGAEKAA8FAlH0CDYC Gy4FCQeGH4ABKQkQ590mj3cfwWTAXSAEGQEKAAYFAlH0CDYACgkQjTg/jWOnu5UQuQgAidJ4 VsHYNIiz3MPnaBtzSx0PCXAlNavFE+Kys6WX7qEZwuHhhrIQSiYJKJwkidU/SHORww7eHS7Z 7luvi9BTPoyQ0cbVEwfRL7QzJY4cVJflqGPNx4M08aJ6CCMeSEHUa8hYPUvlWZJNzlDhsXmI NHND/l+CJsLO/V51fP1n9/kC157Za9zBXV0wlDwj5DhiR8LP9zn6fDV6pfmb3TvNyxZExCNK uj7CF3oO2IEloqJPwF/G4do1AzDBo9LqvetZ4z1CWJbP/NsbPWHG5jY5oFe3QJaM2bbrMQ5B ryXLM37s1PwGd4lvt+AiX6ApVwAIG+RFhDoPLFCgKezyEYc+XDlPB/wIh8DBV5Q4wOw9GaJo 3MLbQG/MoAbgU9bsT49Ex7V8bB3AVlmQbTYKA4BdvlgumvS9kNwhkgyPX8g4052vIIG4Rp+A 1DaIdwq/SyA2JAvFAm72543hfXPE/biu3YPMx9djCKDM8ALpkfmuyMxEstcKaL0oHlWExroQ v/iMZrSN2lwJQzYNgy34rQD7UQlFF3TljjOgNdovXGf4k6WkDNDBLT+Za4UkIlDxxPUo/pxB gD4FwXvolaGUOziG3iQr+Fml0W9M8Plt9g0ggbxks73UmWNNAMC795d5ctucpm4lbAvCuIdc tXzyREbMFtpa/Yt5xIV6IaZyQUfXSzdMUWvP =FThV -----END PGP PUBLIC KEY BLOCK----- |
|
|
|
Thanks for sharing it with us. Will add to our article list in the OP. ![Smiley](https://bitcointalk.org/Smileys/default/smiley.gif)
|
|
|
Cool another great partnership. When will I be able to login to bitcointalk with clef? ![Grin](https://bitcointalk.org/Smileys/default/grin.gif) We are open to help anyone implement Clef. It would be a pleasure to have Bitcointalk integrate Clef.
|
|
|
You guys have been busy. I'll be testing the GIFs reactions, I saw some of the ones already made on Twitter: they are hilarious! I fancy myself a Clef t-shirt, of course if you favorite me! ![Grin](https://bitcointalk.org/Smileys/default/grin.gif) And the ziftrPAY integration is also good news. Well done to the Clef Team. I wish it could be implemented on more exchanges but I think I mentioned that before... Keep us posted. Feel free to submit your GIF by using the Facebook and Twitter share buttons once it is uploaded. We keep an eye on all submission and look forward to new ones. We are in talks with many Bitcoin related projects and companies and will keep posting updates and news as they come. Thank you for the support.
|
|
|
Ziftr is Revolutionizing Shopping — Without PasswordsClef continues to spread among Bitcoin/cryptocurrency companies today as you can start using Clef to log in to ziftrPAY, a credit card payment platform. E-commerce is an important place for cryptocurrency to gain adoption, and Ziftr is building all of the critical pieces of infrastructure to make it work. We believe in the huge potential of ziftrPAY and are excited for Clef users to try it out! “With ziftrPAY, we’re creating a simple, secure shopping experience for merchants and shoppers, so it makes perfect sense for us to incorporate two-factor authentication from a company that also values simplicity and security,” said Bob Wilkins, CEO of Ziftr. “This partnership with Clef brings together two innovative companies that are reinventing user experiences and making waves in our respective industries.”"Usability is the missing ingredient keeping cryptocurrency from going mainstream, which is what makes us so excited to be working with Ziftr,” said Brennen Byrne, CEO of Clef. “With ziftrPAY, they're helping bring a whole new tier of merchants into the fold and making it easier for anyone to pay."What’s the partnership between Ziftr and Clef all about?ziftrPAY, the next-generation cryptocurrency and credit card payment platform and customer loyalty program, will be integrating Clef to provide enhanced security and convenience for ziftrPAY users. ziftrPAY users will essentially have the option of signing into their accounts using Clef or using a traditional password login. At Clef, we really believe in the power of cryptocurrencies and making them easier to use, and Ziftr fits perfectly with our vision. That’s why, as a part of this partnership, we’ll also be using ziftrPAY for payments from the sites that use Clef’s premium tiers. We’re impressed with the tools Ziftr has built and are excited to be using them ourselves. There’s no doubt about it: People love having options! This partnership between Ziftr and Clef gives both ziftrPAY and Clef users the freedom of choice: whether it’s about how they log in to the ziftrPAY platform or how they pay for Clef’s services. For more on ziftrPAY, visit https://www.ziftrPAY.com. For more on Clef, visit https://www.getclef.com. ![](https://ip.bitcointalk.org/?u=http%3A%2F%2Fd2p68wmhm6quvw.cloudfront.net%2Fassets%2Fimages%2Fnew_homepage%2Fziftr_big_logo.png&t=663&c=h8Zzb9hYbfkdsg)
|
|
|
We're having so much fun with Reaction GIFs! The next time you log in with Clef, you’ll have the chance to record your reaction in the most immortal format — a GIF! Plus, we’ll be sending out Clef t-shirts to the folks who make our favorite Reaction GIFs — so go check it out and let us see your Clef Face! ![](https://ip.bitcointalk.org/?u=https%3A%2F%2Fi.imgur.com%2FioBM6Lg.png&t=663&c=xPTGbzvbfYdTpg)
|
|
|
Why so pricey?
Can you tell us more about how you think it is pricey? We appreciate the feedback.
|
|
|
We are thrilled to announce that Bitspark has now implemented Clef authentication.
The CEO of Bitspark George Harrap said, “Our whole team got excited about the technology and the integration was really quick.”
“It is absolutely critical that we find ways to make Bitcoin useful to more people, and I’m excited that Clef can help make that happen. We need to be building security that is approachable and that people actually have access to, because that's the only way we're ever going to succeed as an ecosystem. When we think about the next generation of Bitcoin technology, Bitspark is exactly the kind of product that gets us excited.” Stated Brennen Byrne, CEO and co-founder of Clef. The news are featured on Brave New Coin: Bitspark Implements Clef, ‘Authentication From the Future’
|
|
|
Clef protects against more threats than any other two-factor authentication system.![](https://ip.bitcointalk.org/?u=https%3A%2F%2Fi.imgur.com%2FswxbnCL.png&t=663&c=o5MVYnJMnO_fpQ)
|
|
|
Would be nice to have a bit of explanation next to the types of attacks to explain how they work
Thanks for the feedback.
|
|
|
You don't want to miss tomorrow's Bitcoin Meetup! Joey Krug of the decentralized prediction market, Augur, has been added to the speaker lineup. Joey will join Jad Mubaslat and Chad Davis of Bitquick tomorrow evening at our Oakland headquarters. More details here: https://meetup.com/East-Bay-Bitcoin-Meetup/events/221117746/![](https://ip.bitcointalk.org/?u=https%3A%2F%2Fi.imgur.com%2Fv9HQs96.png&t=663&c=QcNjLUq3Z4jUkA) ![](https://ip.bitcointalk.org/?u=https%3A%2F%2Fi.imgur.com%2FHnuggjE.png&t=663&c=GPxJoaaOgszrJg)
|
|
|
It's true! We protect against more threats than any other two-factor authentication system. See how our protection compares to Google Authenticator:![](https://ip.bitcointalk.org/?u=https%3A%2F%2Fi.imgur.com%2FVnx1nvc.png&t=663&c=d6IlXS8F1519lA)
|
|
|
Could you check with koinify. I cant connect with Waltz and Koinify. Thanks ![Wink](https://bitcointalk.org/Smileys/default/wink.gif) We suggest checking with Koinify first at helpdesk@koinify.com.
|
|
|
We are glad to be able to help improve security on Koinify.com. Best wishes to both the Koinify and Factom teams with their ongoing Software Sale! As featured on Bitcoinist.net![](https://ip.bitcointalk.org/?u=https%3A%2F%2Fi.imgur.com%2F7hFexCS.png&t=663&c=A28RN6482RNmpg) Looks like there's some good connections being made. Looking forward to more! Make sure you listen in the coming weeks for more great announcements ![Grin](https://bitcointalk.org/Smileys/default/grin.gif)
|
|
|
We are glad to be able to help improve security on Koinify.com. Best wishes to both the Koinify and Factom teams with their ongoing Software Sale! As featured on Bitcoinist.net![](https://ip.bitcointalk.org/?u=https%3A%2F%2Fi.imgur.com%2F7hFexCS.png&t=663&c=A28RN6482RNmpg)
|
|
|
|