Show Posts
|
Pages: [1] 2 »
|
Vod attached reference on his tag to you which is valid. His DT power can be easily removed once he show an abused by excluding him to the trust list of the other DT. Forum DT works perfectly on anonymous environment like Bitcointalk. It’s not unfair with newbie, If you don’t want to get tagged then don’t do shady things like what you did because it’s an obvious fake feedback for your service.
You can request to remove the negative feedback to the user that gives it to you by admitting your mistake and don’t do it again. But it needs time for Vod to rethink about it.
Consider a scenario: A new user signs up onto this forum. This newbie has neither interacted with me , nor with anybody whatsoever! This user comes to my profile, sees a negative point, clicks on the name of the user who had left it. But, they do not see my negative review and a feedback. How is it not unfair to a newbie? It is a known fact that a new user who has no link to me can see that I have a distrust label, but my explanation is not visible to them. This IS one sided and unfair both towards them and me. Even I had attached a reference, but it is not visible to new users, still his comments are. I'd like to know how you can judge me without having ever interacted with me. How do you I was running a scam? I have dealt with people in the past on this forum and you are free to contact them. Just because I did not go begging to them to leave a positive point should NOT leave me underprivileged. And once again, what evidence do you have to label me as doing "shady things"? One can conduct totally legit actions (like I am) and still get negative trust points? How can you not understand that? And what was this about "admitting your mistake and don’t do it again". Please enlighten us why I should admit something I have not done? Do you think I am so naive? Who are you to judge again? The only mistake I did is trying to go against a system of bullies, but I won't be silent. You have no idea what work I have been doing and how happy people who have interacted with me are. You seem like a Vod fan. Good for you but I request you to try and trick someone else into "admitting" something they haven't done. Keep your judgements to yourself if you do not know the whole story!
|
|
|
DT does not work, It is just a bunch of assholes using it to lessen their competition for escrow services. Had a similar experience, pi55ed off a Legendary user and they are exacting revenge by leaving negative trust points for me. My feedback towards them is invisible to the world. This Legendary user has vested interest and wants my project to fail.
|
|
|
This is really funny. Feedback by nature should not have ACLs. This system promotes cheating since people can privately agree to add each other (or pay someone with a higher level) and gain powers. Also the system is way too convoluted and unfair towards Newbies and Coppers. Anyone with powers can stick a 'scammer' sticker on a newbie and the world would think so as well, they have no opportunity to clarify it, they would leave a review thinking that the world can read it, but they would be ignorant of the truth. The system should atleast make it clear that although they are leaving a counter review, it won't be visible to anyone except them. It's fair since each users can include and exclude any users, now the question is how many users are going to trust you over him? No this is not fair since a new user who has never interacted with either me or the person who left a negative review can only see their review, not mine! So no, this is unfair. Also, So to answer your question, ofcourse users are going to believe them since my part has been silenced systematically!
|
|
|
I have a question regarding trust summaries and feedback. I have interacted with many users here and they would vouch for having a positive experience with me and not a single one of them would claim me being a scammer. Still, a crazy, mental user with a 'Legendary' status who has never ever worked on any project with me ever has left me a negative trust review. Thisis visible to every user on bitcointalk and potentially hurting my image, however, when I leave a counter, a negative feedback towards them with an explanation about him, it is not visible to the world. How is this fair? Is bitcointalk shadow banning people's reviews or do people of Legendary status have some special powers to hide it, which we don't? Why is sh17 written about me visible to the world but when I provide a clarification and write sh17 about that liar, it isn't? How is this fair? ![Huh](https://bitcointalk.org/Smileys/default/huh.gif)
|
|
|
Hi the link isn't working. ![Huh](https://bitcointalk.org/Smileys/default/huh.gif) I'm interested. PM me. OKThx Bye. Hello. We appreciate your interest. Unfortunately, we have concluded the round of security test hosted at this forum. If we have need for further testing in the future, we will announce it. Thank you.
|
|
|
...and other methods which render the txid to be worthless to dig out information.
Which is why you should have produced the txid so we could verify. I'm not sure if your negative trust or your attitude will be your failure - but I don't care. I don't think you are reading well. You want me to without the permission of the receiver give away details about the transaction? And this is coming from someone with a 'Legendary' status? This act alone should be sufficient grounds alone for the admins to strip you off of this status! Under no circumstance is any information going to be divulged. This is a privacy-centric exchange. So, nice try. You were free to participate like the few people who did. Perhaps, you didn't have the required skills, except for pulling people down, so for you the grapes are sour. If you don't care, you are free to disbelieve me. Just stop coming back to criticize our operation and get on with your life. I have way too many times politely asked you to move on. Stop acting like a whiny kid.
|
|
|
Too bad, you could have easily proven you were not just sending a few pennies (or nothing at all!) to yourself. ![Sad](https://bitcointalk.org/Smileys/default/sad.gif) Once you learn the blockchain, you'll understand how a proper transaction cannot be related to a customer or agency. 1- Once your read about blockchain, security and privacy you will learn about chain analysis . 2- Once you learn about managing a business, you will learn about respecting those who trust in you. Only then will you succeed. 3- You also need to learn about privacy coins, some of which use ZK-proof, ring signatures and other methods which render the txid to be worthless to dig out information. Even if the txid was all zeros or a non-unique identifier, still are would never divulge it! To everyone reading this, this is a good test we are going through. This is going to be the exchange to trade at in the future. Our exchange will always stick to our immutable tenets: - Information regarding any transaction or trade will never be shared with anyone.
- Your account will never be frozen/blocked.
- You can withdraw at any time.
- You can close your account at any time.
Thank you.
|
|
|
What was the transaction ID? One newbie paying another is a good way to build a reputation, but not if it's with yourself.
I really feel pity for you both. On one hand you hint of the helper and me being the same entity and on the other hand you ask for a TXID.. so laughable.. if we both are the same person, then how difficult would it be for me to send some funds to my own self and give you a TXID? Are you a 5 year old still in school? In any case, we would never divulge any information about our customers or agencies that assist us. Furthermore, it was a privacy coin which was used to send the reward to the helper. Hackers got tired of taking millions from Fixedfloat, so they turned to a bigger challenge, hacking your blot3d-36601.portmap.host:36601 to get $15
Kids use Facebook & Co too much, so it makes them believe that they are idiots everywhere and that they believe everything that is served to them.
The payment was much more than 15$ - sadly you arent even capable of making that much by trolling people. You both create nothing relevant, p00p on people's projects and ideas (as clearly visible from your responses to other posts), encourage nobody, cast doubts, poison the well, accuse everyone of being a scammer, misuse your powers and reputation and when something positive has happened like the above, you get grumpy and attack. You either have allegiance or stakes in other exchanges which you want to promote here and demote everyone else's or are really good-for-nothing unfortunate, irrelevant dinosaurs with nothing better to do. Get a life. We starters, new-projects owners are hard working and are progressing. You can keep trolling like losers. “Jealousy is the tribute mediocrity pays to genius.” – Bishop Fulton J. Sheen
|
|
|
As you already mentioned, the findings were not critical, still I appreciate you taking time for meticulously reporting whatever you thought was essential. Let me know if you received the payment. Good job. Thank you.
|
|
|
hacker breaking in, stealing the coins and going quiet without showing you how he did it? They are welcome to do that. That would be real bad ass. At least we will know that a vulnerability exists. If they can do that they deserve the loot! zero motivation that someone will even attempt to hack your site Fine, don't be.. move on. I have already received PMs. So your point is disproved. @examplens' idea is actually good LOL sure buddy, gang up on me. Ally or an alias of the previous poster? Leave very little funds in the addresses and then send most of it to an escrow. Apply your own argument, why should I trust that escrow when you are yourself not ready to have faith at the first place. We are an exchange, we do not need escrows. People should also be able to track and know if someone has already cracked everything I agree with you here, but, there can be more than one way to break in. Also, we have mentioned in the OP "End of the test will be announced here in this thread." So everyone will be updated. As soon as the funds are stolen, it will be announced here. If nothing happens, after a few days, the test will still be concluded - probably will invite a separate batch of crackers/hackers elsewhere. I appreciate you taking time to respond. If you do not agree to the terms, it is fine. I respect your PoV. I will focus on those who have sent me messages and are already onto it. Thank you.
|
|
|
I never claimed to have 50 BTC. You are conjuring up this number. If anything, nobody is taking you seriously. I will now stop feeding the trolls.
Tis true, I did imagine that number of imaginary bitcoin you have. That is my bad. But until you prove you have x bitcoin, where int(x)>0, no one will take you seriously. ![Smiley](https://bitcointalk.org/Smileys/default/smiley.gif) I don't see how you can speak for everyone or what is on everyone's minds. You may move on to imagine newer things. Thank you for stopping by.
|
|
|
I clearly mentioned not to report regarding iframes, etc. yet you did. Either you are a troll or did not read my OP.
The objective is to penetrate and steal the coins and then give me a PoC so that the issue/s are fixed.. rather than me depositing coins in escrow. Think about it, if I invite attackers, they break in and find no coins, do you think they will report me how they did it? It will serve me no purpose. If you do not have faith, it is fine, move on.
Criticism is welcome, but please don't make that your only goal. Thank you. Happy cracking.
|
|
|
This is a new endeavour. If the website had 50 BTC, nobody would invite it to be hacked, would rather get it professionally tested from experts.
Isn't your goal to prove your code is secure? What is wrong with professional testers? Prove you have the 50 BTC or no one will take you seriously. You are clearly not reading my response well.. Nothing is wrong with professional testers. It seems, you are neither a professional nor a tester. I never claimed to have 50 BTC. You are conjuring up this number. If anything, nobody is taking you seriously. I will now stop feeding the trolls. Criticism is welcome, but please don't make that your only goal. Thank you. Happy cracking.
|
|
|
You have support from one of the biggest scammers on the forum.
Pardon me but I do not understand? I ran a test run 2 years ago and participants tested it and were able to withdraw their coins. Who is a scammer on the previous thread and how do you know that? Proof that at least 50 Bitcoins are there will stimulate anyone to try the hack.
This is a new endeavour. If the website had 50 BTC, nobody would invite it to be hacked, would rather get it professionally tested from experts. Asking for proof of 2.5 millions USD is a fool's errand - think about it. I can provide a screenshot or a BTC address but that does not mean the coins are on the website. I can only prove that the coins exist and that I have the private key, how would that make you believe that you will get access to it after hacking the website? It seems that some kids found a very old tutorial, on how to make the first website.
Haha ![Cheesy](https://bitcointalk.org/Smileys/default/cheesy.gif) I appreciate good humour. Indeed - MS Frontpage 2.0 for the win. But this was written using nano. This is not a cool and good looking website with the latest UX/UI tech implemented by any means. The website is intentionally basic and without javascript. It will be accessible via an anonymous network layer - an overlay network.. which are usually slower than websites on surface web, so the UI is needs to be light and simple. The redirection service I am using does not issue SSL certs based for subdomains. Where it will be finally hosted might not need a certificate since it would already be on an encrypted network overlay. To everyone who has responded: It is very easy to tear things down and mock people's work, if you don't consider testing this worth the effort, then thank you for stopping by. I have invested lots of years in this project. I appreciate your time. You may move on. To anyone about to reply: Criticism is welcome, but please don't make that your only goal. Thank you. Happy cracking.
|
|
|
I have now provided the hash and the self signed certificate in the original post for your reference.
|
|
|
Inviting hackerz, crackerz, data hijackerz!! Come hack our crypto exchange. Yes you read it correctly. After a preliminary testnet test - UI and operational test (in 2022), you all are invited to do a full blown penetration test. This is no longer a testnet exchange - it is on mainnet!! Both BTC and ETH mainnet. It holds a few coins. Finders, keepers! Since there is no official payment for this - the crackers and hackers can hack it and take what they can. If you hack this exchange, the coins it holds is your reward!! If you cannot do that, no problems, report me all major findings - but, no, please do not tell me there is an iframe in use, no CSP or SameSite cookies or that it does not obey OWASP Web Top 10, if you think that is a concern then please exploit it and give a PoC shell or something similar that is critical. This is not a vulnerability assessment request, so webscanner results won't cut it - There are no made up CTF baby flags - the flag is real - real mainnet coins! Interested people are invited to test this and report back if interested - PM me. End of the test will be announced here in this thread. Thank you. 2022 forum post - https://bitcointalk.org/index.php?topic=5378976.0Link to the exchange - Hack this - https://blot3d-36601.portmap.host:36601/
SHA256 of the certificate: D0:86:2F:0C:D4:3F:81:7C:D1:12:DD:E4:05:6A:52:F8:DD:12:F1:D9:B1:1C:74:02:46:85:8B:EF:D5:CE:EA:2E
Full blot3d-36601-portmap-host.crt certificate: -----BEGIN CERTIFICATE----- MIIEITCCAwmgAwIBAgIUO30z4tXx4+Lx4d7KVbnBn3tKxWEwDQYJKoZIhvcNAQEL BQAwgZ8xCzAJBgNVBAYTAklSMRAwDgYDVQQIDAdNdW5zdGVyMQ0wCwYDVQQHDARD b3JrMQ0wCwYDVQQKDARTUEVYMQwwCgYDVQQLDANDQ1gxIjAgBgNVBAMMGWJsb3Qz ZC0zNjYwMS5wb3J0bWFwLmhvc3QxLjAsBgkqhkiG9w0BCQEWH2FkbWluQGJsb3Qz ZC0zNjYwMS5wb3J0bWFwLmhvc3QwHhcNMjQwNDA2MjIwMjIzWhcNMjUwNDA2MjIw MjIzWjCBnzELMAkGA1UEBhMCSVIxEDAOBgNVBAgMB011bnN0ZXIxDTALBgNVBAcM BENvcmsxDTALBgNVBAoMBFNQRVgxDDAKBgNVBAsMA0NDWDEiMCAGA1UEAwwZYmxv dDNkLTM2NjAxLnBvcnRtYXAuaG9zdDEuMCwGCSqGSIb3DQEJARYfYWRtaW5AYmxv dDNkLTM2NjAxLnBvcnRtYXAuaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBAMQCPYGkcy3LAlpCQqnD6fMjROqRvMDBC4LioV801VAqhsWoj9zLlCYo 4WMgj2SIzwhhosXdMS6ESpjOna+JCd643BkyOgWpEP9m3NHoSWbzPuoabvudslRi mznaud/XGNJ3yAm7mLpTUFEUlAGl4I12x4+8SdTMpJTSAHmJRYh3b6Wmg9rpxHp2 Dr3Ezr1fG5kBFCnDdw31Q4ReriWMhZ7tdRXusdgnu82qpYL0yYGB9n4xJg9H2hmh JIKNI+wmEN2QQP8YsGv/w4M7mNZWgp9QhKa5ATDKXSKG/XFoN6qVhyq0R7nxLTNj brBb3lirqpetC4vZLOQeCvdrX4099WECAwEAAaNTMFEwHQYDVR0OBBYEFIsikKIv frS0KFDQRRro6sxZ08yyMB8GA1UdIwQYMBaAFIsikKIvfrS0KFDQRRro6sxZ08yy MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBADhsHJTpXgNwPm0h uEqXa3WslUFBSGqbid2g4Io/MOJOgCTXU7QrZA1DqHrSDFprvkU/CbmmXK9zvZHa p9QFOczMB4PN1Wa9XiYT24/zlvzgNUR6ZaAUfUUgN2v/J6ER3X1hVgrx36GfxEHy v5omFyLu0L5kNvNQ+xS9M8cVlpPCuWjcNNuMgcvNwC7MUrEEqNLK6WCOaBfd74ap On4976yGgkxlxzCoiTnohtnYjmt9A4QqmSAN5zz+R59o+NV4iv5rvj+TaUjf5uSL JffhVrqhtpFm33242rjIWYRCx22SH6V+7ku7kFbAPKP+TrFlBQvG11VNDa1+856N aNu8GCk= -----END CERTIFICATE-----
|
|
|
They say if there is a book you want to read. but does not exist, you write it. If you read the FAQ, this exchange has been created to address a similar issue. The idea here is not greed. Fees are enough as is. Wouldn't want to play unfair and "always win". What is yours is yours. What is the exchange's is the exchange's.
This is going to be a new exchange and is a centralized one so have to earn the trust and maintain it.
Will surely announce here if more modules, features are added in advance.
Thank you: @NeuroticFish @vv181 @SFR10 @dkbit98
Everytone from the above list, please drop a line (PM) with email address and/or BTCTC/altcoin mainnet addresses. If/when this goes live and hopefully makes a profit, will send a small token as thanks.
|
|
|
Thanks for checking it out. Sorry, not looking for inputs regarding the UI too much. I know frames are old, so is CSS and HTML itself. There are certain limitations in UI intentionally added. In this case these frames are dynamically generated and refreshed every few seconds and just work. I didn't want to use JS and JSON. The whole website can be used without enabling Javascript.
About the flashing logo. I think that needs to go, many have pointd that out. Wouldn't want to give someone an epilepsy episode.
This test is mainly focussed upon the trading engine. If you spot something related to that do let us know. Thanks.
|
|
|
I've received more. ![Cheesy](https://bitcointalk.org/Smileys/default/cheesy.gif) 1. You should probably take an exchange fee. 2. You will have to round down such numbers. See how generous this exchange is.. Do trade if/when this goes live. BTW, the over and under rounding goes both ways depending upon the strength of the last digit. Also, a trading fee is being deducted.. sometimes as BTC.. if not present then as the altcoin traded. FAQ mentions it but will add that to the trade hist and/or Open Orders and before placing orders as well. I do like the trading history. The numbers are nice and one under the other, hence easy to read there. Thanks for testing and suggesting changes. I need to implement captcha at both login and register user page and maybe some kind of OTP/MFA Everyone is still free(and shall remain) free to withdraw. I might end this test soon by month end. Thank you.
|
|
|
|