Myeh, still prefer it over these cool new Linux dice sites that scam thousands of coins in a few months.

Pretty sure I have seen this error before and pretty sure it will just be fixed as Dean comes online (in about ~3 hours.)

Pretty sure I have the most



This is not Photoshop, it was/is however a vulnerability. No worries, no one else could reproduce this. I did email PD about it and did get a 1 coin bounty, but looks like I could have gotten much more lol I will not press that "withdraw" button though. Sucks to be the good guy sometimes

RipDice looks extremely sketchy. I would not recommend playing there at this point. PRCdice have been around much longer so is a better option. Although I don't think PD is "fixed" btw :p

Basically I would recommend to never play on new sites and especially not new sites that have that fake PD2 design (like "ripdice".)

Bitcointalk has very decent bug bounties, see here: https://bitcointalk.org/index.php?topic=309785.0

Obtaining arbitrary PMs or password hashes would be around 24 BTC based on current prices.

Root access (since they have DB and source?) would be around 35 BTC based on current prices.

But instead they e-mail randoms asking for 0.3 BTC. Lol. SCAAAAMMMM

"Paying Since 2010" is incorrect. Domain whois shows: "Created on 2013-05-30".

You are kinda lucky you post this before implementing it:

This is extremely vulnerable. An attacker could probably steal all your coins this way.

Let's say my clientseed is "hacker1":

$clientSeed.$nonce

will become:

#1 - hacker11
#2 - hacker12
...
#8 - hacker18
#9 - hacker19

Now after 9 bets, I will change my clientseed to "hacker":

#11 - hacker11
#12 - hacker12
etc.

See the problem? The rolls will be the same as the previous 10 and we know the outcome. A decent attacker would do this only with 100 or 1000 bets to make it less obvious. He could slowly win all your funds. This is the same way satoshicarnival.co got "hacked" and lost like ~5 BTC. They decided to close the site afterwards and work out a refund plan with their investors. This btw only works if the serverseed is not forced to change after changing the clientseed, but this seems common practice to me.

Solution: use a separator. Like n:c:n,n:s:n > $nonce.":".$clientSeed.":".$nonce,$nonce.":".$serverSeed.":".$nonce

Normally I would privately disclosure this and kindly ask for a bounty. But considering it's not yet implemented I guess I could just reply here. Any bounty would be still appreciated though (donation addy is in signature.)




About the function rand(), you could consider reading this 35 page paper "I Forgot Your Password: Randomness Attacks Against PHP Applications". Basically rand() is not random enough and should be considered as vulnerable. Although I am personally not sure how an actual attack vector against your implementation would be.

Basically using openssl_random_pseudo_bytes() or as fallback mcrypt_create_iv() will be better than rand() or mt_rand(). You should/could definitely google a bit on that too. Most times the server seed is random though and the actually roll generation is based on the SHA512 HMAC of the seeds+nonce.

BB looks like previous troll "haightst" https://bitcointalk.org/index.php?action=profile;u=154345 (looks like "haightst" is banned)

Actually that website even tries to run some kind of an exploit in Silverlight. So just by only opening that site, you might get a virus.

Just as extra warning

Ideally one wouldn't allow plugins and javascript to run by default. You can put this as setting in Chrome or use NoScript in Firefox.

Details about that virus on site, code looks like:


Detection ratio:    11 / 54
https://www.virustotal.com/en/file/38961563267176ca19c24be54695d854d58dded8ca3f9eef44db77b9b8e0f09d/analysis/1413983056/

And the downloadable auto-bet .zip:
Detection ratio:    17 / 52
https://www.virustotal.com/en/file/05a8a612c82e44fa7aa329021d65d616aa1767d6003bd6870a288583dec87550/analysis/1413983205/

(remember: virustotal doesn't always detect viruses, so it's not enough! but in this case it does show it.)

Reported domain at http://www.google.com/safebrowsing/static/submit_malware.html

You claim to easily make 5 bitcoins into 19.5 bitcoins (+ site profits!) in only 90 days. So if you put your own money into that, you will earn very nicely and get rich soon?

Sure you cannot make 500 into 2k coins etc because of that annoying maximum limit. But still I think you will be a very rich man with your magic formula.

"That is actually good news." Hope you can put your own money into one of these 390% plans and you will be still rich in no time.

It is not about the max investment.

It's about the incredible/unsustainable high return that you claim to be able to make. With a return that high, you could easily make your own money into very high amounts. No reason at all to get any investments. That is what I am showing you with basic maths. It's not about max investments.

He also deleted the first thread [old] (because of my reply), just to make a moderated topic after that, Classic scammer. I replied there also, but he keeps deleting my post. So hereby, my original but obviously deleted post:





Sure. I will just also leave my explanation here so people can decide it for themselves. Since you promised me to not delete if it's not in big red letters, ill put it in normal text.

To reply to your explanation:
1) You are not limiting the amount, you are just limiting the amount per deposit. I could easily make multiple 5 btc deposits.
2) STILL if you can make THAT much money, you wouldn't seek for investments on a bitcoin forum. If I could make $462,688 from a $2,000 investment I could have huge investments myself.
3) If you want to limit the amount anyway, why the hell do you need investments?
4) etc. etc. you just don't make sense. Hope people are not stupid enough to fall for it.




OBVIOUS PONZI IS OBVIOUS - DO NOT LOSE MONEY IN AN IDIOTIC SCAM LIKE THIS. TY

Let's calculate:

390% Plan - 90 Day Duration

So let's invest $2000 for a year:

2000*3.90 = 7800 after 90 days
7800*3.90 = 30420 after 180 days
30420*3.90 = 118638 after 270 days
118638*3.90 = 462688 after 360 days

Half a million dollar (well $462,688) after 1 year with a $2,000 investment? LOL!

If they had a magic formula to make THAT much money, they wouldn't sell it to you!


Site looks good? Just a $16 template - http://themeforest.net/item/gaea-responsive-environmental-html5-template/8490746 (preview) - I could make this in 1 hour (!)

Hero Member? Probably a sold account.

Isn't that "proof" that it's 1 person? :/

admin: show your work
sam: you show yours
admin: fair enough, give me a second ..

Lol, every new accusation is getting more and more dumb here.

You posted relatively many posts after the payment of yesterday.

You actually had only 7 qualifying posts (+4 in offtopic and other signature campaign topics.)

The good news is that you should have ~13 posts for this second week already (I assume he will allow you to rejoin - and, since you didn't change your signature, posts after the first payment should count IMO.)

The rules say "Not be in signature campaign threads, including this one or in offtopic."

If I count your posts (and everyone can) I see 20 qualifying posts. And then I include the pretty worthless posts in "games&rounds" promotion threads, "Beginners & Help" off-topic-like threads and "altcoin" shitcoin threads. Without those it's probably like 5-10 posts. Obviously you didn't qualify.


Well, sorry to say.. but the rules were very clear No rollover & no payment - when the requirements were not met. You had 16 posts so not enough for the required 25 posts.

I am actually a Hero member here and as many know a "PRC regular". Dean actually expected me to join the signature campaign, but I didn't. Why? Because I do agree with you that 25 posts per week are just a bit too much. However, IMO the rules were clear and based on the rules I decided not to join. Pretty easy Everyone who thinks the rules work for them, can still join I didn't expect partial payments since the rules are very clear. It's your own decision to still join it.





JoeMattie made 24 posts ALL in GAMBLING forum. So highly on-topic, no promotion/beginners-offtopic/shitcoin things like Jybrael. So did Dean pay the person 0.0125 BTC who wagerered ~65.000 BTC on his website despite missing a single post? Of course he did lol - seems pretty obvious to me.

Your server seed is still hashed. You need to click the link "Rerandomize" and "Set" to get the previous server seed.

There is no minimum to invest. But currently the minimum withdrawal is 0.01 so you might want to consider that if you deposit.

Sure. I will just also leave my explanation here so people can decide it for themselves. Since you promised me to not delete if it's not in big red letters, ill put it in normal text.

To reply to your explanation:
1) You are not limiting the amount, you are just limiting the amount per deposit. I could easily make multiple 5 btc deposits.
2) STILL if you can make THAT much money, you wouldn't seek for investments on a bitcoin forum. If I could make $462,688 from a $2,000 investment I could have huge investments myself.
3) If you want to limit the amount anyway, why the hell do you need investments?
4) etc. etc. you just don't make sense. Hope people are not stupid enough to fall for it.




OBVIOUS PONZI IS OBVIOUS - DO NOT LOSE MONEY IN AN IDIOTIC SCAM LIKE THIS. TY

Let's calculate:

390% Plan - 90 Day Duration

So let's invest $2000 for a year:

2000*3.90 = 7800 after 90 days
7800*3.90 = 30420 after 180 days
30420*3.90 = 118638 after 270 days
118638*3.90 = 462688 after 360 days

Half a million dollar (well $462,688) after 1 year with a $2,000 investment? LOL!

If they had a magic formula to make THAT much money, they wouldn't sell it to you!


Site looks good? Just a $16 template - http://themeforest.net/item/gaea-responsive-environmental-html5-template/8490746 (preview) - I could make this in 1 hour (!)

Hero Member? Probably a sold account.

He also closed the thread and moved it to some Italian sub forum (see here), just to make a moderated topic after that >>> CLASSIC SCAMMER !


If there is a disclaimer: there is a chance we will disappear without warning, I would agree.