Bitcoin Forum
March 28, 2024, 03:34:55 PM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
  Home Help Search Login Register More  
  Show Posts
Pages: [1]
1  Alternate cryptocurrencies / Announcements (Altcoins) / Re: NXTL: Next Coin Lite 3 - NEXT UPGRADED - Fair Distribution - Topic 2 on: February 04, 2014, 07:19:16 PM
Interested too, please add me!

I'm a big supporter of NXT, but they are moving too slowly in terms of marketing and promotion.
2  Alternate cryptocurrencies / Marketplace (Altcoins) / Re: [ANN]{OpenEx} Relaunched! on: January 17, 2014, 07:07:21 PM
Open again. We encourage only small deposits while we continue to test and make sure everything works as its supposed to. thanks for putting up with our miscues. we hope to put that in the past if possible.

Do not use this exchange.  It is utterly insecure and you're throwing away any coins you deposit.  There is no fixing the code on this one, it's fundamentally insecure.  See my main post at:

https://bitcointalk.org/index.php?topic=414777.msg4508656#msg4508656

you could have said that without being a condescending douche. you must lead a sad and depressing life.

r3wt's private message to me:

Quote
explain to me the point of preventing a client from echoing javscript into a get request? get requests get a resource, don't post any data. how exactly is that a security vulnerability?

maybe you should read your own message...

https://openex.pw/index.php?page=trade&market=''alert('You are an idiot.');

Oh r3wt, sweet naive r3wt.  If anyone wants a laugh in general about this "exchange", I'm including its "terms of service" below.

Quote
OpenEx.pw Terms And Conditions

SITE RULES
1. GENERAL GUIDELINES
   A.
   HACKING:
   Strictly Prohibited. 10 entries of an account, or ip in
   ACCESS_DENIED Results in Immediate Ban, and Forfeiture
   of Funds. No questions asked, No Refunds Given.
   
   B.
   API ABUSE:
   No Ban, but warnings will be given for unruly,
   excessive use of the API.
   
   C.
   
   STAFF MEMBER ABUSE:
   30 Day Chat Ban, 10 Day site ban. Don't be stupid.
   
   D.
   ABUSE OF SUPPORT SYSTEM:
   10 Day Site Ban.
   
   E.
   BAN EVASION:
   ARIN REPORT, VPN Public Record Request.
   
   F.
   TOR USE:
   USE OF THE ONION ROUTER AND TOR PROXIES IS STRICTLY
   PROHIBITED ON THIS WEBSITE. YOU PROBABLY ALREADY
   FOUND THAT OUT EH?
   
2.CHAT RULES
   A.
   PERSONAL ATTACKS:
   Personal Attacks on other users are strictly prohibited
   of any kind. do so at the risk of being banned from the chat.
   
   B.
   Spambots(Excluding Trading Bots)
   Spambots are prohibited. Account Ban's automatic
   through detection system.
   
   C.
   CHAT SPAM:
   You may advertise in the chat, however you are asked to
   do so no more than 1 time an hour. Spamming a link every
   ten minutes will leave you subject to a 1 day ban, then 7,
   then lifetime. This does not apply to general
   conversations about a particular site or service, only to
   one liner advertisements, and walls of text promoting
   services/coins/ et al.
   
   D.
   SCAMMING/Soliciting Sales of Prohibited or Risky
   Investments: Prohibited. Automatic chat ban.
   
   E.
   BETTING:
   Do Not bet in chat. automatic 1 day chatban, no questions
   asked.
   
   F.
   MUDSLINGING/LIBEL/FUD/Bullying:
   Do not post lies about other people, companies, or users.
   if you have a personal beef post about it on bitcointalk.
   no need for that here.
   
   G.
   Speculation:
   You may freely speculate on the price of any currency,
   however you may not do so in excess of, or in an attempt
   to unload your baggage. Do not encourage others to buy
   any coins.
   
   H.
   Trolling/Disruptive Behavior:
   This is not allowed, and is treated on a case by case
   basis. Do not harrass other users. Chat messages are
   logged, and stored to a backup server for review.
   
   I.
   FREEDOM OF SPEECH:
   
   OpenEx and its staff members encourage free discussion,
   however the aformentioned rules apply to this discussion
   in order to foster healthy debate and general quality of
   user experience within the chat. This being said, do not
   test us. we will act swiftly and without prejudice.

You just can't make up stuff this good.  I'll give anyone 20:1 r3wt isn't older than 15.
3  Alternate cryptocurrencies / Marketplace (Altcoins) / Re: [ANN]{OpenEx} Relaunched! on: January 17, 2014, 06:42:46 PM
Open again. We encourage only small deposits while we continue to test and make sure everything works as its supposed to. thanks for putting up with our miscues. we hope to put that in the past if possible.

Do not use this exchange.  It is utterly insecure and you're throwing away any coins you deposit.  There is no fixing the code on this one, it's fundamentally insecure.  See my main post at:

https://bitcointalk.org/index.php?topic=414777.msg4508656#msg4508656
4  Alternate cryptocurrencies / Altcoin Discussion / Re: Openex hacked but coins recovered on: January 17, 2014, 06:36:46 PM
wow  I am late I have 60k dimecoin here ...Is there a way  I can get it back I am willing to receive any compensation if there is any I just hope the admin will offer this so he will not lose his reputation Sad

the site is back live, all of the wallets are back live.

Wait, so you reopened it completely?  Because registrations were closed before, and now they are open.  Please tell me you didn't think it was ok to reopen it.  Because it's not.  Not without a huge warning telling people your code is fully vulnerable and depositing coins is essentially donating them to whichever hacker gets there first.
5  Alternate cryptocurrencies / Altcoin Discussion / Re: [Nxt] API of Nxt on: January 14, 2014, 09:17:50 PM
That's what I figured, but a quick check shows only ~7000 unique recipients in transactions.nxt vs. 14,000 accounts in the blockchain explorer:

Code:
$ java -jar jdeserialize-1.2.jar nxt/transactions.nxt | grep -E "recipient: [0-9-]+" | awk '{ print $2 }' | sort | uniq | wc -l
7105

R recipients with negative value included?

Yes, "recipient: [0-9-]+" matches all lines containing "recipient" except for the first one (structure definition).
6  Alternate cryptocurrencies / Altcoin Discussion / Re: [Nxt] API of Nxt on: January 14, 2014, 06:35:29 PM
Is there a way to get a list of all the accounts?

Thanks!

Yes, this can be done via blockchain scanning. Smiley

Let me know if u need a special API call for that.

I'd definitely like an API call that would return all accounts.  For blockchain scanning, what is the process to get all accounts?  A quick look at blocks.nxt (12MB) shows only ~300 unique generatorPublicKey's, and transactions.nxt (also 12MB) has about ~3500 unique accounts.  The blockchain explorer says "Accounts: 13919" and lists lots of new accounts being added though.

Get a unique list of the recipients of all transactions of all blocks.

That's what I figured, but a quick check shows only ~7000 unique recipients in transactions.nxt vs. 14,000 accounts in the blockchain explorer:

Code:
$ java -jar jdeserialize-1.2.jar nxt/transactions.nxt | grep -E "recipient: [0-9-]+" | awk '{ print $2 }' | sort | uniq | wc -l
7105
7  Alternate cryptocurrencies / Altcoin Discussion / Re: Openex hacked but coins recovered on: January 14, 2014, 04:38:43 PM
Jesus your PHP looks pretty risky too bro. Correct me if im wrong.

https://github.com/r3wt/openex/tree/master/pages



to the casual observer, yes it appears pretty insecure. once you try to hack it, then you see the genius of the design.

There is nothing genius about the code, and nothing genius about you.

other than the queries, i'd say its pretty secure.

Your opinion means nothing and is apparently given out without any thought.  That code is some of the worst I've seen in years.  WTF makes total amateurs think they can launch an exchange that's responsible for handling people's money?  Based on that code you're about 5 years of programming experience away from being able to, possibly, code securely enough.  Don't even think about relaunching with anything but a play site.

lets have an example there bud.

Oh I don't know, the topic of this thread you fucking idiot comes to mind.  Also whatever double cancel bug you had that allowed people to gives themselves coins.

And then of course there's always this one:

https://openex.pw/index.php?page=trade&market='';alert('You%20are%20an%20idiot.');

I'm sure you have no idea why that's a problem though.  I don't understand why anyone in this thread is cutting you slack at all.  What you did is the equivalent of opening a bank, taking people's deposits, and then leaving the doors unlocked and the vault wide open.  Your code is the quality of what I made in middle school, and your attitude fits that age range as well.  I'm done with this thread, but a warning for anyone reading it:

Do not, do not, DO NOT use any site built by r3wt that puts any of your property at risk!  His understanding of web security is nonexistent, his code is crap, and his attitude is reckless and irresponsible.

When his next site gets hacked, don't say I didn't tell you so.
8  Alternate cryptocurrencies / Altcoin Discussion / Re: Openex hacked but coins recovered on: January 14, 2014, 03:06:10 PM
Jesus your PHP looks pretty risky too bro. Correct me if im wrong.

https://github.com/r3wt/openex/tree/master/pages



to the casual observer, yes it appears pretty insecure. once you try to hack it, then you see the genius of the design.

There is nothing genius about the code, and nothing genius about you.

other than the queries, i'd say its pretty secure.

Your opinion means nothing and is apparently given out without any thought.  That code is some of the worst I've seen in years.  WTF makes total amateurs think they can launch an exchange that's responsible for handling people's money?  Based on that code you're about 5 years of programming experience away from being able to, possibly, code securely enough.  Don't even think about relaunching with anything but a play site.
9  Alternate cryptocurrencies / Altcoin Discussion / Re: [NXT] API 2 Brainstorming on: January 12, 2014, 04:28:48 AM
For High-level:

getAllAccounts() - possibly with filtering parameters and sort/limit

I'm not sure what the Account object provides currently, but these would be useful:

getBalance()
getTotalTransferAmounts() - returns total amount of NXT transferred.  filter by in/out
getTransactions() - filter by activity type (in/out/alias creation/etc.)
getTimeFirstActivity() - filter by activity type (in/out/alias creation/etc.)
getTimeLastActivity() - filter by activity type (in/out/alias creation/etc.)
getBlocksGenerated() - correct term?
getFeeEarned() - correct term?
getAliases()
10  Alternate cryptocurrencies / Altcoin Discussion / Re: [Nxt] API of Nxt on: January 12, 2014, 04:08:41 AM
Is there a way to get a list of all the accounts?

Thanks!

Yes, this can be done via blockchain scanning. Smiley

Let me know if u need a special API call for that.

I'd definitely like an API call that would return all accounts.  For blockchain scanning, what is the process to get all accounts?  A quick look at blocks.nxt (12MB) shows only ~300 unique generatorPublicKey's, and transactions.nxt (also 12MB) has about ~3500 unique accounts.  The blockchain explorer says "Accounts: 13919" and lists lots of new accounts being added though.
11  Alternate cryptocurrencies / Altcoin Discussion / Re: [OGC][GIVEAWAY] 10,000 OGC for first 100 to celebrate Coined Up support !!!!!!!! on: January 04, 2014, 01:53:11 PM
oWPBx2G7hG46Cin8FzUcfhZX9KFcoV1g5Y

Thanks
12  Other / Beginners & Help / How long would it take to break a single wallet? on: December 31, 2013, 05:50:15 PM
Let's just say, hypothetically, that there was an abandoned wallet with, like, $150,000,000 worth of BTC in it.  Say, one of Sheep's.

  • How long would it take to find the private key and gain access to the coins?  For one machine, or for a pool?
  • If everyone got together and formed a pool, and split the payout, would it be worth the energy costs?
  • Is there a difference between the difficulty for SHA256 and Scrypt with regards to wallet private keys?
  • Are there any cryptocoins that are particularly susceptible to wallet private key attacks?
Pages: [1]
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!