Show Posts
|
Pages: [1]
|
2
|
Alternate cryptocurrencies / Marketplace (Altcoins) / Re: [ANN]{OpenEx} Relaunched!
|
on: January 17, 2014, 07:07:21 PM
|
Open again. We encourage only small deposits while we continue to test and make sure everything works as its supposed to. thanks for putting up with our miscues. we hope to put that in the past if possible.
Do not use this exchange. It is utterly insecure and you're throwing away any coins you deposit. There is no fixing the code on this one, it's fundamentally insecure. See my main post at: https://bitcointalk.org/index.php?topic=414777.msg4508656#msg4508656you could have said that without being a condescending douche. you must lead a sad and depressing life. r3wt's private message to me: explain to me the point of preventing a client from echoing javscript into a get request? get requests get a resource, don't post any data. how exactly is that a security vulnerability? maybe you should read your own message... https://openex.pw/index.php?page=trade&market=''alert('You are an idiot.'); Oh r3wt, sweet naive r3wt. If anyone wants a laugh in general about this "exchange", I'm including its "terms of service" below. OpenEx.pw Terms And Conditions
SITE RULES 1. GENERAL GUIDELINES A. HACKING: Strictly Prohibited. 10 entries of an account, or ip in ACCESS_DENIED Results in Immediate Ban, and Forfeiture of Funds. No questions asked, No Refunds Given. B. API ABUSE: No Ban, but warnings will be given for unruly, excessive use of the API. C. STAFF MEMBER ABUSE: 30 Day Chat Ban, 10 Day site ban. Don't be stupid. D. ABUSE OF SUPPORT SYSTEM: 10 Day Site Ban. E. BAN EVASION: ARIN REPORT, VPN Public Record Request. F. TOR USE: USE OF THE ONION ROUTER AND TOR PROXIES IS STRICTLY PROHIBITED ON THIS WEBSITE. YOU PROBABLY ALREADY FOUND THAT OUT EH? 2.CHAT RULES A. PERSONAL ATTACKS: Personal Attacks on other users are strictly prohibited of any kind. do so at the risk of being banned from the chat. B. Spambots(Excluding Trading Bots) Spambots are prohibited. Account Ban's automatic through detection system. C. CHAT SPAM: You may advertise in the chat, however you are asked to do so no more than 1 time an hour. Spamming a link every ten minutes will leave you subject to a 1 day ban, then 7, then lifetime. This does not apply to general conversations about a particular site or service, only to one liner advertisements, and walls of text promoting services/coins/ et al. D. SCAMMING/Soliciting Sales of Prohibited or Risky Investments: Prohibited. Automatic chat ban. E. BETTING: Do Not bet in chat. automatic 1 day chatban, no questions asked. F. MUDSLINGING/LIBEL/FUD/Bullying: Do not post lies about other people, companies, or users. if you have a personal beef post about it on bitcointalk. no need for that here. G. Speculation: You may freely speculate on the price of any currency, however you may not do so in excess of, or in an attempt to unload your baggage. Do not encourage others to buy any coins. H. Trolling/Disruptive Behavior: This is not allowed, and is treated on a case by case basis. Do not harrass other users. Chat messages are logged, and stored to a backup server for review. I. FREEDOM OF SPEECH: OpenEx and its staff members encourage free discussion, however the aformentioned rules apply to this discussion in order to foster healthy debate and general quality of user experience within the chat. This being said, do not test us. we will act swiftly and without prejudice.
You just can't make up stuff this good. I'll give anyone 20:1 r3wt isn't older than 15.
|
|
|
4
|
Alternate cryptocurrencies / Altcoin Discussion / Re: Openex hacked but coins recovered
|
on: January 17, 2014, 06:36:46 PM
|
wow I am late I have 60k dimecoin here ...Is there a way I can get it back I am willing to receive any compensation if there is any I just hope the admin will offer this so he will not lose his reputation the site is back live, all of the wallets are back live. Wait, so you reopened it completely? Because registrations were closed before, and now they are open. Please tell me you didn't think it was ok to reopen it. Because it's not. Not without a huge warning telling people your code is fully vulnerable and depositing coins is essentially donating them to whichever hacker gets there first.
|
|
|
5
|
Alternate cryptocurrencies / Altcoin Discussion / Re: [Nxt] API of Nxt
|
on: January 14, 2014, 09:17:50 PM
|
That's what I figured, but a quick check shows only ~7000 unique recipients in transactions.nxt vs. 14,000 accounts in the blockchain explorer: $ java -jar jdeserialize-1.2.jar nxt/transactions.nxt | grep -E "recipient: [0-9-]+" | awk '{ print $2 }' | sort | uniq | wc -l 7105
R recipients with negative value included? Yes, "recipient: [0-9-]+" matches all lines containing "recipient" except for the first one (structure definition).
|
|
|
6
|
Alternate cryptocurrencies / Altcoin Discussion / Re: [Nxt] API of Nxt
|
on: January 14, 2014, 06:35:29 PM
|
Is there a way to get a list of all the accounts?
Thanks!
Yes, this can be done via blockchain scanning. Let me know if u need a special API call for that. I'd definitely like an API call that would return all accounts. For blockchain scanning, what is the process to get all accounts? A quick look at blocks.nxt (12MB) shows only ~300 unique generatorPublicKey's, and transactions.nxt (also 12MB) has about ~3500 unique accounts. The blockchain explorer says "Accounts: 13919" and lists lots of new accounts being added though. Get a unique list of the recipients of all transactions of all blocks. That's what I figured, but a quick check shows only ~7000 unique recipients in transactions.nxt vs. 14,000 accounts in the blockchain explorer: $ java -jar jdeserialize-1.2.jar nxt/transactions.nxt | grep -E "recipient: [0-9-]+" | awk '{ print $2 }' | sort | uniq | wc -l 7105
|
|
|
7
|
Alternate cryptocurrencies / Altcoin Discussion / Re: Openex hacked but coins recovered
|
on: January 14, 2014, 04:38:43 PM
|
to the casual observer, yes it appears pretty insecure. once you try to hack it, then you see the genius of the design. There is nothing genius about the code, and nothing genius about you. other than the queries, i'd say its pretty secure.
Your opinion means nothing and is apparently given out without any thought. That code is some of the worst I've seen in years. WTF makes total amateurs think they can launch an exchange that's responsible for handling people's money? Based on that code you're about 5 years of programming experience away from being able to, possibly, code securely enough. Don't even think about relaunching with anything but a play site. lets have an example there bud. Oh I don't know, the topic of this thread you fucking idiot comes to mind. Also whatever double cancel bug you had that allowed people to gives themselves coins. And then of course there's always this one: https://openex.pw/index.php?page=trade&market='';alert('You%20are%20an%20idiot.');I'm sure you have no idea why that's a problem though. I don't understand why anyone in this thread is cutting you slack at all. What you did is the equivalent of opening a bank, taking people's deposits, and then leaving the doors unlocked and the vault wide open. Your code is the quality of what I made in middle school, and your attitude fits that age range as well. I'm done with this thread, but a warning for anyone reading it: Do not, do not, DO NOT use any site built by r3wt that puts any of your property at risk! His understanding of web security is nonexistent, his code is crap, and his attitude is reckless and irresponsible.When his next site gets hacked, don't say I didn't tell you so.
|
|
|
8
|
Alternate cryptocurrencies / Altcoin Discussion / Re: Openex hacked but coins recovered
|
on: January 14, 2014, 03:06:10 PM
|
to the casual observer, yes it appears pretty insecure. once you try to hack it, then you see the genius of the design. There is nothing genius about the code, and nothing genius about you. other than the queries, i'd say its pretty secure.
Your opinion means nothing and is apparently given out without any thought. That code is some of the worst I've seen in years. WTF makes total amateurs think they can launch an exchange that's responsible for handling people's money? Based on that code you're about 5 years of programming experience away from being able to, possibly, code securely enough. Don't even think about relaunching with anything but a play site.
|
|
|
9
|
Alternate cryptocurrencies / Altcoin Discussion / Re: [NXT] API 2 Brainstorming
|
on: January 12, 2014, 04:28:48 AM
|
For High-level:
getAllAccounts() - possibly with filtering parameters and sort/limit
I'm not sure what the Account object provides currently, but these would be useful:
getBalance() getTotalTransferAmounts() - returns total amount of NXT transferred. filter by in/out getTransactions() - filter by activity type (in/out/alias creation/etc.) getTimeFirstActivity() - filter by activity type (in/out/alias creation/etc.) getTimeLastActivity() - filter by activity type (in/out/alias creation/etc.) getBlocksGenerated() - correct term? getFeeEarned() - correct term? getAliases()
|
|
|
10
|
Alternate cryptocurrencies / Altcoin Discussion / Re: [Nxt] API of Nxt
|
on: January 12, 2014, 04:08:41 AM
|
Is there a way to get a list of all the accounts?
Thanks!
Yes, this can be done via blockchain scanning. Let me know if u need a special API call for that. I'd definitely like an API call that would return all accounts. For blockchain scanning, what is the process to get all accounts? A quick look at blocks.nxt (12MB) shows only ~300 unique generatorPublicKey's, and transactions.nxt (also 12MB) has about ~3500 unique accounts. The blockchain explorer says "Accounts: 13919" and lists lots of new accounts being added though.
|
|
|
12
|
Other / Beginners & Help / How long would it take to break a single wallet?
|
on: December 31, 2013, 05:50:15 PM
|
Let's just say, hypothetically, that there was an abandoned wallet with, like, $150,000,000 worth of BTC in it. Say, one of Sheep's. - How long would it take to find the private key and gain access to the coins? For one machine, or for a pool?
- If everyone got together and formed a pool, and split the payout, would it be worth the energy costs?
- Is there a difference between the difficulty for SHA256 and Scrypt with regards to wallet private keys?
- Are there any cryptocoins that are particularly susceptible to wallet private key attacks?
|
|
|
|