Man in the middle attack isn't a problem for luckybit because:
1.- MITM is a LAN attack. That mean the only users who will be affected are those who are on the local area network of the attacker. Users access point is users responsability, if you are on a not secure network better don't use bitcoin, because if you are under MITM attack, the hacker will not change the betting addys, he will get your blockchain.info wallet access information.
It depends on the wallet. blockchain.info uses an HTTPS conection, so it's unlikely to be affected. Even if you're affected, the HTTPS conection will be gone and the lock in address box of the browser won't appear. Please read the point 3.About the LAN attack, well, you can take care about your network, but when this goes to your ISP, international routes and so, you lose the control of what goes on. If you lose control of what goes on your network, there is not much luckybit can do for you.2.- MITM can be detected by users with tools like wireshark. But is responsability of the user to verify if the network is secure. Do you really expect average people to use wireshark in order to detect if there's a MITM happening? If people is paranoid about the attack, then they should find a way to avoid it.It's much more simple having an HTTPS website. If it isn't encrypted, there will be lock on the browser. If it presents an invalid certificate, you'll receive an alert. Again please read the point 3.3.- MITM have a tool called sslstrip to bypass the SSL connection, so, change the site to SSL will fix nothing about the attack.
sslstrip turns HTTPS traffic in HTTP. But to be effective, the user needs to go further and ignore the lack of HTTPS. Aside of this, there are tools and settings to avoid these types of downgrading, like HSTS. You should learn a lil more about sslstrip, it really works fine to make the MITM to SSL connections.Make a man in the middle to change luckybit addys, is one of the worst things you can do with this attack. Because if the users don't see the bets rolling they will ask to support what happen?, then we will ask for the TX ID, and in that moment we will see the fake addy. How much the hacker get? 0.005? 0.01?... not really a big lost. So, that attack is just a waste of time if some one is thinking about use it that way.
I want to make emphasis on the point of; This has never happened to luckybit and isn't something to worry about.
Well, a more sophisticated attack can try to replace the entire game too. A sophisticated hacker know how stupid is the idea of edit the gambling site with MITM to change addys and catch some satoshis if he have luck.And again, the "this never happened" isn't a good reason. You need to consider the possibilities and risks, not the "it never happened". We consider possibilities and risks... Chance to get a user hacked to change the betting addys, zero. Risks, only one user hacked because some one vuln his network. But it seems you think it's more simple to deal with an eventual problem than fixing the origin of it. OK, it's your choice. A bad choice, I think, but, well... The only problem here is all this trash talk, and we are working on it.I will say it clear because you are confusing our customers. Luckybit is not worried about a MITM attack.Because the MITM attack goes for one target, the target must be in the same attacker local network, and if users got hacked with this attack we wasn't the reason or the vuln and we are not the target. If the hacker have a success attack to one of our users, other users will be not affected, and we are a gambling site not a Internet Security Service. Of course we care about out customers security, but only for problems relevant to luckybit. If a random guy on internet get hacked by this attack should be our problem? if that guy use windows and some one use a trojan to hack it, should be our problem? i think not. For all the luckybit users: *This is not a luckybit security problem. it's the user responsibility to be on a secure network. *This is not a problem because it will not happen, to have the hacker in the same local network is really hard. And if you have a hacker on your LAN change the addys of luckybit to take the user bitcoins isn't a smart idea, as i say before if the users send one bet and it don't roll, support will ask for the tx id, and there we will see the fake addys. *In a fantasy world this is possible, but in the real world, this is almost impossible, is a bad idea, hard as hell and a waste of time. |
|
|
|
A MITM attack against LuckyBit could - at worst - replace the game addresses with malicious ones. This is a sufficient reason to put HTTPS. The attacker has a financial incentive to repllace those addresses. There has never been a report of MITM attacks against LuckyBit.
Until it happens. But why wait until an incident happens if you already can fix the issue? SSL implementation is not a simple process. Getting a signed certificate, implementing security across the site and filtering for non-essential services such as the LuckyBit Community Hub are not a quick-switch option. These things take time and money that aren't justified by a "potential" threat that hasn't been realized and can be easily avoided by customers. Most of our players don't even depend on the site to provide the addresses; the information is available elsewhere and the majority of wallets also provide address-book services that would make this attack ineffective. tl;dr: not worth the effort for an attacker, not worth the effort for us Man in the middle attack isn't a problem for luckybit because: 1.- MITM is a LAN attack. That mean the only users who will be affected are those who are on the local area network of the attacker. Users access point is users responsability, if you are on a not secure network better don't use bitcoin, because if you are under MITM attack, the hacker will not change the betting addys, he will get your blockchain.info wallet access information. 2.- MITM can be detected by users with tools like wireshark. But is responsability of the user to verify if the network is secure. 3.- MITM have a tool called sslstrip to bypass the SSL connection, so, change the site to SSL will fix nothing about the attack. Make a man in the middle to change luckybit addys, is one of the worst things you can do with this attack. Because if the users don't see the bets rolling they will ask to support what happen?, then we will ask for the TX ID, and in that moment we will see the fake addy. How much the hacker get? 0.005? 0.01?... not really a big lost. So, that attack is just a waste of time if some one is thinking about use it that way. I want to make emphasis on the point of; This has never happened to luckybit and isn't something to worry about. |
|
|
|
In trump we trust.... http://webm.host/18ea6/That guy is a Joke, and we know it. He doesn't deserve to be a topic on this forum. |
|
|
|
Hope you all have fun with these memes |
|
|
|
Maybe if they stop spending $150,000 a month, they can survive  |
|
|
|
Hey guys, i just find the way to send bets from Electrum and command line, after that, i make a small bot. As most of my codes this one is open source, you can see de codes here: https://bitcointalk.org/index.php?topic=1270958.0 Now you can't because a moderator delete my thread  . Feel free to edit the codes to make bets with your best betting method  Single bet: electrum payto 1LuckyR1fFHEsXYyx5QK4UFzv3PEAepPMK 0.002 -f 0.0002 --unsigned > unsigned.txn
cat unsigned.txn | electrum signtransaction - > signed.txn
cat signed.txn | electrum broadcast -
Mutiple bets: electrum paytomany "[[\"1LuckyR1fFHEsXYyx5QK4UFzv3PEAepPMK\", 0.002], [\"1LuckyR1fFHEsXYyx5QK4UFzv3PEAepPMK\", 0.002], [\"1LuckyR1fFHEsXYyx5QK4UFzv3PEAepPMK\", 0.002]]" -f 0.0002 --unsigned > unsigned.txn
cat unsigned.txn | electrum signtransaction - > signed.txn
cat signed.txn | electrum broadcast -
|
|
|
|
Hello all. I'm new to this forum and I first want to apologize if my post is under wrong topic. I want to request imacro code or js code for the following strategy in 999dice. 01. First time bet with 0.000001 btc with 90% chance of win 02. Bet the same until lose twice. 03. After 2nd lose, change bet to 0.00001 btc with 51% chance of win. 04. Double the bet amount with the same % chance of win until I win the bet or lose 3 times with 51% chance of win. 05. If I win with 51% chance of win change bet setting to first time bet. If I lose for 3 times with 51% chance of win, change % chance of win to 57% and continue betting by doubling the previous lose bet amount until I win the bet. I'm requesting the codes because I don't know about imacros coding or java coding. Waiting for the codes  Thank you. Hi khantmg, i can do the code but not for free, if you want to get it free you can take my opensource codes and work with them to work the way you want. If you want me to make the code i will do it for 0.1 btc. Have a great day. |
|
|
|
Multipliers: (center to extreme)
---------------------------------------------------
1.3 1.2 1.1 0.1 0.1 0.1 0.1 35 100
---------------------------------------------------
Max amount playable: 1
--
Odds: 98.416%
Max win: 100.00 BTC
Name: megalodon
Bitcoin Address: 1BtcBoSSnqe8mFJCUEyCNmo3EcF8Yzhpnc
|
|
|
|
|
is only $2 i can do it. Send me a PM with your paypal mail and i will send it.
|
|
|
|
I'll give this a try good luck to everyone who is entering. Good luck for you too, i would like to join this contest, but since i'm part of the team i can't great luck for all participants and i can't wait to see your nice videos guys. |
|
|
|
This week, i'm gonna buy BTC for a total of 21. Then, i'll storage them offline and just forgot bout it for 5/10/15 years. Waiting they'll reach a comparable value of 21M $.
How i'll use them?
12M $ = live with 10K$ / month from here to other 100 years
2M $ = to my parents, for them retire
5M $ = for further investment
2M $ = for beneficence (cancer, sla, aids, handicap)
What do you think about my dream?
The hard part of your dream is when the value of btc hit 1M/1btc... I'm really optimist and hope your dream come true, but see that prize will be hard. |
|
|
|
The LuckyBit Affiliate Program is now closed. Thank you to everybody that participated! Please check the LuckyBit Community Hub for more LuckyBit promotions. Some people are "The last warrior", "The last Ninja", "The last Samurai"... but me, i i'm the last BADASS. This signature campaign was always awesome, i made a nice profit in the past months with it, too bad it don't work any more. |
|
|
|
It's slowly heart-beating faster now, in december it will be 500+
If the trend continous this fast we can see 1000+ in december. But I would really like a stable 500s range. Stabilized @500 for a few weeks would be nice. $395 now, if things keep like this, then the $500 is really close. Don't think it will go up to +1000 but if it does, that should be great |
|
|
|
|
Show Posts
