Ryan, seriously ? you are asking me to share my password here ?
I mean, is the question really about how strong my password is ? Shouldn't the question be, why did they let me choose a weak password if at all I chose a weak password ?
Sure, why not? My password was yMrND9DpHD9T (but I just changed it). Your account has already been hacked, so it presumedly doesn't even have money in it. I don't see the harm in sharing a password as unique and strong as you claim hah good point. If you post your password convertekk, I'll refund you for the loss. Also, we'll look into setting tighter requirements for passwords and maybe offer a 2fa on cashout option. A password is a password is a password that simply cannot be shared on a public forum even if it is unique to this site. Let's just say I don't want to share it with you here in public. I shared it with Stunna anyways.
So.. this isn't a unique password? okay.
|
|
|
how can a weak password be cracked Stunna ? you have a captcha on your website right ?
Captchas can be bypassed by bots through the use of external services. If a person knew that you had a weak password and enough balance to make it worth their time the captcha wouldn't be an issue. User should have guessed my password in like 3 or 4 attemps to be able to crack my password under 10 minutes. or am I missing something ?
Not at all. Depending on how fast PD loads he could have tried it hundreds/thousands of times in that 10 minute period. If there is rate limiting it could be less, however that could possibly be bypassed unless it was applied per account. Either way, it would be significantly more than 3 or 4 attempts in that time frame. You would expect a website at a scale of PD to detect a suspicious behavior when user is repetitively entering wrong passwords. Guys, Seriously! isn't that a basic security that should be in place ? Let's assume my password was weak. So, it took hacker 10 minutes to steal my BTC. Why would you let someone choose a weak password on your website and then allow hackers to explore that loophole. Now, THIS starts sounding more fishy than it actually is. You'd expect them to restrict the user to that particular IP when you are letting users to play without passwords. None of this in place and they defend their security. wow! It's scarier than I thought it is. You've re-used that username on a handful of different websites including dodgier sites like blackhatworld. If that password is indeed unique it would be helpful if you privately shared it with me, it shouldn't matter since you aren't re-using it elsewhere right? I mean, is the question really about how strong my password is ? Shouldn't the question be, why did they let me choose a weak password if at all I chose a weak password ?
We encourage users to set strong passwords and have very basic length requirements. I'll explore making our requirements much stronger this week. I'm not even sure which username you are referring to. I have multiple accounts with PD. The one that got robbed is definitely not registered with blackhatworld. Please read your emails to get my username and I've PMed you my password. I'm still skeptic about sharing my password but I had to do it anyways hoping it would help your investigation. If it's a 100% unique password no longer in play what's the issue with sharing it?
|
|
|
how can a weak password be cracked Stunna ? you have a captcha on your website right ?
Captchas can be bypassed by bots through the use of external services. If a person knew that you had a weak password and enough balance to make it worth their time the captcha wouldn't be an issue. User should have guessed my password in like 3 or 4 attemps to be able to crack my password under 10 minutes. or am I missing something ?
Not at all. Depending on how fast PD loads he could have tried it hundreds/thousands of times in that 10 minute period. If there is rate limiting it could be less, however that could possibly be bypassed unless it was applied per account. Either way, it would be significantly more than 3 or 4 attempts in that time frame. You would expect a website at a scale of PD to detect a suspicious behavior when user is repetitively entering wrong passwords. Guys, Seriously! isn't that a basic security that should be in place ? Let's assume my password was weak. So, it took hacker 10 minutes to steal my BTC. Why would you let someone choose a weak password on your website and then allow hackers to explore that loophole. Now, THIS starts sounding more fishy than it actually is. You'd expect them to restrict the user to that particular IP when you are letting users to play without passwords. None of this in place and they defend their security. wow! It's scarier than I thought it is. You've re-used that username on a handful of different websites including dodgier sites like blackhat forums. If that password is indeed unique it would be helpful if you privately shared it with me, it shouldn't matter since you aren't re-using it elsewhere right? Since it is unique though, you should feel comfortable posting it here. I mean, is the question really about how strong my password is ? Shouldn't the question be, why did they let me choose a weak password if at all I chose a weak password ?
We encourage users to set strong passwords and have very basic length requirements. I'll explore making our requirements much stronger this week.
|
|
|
Shouldn't you have gotten the withdrawal window popped on your screen at that exact moment if someone else was trying to withdraw funds while you were playing? Can 2 people even be logged into the same account at the same time?
According to the OP,the process seems to have happened from the back-end.That is funds have been transferred through the database I believe. If this indeed happened on the back end all the high-rollers would have been fleeced and Primedice's hot wallet would have been emptied while Stunna was sleeping, wouldn't they? Indeed, there's no reason for us to believe this was a fault within our security. If I had to guess, weak password that got cracked or some sort of script/bot. Plenty of users hold much larger balances on primedice without issue (including myself). As always I'm happy to investigate this further for you if you provide me as much information as possible beyond just your username via email.
|
|
|
I'm not going to waste my post and post everything for literally nothing. Trust me, been there done that.
If anyone would like to confirm, feel free to PM me with what type of proof you would like and I'll gladly send it.
I'd like to see proof too. Also the part where you claim you got banned doesn't make sense.
|
|
|
Happy hour within the next few hours!
|
|
|
Doing our end of year accounting and we've given out over 100 BTC on Bitcointalk giveaways... Thought heck, what's another few BTC gonna hurt? Would love to see the continued support of the community on polls such as these - https://bitcointalk.org/index.php?topic=1710242.0 (Obviously only vote for the site you truly think is best!) Rules of giveaway: Must have 15 Bitcointalk activity Must have over 1 BTC wagered on Primedice Must have over 100 chat messages on Primedice First 200 people only
|
|
|
Small happy hour starting now
|
|
|
Looking for some unique giveaway ideas -- Let a mod know if you have anything thought out!
|
|
|
How about you wait in Primedice chat?
|
|
|
RequirementsOver 1,000 chat messages (With limited mute history, spam and you'll be muted) Over 0.3 wagered Account must be at least a month old Reward0.005 BTC credited to Primedice account How to receive Username: Reason you play on Primedice: Timeframe & limitsFirst 200 users only Credited within 72 hours of posting
|
|
|
Happy hour is going now if anyone would like to jump on!
|
|
|
Another happy hour starting now!
|
|
|
|