When using any site that handles bitcoin like mine you have the chance to lock a bitcoin address for withdrawals and you need to confirm it by email your sent
one among lot of other ways to protect the user. But, that is, if they have the intent to protect their users at all. |
|
|
|
You know what guys, I don't want to waste any time of mine as well.
Good to know, apologies for your loss. If you want to prevent people from replying to the topic you can press the 'Lock Topic' link in the bottom left hand corner of the page. I suggest you do this, else it will likely continue to be brought up. I'll just wait for Stunna's reply and resolution before locking the topic. |
|
|
|
|
You know what guys, I don't want to waste any time of mine as well.
Stunna, you refund my losses as you have mentioned, and make your website a little more secure possibly for the sake of your users and your own good. We are done.
|
|
|
|
Your whole thread is about problems in PrimeDice, while in reality it's simply a case of you using a trivially guessable password (to anyone who looked up how you pick passwords on a password leak site).
If PD is allowing hackers to guess user's passwords using trial and error, isn't that a problem ? Stunna himself accepted that and was willing to enable 2FA for withdrawals. Where does the point of apology come into picture then ? |
|
|
|
My password was pP@$$w0rd and it's definitely unique to this site.
That password is insanely easy to guess. A machine could probably come up with that password in a few hundred tries. you tell me that this a password that could be guessed by a random guy in less than 10 minutes, I have nothing to say to you.
Do you really think that passwords are brute-forced by hand? You really don't know much about this stuff, do you? Do we get the edit history on that comment please ? I'm pretty sure the "after changing it on primedice" was added later. Just like how he changed the words "blatant lies" to "simply untrue"
Regardless, did it not come to mind that if you're posting your password in a public place you should change it? You keep fighting on his behalf asking me to owe an apology for the money I lost.
Because Stunna/PD has done nothing wrong. You accusing him of doing such is not fair. You lost the money because your account security was bad - deal with the loss and learn from it in the future. for pointing a potential security loophole ?
You are the security loophole. Make a password that isn't stupidly easy for a machine to guess and you will no longer have these problems.
Any website you store funds on is dangerous for many reasons. Provided you trust the website and use a strong password this danger can be mitigated. where are you guys popping from ? Are you the army the other guy who lost his money was referring to ? a password with alphanumerics and symbols is easy to guess for a machine in a few hundred tries ? LOL. arguing with you on this will be an insult to my intelligence. Any website you store funds on is dangerous ? Please tell me if you own any websites, I'll not even come near to it. I've already added primedice and bustabit to that list but if you have any, please feel free to add that to my list. |
|
|
|
The real concern was the lost money and his behavior towards a user who loses money on their site. "Share your password, to the public, I'll refund your loss" and then gone. disappears.
I was actually the one who originally asked you to share your password (after you changed it) so we could see if it was a secure password or not (like you claimed). coming to your own conclusions and asking me to owe an apology for what primedice did to me ? WOW!! Care to explain how you came to that conclusion ?
Your whole thread is about problems in PrimeDice, while in reality it's simply a case of you using a trivially guessable password (to anyone who looked up how you pick passwords on a password leak site). I'm telling you that I don't use that pattern elsewhere. You keep fighting on his behalf asking me to owe an apology for the money I lost. Why should I go through this mental trauma fighting a hundred guys here for pointing a potential security loophole ? |
|
|
|
Do we get the edit history on that comment please ? I'm pretty sure the "after changing it on primedice" was added later. Just like how he changed the words "blatant lies" to "simply untrue"
Comments that are edited after a threshold (5 minutes I think) look like this: https://imgur.com/a/BOWYt(that's my post, for testing) And you can hover over it, to see the edit time. However, Stunna's was never edited (at least after the threshold) Before threshold or after threshold. You simply shouldn't force someone to share their passwords on a public forum. He called me a blatant liar after wasting 3 days of time. I had to share it to prove my point right ? Also, that account is not worth a penny to me anymore. So, I wouldn't mind retrieving it. Its just that someone would be misusing that account to get a higher faucet(its currently at 3.2K) and it's Stunna's loss. You could simply reset the hash and share the reset password with me over PM to simply hand over my account to myself instead of playing a blame game. The real concern was the lost money and his behavior towards a user who loses money on their site. "Share your password, to the public, I'll refund your loss" and then gone. disappears. |
|
|
|
My password was pP@$$w0rd and it's definitely unique to this site. you tell me that this a password that could be guessed by a random guy in less than 10 minutes, I have nothing to say to you. and guys, do google it and tell me if you find it.
Also it seems that P@$$w0rd is a suffix you use for many of your password? So pP@$$w0rd means "primedice password"? If people know a bunch of your other passwords, and then trying to guess your PrimeDice password ... you're not exactly making it hard  I really think you owe PrimeDice an apology for this whole thing, and use it as a cheap lesson on the importance of using a password manager  coming to your own conclusions and asking me to owe an apology for what primedice did to me ? WOW!! Care to explain how you came to that conclusion ? |
|
|
|
feel free to post it here (after changing it on primedice) and close this discussion.
He forced me to share the password on this thread.
:sigh: Do we get the edit history on that comment please ? I'm pretty sure the " after changing it on primedice" was added later. Just like how he changed the words "blatant lies" to "simply untrue" |
|
|
|
Thanks to you Stunna, My account is now stolen. I'm not sure how to feel about it.  How did that happen? He forced me to share the password on this thread. |
|
|
|
Chelsea to win - 2.9
Real Madrid to win - 1.55
bet 0.05 to win 0.2
Not exactly a Premier League tip but this is my prediction for today. good luck.
Nice odds especially in Chelsea , but it's difficult to win in White Heart Lane ! in my opinion the best bet is to put over 2.5 in this game . for Real madrid i'm with you to put real madrid to win With Kante and Matic chosen to start, you'd expect a defensive approach from Conte. Not really sure about the over 2.5 goals. |
|
|
|
|
Chelsea to win - 2.9
Real Madrid to win - 1.55
bet 0.05 to win 0.2
Not exactly a Premier League tip but this is my prediction for today. good luck.
|
|
|
|
Thanks to you Stunna, My account is now stolen. I'm not sure how to feel about it. |
|
|
|
close the thread ? how ? No investigation, no refund. I was forced to enter my password here to prove a point and now he disappears!!
Well... What do you expect? You didn't use 2FA even if it was available so... I didn't know they put this feature online. But if you didn't use all security tools at your disposal you can't really blame the site for it. what percentage of people use 2FA ? all the others who don't use 2FA are insecure too ? The site should enforce 2FA too in that case. What do they do instead ? They let people make deposits even without having a password. Agreed that you want a zero-friction onboarding of users but you have to be highly secure to have something like that. The whole point of having a password less/email less sign up is to decrease overhead. How do they expect users to signup for 2FA when they don't even expect them to set a password ? Dude it's not that... It's just that you can't blame them for getting your coins stolen if you haven't used all the security sets they provide! How could they enforce 2FA use? I mean that wouldn't be logical! They're not babysitters here to protect you, they give you a way to gamble and they gove you a way to do it in a safe environment. If you're too lazy to use the security tools they provide... Well you can't really argue with them afterwards. What's your argument? "You should have obliged me to be less lazy and secure my account!"? No offense but I'm having difficulty in understanding your arguments. Instead of providing 2FA, why didn't they secure themselves from bruteforce ? Isn't that the right way to go about it when you know more than 90% of your users are not going to use 2FA anyways. You yourself lost some coins there, I'm not sure why you are taking their side though. It kind of beats the whole point of getting them to fix their security. |
|
|
|
close the thread ? how ? No investigation, no refund. I was forced to enter my password here to prove a point and now he disappears!!
Well... What do you expect? You didn't use 2FA even if it was available so... I didn't know they put this feature online. But if you didn't use all security tools at your disposal you can't really blame the site for it. what percentage of people use 2FA ? all the others who don't use 2FA are insecure too ? The site should enforce 2FA too in that case. What do they do instead ? They let people make deposits even without having a password. Agreed that you want a zero-friction onboarding of users but you have to be highly secure to have something like that. The whole point of having a password less/email less sign up is to decrease overhead. How do they expect users to signup for 2FA when they don't even expect them to set a password ? |
|
|
|
I own the site gamblercity.bid I may blog the rights and wrongs this weekend.Or other people can on the site
I'm considering couple of other sites but I'd love to do that there too. |
|
|
|
|
close the thread ? how ? No investigation, no refund. I was forced to enter my password here to prove a point and now he disappears!!
|
|
|
|
Out of interest, for a couple of days I logged peoples username/password and tried to look them or crack them myself. I think my success rate was about 20-30%.
and this coming from the owner of bustabit! WOW!! speechless! can anybody feel more naked around these websites ? Just to be very clear, I was only trying to crack their bustabit password (based on information I could find online), I obviously wasn't attempting to crack their other accounts based on the password used at bustabit. And that risk is now 0, because bustabit doesn't even let users pick their own password. Wasn't there a bug where you were able to modify the value of the password field and choose your own password? It happened a while ago so I assumed it's patched now but eh And @op I wouldn't be worried if Ryan knew my bank accounts details lol. It'd probably trust him more than it's trust me You never know. Ryan's getting robbed by Dudax these days. He might have other ideas with your bank account details. lol. |
|
|
|
Out of interest, for a couple of days I logged peoples username/password and tried to look them or crack them myself. I think my success rate was about 20-30%.
and this coming from the owner of bustabit! WOW!! speechless! can anybody feel more naked around these websites ? Just to be very clear, I was only trying to crack their bustabit password (based on information I could find online), I obviously wasn't attempting to crack their other accounts based on the password used at bustabit. And that risk is now 0, because bustabit doesn't even let users pick their own password. what do you mean by logging their usernames/passwords then ? Atleast that's a good feature that you have, setting the password for user. Hope you'd take the blame when a user's account gets hacked on your website considering you have set the password for them. |
|
|
|
Ryan, seriously ? you are asking me to share my password here ?
I mean, is the question really about how strong my password is ? Shouldn't the question be, why did they let me choose a weak password if at all I chose a weak password ?
Sure, why not? My password was yMrND9DpHD9T (but I just changed it). Your account has already been hacked, so it presumedly doesn't even have money in it. I don't see the harm in sharing a password as unique and strong as you claim I can tell you that my password is stronger than yours with more than alphanumeric. That's simply untrue, I can google the password you supplied me and get plenty of results of it being used as a mysql password. Note when you google "yMrND9DpHD9T" you get no results. If you want a full refund feel free to post it here (after changing it on primedice) and close this discussion. I also have strong doubts you only used it on primedice which is why I imagine you are hesitant. You took 4 days to respond to me and now you say that I'm wasting your time. I never wanted to sound harsh but you called me a liar and make me sound like a beggar. It's upto users of this forum to judge you I suppose. My password was pP@$$w0rd and it's definitely unique to this site. you tell me that this a password that could be guessed by a random guy in less than 10 minutes, I have nothing to say to you. and guys, do google it and tell me if you find it. I was able to find pp@$$w0rd in plaintext and MD5 in a leaked password list. People use rules that change letters from lowercase to uppercase using Hashcat meaning that the password isn't exactly 100% unique but yeah the chance of someone guessing it... or brute forcing it.... hell nah Fair, the username of his account is widely used on a bunch of other bitcoin websites though. And regarding Robert, that really is terrible but there were no back-end flaws that resulted in that. yes, so you please try and login to one of those websites with same password and you tell me if you can crack any of them please. So you are alleging that there is some superbug that will let anyone compromise accounts? I don't know what you're trying to accomplish here. There are other ways you could have been compromised as well such as phishing/scripts/bots. I asked you to investigate this issue for me. To try to find out how I got robbed. It's you who took me in the direction of 'weak password, not unique password, anybody can guess it'. Now that you know that's not true, this is another direction - phishing, scripts, bot. You tell me, did I use scripts ? you'd be able to differentiate between manual betting and a script betting on your website I suppose ? no ? Phishing ? have you been following my concerns ? the account got hacked in less than 10 minutes. This story would make for one heck of a blog post I believe. |
|
|
|
|
Show Posts
