[CLOSED] ZIGGAP crowd sourced security auditing. 80.5 BTC in potential winnings!

Mikej0h

Member

Offline

Activity: 117
Merit: 100

Life is short, play long

Re: ZIGGAP crowd sourced security auditing. 80.5 BTC in potential winnings!

January 03, 2013, 11:16:39 PM

#21

Quote from: ZIGGAP on January 03, 2013, 10:51:10 PM

Quote from: Mikej0h on January 03, 2013, 10:45:42 PM

Not a security flaw, but bug:
Go to Buy Bitcoins -> Select nothing ("Select payment method") -> Enter address (12gKdNCYoEZ9SfnRkiouNJV2QrCdyC8ooD) -> Error page "Bad gateway"

Edit: and please include "labels" for the textboxes, I had to look in the source which field is for what (IE)...

The text boxes have labels in them, until you click in the text box and start typing.

I understand what you mean, I see them in the source however they not show up in my Internet Explorer...

EDIT; see screenshot below

fcmatt

Legendary

Offline

Activity: 2072
Merit: 1001

Re: ZIGGAP crowd sourced security auditing. 80.5 BTC in potential winnings!

January 03, 2013, 11:37:10 PM

#22

Ssh should be using /etc/hosts.allow. no reason to let every IP connect to it.

paybitcoin

Member

Offline

Activity: 85
Merit: 10

1h79nc

Re: ZIGGAP crowd sourced security auditing. 80.5 BTC in potential winnings!

January 04, 2013, 05:30:48 AM

#23

And purchase another server to run ejabberd on for frontend.ziggap.com.

Unless that's part of the service somehow.

Quote from: fcmatt on January 03, 2013, 11:37:10 PM

Ssh should be using /etc/hosts.allow. no reason to let every IP connect to it.

You could also set up a service like OpenVPN (UDP + drops any packets that don't have the HMAC = very good stealth) and then SSH & XMPP inside the VPN so there are no TCP ports open to the outside world except 80 and 443.

Surface area, etc.

Pages: « 1 [2] All

Bitcoin Forum > Bitcoin > Development & Technical Discussion > [CLOSED] ZIGGAP crowd sourced security auditing. 80.5 BTC in potential winnings!

« previous topic next topic »