Bitcoin Forum
November 09, 2024, 06:04:52 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 [4] 5 6 »  All
  Print  
Author Topic: Please delete  (Read 23110 times)
nethead
Sr. Member
****
Offline Offline

Activity: 322
Merit: 250



View Profile
December 19, 2012, 02:16:14 PM
 #61

Wait, wait, wait. So Roger Ver has access to see users wallet passwords in plaintext? So he can theoretically log in to any account on Blockchain.info and send himself whatever he wants? Blaming it on "hackers"? Is that what is happening here?

I guess but this is not the case. He admited that he has access to the given info, dont know if he can manage too
greyhawk
Hero Member
*****
Offline Offline

Activity: 952
Merit: 1009


View Profile
December 19, 2012, 02:17:07 PM
 #62

Wait, wait, wait. So Roger Ver has access to see users wallet passwords in plaintext? So he can theoretically log in to any account on Blockchain.info and send himself whatever he wants? Blaming it on "hackers"? Is that what is happening here?

NO,  this is not possible.

If it was,  I could have just taken my money back,  and none of this would have been an issue.


What is this then?

Quote
secret_phrase='Neurobion'

Sincere question, I've never used bitchain.
HostFat
Staff
Legendary
*
Offline Offline

Activity: 4270
Merit: 1209


I support freedom of choice


View Profile WWW
December 19, 2012, 02:18:51 PM
 #63

I want to know every informations that an admin of blockchain.info can see.
I thought that most of them were encrypted...

NON DO ASSISTENZA PRIVATA - https://t.me/hostfatmind/
MemoryDealers (OP)
VIP
Legendary
*
Offline Offline

Activity: 1052
Merit: 1155



View Profile WWW
December 19, 2012, 02:21:17 PM
 #64

Wait, wait, wait. So Roger Ver has access to see users wallet passwords in plaintext? So he can theoretically log in to any account on Blockchain.info and send himself whatever he wants? Blaming it on "hackers"? Is that what is happening here?

NO,  this is not possible.

If it was,  I could have just taken my money back,  and none of this would have been an issue.


What is this then?

Quote
secret_phrase='Neurobion'

Sincere question, I've never used bitchain.

This is a secret phrase that can be used to help blockchain verify your identity in case of a lost wallet identifier or yubikey or other 2nd factor authentification reset request.   It in no way grants access to the account funds in any way.  

Basically it is used so Blockchain can verify that they are communicating with the actual account owner.

John (John K.)
Global Troll-buster and
Legendary
*
Offline Offline

Activity: 1288
Merit: 1227


Away on an extended break


View Profile
December 19, 2012, 02:22:41 PM
 #65

Wait, wait, wait. So Roger Ver has access to see users wallet passwords in plaintext? So he can theoretically log in to any account on Blockchain.info and send himself whatever he wants? Blaming it on "hackers"? Is that what is happening here?

NO,  this is not possible.

If it was,  I could have just taken my money back,  and none of this would have been an issue.


What is this then?

Quote
secret_phrase='Neurobion'

Sincere question, I've never used bitchain.

That would be a key to retrieve wallet identifiers or disable the 2FA:
Quote
Secret Phrase
A secret phrase can be set in your "Account Details" panel after login. In the case of lost wallet identifiers, yubikeys or lost email access the secret phrase can be given to us to help verify account ownership. This is reviewed manually on a case by case basis.
The password used to encrypt the wallet containing the privkeys is not sent to the server.
MemoryDealers (OP)
VIP
Legendary
*
Offline Offline

Activity: 1052
Merit: 1155



View Profile WWW
December 19, 2012, 02:25:09 PM
 #66

I want to know every informations that an admin of blockchain.info can see.
I thought that most of them were encrypted...

It is all encrypted,  but it depends on  your privacy settings.

Quoted from: https://blockchain.info/wallet/anonymity

Alerts Disabled: If you have notifications disabled your public keys are stored encrypted inside your wallet. In this mode we are unable to view your public keys and hence cannot view your balance or transactions.


Alerts Enabled: When notifications are enabled your public keys are inserted in a separate table along with your email, skype handle or google talk username. This mode does sacrifice some Anonymity as we can now see your public keys and view your wallet balance. However just because a wallet contains a public key does not necessarily mean they are the owner of said key (as you can add keys without the respective private key).

In this case the scammer with my bitcoins had Alerts enabled for his wallet,  so I could easily verify %100 for sure that he has my money in his Blockchain wallet.

If he had his alerts set to Disabled,  I wouldn't know if he really had my money or not.

ribuck
Donator
Hero Member
*
Offline Offline

Activity: 826
Merit: 1060


View Profile
December 19, 2012, 02:26:30 PM
 #67

This is a secret phrase that can be used to help blockchain verify your identity in case of a lost wallet identifier or yubikey or other 2nd factor authentification reset request.   It in no way grants access to the account funds in any way.  

Basically it is used so Blockchain can verify that they are communicating with the actual account owner.
So obviously it needs to be securely hashed, or else anyone who compromises the database (or has authorised access to it) can impersonate the actual account owner.
nethead
Sr. Member
****
Offline Offline

Activity: 322
Merit: 250



View Profile
December 19, 2012, 02:27:33 PM
 #68

Wait, wait, wait. So Roger Ver has access to see users wallet passwords in plaintext? So he can theoretically log in to any account on Blockchain.info and send himself whatever he wants? Blaming it on "hackers"? Is that what is happening here?

NO,  this is not possible.

If it was,  I could have just taken my money back,  and none of this would have been an issue.


What is this then?

Quote
secret_phrase='Neurobion'



Sincere question, I've never used bitchain.

This is a secret phrase that can be used to help blockchain verify your identity in case of a lost wallet identifier or yubikey or other 2nd factor authentification reset request.   It in no way grants access to the account funds in any way.  

Basically it is used so Blockchain can verify that they are communicating with the actual account owner.


And reset their passwords? maybe?

Ill try to stay ontopic: Just a reminder I do not owe you anything. I got what i have sent you, then the address was gotten by someone else. It WAS anon. And i re-request proof which you dont give that it isnt


Also, why some people try to get into my account? I got my funds away as soon as he showed me that he has access to that info, MY info!
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1358
Merit: 1002



View Profile
December 19, 2012, 02:28:10 PM
 #69

And so it started, the shitstorm: https://bitcointalk.org/index.php?topic=131608
MemoryDealers (OP)
VIP
Legendary
*
Offline Offline

Activity: 1052
Merit: 1155



View Profile WWW
December 19, 2012, 02:30:50 PM
 #70

And reset their passwords? maybe?

This is NO PASSWORD RESET for Blockchain.info

If you have a secure password,  your money is safe no matter what.

Otherwise I could have reset your password and taken the money you owe me.

Deprived
Hero Member
*****
Offline Offline

Activity: 532
Merit: 500


View Profile
December 19, 2012, 02:32:07 PM
 #71

This is a secret phrase that can be used to help blockchain verify your identity in case of a lost wallet identifier or yubikey or other 2nd factor authentification reset request.   It in no way grants access to the account funds in any way.  

Basically it is used so Blockchain can verify that they are communicating with the actual account owner or a part-owner of the site or anyone else allowed to just look these up..

FYP
Bitcoinin
Newbie
*
Offline Offline

Activity: 44
Merit: 0



View Profile WWW
December 19, 2012, 02:35:18 PM
 #72

And so it started, the shitstorm: https://bitcointalk.org/index.php?topic=131608

Blockchain.info has some of the best services for newbies - can we please not scare them off and do as much damage control here as possible?
CharlieContent
Full Member
***
Offline Offline

Activity: 210
Merit: 100


View Profile
December 19, 2012, 02:35:31 PM
 #73

Otherwise I could have reset your password and taken the money you owe me.

Wow. What a scumbag.

Why should anyone trust you after this? After all, you have no problems going into people's accounts and just taking what you think you are owed in a completely separate business venture. You claim not to be capable, but I'm not sure that I believe a word you say.

BlockChain.info says: "Be your own bank"

What it actually means is: "Open an account at the Roger Ver Bank."
HostFat
Staff
Legendary
*
Offline Offline

Activity: 4270
Merit: 1209


I support freedom of choice


View Profile WWW
December 19, 2012, 02:35:53 PM
 #74


This is NO PASSWORD RESET for Blockchain.info

If you have a secure password,  your money is safe no matter what.

Otherwise I could have reset your password and taken the money you owe me.

Can you contact another admin of blockchain.info and acting as someone else that wants back his own wallet? (and giving the secretpass)
If this is an open possibility, than it's better to find a way to make it harder or better impossible.

Saving the hash of the password seems a good start.

NON DO ASSISTENZA PRIVATA - https://t.me/hostfatmind/
augustocroppo
VIP
Hero Member
*
Offline Offline

Activity: 756
Merit: 504


View Profile
December 19, 2012, 02:36:12 PM
 #75

The Bitcoin address and payments in question are:  http://blockchain.info/address/1H4UR5M72Ybpo4zrqWe8JKKYSeN1gxqBcU

What are the transactions ID of the BTC supposedly sent to Nikolaos?

The current privacy policy states:

But we will disclose these information ...... to protect against misuse or unauthorized use of our website.

I think this falls pretty clearly within that.

That is not what the privacy policy implies. Your policy suggest that you will only disclose personal information only when legally required by a government agency. Moreover, the user did not misused the Internet page.

http://memorydealers.com/terms-and-privacy/

Quote
We will not disclose or sell your personal contact information to any third parties without your permission. But we will disclose these information when legally required to do so, at the request of governmental authorities conducting an investigation, to verify or enforce compliance with the policies governing our website and applicable laws or to protect against misuse or unauthorized use of our website.

He has also since threatened my family with the following statement that is obviously directed towards me:  "FuckingTheDeadBodyOfRogersMom"

How the threat was made and by what kind of media?
MemoryDealers (OP)
VIP
Legendary
*
Offline Offline

Activity: 1052
Merit: 1155



View Profile WWW
December 19, 2012, 02:40:09 PM
 #76

Otherwise I could have reset your password and taken the money you owe me.

Wow. What a scumbag.

Why should anyone trust you after this? After all, you have no problems going into people's accounts and just taking what you think you are owed in a completely separate business venture. You claim not to be capable, but I'm not sure that I believe a word you say.

BlockChain.info says: "Be your own bank"

What it actually means is: "Open an account at the Roger Ver Bank."

Please look up the difference between "could" and "would"

I would never do such a thing even if I could.

nethead
Sr. Member
****
Offline Offline

Activity: 322
Merit: 250



View Profile
December 19, 2012, 02:40:32 PM
 #77

He has also since threatened my family with the following statement that is obviously directed towards me:  "FuckingTheDeadBodyOfRogersMom"

How the threat was made and by what kind of media?
[/quote]

Guess, blockchain secret key
piuk
Hero Member
*****
Offline Offline

Activity: 910
Merit: 1005



View Profile WWW
December 19, 2012, 02:41:02 PM
 #78

Roger has pointed me to this thread.

Roger owns part of blockchain, so has access to the admin panel along with me. The admin panel is very basic but there is the ability to query wallets based on certain information. Recently the ability to query a wallet by bitcoin address was added, when notifications are enabled.

These queries are designed to help users recover a forgotten wallet identifier and is not supposed to be used for any other purpose.



If a wallet is found the results are shown as follows:

[Wallet {email='zootreeves@gmail.com'
, guid='abf66471-fe0a-6820-8977-55d7e8c1f6b2'
, shared_key='XXX-XXX-XXX-XXX'
, secret_phrase='My Secret'
, alias='piuk'
, created=Tue Jan 03 12:52:07 GMT 2012
, updated=Tue Dec 18 19:47:40 GMT 2012
, created_ip='81.187.238.52'
, updated_ip='127.0.0.1'
, sms_number='+44 7525431876'
, country='GBP'}
]

So you have the date the wallet was created, when it was last updated, the ip that created it and the ip that updated it. The secret phrase is the phrase required in order to reset two-factor authentication, not the password. The password, wallet balance, other addresses cannot be viewed.

I am going to change notifications to store SHA256(bitcoin_address) rather than the plain bitcoin address which will remove the ability to lookup a wallet by address entirely.



MemoryDealers (OP)
VIP
Legendary
*
Offline Offline

Activity: 1052
Merit: 1155



View Profile WWW
December 19, 2012, 02:42:52 PM
 #79


This is NO PASSWORD RESET for Blockchain.info

If you have a secure password,  your money is safe no matter what.

Otherwise I could have reset your password and taken the money you owe me.

Can you contact another admin of blockchain.info and acting as someone else that wants back his own wallet? (and giving the secretpass)
If this is an open possibility, than it's better to find a way to make it harder or better impossible.


This is not possible.

There is no way for an admin or anyone else in the entire world other than someone who knows the current password to change the password.
If you kept your password a secret,  then no one else in the entire world has access to the funds in your blockchain wallet.


BadBear
v2.0
Legendary
*
Offline Offline

Activity: 1652
Merit: 1128



View Profile WWW
December 19, 2012, 02:43:06 PM
 #80

I saw it just before he deleted it, nethead posted using this account then immediately deleted it. Was a typical nethead post, mentioned it was an anon account and he never got the money, then asked roger to end it as he had to leave in a few mins.  https://bitcointalk.org/index.php?action=profile;u=75200

1Kz25jm6pjNTaz8bFezEYUeBYfEtpjuKRG | PGP: B5797C4F

Tired of annoying signature ads? Ad block for signatures
Pages: « 1 2 3 [4] 5 6 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!