nethead
|
|
December 19, 2012, 02:16:14 PM |
|
Wait, wait, wait. So Roger Ver has access to see users wallet passwords in plaintext? So he can theoretically log in to any account on Blockchain.info and send himself whatever he wants? Blaming it on "hackers"? Is that what is happening here?
I guess but this is not the case. He admited that he has access to the given info, dont know if he can manage too
|
|
|
|
greyhawk
|
|
December 19, 2012, 02:17:07 PM |
|
Wait, wait, wait. So Roger Ver has access to see users wallet passwords in plaintext? So he can theoretically log in to any account on Blockchain.info and send himself whatever he wants? Blaming it on "hackers"? Is that what is happening here?
NO, this is not possible.If it was, I could have just taken my money back, and none of this would have been an issue. What is this then? secret_phrase='Neurobion' Sincere question, I've never used bitchain.
|
|
|
|
HostFat
Staff
Legendary
Offline
Activity: 4270
Merit: 1209
I support freedom of choice
|
|
December 19, 2012, 02:18:51 PM |
|
I want to know every informations that an admin of blockchain.info can see. I thought that most of them were encrypted...
|
|
|
|
MemoryDealers (OP)
VIP
Legendary
Offline
Activity: 1052
Merit: 1155
|
|
December 19, 2012, 02:21:17 PM |
|
Wait, wait, wait. So Roger Ver has access to see users wallet passwords in plaintext? So he can theoretically log in to any account on Blockchain.info and send himself whatever he wants? Blaming it on "hackers"? Is that what is happening here?
NO, this is not possible.If it was, I could have just taken my money back, and none of this would have been an issue. What is this then? secret_phrase='Neurobion' Sincere question, I've never used bitchain. This is a secret phrase that can be used to help blockchain verify your identity in case of a lost wallet identifier or yubikey or other 2nd factor authentification reset request. It in no way grants access to the account funds in any way. Basically it is used so Blockchain can verify that they are communicating with the actual account owner.
|
|
|
|
John (John K.)
Global Troll-buster and
Legendary
Offline
Activity: 1288
Merit: 1227
Away on an extended break
|
|
December 19, 2012, 02:22:41 PM |
|
Wait, wait, wait. So Roger Ver has access to see users wallet passwords in plaintext? So he can theoretically log in to any account on Blockchain.info and send himself whatever he wants? Blaming it on "hackers"? Is that what is happening here?
NO, this is not possible.If it was, I could have just taken my money back, and none of this would have been an issue. What is this then? secret_phrase='Neurobion' Sincere question, I've never used bitchain. That would be a key to retrieve wallet identifiers or disable the 2FA: Secret Phrase A secret phrase can be set in your "Account Details" panel after login. In the case of lost wallet identifiers, yubikeys or lost email access the secret phrase can be given to us to help verify account ownership. This is reviewed manually on a case by case basis. The password used to encrypt the wallet containing the privkeys is not sent to the server.
|
|
|
|
MemoryDealers (OP)
VIP
Legendary
Offline
Activity: 1052
Merit: 1155
|
|
December 19, 2012, 02:25:09 PM |
|
I want to know every informations that an admin of blockchain.info can see. I thought that most of them were encrypted...
It is all encrypted, but it depends on your privacy settings. Quoted from: https://blockchain.info/wallet/anonymityAlerts Disabled: If you have notifications disabled your public keys are stored encrypted inside your wallet. In this mode we are unable to view your public keys and hence cannot view your balance or transactions.
Alerts Enabled: When notifications are enabled your public keys are inserted in a separate table along with your email, skype handle or google talk username. This mode does sacrifice some Anonymity as we can now see your public keys and view your wallet balance. However just because a wallet contains a public key does not necessarily mean they are the owner of said key (as you can add keys without the respective private key).
In this case the scammer with my bitcoins had Alerts enabled for his wallet, so I could easily verify %100 for sure that he has my money in his Blockchain wallet. If he had his alerts set to Disabled, I wouldn't know if he really had my money or not.
|
|
|
|
ribuck
Donator
Hero Member
Offline
Activity: 826
Merit: 1060
|
|
December 19, 2012, 02:26:30 PM |
|
This is a secret phrase that can be used to help blockchain verify your identity in case of a lost wallet identifier or yubikey or other 2nd factor authentification reset request. It in no way grants access to the account funds in any way.
Basically it is used so Blockchain can verify that they are communicating with the actual account owner.
So obviously it needs to be securely hashed, or else anyone who compromises the database (or has authorised access to it) can impersonate the actual account owner.
|
|
|
|
nethead
|
|
December 19, 2012, 02:27:33 PM |
|
Wait, wait, wait. So Roger Ver has access to see users wallet passwords in plaintext? So he can theoretically log in to any account on Blockchain.info and send himself whatever he wants? Blaming it on "hackers"? Is that what is happening here?
NO, this is not possible.If it was, I could have just taken my money back, and none of this would have been an issue. What is this then? secret_phrase='Neurobion' Sincere question, I've never used bitchain. This is a secret phrase that can be used to help blockchain verify your identity in case of a lost wallet identifier or yubikey or other 2nd factor authentification reset request. It in no way grants access to the account funds in any way. Basically it is used so Blockchain can verify that they are communicating with the actual account owner. And reset their passwords? maybe? Ill try to stay ontopic: Just a reminder I do not owe you anything. I got what i have sent you, then the address was gotten by someone else. It WAS anon. And i re-request proof which you dont give that it isnt Also, why some people try to get into my account? I got my funds away as soon as he showed me that he has access to that info, MY info!
|
|
|
|
Raoul Duke
aka psy
Legendary
Offline
Activity: 1358
Merit: 1002
|
|
December 19, 2012, 02:28:10 PM |
|
|
|
|
|
MemoryDealers (OP)
VIP
Legendary
Offline
Activity: 1052
Merit: 1155
|
|
December 19, 2012, 02:30:50 PM |
|
And reset their passwords? maybe?
This is NO PASSWORD RESET for Blockchain.info If you have a secure password, your money is safe no matter what. Otherwise I could have reset your password and taken the money you owe me.
|
|
|
|
Deprived
|
|
December 19, 2012, 02:32:07 PM |
|
This is a secret phrase that can be used to help blockchain verify your identity in case of a lost wallet identifier or yubikey or other 2nd factor authentification reset request. It in no way grants access to the account funds in any way.
Basically it is used so Blockchain can verify that they are communicating with the actual account owner or a part-owner of the site or anyone else allowed to just look these up..
FYP
|
|
|
|
Bitcoinin
Newbie
Offline
Activity: 44
Merit: 0
|
|
December 19, 2012, 02:35:18 PM |
|
Blockchain.info has some of the best services for newbies - can we please not scare them off and do as much damage control here as possible?
|
|
|
|
CharlieContent
|
|
December 19, 2012, 02:35:31 PM |
|
Otherwise I could have reset your password and taken the money you owe me.
Wow. What a scumbag. Why should anyone trust you after this? After all, you have no problems going into people's accounts and just taking what you think you are owed in a completely separate business venture. You claim not to be capable, but I'm not sure that I believe a word you say. BlockChain.info says: "Be your own bank" What it actually means is: "Open an account at the Roger Ver Bank."
|
|
|
|
HostFat
Staff
Legendary
Offline
Activity: 4270
Merit: 1209
I support freedom of choice
|
|
December 19, 2012, 02:35:53 PM |
|
This is NO PASSWORD RESET for Blockchain.info
If you have a secure password, your money is safe no matter what.
Otherwise I could have reset your password and taken the money you owe me.
Can you contact another admin of blockchain.info and acting as someone else that wants back his own wallet? (and giving the secretpass) If this is an open possibility, than it's better to find a way to make it harder or better impossible. Saving the hash of the password seems a good start.
|
|
|
|
augustocroppo
VIP
Hero Member
Offline
Activity: 756
Merit: 504
|
|
December 19, 2012, 02:36:12 PM |
|
What are the transactions ID of the BTC supposedly sent to Nikolaos? The current privacy policy states:
But we will disclose these information ...... to protect against misuse or unauthorized use of our website.
I think this falls pretty clearly within that. That is not what the privacy policy implies. Your policy suggest that you will only disclose personal information only when legally required by a government agency. Moreover, the user did not misused the Internet page. http://memorydealers.com/terms-and-privacy/We will not disclose or sell your personal contact information to any third parties without your permission. But we will disclose these information when legally required to do so, at the request of governmental authorities conducting an investigation, to verify or enforce compliance with the policies governing our website and applicable laws or to protect against misuse or unauthorized use of our website. He has also since threatened my family with the following statement that is obviously directed towards me: "FuckingTheDeadBodyOfRogersMom"
How the threat was made and by what kind of media?
|
|
|
|
MemoryDealers (OP)
VIP
Legendary
Offline
Activity: 1052
Merit: 1155
|
|
December 19, 2012, 02:40:09 PM |
|
Otherwise I could have reset your password and taken the money you owe me.
Wow. What a scumbag. Why should anyone trust you after this? After all, you have no problems going into people's accounts and just taking what you think you are owed in a completely separate business venture. You claim not to be capable, but I'm not sure that I believe a word you say. BlockChain.info says: "Be your own bank" What it actually means is: "Open an account at the Roger Ver Bank." Please look up the difference between " could" and " would" I would never do such a thing even if I could.
|
|
|
|
nethead
|
|
December 19, 2012, 02:40:32 PM |
|
He has also since threatened my family with the following statement that is obviously directed towards me: "FuckingTheDeadBodyOfRogersMom"
How the threat was made and by what kind of media? [/quote] Guess, blockchain secret key
|
|
|
|
piuk
|
|
December 19, 2012, 02:41:02 PM |
|
Roger has pointed me to this thread. Roger owns part of blockchain, so has access to the admin panel along with me. The admin panel is very basic but there is the ability to query wallets based on certain information. Recently the ability to query a wallet by bitcoin address was added, when notifications are enabled. These queries are designed to help users recover a forgotten wallet identifier and is not supposed to be used for any other purpose. If a wallet is found the results are shown as follows: [Wallet {email=' zootreeves@gmail.com' , guid='abf66471-fe0a-6820-8977-55d7e8c1f6b2' , shared_key='XXX-XXX-XXX-XXX' , secret_phrase='My Secret' , alias='piuk' , created=Tue Jan 03 12:52:07 GMT 2012 , updated=Tue Dec 18 19:47:40 GMT 2012 , created_ip='81.187.238.52' , updated_ip='127.0.0.1' , sms_number='+44 7525431876' , country='GBP'} ] So you have the date the wallet was created, when it was last updated, the ip that created it and the ip that updated it. The secret phrase is the phrase required in order to reset two-factor authentication, not the password. The password, wallet balance, other addresses cannot be viewed. I am going to change notifications to store SHA256(bitcoin_address) rather than the plain bitcoin address which will remove the ability to lookup a wallet by address entirely.
|
|
|
|
MemoryDealers (OP)
VIP
Legendary
Offline
Activity: 1052
Merit: 1155
|
|
December 19, 2012, 02:42:52 PM |
|
This is NO PASSWORD RESET for Blockchain.info
If you have a secure password, your money is safe no matter what.
Otherwise I could have reset your password and taken the money you owe me.
Can you contact another admin of blockchain.info and acting as someone else that wants back his own wallet? (and giving the secretpass) If this is an open possibility, than it's better to find a way to make it harder or better impossible. This is not possible.There is no way for an admin or anyone else in the entire world other than someone who knows the current password to change the password. If you kept your password a secret, then no one else in the entire world has access to the funds in your blockchain wallet.
|
|
|
|
BadBear
v2.0
Legendary
Offline
Activity: 1652
Merit: 1128
|
|
December 19, 2012, 02:43:06 PM |
|
I saw it just before he deleted it, nethead posted using this account then immediately deleted it. Was a typical nethead post, mentioned it was an anon account and he never got the money, then asked roger to end it as he had to leave in a few mins. https://bitcointalk.org/index.php?action=profile;u=75200
|
|
|
|
|