the founder (OP)
|
|
March 27, 2013, 07:07:42 PM |
|
Dear Instawallet, Yesterday I discovered a security flaw with your site, I spent nearly 6 hours working with David Francois Chief Technology Officer at Paymium The security flaw impacted roughly 3000 people that use Instawallet and indirectly Paymimum, Paytunia, Instawire, and Bitcoin Central as all of these companies are yours. After 6 hours of work, I can finally confirm that the security flaw is fixed. The security flaw was serious in my opinion, As all the URL’s of roughly 3000 people were publicly listed. http://www.adaptiveglass.com/?p=656
|
Bitcoin RSS App / Bitcoin Android App / Bitcoin Webapp http://www.ounce.me Say thank you here: 1HByHZQ44LUCxxpnqtXDuJVmrSdrGK6Q2f
|
|
|
|
|
"Governments are good at cutting off the heads of a centrally
controlled
networks like Napster, but pure P2P networks like Gnutella and Tor seem
to be holding their own." -- Satoshi
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
bitstarter
|
|
March 27, 2013, 07:08:52 PM |
|
Dear Instawallet, Yesterday I discovered a security flaw with your site, I spent nearly 6 hours working with David Francois Chief Technology Officer at Paymium The security flaw impacted roughly 3000 people that use Instawallet and indirectly Paymimum, Paytunia, Instawire, and Bitcoin Central as all of these companies are yours. After 6 hours of work, I can finally confirm that the security flaw is fixed. The security flaw was serious in my opinion, As all the URL’s of roughly 3000 people were publicly listed. http://www.adaptiveglass.com/?p=656Great to hear!
|
|
|
|
the founder (OP)
|
|
March 27, 2013, 07:11:33 PM |
|
Great to hear!
You should read the whole article... After spending 6 hours of my time trying to fix your problem, a problem that I didn’t create, nor really discover. What happened was Google indexed them. I ran a site command working on a clients site and cut and pasted instwallet rather than the clients url by accident, I was then greeted with the bitcoins of 3000 of your users. I did what any responsible person should do, I contacted you. At the end of a day’s work helping and SOLVING your security flaw, I stated “you should tip me some bitcoins ” Of course you disappeared. Would it really have hurt you to say thanks
|
Bitcoin RSS App / Bitcoin Android App / Bitcoin Webapp http://www.ounce.me Say thank you here: 1HByHZQ44LUCxxpnqtXDuJVmrSdrGK6Q2f
|
|
|
Piper67
Legendary
Offline
Activity: 1106
Merit: 1001
|
|
March 27, 2013, 07:11:45 PM |
|
The day we institute a Bitcoin Citizen of the Month award, I nominate The Founder
|
|
|
|
the founder (OP)
|
|
March 27, 2013, 07:13:43 PM |
|
The day we institute a Bitcoin Citizen of the Month award, I nominate The Founder You can nominate me here: 1HByHZQ44LUCxxpnqtXDuJVmrSdrGK6Q2f Seriously it's wrong what Instawallet did... I spent a whole day fixing their crap. they won't even say thanks or give me a Satoshi.
|
Bitcoin RSS App / Bitcoin Android App / Bitcoin Webapp http://www.ounce.me Say thank you here: 1HByHZQ44LUCxxpnqtXDuJVmrSdrGK6Q2f
|
|
|
qxzn
|
|
March 27, 2013, 07:13:52 PM |
|
The day we institute a Bitcoin Citizen of the Month award, I nominate The Founder Agreed! Hat tip to you, sir.
|
|
|
|
mccorvic
|
|
March 27, 2013, 07:14:38 PM |
|
Did you tell them up front that you'd be demanding payment?
|
|
|
|
the founder (OP)
|
|
March 27, 2013, 07:15:11 PM |
|
The day we institute a Bitcoin Citizen of the Month award, I nominate The Founder Agreed! Hat tip to you, sir. LOL hat tip here: 1HByHZQ44LUCxxpnqtXDuJVmrSdrGK6Q2f Seriously it would shove a thank you down their throat if people donated realizing I did what instawallet should have.
|
Bitcoin RSS App / Bitcoin Android App / Bitcoin Webapp http://www.ounce.me Say thank you here: 1HByHZQ44LUCxxpnqtXDuJVmrSdrGK6Q2f
|
|
|
the founder (OP)
|
|
March 27, 2013, 07:16:29 PM |
|
Did you tell them up front that you'd be demanding payment?
No I didn't care if it was payment or thank you (I would have liked payment more) but I got neither.
|
Bitcoin RSS App / Bitcoin Android App / Bitcoin Webapp http://www.ounce.me Say thank you here: 1HByHZQ44LUCxxpnqtXDuJVmrSdrGK6Q2f
|
|
|
mccorvic
|
|
March 27, 2013, 07:17:29 PM |
|
Did you tell them up front that you'd be demanding payment?
No I didn't care if it was payment or thank you (I would have liked payment more) but I got neither. Well, maybe you should of told them first. Would have probably saved you the time of posting this thread if you had.
|
|
|
|
cho
Full Member
Offline
Activity: 155
Merit: 100
Boar with me
|
|
March 27, 2013, 07:18:57 PM |
|
My opinion : you should have tipped him generously while the topic was hot. Now that it's cold and thefounder needs to publicly complain about your attitude you should thank him and pay him 6 hours of consulting time, that would be fair. Unless thefounder lies or exagerates the issue, which is hard to believe. Just my opinion.
|
1KEWxTkXPgfB9MdHJcfyoVnfHRnYEHQJPw
|
|
|
justusranvier
Legendary
Offline
Activity: 1400
Merit: 1009
|
|
March 27, 2013, 07:21:57 PM |
|
Unless thefounder lies or exagerates the issue, which is hard to believe. If the screenshots are true (likely) he just saved their business from total ruin. That flaw could have resulted in a 100% loss of Bitcoins for every single Instawallet user. It would have been the next Bitcoinica.
|
|
|
|
cho
Full Member
Offline
Activity: 155
Merit: 100
Boar with me
|
|
March 27, 2013, 07:24:38 PM |
|
Unless thefounder lies or exagerates the issue, which is hard to believe. If the screenshots are true (likely) he just saved their business from total ruin. That flaw could have resulted in a 100% loss of Bitcoins for every single Instawallet user. It would have been the next Bitcoinica. Moreover, that mistake is avoidable with a properly configured robots.txt, it sounds like a very basic mistake to me. That said, it's hard to cover your ass from all the possible mistakes. But that one... Quite a fail.
|
1KEWxTkXPgfB9MdHJcfyoVnfHRnYEHQJPw
|
|
|
Matthew N. Wright
Untrustworthy
Hero Member
Offline
Activity: 588
Merit: 500
Hero VIP ultra official trusted super staff puppet
|
|
March 27, 2013, 07:29:34 PM |
|
That's enough grandstanding, TheFounder. Kicking and screaming is going to push them to ignore you even more.
As for instawallet, they're probably embarrassed and considering how to respond. Give them time. What is it with this community and an inherent sense of entitlement?
|
|
|
|
justusranvier
Legendary
Offline
Activity: 1400
Merit: 1009
|
|
March 27, 2013, 07:31:27 PM |
|
it sounds like a very basic mistake to me. We've heard that story many, many times already. "Due to a really basic mistake I accidentally all your bitcoins."
|
|
|
|
the founder (OP)
|
|
March 27, 2013, 07:33:15 PM Last edit: March 27, 2013, 07:53:32 PM by the founder |
|
So your extorting them? You want bitcoins cause you did the right thing and not STEAL which is morally wrong. Dude be happy you helped 3,000 people not lose there wealth and stop looking for the coins at the end of the road. I would say good you helped fixed an error, but that you are looking for a hand out kinda leaves a bad taste in my mouth.
I would have been happy with a thank you, if extorting them is wondering why I never got thanked then I take issue with your definition of extortion. Unless thefounder lies or exagerates the issue, which is hard to believe. If the screenshots are true (likely) he just saved their business from total ruin. That flaw could have resulted in a 100% loss of Bitcoins for every single Instawallet user. It would have been the next Bitcoinica. That's why I contacted them asap.
|
Bitcoin RSS App / Bitcoin Android App / Bitcoin Webapp http://www.ounce.me Say thank you here: 1HByHZQ44LUCxxpnqtXDuJVmrSdrGK6Q2f
|
|
|
mccorvic
|
|
March 27, 2013, 08:02:16 PM |
|
I would have been happy with a thank you, if extorting them is wondering why I never got thanked then I take issue with your definition of extortion.
If that is true (I'm not saying it isn't) I think you diluted your message by including an address in you posts.
|
|
|
|
Peter Todd
Legendary
Offline
Activity: 1120
Merit: 1149
|
|
March 27, 2013, 08:11:01 PM |
|
That's enough grandstanding, TheFounder. Kicking and screaming is going to push them to ignore you even more.
As for instawallet, they're probably embarrassed and considering how to respond. Give them time. What is it with this community and an inherent sense of entitlement?
...or they found another issue and are scrambling to fix it. Or they want(ed) to give the OP a significant reward, but need approval from their investors/board/mom/whatever. Or their kid got sick. Who knows? I'd have given it at least a week or two myself, and kept my mouth shut about the issue, in case there were more holes I didn't find let alone all the other possible reasons it's taken them more than a day to respond. Besides frankly I think a more appropriate thing to do is simply ask (privately) for credit for finding the issue rather than turning it into drama. Money is nice, but a good reputation is worth more in the long run. Having said that... services should be rewarding people who find serious bugs, simply to encourage ethical reporting rather than exploitation.
|
|
|
|
BTC Books
Member
Offline
Activity: 84
Merit: 10
|
|
March 27, 2013, 08:15:33 PM |
|
Well, I've got nothing to do with Instawallet, nor do I use it.
But thank you anyway.
|
Dankedan: price seems low, time to sell I think...
|
|
|
spunit262
Newbie
Offline
Activity: 18
Merit: 0
|
|
March 27, 2013, 08:23:57 PM |
|
I want to know how Google found the wallets. Doesn't the fact the Google was even able to find them in the first place imply a deep security problem. Unless Google found the wallets from data Chrome sent back...
|
|
|
|
|