Bitcoin Forum
March 30, 2015, 10:39:28 AM *
News: Latest stable version of Bitcoin Core: 0.10.0 [Torrent] (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: StrongCoin key leak.  (Read 3757 times)
dogisland
Sr. Member
****
Offline Offline

Activity: 260



View Profile

Ignore
April 03, 2013, 07:46:02 AM
 #1

This is a thread to answer questions on the StrongCoin key and clue field leak.
1427711968
Hero Member
*
Offline Offline

Posts: 1427711968

View Profile Personal Message (Offline)

Ignore
1427711968
Reply with quote  #2

1427711968
Report to moderator
Private Internet Access™ - No logs, Unlimited Bandwidth, PC Magazine's Editor's Choice
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1427711968
Hero Member
*
Offline Offline

Posts: 1427711968

View Profile Personal Message (Offline)

Ignore
1427711968
Reply with quote  #2

1427711968
Report to moderator
1427711968
Hero Member
*
Offline Offline

Posts: 1427711968

View Profile Personal Message (Offline)

Ignore
1427711968
Reply with quote  #2

1427711968
Report to moderator
1427711968
Hero Member
*
Offline Offline

Posts: 1427711968

View Profile Personal Message (Offline)

Ignore
1427711968
Reply with quote  #2

1427711968
Report to moderator
1427711968
Hero Member
*
Offline Offline

Posts: 1427711968

View Profile Personal Message (Offline)

Ignore
1427711968
Reply with quote  #2

1427711968
Report to moderator
wopwop
Sr. Member
****
Offline Offline

Activity: 252



View Profile

Ignore
April 03, 2013, 07:51:33 AM
 #2

this is me caring
rme
Hero Member
*****
Offline Offline

Activity: 616


1R2sWeVhFitB8zVbkrmdSoXzaQRsw6cfh


View Profile

Ignore
April 03, 2013, 10:01:08 AM
 #3

this is me caring
+1
anfedorov
Jr. Member
*
Offline Offline

Activity: 46


View Profile

Ignore
April 03, 2013, 10:35:59 AM
 #4

Over the easter weekend due to a bug in the strongcoin interface hackers were able to access all encrypted private keys held on the Strongcoin server. This means for people who had weak passwords on their keys or people who had a lot of information in their clue field the BTC may have already been stolen.

This is a thread to answer questions on the StrongCoin key and clue field leak.

1) what was the bug? what do you mean by "interface"?
2) what are you doing to prevent such bugs from occurring again?
3) do you know of anyone's coins being stolen?
Jurek
Member
**
Offline Offline

Activity: 117



View Profile

Ignore
April 03, 2013, 10:39:51 AM
 #5


PSYCHOTICBOY IS A THIEF AND A SCAMMER BE WARNED!
https://bitcointalk.org/index.php?topic=129941
omgitsmehehe
Full Member
***
Offline Offline

Activity: 129


View Profile

Ignore
April 03, 2013, 10:42:31 AM
 #6

I used StrongCoin once. Then I seen their 1% fee. Seriously? I can transfer my own money for free and more securely.
manface
Full Member
***
Offline Offline

Activity: 126


View Profile

Ignore
April 03, 2013, 10:55:53 AM
 #7

Can you explain what happened? I looked at strongcoin once but compared to blockchain.info they didn't seem to offer much.
jago25_98
Hero Member
*****
Offline Offline

Activity: 860


http://moneybutnofixedabode.blogspot.com


View Profile WWW

Ignore
April 03, 2013, 11:09:20 AM
 #8

I see I signed up for it at some point. Balance is zero. Perhaps it always was. Can't remember and there's no history. O well...

deja vu, never mind :p !
dogisland
Sr. Member
****
Offline Offline

Activity: 260



View Profile

Ignore
April 03, 2013, 11:31:36 AM
 #9

Over the easter weekend due to a bug in the strongcoin interface hackers were able to access all encrypted private keys held on the Strongcoin server. This means for people who had weak passwords on their keys or people who had a lot of information in their clue field the BTC may have already been stolen.

This is a thread to answer questions on the StrongCoin key and clue field leak.

1) what was the bug? what do you mean by "interface"?
2) what are you doing to prevent such bugs from occurring again?
3) do you know of anyone's coins being stolen?

1. It was possible to change the id in a URL and see another users encrypted key. That is now fixed.
2. I'm posting a notice on the site to advise people to use longer passwords. There was already a widget to give the user feedback as to how strong there password was.
3. Yes.
$username
i <heartbleed> the NSA
VIP
Hero Member
*
Offline Offline

Activity: 784

aka tf


View Profile

Ignore
April 03, 2013, 11:35:21 AM
 #10

LOL, why would anyone want to use it exactly.

No.

TheSeven
Hero Member
*****
Offline Offline

Activity: 504


FPGA Mining LLC


View Profile WWW

Ignore
April 03, 2013, 11:57:49 AM
 #11

Over the easter weekend due to a bug in the strongcoin interface hackers were able to access all encrypted private keys held on the Strongcoin server. This means for people who had weak passwords on their keys or people who had a lot of information in their clue field the BTC may have already been stolen.

This is a thread to answer questions on the StrongCoin key and clue field leak.

1) what was the bug? what do you mean by "interface"?
2) what are you doing to prevent such bugs from occurring again?
3) do you know of anyone's coins being stolen?

1. It was possible to change the id in a URL and see another users encrypted key. That is now fixed.
2. I'm posting a notice on the site to advise people to use longer passwords. There was already a widget to give the user feedback as to how strong there password was.
3. Yes.

This sounds like the whole source code of the site should undergo a very tight review and penetration testing ASAP.

My tip jar: 13kwqR7B4WcSAJCYJH1eXQcxG5vVUwKAqY
tiptopgemdotcom
Legendary
*
Offline Offline

Activity: 868



View Profile WWW

Ignore
April 03, 2013, 12:08:34 PM
 #12

Over the easter weekend due to a bug in the strongcoin interface hackers were able to access all encrypted private keys held on the Strongcoin server. This means for people who had weak passwords on their keys or people who had a lot of information in their clue field the BTC may have already been stolen.

This is a thread to answer questions on the StrongCoin key and clue field leak.

1) what was the bug? what do you mean by "interface"?
2) what are you doing to prevent such bugs from occurring again?
3) do you know of anyone's coins being stolen?

1. It was possible to change the id in a URL and see another users encrypted key. That is now fixed.
2. I'm posting a notice on the site to advise people to use longer passwords. There was already a widget to give the user feedback as to how strong there password was.
3. Yes.

This sounds like the whole source code of the site should undergo a very tight review and penetration testing ASAP.

^THIS

tkbx
Sr. Member
****
Offline Offline

Activity: 280


1LYPERHccefLibEz4jmJdPgT6CZbbVgtcs


View Profile

Ignore
April 03, 2013, 01:08:38 PM
 #13

As far as online wallets go, StrongCoin seems pretty secure, but is there any legitimate reason to use an online wallet?

(Unless you were stupid enough to buy a Chromebook, then I have no sympathy for you)
dogisland
Sr. Member
****
Offline Offline

Activity: 260



View Profile

Ignore
April 03, 2013, 01:14:18 PM
 #14

As far as online wallets go, StrongCoin seems pretty secure, but is there any legitimate reason to use an online wallet?

(Unless you were stupid enough to buy a Chromebook, then I have no sympathy for you)

Benefits are.

1. Ease of use, nothing to install.
2. You don't have to do your own backups.
3. Accessible from anywhere.
MPOE-PR
Hero Member
*****
Offline Offline

Activity: 756



View Profile

Ignore
April 03, 2013, 01:19:56 PM
 #15

1. It was possible to change the id in a URL and see another users encrypted key. That is now fixed.

You're an idiot however, and that's not fixable. Who codes like that?!

My Credentials  | THE BTC Stock Exchange | I have my very own anthology! | Use bitcointa.lk, it's like this one but better.
Jan
Legendary
*
Offline Offline

Activity: 1041



View Profile

Ignore
April 03, 2013, 01:26:42 PM
 #16

It is going to be interesting the day that blockchain.info leaks encrypted wallets. I wonder how many out of their 175.000 wallets use insecure passwords.

Mycelium let's you hold your private keys private.
kokojie
Legendary
*
Offline Offline

Activity: 1204


tblob.org


View Profile WWW

Ignore
April 03, 2013, 01:46:45 PM
 #17

1. It was possible to change the id in a URL and see another users encrypted key. That is now fixed.

You're an idiot however, and that's not fixable. Who codes like that?!

+1

If my post has been helpful, send me some love -> BTC: 1kokojUapmWqCqPw3Ch2rjcVh57tJEzka | PPC: PDyXAgA8eH47gokVW6zVZPSuu15aao5nZF | Bitshares: kokojie
The Big List of Bitcoin | Proud owner of a full node | My reputation | Free 20GB cloud storage from copy.com(similar to dropbox)
hamdi
Hero Member
*****
Offline Offline

Activity: 630



View Profile

Ignore
April 03, 2013, 01:48:42 PM
 #18

It is going to be interesting the day that blockchain.info leaks encrypted wallets. I wonder how many out of their 175.000 wallets use insecure passwords.
Already happened!

ErebusBat
Hero Member
*****
Offline Offline

Activity: 560

I am the one who knocks


View Profile

Ignore
April 03, 2013, 01:55:46 PM
 #19

It is going to be interesting the day that blockchain.info leaks encrypted wallets. I wonder how many out of their 175.000 wallets use insecure passwords.
Already happened!
Sauce?

░▒▓█ Coinroll.it - 1% House Edge Dice Game █▓▒░ • Coinroll Thread • *FREE* 100 BTC Raffle

Signup for CEX.io BitFury exchange and get GHS Instantly!  Don't wait for shipping, mine NOW!
Cryptoc
Newbie
*
Offline Offline

Activity: 14


View Profile

Ignore
April 03, 2013, 01:57:19 PM
 #20

It is going to be interesting the day that blockchain.info leaks encrypted wallets. I wonder how many out of their 175.000 wallets use insecure passwords.
Already happened!
Any more information?
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!