Bitcoin Forum
February 14, 2016, 09:01:38 PM *
News: Latest stable version of Bitcoin Core: 0.11.2 [Torrent]
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: StrongCoin key leak.  (Read 4096 times)
dogisland
Sr. Member
****
Offline Offline

Activity: 260



View Profile
April 03, 2013, 07:46:02 AM
 #1

This is a thread to answer questions on the StrongCoin key and clue field leak.
IDS OPTION .COM UP TO 190 %Payout bitcoin - Binary Option 34 ASSETS +20% New Year Event
 DAILY NET PROFIT

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1455483698
Hero Member
*
Offline Offline

Posts: 1455483698

View Profile Personal Message (Offline)

Ignore
1455483698
Reply with quote  #2

1455483698
Report to moderator
1455483698
Hero Member
*
Offline Offline

Posts: 1455483698

View Profile Personal Message (Offline)

Ignore
1455483698
Reply with quote  #2

1455483698
Report to moderator
1455483698
Hero Member
*
Offline Offline

Posts: 1455483698

View Profile Personal Message (Offline)

Ignore
1455483698
Reply with quote  #2

1455483698
Report to moderator
wopwop
Sr. Member
****
Offline Offline

Activity: 252



View Profile
April 03, 2013, 07:51:33 AM
 #2

this is me caring
rme
Hero Member
*****
Offline Offline

Activity: 644


1R2sWeVhFitB8zVbkrmdSoXzaQRsw6cfh


View Profile
April 03, 2013, 10:01:08 AM
 #3

this is me caring
+1
anfedorov
Jr. Member
*
Offline Offline

Activity: 46


View Profile
April 03, 2013, 10:35:59 AM
 #4

Over the easter weekend due to a bug in the strongcoin interface hackers were able to access all encrypted private keys held on the Strongcoin server. This means for people who had weak passwords on their keys or people who had a lot of information in their clue field the BTC may have already been stolen.

This is a thread to answer questions on the StrongCoin key and clue field leak.

1) what was the bug? what do you mean by "interface"?
2) what are you doing to prevent such bugs from occurring again?
3) do you know of anyone's coins being stolen?
Jurek
Member
**
Offline Offline

Activity: 117



View Profile
April 03, 2013, 10:39:51 AM
 #5


PSYCHOTICBOY IS A THIEF AND A SCAMMER BE WARNED!
https://bitcointalk.org/index.php?topic=129941
omgitsmehehe
Full Member
***
Offline Offline

Activity: 129


View Profile
April 03, 2013, 10:42:31 AM
 #6

I used StrongCoin once. Then I seen their 1% fee. Seriously? I can transfer my own money for free and more securely.
manface
Full Member
***
Offline Offline

Activity: 126


View Profile
April 03, 2013, 10:55:53 AM
 #7

Can you explain what happened? I looked at strongcoin once but compared to blockchain.info they didn't seem to offer much.
jago25_98
Hero Member
*****
Offline Offline

Activity: 866


http://moneybutnofixedabode.blogspot.com


View Profile WWW
April 03, 2013, 11:09:20 AM
 #8

I see I signed up for it at some point. Balance is zero. Perhaps it always was. Can't remember and there's no history. O well...

deja vu, never mind :p !
dogisland
Sr. Member
****
Offline Offline

Activity: 260



View Profile
April 03, 2013, 11:31:36 AM
 #9

Over the easter weekend due to a bug in the strongcoin interface hackers were able to access all encrypted private keys held on the Strongcoin server. This means for people who had weak passwords on their keys or people who had a lot of information in their clue field the BTC may have already been stolen.

This is a thread to answer questions on the StrongCoin key and clue field leak.

1) what was the bug? what do you mean by "interface"?
2) what are you doing to prevent such bugs from occurring again?
3) do you know of anyone's coins being stolen?

1. It was possible to change the id in a URL and see another users encrypted key. That is now fixed.
2. I'm posting a notice on the site to advise people to use longer passwords. There was already a widget to give the user feedback as to how strong there password was.
3. Yes.
Tf | Banned for mentioning theymo.s dox
bitcointalk.org/index.php?topic=1183191.msg12468984#msg12468984
VIP
Legendary
*
Offline Offline

Activity: 854

Banned for mentioning auto bans for theymos dox


View Profile
April 03, 2013, 11:35:21 AM
 #10

LOL, why would anyone want to use it exactly.

No.

Bitcoin Xt - Scaling Bitcoin | /r/bitcoinxt
TheSeven
Hero Member
*****
Offline Offline

Activity: 504


FPGA Mining LLC


View Profile WWW
April 03, 2013, 11:57:49 AM
 #11

Over the easter weekend due to a bug in the strongcoin interface hackers were able to access all encrypted private keys held on the Strongcoin server. This means for people who had weak passwords on their keys or people who had a lot of information in their clue field the BTC may have already been stolen.

This is a thread to answer questions on the StrongCoin key and clue field leak.

1) what was the bug? what do you mean by "interface"?
2) what are you doing to prevent such bugs from occurring again?
3) do you know of anyone's coins being stolen?

1. It was possible to change the id in a URL and see another users encrypted key. That is now fixed.
2. I'm posting a notice on the site to advise people to use longer passwords. There was already a widget to give the user feedback as to how strong there password was.
3. Yes.

This sounds like the whole source code of the site should undergo a very tight review and penetration testing ASAP.

My tip jar: 13kwqR7B4WcSAJCYJH1eXQcxG5vVUwKAqY
tiptopgemdotcom
Legendary
*
Offline Offline

Activity: 1022



View Profile WWW
April 03, 2013, 12:08:34 PM
 #12

Over the easter weekend due to a bug in the strongcoin interface hackers were able to access all encrypted private keys held on the Strongcoin server. This means for people who had weak passwords on their keys or people who had a lot of information in their clue field the BTC may have already been stolen.

This is a thread to answer questions on the StrongCoin key and clue field leak.

1) what was the bug? what do you mean by "interface"?
2) what are you doing to prevent such bugs from occurring again?
3) do you know of anyone's coins being stolen?

1. It was possible to change the id in a URL and see another users encrypted key. That is now fixed.
2. I'm posting a notice on the site to advise people to use longer passwords. There was already a widget to give the user feedback as to how strong there password was.
3. Yes.

This sounds like the whole source code of the site should undergo a very tight review and penetration testing ASAP.

^THIS

tkbx
Sr. Member
****
Offline Offline

Activity: 280


1LYPERHccefLibEz4jmJdPgT6CZbbVgtcs


View Profile
April 03, 2013, 01:08:38 PM
 #13

As far as online wallets go, StrongCoin seems pretty secure, but is there any legitimate reason to use an online wallet?

(Unless you were stupid enough to buy a Chromebook, then I have no sympathy for you)
dogisland
Sr. Member
****
Offline Offline

Activity: 260



View Profile
April 03, 2013, 01:14:18 PM
 #14

As far as online wallets go, StrongCoin seems pretty secure, but is there any legitimate reason to use an online wallet?

(Unless you were stupid enough to buy a Chromebook, then I have no sympathy for you)

Benefits are.

1. Ease of use, nothing to install.
2. You don't have to do your own backups.
3. Accessible from anywhere.
MPOE-PR
Hero Member
*****
Offline Offline

Activity: 756



View Profile
April 03, 2013, 01:19:56 PM
 #15

1. It was possible to change the id in a URL and see another users encrypted key. That is now fixed.

You're an idiot however, and that's not fixable. Who codes like that?!

My Credentials  | THE BTC Stock Exchange | I have my very own anthology! | Use bitcointa.lk, it's like this one but better.
Jan
Legendary
*
Offline Offline

Activity: 1042



View Profile
April 03, 2013, 01:26:42 PM
 #16

It is going to be interesting the day that blockchain.info leaks encrypted wallets. I wonder how many out of their 175.000 wallets use insecure passwords.

Mycelium let's you hold your private keys private.
kokojie
Legendary
*
Offline Offline

Activity: 1372



View Profile WWW
April 03, 2013, 01:46:45 PM
 #17

1. It was possible to change the id in a URL and see another users encrypted key. That is now fixed.

You're an idiot however, and that's not fixable. Who codes like that?!

+1

If my post has been helpful, send me some love -> BTC: 1kokojUapmWqCqPw3Ch2rjcVh57tJEzka | PPC: PDyXAgA8eH47gokVW6zVZPSuu15aao5nZF | Bitshares: kokojie
My reputation | Free 20GB cloud storage from copy.com(similar to dropbox)
hamdi
Hero Member
*****
Offline Offline

Activity: 630



View Profile
April 03, 2013, 01:48:42 PM
 #18

It is going to be interesting the day that blockchain.info leaks encrypted wallets. I wonder how many out of their 175.000 wallets use insecure passwords.
Already happened!

ErebusBat
Hero Member
*****
Offline Offline

Activity: 560

I am the one who knocks


View Profile
April 03, 2013, 01:55:46 PM
 #19

It is going to be interesting the day that blockchain.info leaks encrypted wallets. I wonder how many out of their 175.000 wallets use insecure passwords.
Already happened!
Sauce?

░▒▓█ Coinroll.it - 1% House Edge Dice Game █▓▒░ • Coinroll Thread • *FREE* 100 BTC Raffle

Signup for CEX.io BitFury exchange and get GHS Instantly!  Don't wait for shipping, mine NOW!
Cryptoc
Newbie
*
Offline Offline

Activity: 14


View Profile
April 03, 2013, 01:57:19 PM
 #20

It is going to be interesting the day that blockchain.info leaks encrypted wallets. I wonder how many out of their 175.000 wallets use insecure passwords.
Already happened!
Any more information?
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!