Bitcoin Forum
April 20, 2014, 05:43:59 AM *
News: Due to the OpenSSL heartbleed bug, changing your forum password is recommended.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2  All
  Print  
Author Topic: StrongCoin key leak.  (Read 3368 times)
dogisland
Full Member
***
Offline Offline

Activity: 239


Founder - Strongcoin.com


View Profile WWW

Ignore
April 03, 2013, 07:46:02 AM
 #1

This is a thread to answer questions on the StrongCoin key and clue field leak.

StrongCoin - Encrypted Bitcoin storage. https://www.strongcoin.com
1397972639
Hero Member
*
Offline Offline

Posts: 1397972639

View Profile Personal Message (Offline)

Ignore
1397972639
Reply with quote  #2

1397972639
Report to moderator

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1397972639
Hero Member
*
Offline Offline

Posts: 1397972639

View Profile Personal Message (Offline)

Ignore
1397972639
Reply with quote  #2

1397972639
Report to moderator
wopwop
Sr. Member
****
Offline Offline

Activity: 252



View Profile

Ignore
April 03, 2013, 07:51:33 AM
 #2

this is me caring
rme
Sr. Member
****
Offline Offline

Activity: 420


My tip address: 1R2sWeVhFitB8zVbkrmdSoXzaQRsw6cfh


View Profile

Ignore
April 03, 2013, 10:01:08 AM
 #3

this is me caring
+1
anfedorov
Jr. Member
*
Offline Offline

Activity: 46


View Profile

Ignore
April 03, 2013, 10:35:59 AM
 #4

Over the easter weekend due to a bug in the strongcoin interface hackers were able to access all encrypted private keys held on the Strongcoin server. This means for people who had weak passwords on their keys or people who had a lot of information in their clue field the BTC may have already been stolen.

This is a thread to answer questions on the StrongCoin key and clue field leak.

1) what was the bug? what do you mean by "interface"?
2) what are you doing to prevent such bugs from occurring again?
3) do you know of anyone's coins being stolen?
Jurek
Member
**
Offline Offline

Activity: 116



View Profile

Ignore
April 03, 2013, 10:39:51 AM
 #5


PSYCHOTICBOY IS A THIEF AND A SCAMMER BE WARNED!
https://bitcointalk.org/index.php?topic=129941
omgitsmehehe
Full Member
***
Offline Offline

Activity: 127


View Profile

Ignore
April 03, 2013, 10:42:31 AM
 #6

I used StrongCoin once. Then I seen their 1% fee. Seriously? I can transfer my own money for free and more securely.
manface
Full Member
***
Offline Offline

Activity: 126


View Profile

Ignore
April 03, 2013, 10:55:53 AM
 #7

Can you explain what happened? I looked at strongcoin once but compared to blockchain.info they didn't seem to offer much.
jago25_98
Hero Member
*****
Offline Offline

Activity: 850


http://moneybutnofixedabode.blogspot.com


View Profile WWW

Ignore
April 03, 2013, 11:09:20 AM
 #8

I see I signed up for it at some point. Balance is zero. Perhaps it always was. Can't remember and there's no history. O well...

deja vu, never mind :p !

Explaination of Gox mess up here. They are running custom wallets and a bug allowed double payments: http://www.reddit.com/r/Bitcoin/comments/1x93tf/some_irc_chatter_about_what_is_going_on_at_mtgox/cf99yac
dogisland
Full Member
***
Offline Offline

Activity: 239


Founder - Strongcoin.com


View Profile WWW

Ignore
April 03, 2013, 11:31:36 AM
 #9

Over the easter weekend due to a bug in the strongcoin interface hackers were able to access all encrypted private keys held on the Strongcoin server. This means for people who had weak passwords on their keys or people who had a lot of information in their clue field the BTC may have already been stolen.

This is a thread to answer questions on the StrongCoin key and clue field leak.

1) what was the bug? what do you mean by "interface"?
2) what are you doing to prevent such bugs from occurring again?
3) do you know of anyone's coins being stolen?

1. It was possible to change the id in a URL and see another users encrypted key. That is now fixed.
2. I'm posting a notice on the site to advise people to use longer passwords. There was already a widget to give the user feedback as to how strong there password was.
3. Yes.

StrongCoin - Encrypted Bitcoin storage. https://www.strongcoin.com
TradeFortress
Inputs.io
VIP
Sr. Member
*
Offline Offline

Activity: 476

coinlenders.com


View Profile WWW

Ignore
April 03, 2013, 11:35:21 AM
 #10

LOL, why would anyone want to use it exactly.

No.

Inputs.io - bitcoin wallet + offchain + security
CoinLenders - bitcoin bank script / functional demo
CoinChat - chat network integrated with Bitcoin

Contact me via email! admin@glados.cc | GPG KeyID 63DD3F13
http://1v.io/gladoscc | 1GLadosEkeAsLReqS3yQ51E1R3wVtbJCDF
TheSeven
Hero Member
*****
Offline Offline

Activity: 504


FPGA Mining LLC


View Profile WWW

Ignore
April 03, 2013, 11:57:49 AM
 #11

Over the easter weekend due to a bug in the strongcoin interface hackers were able to access all encrypted private keys held on the Strongcoin server. This means for people who had weak passwords on their keys or people who had a lot of information in their clue field the BTC may have already been stolen.

This is a thread to answer questions on the StrongCoin key and clue field leak.

1) what was the bug? what do you mean by "interface"?
2) what are you doing to prevent such bugs from occurring again?
3) do you know of anyone's coins being stolen?

1. It was possible to change the id in a URL and see another users encrypted key. That is now fixed.
2. I'm posting a notice on the site to advise people to use longer passwords. There was already a widget to give the user feedback as to how strong there password was.
3. Yes.

This sounds like the whole source code of the site should undergo a very tight review and penetration testing ASAP.

My tip jar: 13kwqR7B4WcSAJCYJH1eXQcxG5vVUwKAqY
tiptopgemdotcom
Hero Member
*****
Offline Offline

Activity: 756



View Profile WWW

Ignore
April 03, 2013, 12:08:34 PM
 #12

Over the easter weekend due to a bug in the strongcoin interface hackers were able to access all encrypted private keys held on the Strongcoin server. This means for people who had weak passwords on their keys or people who had a lot of information in their clue field the BTC may have already been stolen.

This is a thread to answer questions on the StrongCoin key and clue field leak.

1) what was the bug? what do you mean by "interface"?
2) what are you doing to prevent such bugs from occurring again?
3) do you know of anyone's coins being stolen?

1. It was possible to change the id in a URL and see another users encrypted key. That is now fixed.
2. I'm posting a notice on the site to advise people to use longer passwords. There was already a widget to give the user feedback as to how strong there password was.
3. Yes.

This sounds like the whole source code of the site should undergo a very tight review and penetration testing ASAP.

^THIS

tkbx
Sr. Member
****
Offline Offline

Activity: 280


1LYPERHccefLibEz4jmJdPgT6CZbbVgtcs


View Profile

Ignore
April 03, 2013, 01:08:38 PM
 #13

As far as online wallets go, StrongCoin seems pretty secure, but is there any legitimate reason to use an online wallet?

(Unless you were stupid enough to buy a Chromebook, then I have no sympathy for you)

dogisland
Full Member
***
Offline Offline

Activity: 239


Founder - Strongcoin.com


View Profile WWW

Ignore
April 03, 2013, 01:14:18 PM
 #14

As far as online wallets go, StrongCoin seems pretty secure, but is there any legitimate reason to use an online wallet?

(Unless you were stupid enough to buy a Chromebook, then I have no sympathy for you)

Benefits are.

1. Ease of use, nothing to install.
2. You don't have to do your own backups.
3. Accessible from anywhere.

StrongCoin - Encrypted Bitcoin storage. https://www.strongcoin.com
MPOE-PR
Hero Member
*****
Offline Offline

Activity: 756



View Profile

Ignore
April 03, 2013, 01:19:56 PM
 #15

1. It was possible to change the id in a URL and see another users encrypted key. That is now fixed.

You're an idiot however, and that's not fixable. Who codes like that?!

My Credentials  | THE BTC Stock Exchange | I have my very own anthology! | Use bitcointa.lk, it's like this one but better.
Jan
Hero Member
*****
Offline Offline

Activity: 943



View Profile

Ignore
April 03, 2013, 01:26:42 PM
 #16

It is going to be interesting the day that blockchain.info leaks encrypted wallets. I wonder how many out of their 175.000 wallets use insecure passwords.

Mycelium Bitcoin Wallet, a swift & secure Bitcoin client for Android. Join the fun, we are hiring
kokojie
Hero Member
*****
Offline Offline

Activity: 882


tblob.org


View Profile

Ignore
April 03, 2013, 01:46:45 PM
 #17

1. It was possible to change the id in a URL and see another users encrypted key. That is now fixed.

You're an idiot however, and that's not fixable. Who codes like that?!

+1

If my post has been helpful, send me some love -> BTC: 1kokojUapmWqCqPw3Ch2rjcVh57tJEzka | PPC: PDyXAgA8eH47gokVW6zVZPSuu15aao5nZF | LTC: LRDpNJM5nkXFBDoxWRCk5hicvT7TrXQZ3c
The Big List of Bitcoin | My reputation | Free 20GB cloud storage from copy.com
hamdi
Hero Member
*****
Offline Offline

Activity: 504



View Profile

Ignore
April 03, 2013, 01:48:42 PM
 #18

It is going to be interesting the day that blockchain.info leaks encrypted wallets. I wonder how many out of their 175.000 wallets use insecure passwords.
Already happened!

ErebusBat
Hero Member
*****
Offline Offline

Activity: 546

I am the one who knocks


View Profile

Ignore
April 03, 2013, 01:55:46 PM
 #19

It is going to be interesting the day that blockchain.info leaks encrypted wallets. I wonder how many out of their 175.000 wallets use insecure passwords.
Already happened!
Sauce?

░▒▓█ Coinroll.it - 1% House Edge Dice Game █▓▒░ • Coinroll Thread • *FREE* 100 BTC Raffle

Signup for CEX.io BitFury exchange and get GHS Instantly!  Don't wait for shipping, mine NOW!
Cryptoc
Newbie
*
Offline Offline

Activity: 14


View Profile

Ignore
April 03, 2013, 01:57:19 PM
 #20

It is going to be interesting the day that blockchain.info leaks encrypted wallets. I wonder how many out of their 175.000 wallets use insecure passwords.
Already happened!
Any more information?
Pages: [1] 2  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!