|
dogisland (OP)
|
 |
April 03, 2013, 07:46:02 AM |
|
This is a thread to answer questions on the StrongCoin key and clue field leak.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
No Gods or Kings. Only Bitcoin
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
wopwop
|
|
April 03, 2013, 07:51:33 AM |
|
this is me caring
|
|
|
|
|
|
rme
|
|
April 03, 2013, 10:01:08 AM |
|
|
|
|
|
|
anfedorov
Newbie
 Offline
Activity: 44
Merit: 0
|
|
April 03, 2013, 10:35:59 AM |
|
Over the easter weekend due to a bug in the strongcoin interface hackers were able to access all encrypted private keys held on the Strongcoin server. This means for people who had weak passwords on their keys or people who had a lot of information in their clue field the BTC may have already been stolen.
This is a thread to answer questions on the StrongCoin key and clue field leak. 1) what was the bug? what do you mean by "interface"? 2) what are you doing to prevent such bugs from occurring again? 3) do you know of anyone's coins being stolen? |
|
|
|
|
Jurek
Member
Offline
Activity: 117
Merit: 10
|
|
April 03, 2013, 10:39:51 AM |
|
|
|
|
|
|
omgitsmehehe
|
|
April 03, 2013, 10:42:31 AM |
|
I used StrongCoin once. Then I seen their 1% fee. Seriously? I can transfer my own money for free and more securely.
|
|
|
|
|
manface
|
|
April 03, 2013, 10:55:53 AM |
|
Can you explain what happened? I looked at strongcoin once but compared to blockchain.info they didn't seem to offer much.
|
|
|
|
|
|
jago25_98
|
|
April 03, 2013, 11:09:20 AM |
|
I see I signed up for it at some point. Balance is zero. Perhaps it always was. Can't remember and there's no history. O well...
deja vu, never mind :p !
|
Bitcoiner since the early days. Crypto YouTube Channel: Trading Nomads | Analyst | News Reporter | Bitcoin Hodler | Support Freedom of Speech!
|
|
|
|
dogisland (OP)
|
|
April 03, 2013, 11:31:36 AM |
|
Over the easter weekend due to a bug in the strongcoin interface hackers were able to access all encrypted private keys held on the Strongcoin server. This means for people who had weak passwords on their keys or people who had a lot of information in their clue field the BTC may have already been stolen.
This is a thread to answer questions on the StrongCoin key and clue field leak. 1) what was the bug? what do you mean by "interface"? 2) what are you doing to prevent such bugs from occurring again? 3) do you know of anyone's coins being stolen? 1. It was possible to change the id in a URL and see another users encrypted key. That is now fixed. 2. I'm posting a notice on the site to advise people to use longer passwords. There was already a widget to give the user feedback as to how strong there password was. 3. Yes. |
|
|
|
|
🏰 TradeFortress 🏰
Bitcoin Veteran
VIP
Legendary
Offline
Activity: 1316
Merit: 1043
👻
|
|
April 03, 2013, 11:35:21 AM |
|
LOL, why would anyone want to use it exactly.
No.
|
|
|
|
|
|
TheSeven
|
|
April 03, 2013, 11:57:49 AM |
|
Over the easter weekend due to a bug in the strongcoin interface hackers were able to access all encrypted private keys held on the Strongcoin server. This means for people who had weak passwords on their keys or people who had a lot of information in their clue field the BTC may have already been stolen.
This is a thread to answer questions on the StrongCoin key and clue field leak. 1) what was the bug? what do you mean by "interface"? 2) what are you doing to prevent such bugs from occurring again? 3) do you know of anyone's coins being stolen? 1. It was possible to change the id in a URL and see another users encrypted key. That is now fixed. 2. I'm posting a notice on the site to advise people to use longer passwords. There was already a widget to give the user feedback as to how strong there password was. 3. Yes. This sounds like the whole source code of the site should undergo a very tight review and penetration testing ASAP. |
My tip jar: 13kwqR7B4WcSAJCYJH1eXQcxG5vVUwKAqY
|
|
|
tiptopgemdotcom
Legendary
Offline
Activity: 1736
Merit: 1000
Truly decentralized stable asset
|
|
April 03, 2013, 12:08:34 PM |
|
Over the easter weekend due to a bug in the strongcoin interface hackers were able to access all encrypted private keys held on the Strongcoin server. This means for people who had weak passwords on their keys or people who had a lot of information in their clue field the BTC may have already been stolen.
This is a thread to answer questions on the StrongCoin key and clue field leak. 1) what was the bug? what do you mean by "interface"? 2) what are you doing to prevent such bugs from occurring again? 3) do you know of anyone's coins being stolen? 1. It was possible to change the id in a URL and see another users encrypted key. That is now fixed. 2. I'm posting a notice on the site to advise people to use longer passwords. There was already a widget to give the user feedback as to how strong there password was. 3. Yes. This sounds like the whole source code of the site should undergo a very tight review and penetration testing ASAP. ^THIS |
|
|
|
|
tkbx
|
|
April 03, 2013, 01:08:38 PM |
|
As far as online wallets go, StrongCoin seems pretty secure, but is there any legitimate reason to use an online wallet?
(Unless you were stupid enough to buy a Chromebook, then I have no sympathy for you)
|
|
|
|
|
|
dogisland (OP)
|
|
April 03, 2013, 01:14:18 PM |
|
As far as online wallets go, StrongCoin seems pretty secure, but is there any legitimate reason to use an online wallet?
(Unless you were stupid enough to buy a Chromebook, then I have no sympathy for you)
Benefits are. 1. Ease of use, nothing to install. 2. You don't have to do your own backups. 3. Accessible from anywhere. |
|
|
|
|
|
MPOE-PR
|
|
April 03, 2013, 01:19:56 PM |
|
1. It was possible to change the id in a URL and see another users encrypted key. That is now fixed.
You're an idiot however, and that's not fixable. Who codes like that?! |
|
|
|
Jan
Legendary
Offline
Activity: 1043
Merit: 1002
|
|
April 03, 2013, 01:26:42 PM |
|
It is going to be interesting the day that blockchain.info leaks encrypted wallets. I wonder how many out of their 175.000 wallets use insecure passwords.
|
Mycelium let's you hold your private keys private.
|
|
|
kokojie
Legendary
Offline
Activity: 1806
Merit: 1003
|
|
April 03, 2013, 01:46:45 PM |
|
1. It was possible to change the id in a URL and see another users encrypted key. That is now fixed.
You're an idiot however, and that's not fixable. Who codes like that?! +1 |
btc: 15sFnThw58hiGHYXyUAasgfauifTEB1ZF6
|
|
|
|
hamdi
|
|
April 03, 2013, 01:48:42 PM |
|
It is going to be interesting the day that blockchain.info leaks encrypted wallets. I wonder how many out of their 175.000 wallets use insecure passwords.
Already happened! |
|
|
|
|
|
ErebusBat
|
|
April 03, 2013, 01:55:46 PM |
|
It is going to be interesting the day that blockchain.info leaks encrypted wallets. I wonder how many out of their 175.000 wallets use insecure passwords.
Already happened! Sauce? |
|
|
|
Cryptoc
Newbie
Offline
Activity: 14
Merit: 0
|
|
April 03, 2013, 01:57:19 PM |
|
It is going to be interesting the day that blockchain.info leaks encrypted wallets. I wonder how many out of their 175.000 wallets use insecure passwords.
Already happened! Any more information? |
|
|
|
|
|
