Landak
|
|
December 08, 2016, 02:50:07 PM |
|
We have no pw of your email, therefore we can't withdraw it, right? Maybe best hacker will bypass email auth.
thats why alex asked for it, if you can hack you get 1btc
|
HILIH KINTIL
|
|
|
|
|
|
"You Asked For Change, We Gave You Coins" -- casascius
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
manbitcoinlover
Member
Offline
Activity: 168
Merit: 12
|
|
December 08, 2016, 03:57:25 PM |
|
I predict that no one will be able to hack this site and get the 1 BTC for themselves. Many companies actually do this and sometimes the hackers are successful so, One can never know for sure, but I think this security system is solid for now.
|
Looking for Signature Campaign, PM ME!
|
|
|
Landak
|
|
December 08, 2016, 05:30:48 PM |
|
I predict that no one will be able to hack this site and get the 1 BTC for themselves. Many companies actually do this and sometimes the hackers are successful so, One can never know for sure, but I think this security system is solid for now.
yeah seems so, i think this is first dice site use email authenticator to login to bitdice account
|
HILIH KINTIL
|
|
|
Edraket31
|
|
December 08, 2016, 05:37:16 PM |
|
I predict that no one will be able to hack this site and get the 1 BTC for themselves. Many companies actually do this and sometimes the hackers are successful so, One can never know for sure, but I think this security system is solid for now.
yeah seems so, i think this is first dice site use email authenticator to login to bitdice account Not the first, there is rollin which implemented this kind of security feature recently, around 2months ago if i remember correctly. @bitdice, is there an option to unable that security check?
|
|
|
|
viziano
|
|
December 08, 2016, 05:40:12 PM |
|
All casinos need to add smth like this.. Although good job for implementing this feature at first.Even I would use this instead of other sites cuz of security..
|
|
|
|
izanagi narukami
Legendary
Offline
Activity: 2030
Merit: 1028
|
|
December 08, 2016, 05:55:57 PM |
|
All casinos need to add smth like this.. Although good job for implementing this feature at first.Even I would use this instead of other sites cuz of security..
Eventhough they implant tough security , there will be another hole one day that can be hack (usually it's just a matter of time For example Hufflepuff case
|
|
|
|
crairezx20
Legendary
Offline
Activity: 1638
Merit: 1046
|
|
December 08, 2016, 05:59:21 PM |
|
I predict that no one will be able to hack this site and get the 1 BTC for themselves. Many companies actually do this and sometimes the hackers are successful so, One can never know for sure, but I think this security system is solid for now.
I think not always the site is safe and protected and i think sometimes there is some systems faults that can get some bugs in website.. That is why other people are asking to hack their site so that they can know some bugs and fix it too early before someone greedy can know that thing and get almost all balance of the site..
|
|
|
|
trafficolaa
Legendary
Offline
Activity: 1008
Merit: 1000
|
|
December 08, 2016, 06:10:53 PM |
|
I predict that no one will be able to hack this site and get the 1 BTC for themselves. Many companies actually do this and sometimes the hackers are successful so, One can never know for sure, but I think this security system is solid for now.
I think not always the site is safe and protected and i think sometimes there is some systems faults that can get some bugs in website.. That is why other people are asking to hack their site so that they can know some bugs and fix it too early before someone greedy can know that thing and get almost all balance of the site.. This could be the reason why they are offering bounty to hack this email to get access to their site and take withdraw, that is very attractive for some people to give try and they can test out their security measure for this new version, you are right there that is wonderful to let know what flaw they have right now.
|
|
|
|
KenR
|
|
December 08, 2016, 06:21:47 PM |
|
All casinos need to add smth like this.. Although good job for implementing this feature at first.Even I would use this instead of other sites cuz of security..
Eventhough they implant tough security , there will be another hole one day that can be hack (usually it's just a matter of time For example Hufflepuff case Hufflepuff had access to servers or say he had an idea about the loopholes.As they say,there are no known solutions,only precautions.The concept is quite simple here though,if you get your IP to spoof as the IP of the given login,you wouldn't be asked for any 2fa crap.
|
| | | ████ █ ████ █ ████ █ ████ █ ████ █ █ ████ █ █ ████ █ █ ████ █ █ ████ █ ████ █ ████ █ ████ █ ████ | | | | | | ████ █ ████ █ ████ █ ████ █ ████ █ █ ████ █ █ ████ █ █ ████ █ █ ████ █ ████ █ ████ █ ████ █ ████ | | | .WEBSITE. ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ .ANN THREAD. | | | | | | . ▄▄▄▄▄▄▄▄ | | | ████ █ ████ █ ████ █ ████ █ ████ █ █ ████ █ █ ████ █ █ ████ █ █ ████ █ ████ █ ████ █ ████ █ ████ | | | |
|
|
|
kolloh
Legendary
Offline
Activity: 1736
Merit: 1023
|
|
December 08, 2016, 08:51:40 PM |
|
@bitdice, is there an option to unable that security check?
Yeah, an option was added recently that allows you to turn off that security check if you wish. I think it also isn't in effect if you use 2FA. The feature is on by default, so you have to choose to make your account less secure in that case.
|
|
|
|
fiscorcle
|
|
December 08, 2016, 08:56:32 PM |
|
Not even going to bother. With 2FA enabled it is next to impossible to crack into someone's account.
|
|
|
|
equator
Legendary
Offline
Activity: 1190
Merit: 1002
|
|
December 08, 2016, 09:14:56 PM |
|
To prove our security, we run a HackMe event. I've tipped user hack_me with 1BTC.Here's registration email: contact@bitdice.me And password: Jy45kFbGJX9n5q8
Yes! We've posted password from an account with 1BTC on it. Simply sign-in and take it
Couldn't? Well, that's because our security is so safe that even leaking your password can't do anything bad. We are safer than Bitfinex
User hack_me was registered with default settings, nothing has been changed under his profile.
Join to one of the safest casino worldwide.
In BitDice We Trust! The security feature which you are telling is used by so many exchanges and sites, even coinbase is also very strong exchange due to they also implemented the email authorization and sms authorization if you are using any other IP address which is not authorized. So if you add one more security feature of sms authorization then your site will become more secure as if anyone hacks email account then they can access the site but hacker cannot hack the mobile number
|
|
|
|
NLNico
Legendary
Offline
Activity: 1876
Merit: 1289
DiceSites.com owner
|
|
December 09, 2016, 02:17:19 PM |
|
Wow nice bounty offer you got there but I wish I was a skilled programmer and I have read that NLNico is the one who help Baryom for his bitsler website for this security measures and Baryom vouch him for good work, maybe he can help you for this thing. As quoted below, As bitsler's main admin, I can vouch for NLnico who have made a great work with us. He is very skilled and professional. He gave us full explanation + fix.
Thanks again !
Thanks I actually tried some basic things right after seeing this thread, but I am afraid I am unable to bypass this device/IP-check one more security feature of sms authorization SMS is actually really insecure way: http://blog.kraken.com/post/153209105847/security-advisory-mobile-phones non-SMS 2FA is much better.
|
|
|
|
BoXXoB
Legendary
Offline
Activity: 2018
Merit: 1108
|
|
December 09, 2016, 06:16:30 PM |
|
Wow nice bounty offer you got there but I wish I was a skilled programmer and I have read that NLNico is the one who help Baryom for his bitsler website for this security measures and Baryom vouch him for good work, maybe he can help you for this thing. As quoted below, As bitsler's main admin, I can vouch for NLnico who have made a great work with us. He is very skilled and professional. He gave us full explanation + fix.
Thanks again !
Thanks I actually tried some basic things right after seeing this thread, but I am afraid I am unable to bypass this device/IP-check one more security feature of sms authorization SMS is actually really insecure way: http://blog.kraken.com/post/153209105847/security-advisory-mobile-phones non-SMS 2FA is much better. Glad you didn't find any way to bypass it Means it's quite secure... I also read that kraken blog a while ago and it immediately made me switch from Authy. Some good points made there...
|
|
|
|
BitMaxz
Legendary
Offline
Activity: 3248
Merit: 2972
Block halving is coming.
|
|
December 09, 2016, 07:16:32 PM |
|
Not even going to bother. With 2FA enabled it is next to impossible to crack into someone's account. That is one of the great way to secured every account or members who joined and i think there is no other way to hack the site unless if there is a bug happen.. not always the site is protected and i think there is always a bug happen for every site. If there is a new ways to inject some script in the site that can destroy the website that can get bugs by some members.. but for now the security was updated and i think if they are doing this to post just to hack the website they are still not protected and they are still looking for other bugs that they can fix as soon as possible.. just like from other site that i heard like yobit before that someone found a bug but he gain almost 0.1 as reward by yobit..
|
|
|
|
SparkedDev
|
|
December 10, 2016, 01:03:32 AM |
|
Oh nice feature but if someone really wanted to get into someones account and got a hold of their account my guess is their computer was infected. So they could just login remotely through the users profile and cash out, in most cases if you got their password they got keylogged which means they likely got that email pass.
|
|
|
|
xLays
Sr. Member
Offline
Activity: 1610
Merit: 359
https://shuffle.com?r=nba
|
|
December 10, 2016, 02:58:01 AM |
|
Well this is that easy to get that 1 Bitcoin, The only thing that you can claim this 1 bitcoin is to login or to know also the password of email that use in that account. This is waste of time instead.
|
| | | SHUFFLE.COM | | | | ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ | ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ | ██████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██████ | ████████████████████ ████ ██ .
| ██████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██████ | |
|
|
|
NLNico
Legendary
Offline
Activity: 1876
Merit: 1289
DiceSites.com owner
|
|
December 10, 2016, 03:09:33 AM |
|
Oh nice feature but if someone really wanted to get into someones account and got a hold of their account my guess is their computer was infected. So they could just login remotely through the users profile and cash out, in most cases if you got their password they got keylogged which means they likely got that email pass.
I think the most common way to obtain someone's password is by a database leak and by using the same password on multiple sites. So: 1) hack some (more insecure) bitcoin site 2) get usernames/passwords 3) try on all gambling sites. Another example: I could create a faucet site, "get some free bits by just signing up". Meanwhile I am obtaining all usernames/passwords from those users and try them on gambling sites (and exchanges etc.) Also phishing sites are pretty common, but so far mostly for blockchain.info and bitcoin exchanges (haven't seen many for gambling sites yet.) I think those situations are more common than some targeted keylogger. For those situations, this protection by BitDice works pretty well. Still if they use the same password for their email... obvious they can still be hacked
|
|
|
|
veleten
Legendary
Offline
Activity: 2030
Merit: 1106
|
|
December 11, 2016, 02:37:30 PM |
|
so what exactly do we have to do to get 1 btc? login into hack_me account? disrupt the site's operation? manipulate a bet's outcome? its rather vague to be honest
|
|
|
|
panjul07
Legendary
Offline
Activity: 3472
Merit: 1353
|
|
December 11, 2016, 02:46:33 PM |
|
so what exactly do we have to do to get 1 btc? login into hack_me account? disrupt the site's operation? manipulate a bet's outcome? its rather vague to be honest
You only need to login with that account then you can withdraw the available balance on the account (1btc). Sounds simple, right? But the hard thing to do is to login because you need confirmation email to login. Whoever able to acces the email of the account then he will get the 1btc easily.
|
| .SHUFFLE.COM.. | ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ | ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ | . ...Next Generation Crypto Casino... |
|
|
|
|