PRIMEDICE COMPROMISED [RESOLVED]

[RHavar]

feel free to post it here (after changing it on primedice) and close this discussion.

He forced me to share the password on this thread.

:sigh:

[devans]

He forced me to share the password on this thread.

BTW what was your username and password (after you changed it)? (…)

(…) If you want a full refund feel free to post it here (after changing it on primedice) and close this discussion. I also have strong doubts you only used it on primedice which is why I imagine you are hesitant. 

(emphasis mine in both quotes)

[RHavar]

My password was pP@$$w0rd and it's definitely unique to this site. you tell me that this a password that could be guessed by a random guy in less than 10 minutes, I have nothing to say to you. and guys, do google it and tell me if you find it.

Also it seems that P@$$w0rd is a suffix you use for many of your password? So pP@$$w0rd means "primedice password"?  If people know a bunch of your other passwords, and then trying to guess your PrimeDice password ... you're not exactly making it hard

I really think you owe PrimeDice an apology for this whole thing, and use it as a cheap lesson on the importance of using a password manager 

[convertekk]

feel free to post it here (after changing it on primedice) and close this discussion.

He forced me to share the password on this thread.

:sigh:

Do we get the edit history on that comment please ? I'm pretty sure the "after changing it on primedice" was added later. Just like how he changed the words "blatant lies" to "simply untrue"

[convertekk]

My password was pP@$$w0rd and it's definitely unique to this site. you tell me that this a password that could be guessed by a random guy in less than 10 minutes, I have nothing to say to you. and guys, do google it and tell me if you find it.

Also it seems that P@$$w0rd is a suffix you use for many of your password? So pP@$$w0rd means "primedice password"?  If people know a bunch of your other passwords, and then trying to guess your PrimeDice password ... you're not exactly making it hard

I really think you owe PrimeDice an apology for this whole thing, and use it as a cheap lesson on the importance of using a password manager 

coming to your own conclusions and asking me to owe an apology for what primedice did to me ? WOW!! Care to explain how you came to that conclusion ?

[RHavar]

Do we get the edit history on that comment please ? I'm pretty sure the "after changing it on primedice" was added later. Just like how he changed the words "blatant lies" to "simply untrue"

Comments that are edited after a threshold (5 minutes I think) look like this:

https://imgur.com/a/BOWYt

(that's my post, for testing)

And you can hover over it, to see the edit time.

However, Stunna's was never edited (at least after the threshold)

[convertekk]

Do we get the edit history on that comment please ? I'm pretty sure the "after changing it on primedice" was added later. Just like how he changed the words "blatant lies" to "simply untrue"

Comments that are edited after a threshold (5 minutes I think) look like this:

https://imgur.com/a/BOWYt

(that's my post, for testing)

And you can hover over it, to see the edit time.

However, Stunna's was never edited (at least after the threshold)

Before threshold or after threshold. You simply shouldn't force someone to share their passwords on a public forum. He called me a blatant liar after wasting 3 days of time. I had to share it to prove my point right ? Also, that account is not worth a penny to me anymore. So, I wouldn't mind retrieving it. Its just that someone would be misusing that account to get a higher faucet(its currently at 3.2K) and it's Stunna's loss. You could simply reset the hash and share the reset password with me over PM to simply hand over my account to myself instead of playing a blame game.

The real concern was the lost money and his behavior towards a user who loses money on their site. "Share your password, to the public, I'll refund your loss" and then gone. disappears.

[RHavar]

The real concern was the lost money and his behavior towards a user who loses money on their site. "Share your password, to the public, I'll refund your loss" and then gone. disappears.

I was actually the one who originally asked you to share your password (after you changed it) so we could see if it was a secure password or not (like you claimed).

coming to your own conclusions and asking me to owe an apology for what primedice did to me ? WOW!! Care to explain how you came to that conclusion ?

Your whole thread is about problems in PrimeDice, while in reality it's simply a case of you using a trivially guessable password (to anyone who looked up how you pick passwords on a password leak site).

[convertekk]

The real concern was the lost money and his behavior towards a user who loses money on their site. "Share your password, to the public, I'll refund your loss" and then gone. disappears.

I was actually the one who originally asked you to share your password (after you changed it) so we could see if it was a secure password or not (like you claimed).

coming to your own conclusions and asking me to owe an apology for what primedice did to me ? WOW!! Care to explain how you came to that conclusion ?

Your whole thread is about problems in PrimeDice, while in reality it's simply a case of you using a trivially guessable password (to anyone who looked up how you pick passwords on a password leak site).

I'm telling you that I don't use that pattern elsewhere. You keep fighting on his behalf asking me to owe an apology for the money I lost. Why should I go through this mental trauma fighting a hundred guys here for pointing a potential security loophole ?

[myhung76393]

It really is dangerous 

[minifrij]

My password was pP@$$w0rd and it's definitely unique to this site.

That password is insanely easy to guess. A machine could probably come up with that password in a few hundred tries.

you tell me that this a password that could be guessed by a random guy in less than 10 minutes, I have nothing to say to you.

Do you really think that passwords are brute-forced by hand? You really don't know much about this stuff, do you?

Do we get the edit history on that comment please ? I'm pretty sure the "after changing it on primedice" was added later. Just like how he changed the words "blatant lies" to "simply untrue"

Regardless, did it not come to mind that if you're posting your password in a public place you should change it?

You keep fighting on his behalf asking me to owe an apology for the money I lost.

Because Stunna/PD has done nothing wrong. You accusing him of doing such is not fair. You lost the money because your account security was bad - deal with the loss and learn from it in the future.

for pointing a potential security loophole ?

You are the security loophole. Make a password that isn't stupidly easy for a machine to guess and you will no longer have these problems.

It really is dangerous  

Any website you store funds on is dangerous for many reasons. Provided you trust the website and use a strong password this danger can be mitigated.

[convertekk]

My password was pP@$$w0rd and it's definitely unique to this site.

That password is insanely easy to guess. A machine could probably come up with that password in a few hundred tries.

you tell me that this a password that could be guessed by a random guy in less than 10 minutes, I have nothing to say to you.

Do you really think that passwords are brute-forced by hand? You really don't know much about this stuff, do you?

Do we get the edit history on that comment please ? I'm pretty sure the "after changing it on primedice" was added later. Just like how he changed the words "blatant lies" to "simply untrue"

Regardless, did it not come to mind that if you're posting your password in a public place you should change it?

You keep fighting on his behalf asking me to owe an apology for the money I lost.

Because Stunna/PD has done nothing wrong. You accusing him of doing such is not fair. You lost the money because your account security was bad - deal with the loss and learn from it in the future.

for pointing a potential security loophole ?

You are the security loophole. Make a password that isn't stupidly easy for a machine to guess and you will no longer have these problems.

It really is dangerous  

Any website you store funds on is dangerous for many reasons. Provided you trust the website and use a strong password this danger can be mitigated.

where are you guys popping from ? Are you the army the other guy who lost his money was referring to ? a password with alphanumerics and symbols is easy to guess for a machine in a few hundred tries ? LOL. arguing with you on this will be an insult to my intelligence.

Any website you store funds on is dangerous ? Please tell me if you own any websites, I'll not even come near to it. I've already added primedice and bustabit to that list but if you have any, please feel free to add that to my list.

[convertekk]

Your whole thread is about problems in PrimeDice, while in reality it's simply a case of you using a trivially guessable password (to anyone who looked up how you pick passwords on a password leak site).

If PD is allowing hackers to guess user's passwords using trial and error, isn't that a problem ? Stunna himself accepted that and was willing to enable 2FA for withdrawals. Where does the point of apology come into picture then ?

[RHavar]

If PD is allowing hackers to guess user's passwords using trial and error, isn't that a problem ?

No, not really. Someone knowing how you pick passwords would have got it in less than 10 tries, or perhaps 26 if they wanted to guess every letter. You can't lock accounts, or ban ips for a handful of tries or it would suffer from a huge false-positive problem and/or be a huge vulnerability (easy to lock other peoples accounts).


This will be my last reply, as it's becoming a waste of time. But honestly, you should start taking some responsibility. It seems you've learnt two good lessons:
a) Don't post an active password in a public spot
b) Use a password manager to pick good password.  A single letter, and a common suffix is insanely guessable.


I hope you don't let this lesson go to waste 

[minifrij]

a password with alphanumerics and symbols is easy to guess for a machine in a few hundred tries ? LOL. arguing with you on this will be an insult to my intelligence.

You literally changed the word 'Password' to have some well known symbol replacements and added a p at the beginning. It wouldn't surprise me if these sorts of passwords were targeted specifically by some attackers.
A good password with alphanumerics and symbols would look similar to these:

• n<GV8YV/L&$K$[b
• 937/o=92sW/G{5c
• ~(=0,548_"2"/Ga
• kZs75Upu]48j?6q

Notice how none of those passwords follow any sort of structure/pattern? They do not resemble any dictionary words (unlike yours), they do not have any predictable characters in there (unlike yours) and alphanumerics and symbols are scattered randomly in each password (unlike yours).

Any website you store funds on is dangerous ? Please tell me if you own any websites, I'll not even come near to it.

None that you store funds on for that exact reason.
By storing funds on a website you are literally giving them your money. If they have poor security or get greedy there is absolutely nothing stopping them from running off or losing your money. That is something that could only have been helped by not storing funds on a website. Of course, I do not think that PD or Bustabit have a problem with either of these.

If PD is allowing hackers to guess user's passwords using trial and error, isn't that a problem ?

It is. An inherent problem that comes into play with almost every website that uses accounts with passwords.

Where does the point of apology come into picture then ?

You are trying to frame Stunna/PD for a problem that isn't their fault. It's disrespectful at best, and deserves an apology.
Not that anyone here should expect one from you; you seem too deluded by your own faulty logic to realize you have done anything wrong.

snip

I suggest that you try to understand this; he is absolutely correct.

[convertekk]

You know what guys, I don't want to waste any time of mine as well.

Stunna, you refund my losses as you have mentioned, and make your website a little more secure possibly for the sake of your users and your own good. We are done.

[minifrij]

You know what guys, I don't want to waste any time of mine as well.

Good to know, apologies for your loss.

If you want to prevent people from replying to the topic you can press the 'Lock Topic' link in the bottom left hand corner of the page. I suggest you do this, else it will likely continue to be brought up.

[lowbander80]

When using any site that handles bitcoin like mine you have the chance to lock a bitcoin address for withdrawals and you need to confirm it by email your sent

[convertekk]

You know what guys, I don't want to waste any time of mine as well.

Good to know, apologies for your loss.

If you want to prevent people from replying to the topic you can press the 'Lock Topic' link in the bottom left hand corner of the page. I suggest you do this, else it will likely continue to be brought up.

I'll just wait for Stunna's reply and resolution before locking the topic.

[convertekk]

When using any site that handles bitcoin like mine you have the chance to lock a bitcoin address for withdrawals and you need to confirm it by email your sent

one among lot of other ways to protect the user. But, that is, if they have the intent to protect their users at all.