Just-Dice.com : now with added CLAMs : Play or Invest

[flower1024]

The link was https://just-dice.com/f0dff4a321b349dc7c3771aaa1f426a012a3f382e80d6648316ee8856c4a23ed

how to get such a link? i would like to bookmark mine

If you havn't set a username/password go to the account tab and "You can log into the same account from a different computer or browser using this link."

thanks. i have a username set. so i guess i have to manually login on a different pc.

[dree12]

Indeed, I think this is a modified CSRF attack. Someone can put the login link into an invisible iframe on any website, which can not only destroy someone's access to his or her account but also prompt unsuspecting newbies to deposit to a public account.

[superresistant]

Indeed, I think this is a modified CSRF attack. Someone can put the login link into an invisible iframe on any website, which can not only destroy someone's access to his or her account but also prompt unsuspecting newbies to deposit to a public account.

OMG can it be fixed ?

[dooglus]

Indeed, I think this is a modified CSRF attack. Someone can put the login link into an invisible iframe on any website, which can not only destroy someone's access to his or her account but also prompt unsuspecting newbies to deposit to a public account.

OMG can it be fixed ?

I could make it such that any time you log in using a "secret URL" link, the site pops up a warning message suggesting that you should set a username and password.

That should prevent the attack from working on people who read popup messages.  But that may be quite a small percentage of people.

[GOB]

I could make it such that any time you log in using a "secret URL" link, the site pops up a warning message suggesting that you should set a username and password.

That should prevent the attack from working on people who read popup messages.  But that may be quite a small percentage of people.

Why even allow users to bypass creating a username and password (and 2FA)?

[dooglus]

Why even allow users to bypass creating a username and password (and 2FA)?

Because casual players want as few barriers between them and the dice as possible.  They want to deposit, play, maybe withdraw winnings, and forget about the account.  Account registration and 2FA is boring.

For people intending to leave coins on their accounts though, it's clearly a good idea to use 2FA.

[Dabs]

Dabs Suggestion: Don't use a pop up because it can and probably will be blocked (they won't see it). Make a large red bold sign somewhere near the deposit buttons or near the bet buttons only for those who don't have accounts, where the text can not be missed; where it is easily seen.

Maybe under the ads or something.

[b!z]

Dabs Suggestion: Don't use a pop up because it can and probably will be blocked (they won't see it). Make a large red bold sign somewhere near the deposit buttons or near the bet buttons only for those who don't have accounts, where the text can not be missed; where it is easily seen.

Maybe under the ads or something.

I think he means a popup in the page, not an external window.

[tunafish]

not sure if maybe theres just no message or anything but i'm trying to withdraw and when i input my address and amount and press withdraw nothing happens, no dialog like "withdrawal processing" or similar but its still showing a balance so i'm guessing its not going through. help?

[Otoh]

not sure if maybe theres just no message or anything but i'm trying to withdraw and when i input my address and amount and press withdraw nothing happens, no dialog like "withdrawal processing" or similar but its still showing a balance so i'm guessing its not going through. help?

Make sure that you got the address & amount in the correct boxes, I think I muddled them up once & if C&P to make sure that there is no space before or after either as some sites can't cope with that. Also obvious, I assume you divested, if invested before, so that you have the amount to withdraw in your available balance.

[tunafish]

not sure if maybe theres just no message or anything but i'm trying to withdraw and when i input my address and amount and press withdraw nothing happens, no dialog like "withdrawal processing" or similar but its still showing a balance so i'm guessing its not going through. help?

Make sure that you got the address & amount in the correct boxes, I think I muddled them up once & if C&P to make sure that there is no space before or after either as some sites can't cope with that. Also obvious, I assume you divested, if invested before, so that you have the amount to withdraw in your available balance.

Checked and rechecked, got "bad amount format" first time and fixed that, now button doesn't do anything *shrug*
and yes i'm divested and i tried withdrawing my entire balance shown and less than it, nothing. Using firefox, have adblock and such whitelisted.


edit:
FIXED
I restarted my browser and that seemed to do the trick. Should have thought of that sooner, firefox isn't as good as it used to be with lots of random things, time to switch to chrome methinks

Thanks for the help though.

[dooglus]

not sure if maybe theres just no message or anything but i'm trying to withdraw and when i input my address and amount and press withdraw nothing happens, no dialog like "withdrawal processing" or similar but its still showing a balance so i'm guessing its not going through. help?

Shortly before your post, one of our early investors withdrew a large amount, leaving the hot wallet almost empty.

When you try to withdraw more than is in the hot wallet, you should see an error message added to the bottom of the withdraw dialog, like this:



At some zoom levels the warning doesn't fit; a scrollbar appears on the dialog and you have to scroll down to see it.  And on some devices, like phones, the display is too small for the error message to be visible.

Either way, I refilled the wallet shortly after it was emptied, so you can just try again.

[ASICSRUS]

not sure if maybe theres just no message or anything but i'm trying to withdraw and when i input my address and amount and press withdraw nothing happens, no dialog like "withdrawal processing" or similar but its still showing a balance so i'm guessing its not going through. help?

Shortly before your post, one of our early investors withdrew a large amount, leaving the hot wallet almost empty.

When you try to withdraw more than is in the hot wallet, you should see an error message added to the bottom of the withdraw dialog, like this:



At some zoom levels the warning doesn't fit; a scrollbar appears on the dialog and you have to scroll down to see it.  And on some devices, like phones, the display is too small for the error message to be visible.

Either way, I refilled the wallet shortly after it was emptied, so you can just try again.

do you see whats happened to PrimeDice you are next! LOL  have funnn

[andrewbadr]

How can I get in touch with Nakowa?

[dree12]

On closer inspection it seems that the best way to resolve the CSRF (which is a CSRF, not just a modified one) is to display a confirmation. "Are you really really sure you want to log in to this secret link?" and have a CSRF token on the confirmation page.

[soso]

Hey Dooglus, a poster named BigboyDan at Sbrforum.com has posted this about you.

It's funny you keep putting up smoke screens to this entire BTC ordeal.

Let me be blunt here if I may as the current sting they have underway now to takedown Mr.Nigel and his operations that has plagued the U.S. for many years.


Homeland security is currently sitting on the supposely unknown devoloper "Dooglus" and his associates as well as the BTC platform book, their hub Dowlla and it's roughly $50+ million (was like 33+ million) wagered already and is waiting till more money to be pumped through it before it they shut it down. Now if you or any other SBR poster would like to call the feds and inquire about this info I've provided then please do so because that's what a good reporter like myself would do. Hell, I could go on but I don't think Mr.Meng would appreciate it and does see where I'm going with this. :


Now think logically about this from both sides of the fence:

Not only would the books get burned but the players will get stung so bad that it will ultimate be a big negative on the industry as a whole to the point the players won't send money to any offshore book. The really sad part of it all is the mere fact of just what type of impact it would be on the global offshore marketplace as a whole in Europe, Australia, Asia, CR, Panama, Antigua, ect,ect.

Anything to say about this?

[willphase]

Hey Dooglus, a poster named BigboyDan at Sbrforum.com has posted this about you.

It doens't look like BigboyDan has been active on sbrforum for two years.  Do you have a link, or are you just trolling?

Will

[organofcorti]

<snip> Anything to say about this?

Did anything you just posted make any sense at all?

What BTC ordeal? Who is Mr. Nigel? Why is "Homeland security" taking action against a Canadian? Is Canada now a part of the US? Or was your post just a list of random words from other posts?

[soso]

I am not "trolling". I have no dog in this fight. I do not care one bit.

 bigboydan posted today at 4:45

Go to sbrforum.com and find the "do you use bitbooks?" thread post #37, or don't i don't give a shit.

He made allegations against dooglus that i posted.

[organofcorti]

I am not "trolling". I have no dog in this fight. I do not care one bit.

 bigboydan posted today at 4:45

Go to sbrforum.com and find the "do you use bitbooks?" thread post #37, or don't i don't give a shit.

He made allegations against dooglus that i posted.

Ah, sorry about that - I didn't realise you were quoting someone else.