Globb0
Legendary
Offline
Activity: 2702
Merit: 2053
Free spirit
|
|
April 22, 2018, 03:09:05 PM |
|
Oh look 2 post copying robots in a row Is there a particular reason why amounts are in Troy ounces of gold? I know the US is running a risk of default, but I do not see the dollar devaluing so much as to justify using Gold as a "stable" currency.
|
|
|
|
krishnaverma
|
|
June 16, 2018, 11:05:23 AM |
|
Admin, I have a question regarding this : 1 XAU: Find the email address of user DefaultTrust and explain in detail how you did it.
If I am able to confirm the email from different possible email id for an account , is it acceptable ? Like confirming the email id of DefaultTrust from among possible 100 mail ids.
|
|
|
|
theymos (OP)
Administrator
Legendary
Offline
Activity: 5418
Merit: 13505
|
|
June 19, 2018, 06:53:27 PM |
|
Admin, I have a question regarding this : 1 XAU: Find the email address of user DefaultTrust and explain in detail how you did it.
If I am able to confirm the email from different possible email id for an account , is it acceptable ? Like confirming the email id of DefaultTrust from among possible 100 mail ids.
No, if you have someone's email address then there are several known ways of finding their username. I don't consider this a bug.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
STSToken
Newbie
Offline
Activity: 65
Merit: 0
|
|
July 09, 2018, 12:19:27 PM |
|
Is there any plans to increase the bounty awards?
|
|
|
|
ridertiger
|
|
July 10, 2018, 01:50:28 PM |
|
https://bitcointalk.org/ is a copy cat and one time I almost entered my password there. Good thing I did not, but is there anyhthing, anyone can do about that site?
|
|
|
|
simonova
Jr. Member
Offline
Activity: 73
Merit: 3
|
|
July 13, 2018, 03:44:18 PM Merited by malevolent (3) |
|
Is there any plans to increase the bounty awards?
Will you submit the bug only if the bounty reward is increased ? Share with the admin and he will compensate accordingly. Also, the current rewards are very much in accordance with standard payouts given by reputed websites. The admin mentioned this somewhere in this thread.
|
|
|
|
arhipova
Member
Offline
Activity: 150
Merit: 17
|
|
July 20, 2018, 08:09:26 AM |
|
Bullshit offer. If you are sincere in solving any security breach, you should seek paid professionals.
All big companies like FB, Google take the same route even after they have paid professionals hired full time for this work. Users can be the best judge especially for new features.
|
|
|
|
krishnaverma
|
|
July 21, 2018, 12:31:48 PM |
|
https://bitcointalk.org/ is a copy cat and one time I almost entered my password there. Good thing I did not, but is there anyhthing, anyone can do about that site? There are setting in different browsers to block certain websites completely. You will have to follow tutorial online for the specific browser you are using. If by doing sometime about it, you meant that you would like to get that website down, that is a very long route.
|
|
|
|
yakovs
Jr. Member
Offline
Activity: 32
Merit: 1
|
|
July 22, 2018, 06:25:55 AM |
|
If it would not violate anonymity of individual security researchers, could you post statistics as to how many bugs in each category have been reported and fixed?
Just yours so far. (A CSRF.) And what about current stats ?
|
|
|
|
theymos (OP)
Administrator
Legendary
Offline
Activity: 5418
Merit: 13505
|
|
July 22, 2018, 10:24:23 PM |
|
And what about current stats ?
Doing a quick count, it looks like a total of about 11.4 XAU has been paid in security bounties since inception.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
Mpamaegbu
Legendary
Offline
Activity: 2912
Merit: 1236
Once a man, twice a child!
|
|
September 11, 2018, 11:51:44 AM |
|
https:// bitcointalk.org/ is a copy cat and one time I almost entered my password there. Good thing I did not, but is there anyhthing, anyone can do about that site?
If you feel that truly that site is a phishing one why not deactivate the link so no one mistakenly falls prey to it. But I seem not to see anything different from that site as it is the same with our BTT in spelling and all that.
|
|
|
|
cescudero95
Jr. Member
Offline
Activity: 98
Merit: 2
|
|
September 13, 2018, 12:35:31 AM |
|
And what about current stats ?
Doing a quick count, it looks like a total of about 11.4 XAU has been paid in security bounties since inception. Sorry, but what is XAU exactly?
|
ripaex (https://ripaex.io/) Marketplace
|
|
|
theymos (OP)
Administrator
Legendary
Offline
Activity: 5418
Merit: 13505
|
|
September 13, 2018, 04:28:36 AM |
|
Sorry, but what is XAU exactly?
Troy ounces of gold.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
STT
Legendary
Offline
Activity: 4130
Merit: 1456
|
|
July 19, 2019, 04:12:44 AM |
|
I will speak to someone next week who does this vulnerability testing professionally. Maybe he will tip me if he has a trick from work and manages to do anything :p Is there any plans to increase the bounty awards?
They increase every day so long as the gold price does Sorry, but what is XAU exactly?
https://www.xe.com/currencycharts/?from=XAU&to=USD&view=10YXAG is silver https://www.xe.com/iso4217.php#XIs there a particular reason why amounts are in Troy ounces of gold? I know the US is running a risk of default, but I do not see the dollar devaluing so much as to justify using Gold as a "stable" currency.
The forum is internationally based could be one point but mostly I think of Dollar as the pre nixon standard of being fixed to gold hence its always reasonable to offer gold long term especially to an international audience. If I have no liabilities in dollars then the gold could be preferable, dollars do depreciate over time and this topic is years old. Honestly everyone should keep a little gold, maybe I'm biased or maybe people forgot +10% interest rates, etc. I havent.
|
| CHIPS.GG | | | ▄▄███████▄▄ ▄████▀▀▀▀▀▀▀████▄ ▄███▀░▄░▀▀▀▀▀░▄░▀███▄ ▄███░▄▀░░░░░░░░░▀▄░███▄ ▄███░▄░░░▄█████▄░░░▄░███▄ ███░▄▀░░░███████░░░▀▄░███ ███░█░░░▀▀▀▀▀░░░▀░░░█░███ ███░▀▄░▄▀░▄██▄▄░▀▄░▄▀░███ ▀███░▀░▀▄██▀░▀██▄▀░▀░███▀ ▀███░▀▄░░░░░░░░░▄▀░███▀ ▀███▄░▀░▄▄▄▄▄░▀░▄███▀ ▀████▄▄▄▄▄▄▄████▀ █████████████████████████ | | ▄▄███████▄▄ ▄███████████████▄ ▄█▀▀▀▄█████████▄▀▀▀█▄ ▄██████▀▄█▄▄▄█▄▀██████▄ ▄████████▄█████▄████████▄ ████████▄███████▄████████ ███████▄█████████▄███████ ███▄▄▀▀█▀▀█████▀▀█▀▀▄▄███ ▀█████████▀▀██▀█████████▀ ▀█████████████████████▀ ▀███████████████████▀ ▀████▄▄███▄▄████▀ ████████████████████████ | | 3000+ UNIQUE GAMES | | | 12+ CURRENCIES ACCEPTED | | | VIP REWARD PROGRAM | | ◥ | Play Now |
|
|
|
Security Engineer
Newbie
Offline
Activity: 14
Merit: 1
|
|
August 29, 2019, 11:17:33 PM Last edit: August 30, 2019, 02:13:00 PM by mprep |
|
Hello theymos. I quote here two post regarding BitcoinTalk's security and I hope you will do what I recommended. @theymos If I'm you I would remove Google reCaptcha before a DoS hits your main server! The sitekey my boy, the sitekey... I also did some research around the SSL certificates you got from Sectigo... Later I will contact you when I decided what to do with all this. You don't want to keep that Google reCaptcha there mainly not only because I was able to indentify your server behind cloud but you don't need that at all! Before the cloud it was useful but now you can use just one captcha... better for you. Quick tips for mitigation: Remove Google reCaptcha and implement Argo Tunneladministrator of this forum without any knowledge of programming. I have read his post from the very first one and nothing indicates he had any knowledge of programming.
Bitcointalk are Big forum have over 2.6 Million member need knowledge of management. And not necesarry know about programing. Manager can recruit people who have knowledge about it. That is correct DroomieChikito! If @theymos do what I recommended to him here: https://bitcointalk.org/index.php?topic=5179950.msg52306296#msg52306296 and in PM than he never again would need to even think about that something bad happens to the server(s) of BitcoinTalk. In the current state BitcoinTalk is vulnerable. If he does what I recommended it will mitigate all types of attacks once and forever. This topic will loose it relevance immediately: https://bitcointalk.org/index.php?topic=309785.msg3326091#msg3326091 meaning that no more bounty. Some regarding the forum and email can be still ongoing but he would need to rewrite the entire post. Cheers!
I can't reply to your PM theymos I'm to new here... I got your PGP key. I will send you what you asked. Right now I'm busy with something else. I can assure you soon you will get the response in PM or in an encrypted email. Is this yours? -----BEGIN PGP PUBLIC KEY BLOCK-----
mQMuBExwwKsRCADZL8C3DWzSohJv6qcrZ2r0jdhY/BhUKzs8utbpa+wbPrBztNCN 9Gxu+6PUiFVuEhpdXpCKGy2sf+CyzOTdGYJtlIykH6jdEW/PLyW5a23SKZEHvI4S RNWZCPF9kqujRHb++mrf6t6ehiMUkFcn0aQOYMMrk/pVrdx3LmmUSgsvOvCRRWS3 vo1uNJdlnqOA7pc6sgOs7bZI32zVk4p+1QVgZ6gKAOx2ga8IBILs3KMzt72WFdF1 1W0k92T/xQ+FHf0O9nMdeN/qKRBSZn1CMoJgaG23Kj8O3K3AwEgijBD60ByvIHOL 7WjFJ8IVA/obhn/Xoa1ZD91rDYvH/18kldVXAQDTdgjwDHNd4AItspbLTMvtovK8 RxWvNiHy7nE6j/BmlQgAl02c0soZXL2VhGw0gX+gIUZY3jD2pWQSFqdUb+dXNqVI ISjINPqD35xm7Hll4B5CSlsjz5j+gJc8xrfWw1YAjK6SJxhQcevI+wbXBqfX3pYj MYeOgszkSHAcs5EsW03EdYQ9SlrFk+5+4hsUBp86hEb3xaqkj3a2X3cO1J3erZ2R ScFayjr7aTCuSmdguCsslSSyn/xW+N7f0s/C4JPgnVznfw1/BpNm7gFTfKidGmlx ib4JtrxlwuYwNRbEFsynFHA+hjHa+NyJBHdf+MUyTQ/bzpiEhxL9QXKRDBTAGVMx f44qR07JtFfZjogEXSWt1NP2fJhMsqWyFHJq7n7Kegf+NMPvIOiVJiAKjEQ5j2+6 X+DbBcjRgKr0vNdYeP7dnGK47LPRfX3EE+dTQerawlWunPoHBRkRmDShjxxwlV1F eTf+buj5yFCBPNCAxKsnXi1EN78iPNkTbnWgKutTDup/fKY+1MZbK/FiymMvHes0 77n0HvzVrQIRaqmk6/jPC6o8f7IuZzpmYFnyUha2v0kdX0VcJATV/AzcIIVFJc5X YLdcpRxW7qxIvOAJqpHvxl7Gdj7oYBwvnbnU/2Hl3HWh9Lo4AjfD+KpfT/F+iMiK A4k5geMKtdJk+BLVZYos4qCAZX6VXraTDP2lVWXYzWGP9HKuos19H4V/y/LgJGFe pbQnTWljaGFlbCBNYXJxdWFyZHQgPG1pY2hhZWxfbStwZ3BAbW0uc3Q+iIAEExEI ACgCGwMCHgECF4AFAkxww8QLCwkNCAwHCwoDBAIGFQgKCQsDBRYDAgEAAAoJEMZV VpPatZHnOagBALomn7hramaFsh4W/UfP7dUIXE9BMzgGzHM5rxIkmkSHAP0SAFRV PBjl2xMYWJWIFnzVMX6odojMv6hneChqjhCTCLQbdGhleW1vcyA8dGhleW1vcytw Z3BAbW0uc3Q+iIAEExEIACgCGwMCHgECF4AFAkxww8QLCwkNCAwHCwoDBAIGFQgK CQsDBRYDAgEAAAoJEMZVVpPatZHn4isBAKTwaR9MGR6lKAdS74C+8fgDalbEf4uh 6/mAVFhQYp+GAP9quUjlRyr/po10gTEKStoXOAZ9sRhrb3TlxDRf8C1BWrkCDQRW DgiMEAgAvWIlg2CjBwhtmMgy+RoS6/HeevH0Qnz3PntfWsTqZuw4kNcu/Xk6HCmY clN/Lqy8nn/FTaplKTAJS14J20F16nCv5fpzJKB/5i8HLpNz16xpSSPErn1whsKV /wFCheQ/oFGcJFZvcmauB6iJ3XBvJbAQqF7+mH2ijAHVnwb7V7ANlWyqjbYxPoyb ro69HUoRojh5MTNv/xGLIajjNH8Ckp9J2XUCWtavj4xJEIoWB3i3C/A0NVQuPGS5 1MqvhWaRvbVlrdhqAuNN1culvZpSLu1y+2vLiyLolLn70viuyH/ouoV/NRo4yFpP yA1PXDxk+51petVxXPXbVdqvun9Y0wADBQgAmKTl1iwmUr5ncMIc13Bkj5nzF+w8 11OPZ3P98J7Cos0cIXpqLf8FgDr0xU2oPoq33i59xK0SIrj1TqjiSWC4S5YkJNEm /hgyb+UOk2D2Xm0SKr+2BDMSREEsLhYO1vSi1O0ND1g2QgoQNQ91aMVZ92IX4V8h ++/8smxxcjLkCRc9YrzsRLeuP3PE489n8MzdYbui7vU+RJhKL7mlKKWDKxko3sVH kmy3CBjjyp04KNAGJwpQzY8G3XmK9eRSypc71ST0ziJxFk5+DPEM8IPZGbHvCS0k a2yf8Gp5oaCDkSKxNoAnMKcM7fTkFuekAvRKBGB/u+71anvpRCxKslc1gYh+BBgR CAAmAhsMFiEEXms/O6lhGTxcm0Q1xlVWk9q1kecFAl1bRX0FCQzw13EACgkQxlVW k9q1kedNhgD+Pp0ZBMuN9VUtzuIsS9gp0DiMmehOdCV99SifqH0phWEBAISGZ6Zl bY8GhzbuuorCW/UUPHDODxiuBvHI9+/qFjDx =39Rd -----END PGP PUBLIC KEY BLOCK-----
|
|
|
|
fokinlipat
Jr. Member
Offline
Activity: 189
Merit: 2
|
|
October 04, 2020, 02:32:46 PM |
|
Is only bitcointalk.org domain considered for this or any other also ?
|
|
|
|
JeromeTash
Legendary
Offline
Activity: 2366
Merit: 1268
Heisenberg
|
|
October 05, 2020, 09:26:49 PM |
|
Is only bitcointalk.org domain considered for this or any other also ?
Like it is said in the OP. The security bounties are exclusively for the forum (bitcointalk.org). Why would admin create security bounties for other domains that the forum is not affiliated with? The forum is offering bounties for security vulnerabilities.
|
|
|
|
alpha_wisdom
Newbie
Offline
Activity: 6
Merit: 0
|
|
December 05, 2020, 03:49:52 AM |
|
You should put this bounty into SMF Forum's core also.
|
|
|
|
Rokon5
Newbie
Offline
Activity: 264
Merit: 0
|
|
April 04, 2021, 02:34:58 PM |
|
This is probably the highest security bounty of any forum.I am new here but I know it's security is high for this reason I love bounties.Any one can invest here and can growing their trade because It has good security.
|
|
|
|
bL4nkcode
Copper Member
Legendary
Offline
Activity: 2142
Merit: 1307
Limited in number. Limitless in potential.
|
|
April 04, 2021, 03:21:00 PM |
|
Any one can invest here and can growing their trade because It has good security.
All investments posted here are actually held on other websites, what bitcointalk can only offer is safety and secured forum due to previous hacks/attacks that leaks user's privacy including emails, phone number, locations posted on pm when dealing someone.
|
|
|
|
|