|
artw1982 (OP)
|
 |
January 26, 2014, 10:55:54 PM |
|
Oh my goodness. I thought it was scam site when I first saw the post. But I have learned and tested that it's 100000% insecure.
You log into your wallet with your "password". I thought that was ok at first. Then I logged onto 2 of my Windows VPS with different IP addreses and typed my password in. And Bam, there's my account.
What's this mean? It means your wallets and more importantly your Bitcoins are at risk! HIGH RISK.
All someone has to do is type your password in, on purpose or accident and they have your Bitcoins.
A simple brute force could clean this site out in a day or less.
PLEASE DO NOT USE THIS SITE
|
|
|
|
|
|
|
|
|
|
|
|
If you see garbage posts (off-topic, trolling, spam, no point, etc.), use the "report to moderator" links. All reports are investigated, though you will rarely be contacted about your reports.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
Bitcoin-Banker
Newbie
 Offline
Activity: 10
Merit: 0
|
|
January 26, 2014, 11:10:12 PM |
|
is normal when you type your password you will be loged in your account - i think you are a bit idiotic, all bitcoin wallet need a password please try bruteforce a password - you will see what happens  |
|
|
|
|
|
artw1982 (OP)
|
|
January 26, 2014, 11:12:38 PM |
|
There are no usernames or wallet identifies. That means if my password is "mypassword" and then Jon Doe comes along and wants to open a wallet and chooses "mypassword" then he will have access to my account.
|
|
|
|
|
|
artw1982 (OP)
|
|
January 26, 2014, 11:14:39 PM |
|
Please, everyone test this by entering my password : doodledo
You'll get:
1BkV5QQSHmCNtx3d69ZoydxaYcuNVPmHUr 0.00
1Dcgwiij9DSJ5LPJv2qFCwiaAo4BMkZxEk 0.00
1MxMxjoT45M7BDk924fKRgsdYnrGU3sr7T 0.00
18G4BKz53k6aHct3k74vspsfbFiaaZ5g4z 0.00
1G2CxF42qYh5YzE9Nm6SMVfTY6cP1f9pHa 0.00
1NpqoMF1E6AunkxC8gLXXgjoctghZ9Kq6e 0.00
17DvJrAFD8pQ1JVxfNgyde8A4eYhKtZeeL 0.00
1C6G378De9sptT7dFFVQypJE5qRZ4bNyVp 0.00
1DQaFGuefrA8GFq6GfDMB6yFPVzyvxqgYA 0.00
1N3NhBQUDe2YMbGJeSAC6kCtTD4ZMkNoy5
This means that if more then 1 person in the world uses the same password your Bitcoins are NOT safe.
|
|
|
|
|
Bitcoin-Banker
Newbie
Offline
Activity: 10
Merit: 0
|
|
January 26, 2014, 11:17:58 PM |
|
you really are a idiotic member - with your password nobody can open other new wallet (1 password cand be used only 1 time) - i think is normal that your password open your wallet
"We recommend you to use a complex password because it's more secure than a simple password" - sorry, but i think i waste my time with you
|
|
|
|
|
|
artw1982 (OP)
|
|
January 26, 2014, 11:22:53 PM |
|
You are the idiotic user. Haha.
Lets say i use "iloveyou"
Then John Doe comes and logs in with iloveyou...then he has my wallet...You don't get it, but I expect you not to.
|
|
|
|
|
|
RGBKey
|
|
January 26, 2014, 11:27:44 PM |
|
You are the idiotic user. Haha.
Lets say i use "iloveyou"
Then John Doe comes and logs in with iloveyou...then he has my wallet...You don't get it, but I expect you not to.
Don't be stupid. This is how deterministic wallets work. Not that i'm defending this website, but in a wallet where the bitcoin keys are derived from the password, of course you're going to get the same ones. |
|
|
|
|
|
artw1982 (OP)
|
|
January 26, 2014, 11:31:26 PM |
|
He should be using a USERNAME / PASSWORD combo! His current method allows anyone to gain access to active wallets by accidentally typing in YOUR password by means of they use the same password, or by hackers throwing a 5gb dictionary at it. It's 100% suseptical to a brute-force since it only relies on a password.
This site is 100% insecure. Bottom line.
|
|
|
|
|
stonerdyke
Member
Offline
Activity: 105
Merit: 10
|
|
January 27, 2014, 12:07:06 AM |
|
Please, everyone test this by entering my password : doodledo
You'll get:
1BkV5QQSHmCNtx3d69ZoydxaYcuNVPmHUr 0.00
1Dcgwiij9DSJ5LPJv2qFCwiaAo4BMkZxEk 0.00
1MxMxjoT45M7BDk924fKRgsdYnrGU3sr7T 0.00
18G4BKz53k6aHct3k74vspsfbFiaaZ5g4z 0.00
1G2CxF42qYh5YzE9Nm6SMVfTY6cP1f9pHa 0.00
1NpqoMF1E6AunkxC8gLXXgjoctghZ9Kq6e 0.00
17DvJrAFD8pQ1JVxfNgyde8A4eYhKtZeeL 0.00
1C6G378De9sptT7dFFVQypJE5qRZ4bNyVp 0.00
1DQaFGuefrA8GFq6GfDMB6yFPVzyvxqgYA 0.00
1N3NhBQUDe2YMbGJeSAC6kCtTD4ZMkNoy5
This means that if more then 1 person in the world uses the same password your Bitcoins are NOT safe.
I just tried... Yeah, do not use this site! Not safe at all |
|
|
|
|
Mivexil
Member
Offline
Activity: 112
Merit: 10
|
|
January 27, 2014, 12:48:11 AM |
|
How's that different from having, for example, a private key? Using password only is okay as long as this password is strong enough. Say, 64 random characters would be pretty much unbreakable anyway.
|
|
|
|
|
|
artw1982 (OP)
|
|
January 27, 2014, 12:50:45 AM |
|
I understand what you're saying. But honestly, who uses passwords like that? Not everyone. People like to use word based passwords so they can remember them.
The site could change it's password policy to require 1 upper-case and 1 special character and it would increase security greatly. Right now, I still feel it's very very insecure.
|
|
|
|
|
BitChrisUK
Newbie
Offline
Activity: 58
Merit: 0
|
|
February 01, 2014, 09:13:57 PM |
|
How are they able to make money to provide a payout?
|
|
|
|
|
|
joesmoe2012
|
|
February 01, 2014, 09:48:30 PM |
|
How's that different from having, for example, a private key? Using password only is okay as long as this password is strong enough. Say, 64 random characters would be pretty much unbreakable anyway.
Its not. |
|
|
|
Mivexil
Member
Offline
Activity: 112
Merit: 10
|
|
February 03, 2014, 01:21:26 AM |
|
How are they able to make money to provide a payout?
Daytrading, probably. I sure wish this site wasn't a scam, 0.5% daily payout would be pretty amazing considering compound interest. |
|
|
|
|
|
