Bitcoin Forum
December 05, 2016, 12:51:47 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 [27] 28 29 30 31 »
  Print  
Author Topic: bitscalper anyone use this ? [PASSWORDS LEAKED]  (Read 38300 times)
Zoiner
Member
**
Offline Offline

Activity: 74



View Profile
February 18, 2012, 09:57:44 PM
 #521

Thank you, I hadn't realised that.  Doesn't it make things a little difficult tracking what has happened if someone else quotes you?

https://vircurex.com/welcome/index?referral_id=648-281
The QR code in my picture is not me but a worthwhile software.
LWwhT53CdLsSaenoMy2AqhwsxL5MMFmwWY
1480899107
Hero Member
*
Offline Offline

Posts: 1480899107

View Profile Personal Message (Offline)

Ignore
1480899107
Reply with quote  #2

1480899107
Report to moderator
1480899107
Hero Member
*
Offline Offline

Posts: 1480899107

View Profile Personal Message (Offline)

Ignore
1480899107
Reply with quote  #2

1480899107
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480899107
Hero Member
*
Offline Offline

Posts: 1480899107

View Profile Personal Message (Offline)

Ignore
1480899107
Reply with quote  #2

1480899107
Report to moderator
1480899107
Hero Member
*
Offline Offline

Posts: 1480899107

View Profile Personal Message (Offline)

Ignore
1480899107
Reply with quote  #2

1480899107
Report to moderator
mav
Full Member
***
Offline Offline

Activity: 168


View Profile
February 18, 2012, 10:03:11 PM
 #522

i do believe this is highly negligible and criminal what theymos has tried to do.

I think you mean bitscalper is highly negligible, not theymos...
Negligence is a failure to exercise the care that a reasonably prudent person would exercise in like circumstances.

Sounds to me like bitscalper putting themselves in a position to have their passwords leaks matches that definition a lot better than someone who actually accesses those passwords.

I have said it in the past, and will say it again, do not support people who can't or won't design a secure system. They are holding your MONEY ffs, this is not acceptable. It doesn't matter if you only put in a tiny amount, even though the risk to you personally is small, the risk to the perception of bitcoin community and the formation of a stereotype of 'the kinds of people that use it' is simply too high to be worth the tiny returns you will get.
Zoiner
Member
**
Offline Offline

Activity: 74



View Profile
February 18, 2012, 10:07:06 PM
 #523

Sorry, but I misunderstood the gist of your complaint.

However, while I have sympathy for the site owner he should have really made it secure and if, as it seems, he was not damaged then that is fine.

If someone has managed to get a list of logon information and passwords from another site and attempt to break in then it is a good sign that they failed.  But if people do re-use their passwords and not have unique ones for each site there is little even the best legitimate site owner can do.

https://vircurex.com/welcome/index?referral_id=648-281
The QR code in my picture is not me but a worthwhile software.
LWwhT53CdLsSaenoMy2AqhwsxL5MMFmwWY
Zoiner
Member
**
Offline Offline

Activity: 74



View Profile
February 18, 2012, 10:13:32 PM
 #524

I know I am being a pain but

Negligible:  means very small eg. the probability of a rare event might be thought negligible and we need not consider it worthy of consideration.

Negligence: means  a failure, usually an omission, to have a system in place to protect people.

In this case bitscalper would be negligent if he allowed usernames and passwords out.

If another site lets out usernames and passwords it is that site at fault.

https://vircurex.com/welcome/index?referral_id=648-281
The QR code in my picture is not me but a worthwhile software.
LWwhT53CdLsSaenoMy2AqhwsxL5MMFmwWY
mav
Full Member
***
Offline Offline

Activity: 168


View Profile
February 18, 2012, 10:23:02 PM
 #525

I know I am being a pain but

Negligible:  means very small eg. the probability of a rare event might be thought negligible and we need not consider it worthy of consideration.

Negligence: means  a failure, usually an omission, to have a system in place to protect people.

In this case bitscalper would be negligent if he allowed usernames and passwords out.

If another site lets out usernames and passwords it is that site at fault.

Point taken, negligible vs negligence, however I still say having passwords leaked is not negligible for exactly the same reason I stated before - this kind of attitude to providing services surrounding bticoin is extremely unprofessional and it undermines bitcoin as a whole, not just the site itself. If your consider your password 'negligible' then I have no more argument to make, but I am fairly sure the majority of people do not consider the security of their passwords to be negligible.

And as for the section quoted in bold, I'm pretty sure bitscalper DID allow usernames and passwords out.

edit: and to address theymos' actions being negligible, I think that comparing 'the passwords being vulnerable but nobody knowing' vs 'the passwords being vulnerable and everybody knowing' is also hardly negligible. It is true that this gives bitscalper the opportunity to fix their broken site, but if they're 'away for ten days' then... really... I just don't feel there's any need to say any more. This is not negligible in any way whatosever from any party involved.
stochastic
Hero Member
*****
Offline Offline

Activity: 532


View Profile
February 18, 2012, 10:43:41 PM
 #526

i do believe this is highly negligible and criminal what theymos has tried to do.
Huh
what did he do

Theymos pointed every scammer on the internet to bitscalper.


This can be taken as proof.
We are just checking that everything is in order, funds appear safe. We had hundreds of hack attempts those last days and we need to make sure there was no security breach at all and remove the bogus requests before filling withdrawals.

this is text book definition criminal negligence, this kind of action by an admin of bitcointalk should not be allowed to stand.

Lets say a reporter said on TV to not buy cars at a car dealership because they the cars they sold all used the exact same key.  Then a bunch of scammers went to the dealership because they heard the report and tried to steal the cars.  The fault lies with the car dealership not the reporter for being negligent in not knowing how to secure a car lock.

Introducing constraints to the economy only serves to limit what can be economical.
Zoiner
Member
**
Offline Offline

Activity: 74



View Profile
February 18, 2012, 10:58:17 PM
 #527

We seem to be in regime of shoot the messenger here!

Anyone who has such knowledge has to make a judgement call:

1. to quietly notify the site to get it fixed

or

2. To tell everyone so that they can change passwords ASAP and/or get their funds out.

or

3. Do both.


Which you do depends on your view of the site and how it will react to the message. 

Is it a scam vs not a scam. 

If it is a scam and you alert the owner who legs it, everyone else will be pissed.

If it isn't a scam and you alert everyone else the site may be badly damaged or killed.

We can all be wise after the event but that does not make Theymos's judgement call negligent.



https://vircurex.com/welcome/index?referral_id=648-281
The QR code in my picture is not me but a worthwhile software.
LWwhT53CdLsSaenoMy2AqhwsxL5MMFmwWY
theymos
Administrator
Legendary
*
Online Online

Activity: 2492


View Profile
February 18, 2012, 11:09:14 PM
 #528

As far as I know the site still hasn't paid anyone, so it looks like I was right and it was a scam.

The nature of the vulnerability made me especially suspicious. All login attempts were being logged to a text file at http://bitscalper.com/p/app/log . It's possible that Bitscalper was intentionally logging passwords, and this was the only way he knew how to do it with his CMS.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
kronosvl
Full Member
***
Offline Offline

Activity: 134


View Profile
February 18, 2012, 11:20:40 PM
 #529

This password fiasco remembers me of some emails exchange I had with their support on 13 January:

bitscalper:
Dear User,

We apologize but your password was changed because of a technical problem to the database. Your password is now : ******
Feel free to change it by logging in into your account.

me:

I changed the password to the old one and now I can't login with either of the 2
can you change the password again but with a stronger one?

bitscalper: Try now with ***** and try again to change it yourself. I think you did not set the one you had before. The hash looked differently!

me:

the ****** worked and changed it again to the old one
I'm 100% that was the correct one this time and I have the same problem
pls change it again and send me the new pass.

My guess is that you are not sanitizing the input field or something like that
I guess I will have to use a normal password with only alphanumeric characters


bitscalper:

Strange, the input is automatically hashed and saved in the db. We'll look into that. I'll change your password now.


In the end everything was ok.

So they had some problems with the passwords on 13 January
They also say that they are hashing the passwords

Donations are accepted @: 19Uk8zVhdgfrRo5Z6wH9yghWxZUtdiNtX9
OTC: http://bitcoin-otc.com/viewgpg.php?nick=kronosvl
Zoiner
Member
**
Offline Offline

Activity: 74



View Profile
February 19, 2012, 10:26:49 AM
 #530

Update:
Set up withdrawal on Sat 18th.
Sun 19th Feb still "Processing".

(Changed password with no difficulty Sunday)
Monday No response can't log in
Tuesday No response can't log in; withdrawals still "processing"
Probability this is a scam approaches 99%.

https://vircurex.com/welcome/index?referral_id=648-281
The QR code in my picture is not me but a worthwhile software.
LWwhT53CdLsSaenoMy2AqhwsxL5MMFmwWY
Nachtwind
Hero Member
*****
Offline Offline

Activity: 700



View Profile
February 19, 2012, 11:34:52 AM
 #531

Well.. following this thread is interestering..

I was very convinced this whole thing was nothing but a big scam.. still i am but less than before. IF it was a scam, why "coming back to life" when they had a good reason to run off with the money? Currently i just think that they work on the most obvious duplication bug(s) and hence wont allow withdrawals.. but hey.. it could be just a big scam afterall ,0)
Matthew N. Wright
Untrustworthy
Hero Member
*****
Offline Offline

Activity: 588


Hero VIP ultra official trusted super staff puppet


View Profile
February 19, 2012, 11:55:20 AM
 #532

Whether Bitscalper is a blatant ponzi, or just another MyBitcoin scam is besides the point--- the owner wants to remain 100% anonymous at all costs, did not backup any wallets or site code, does not understand security, constantly brags about who he knows and what he can do and yet falls short of even the mildest of expectations. This site should not be avoided because "someone didn't get paid out", it should be avoided because anonymous services that hold your money are a bad idea. For all you know, this site is Atlas's.

stochastic
Hero Member
*****
Offline Offline

Activity: 532


View Profile
February 19, 2012, 12:31:58 PM
 #533

Can we get a "SCAMMER" tag on bitscalper for not giving all their depositors money back?

and....

A big "IDIOT" tag on the people that gave money to bitscalper and complain they were scammed?

Introducing constraints to the economy only serves to limit what can be economical.
3phase
Sr. Member
****
Offline Offline

Activity: 313


Third score


View Profile
February 19, 2012, 02:13:59 PM
 #534


A big "IDIOT" tag on the people that gave money to bitscalper and complain they were scammed?

If there was such a tag for every victim of every bitcoins scam, the board would be full of these. Quite discouraging, to say the least.

Fiat no more.
Δοκιμάστε το http://multibit.org - Bitcoin client τώρα και στα Ελληνικά
Joric
Member
**
Offline Offline

Activity: 67


View Profile
February 19, 2012, 04:07:12 PM
 #535

A big "IDIOT" tag on the people that gave money to bitscalper and complain they were scammed?
And a bigger tag for those who didn't earn on it back then when it was bringing 2% a day.

1JoricCBkW8C5m7QUZMwoRz9rBCM6ZSy96
tacotime
Legendary
*
Offline Offline

Activity: 1484



View Profile
February 19, 2012, 04:33:32 PM
 #536

WELP, looks like I'm never gonna get my money back

Code:
XMR: 44GBHzv6ZyQdJkjqZje6KLZ3xSyN1hBSFAnLP6EAqJtCRVzMzZmeXTC2AHKDS9aEDTRKmo6a6o9r9j86pYfhCWDkKjbtcns
str4wm4n
Legendary
*
Offline Offline

Activity: 1280


View Profile
February 19, 2012, 06:42:51 PM
 #537

STAY FAR AWAY FROM THIS  SHIT!
BTCurious
Hero Member
*****
Offline Offline

Activity: 714


^SEM img of Si wafer edge, scanned 2012-3-12.


View Profile
February 19, 2012, 07:01:34 PM
 #538

STAY FAR AWAY FROM THIS  SHIT!
Bit late for that, isn't it?

hoo
Member
**
Offline Offline

Activity: 89


View Profile WWW
February 19, 2012, 07:17:22 PM
 #539

As far as I know the site still hasn't paid anyone, so it looks like I was right and it was a scam.

The nature of the vulnerability made me especially suspicious. All login attempts were being logged to a text file at http://bitscalper.com/p/app/log . It's possible that Bitscalper was intentionally logging passwords, and this was the only way he knew how to do it with his CMS.


You need to put a scammer tag on your account.


bitcoin, 2nd most popular currency used by criminals.
bitcoin, 2nd most popular currency used by criminals.
bitcoin, 2nd most popular currency used by criminals.
bitcoin, 2nd most popular currency used by criminals.
bitcoin, 2nd most popular currency used by criminals.
The probability that you too are a criminal, is very high.
marked
Full Member
***
Offline Offline

Activity: 168



View Profile
February 19, 2012, 08:00:23 PM
 #540

For all you know, this site is Atlas's.

what?


marked
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 [27] 28 29 30 31 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!