rated

[error]

I've found plenty of bugs, but my guess is you'll introduce the security flaws later.

[1714901633]

1714901633

[1714901633]

1714901633

[nimda]

Who was it who cried wolf about Bitcoinica? Would you call them "rita repulsa?"

There comes a point when you are obviously wrong and you just like to keep on going with it. For fuck sakes nimda, what is your point, exactly?

My point is that you should get your cert signed.

Hmm... I notice that unlike me, you are only taking select pieces of my post out of context to reply to them. I'd prefer if you did what I do and reply to the whole message. Wasn't it you who accused me of "ignoring what people say?"

That's right, you have a rep for ignoring what people say and justifying your own behavior and ideas.

If you say so. I hope you'll notice, however, that instead of ignoring what you're saying, I am splitting up the quote and responding to every last bit of it.

HTTPS does not even prevent man in the middle attacks; this was shown years ago and you still drone on about it.

HTTPS is certainly useful, however. It makes attacks more difficult and mitigates many threats.

Get a yubikey and go away.

Honestly, this is a little off-topic, but a yubikey is not much more secure than 2-factor auth with a cellphone, and I already own a cellphone. Coinbase does this correctly.

If hotwallet becomes popular I'll spend the bitcoin it takes to buy a certificate.

I hope that end-users are smart enough to not make hotwallet popular without a cert.

But for now, please just stop being annoying.

I'll try.

A public sign means jack shit.

Yeah, that's why Google, MtGox, Microsoft, Bitcointalk.org don't have public signs either, because they're useless. Oh, wait...

I might as well post the public key right here. If you trust that I am usagi then you would have to trust the public key I post. I could sign it with my GPG. Then what would you say?

It's better than nothing, but it probably won't help traffic to your site very much. A big, red warning is a turnoff for the non-technical.

As for not signing Theymos's public key, who cares? When you said that you sounded like a nitpicking idiot.

It was an example. I'm not signing theymos' public key, and I'm certainly not signing Hotwallet's. Especially given that I consider theymos more trustworthy than Hotwallet.

You wanna talk security? There are dozens of people trying to crack hotwallet right now, not flapping their lips queefing on a forum just talking about it. I've had over 50 SSL injection attacks in the last 3 days on the login page alone. What's the point of getting an independently certified SSL certificate if you can be hacked in some other way or of there's some other gaping security flaw? I loved it when you said that you were wondering what other security holes there were. Yeah I can imagine. All you do is wonder. Like the guy that said he doesn't see any evidence that it's secure. Well frankly I'm not surprised.

I'll come back to this last bit; I g2g.

If you can't point out an actual security flaw, please just stop posting on this thread. In fact please delete your posts so far. You've pretty much ruined it already.
[/quote]
Dozens? That's impressive. How many dozen?
No, I will not delete my posts. Especially given the fact that you've only quoted parts of them.

[SysRun]

what's your business model?

[bitcoinbear]

Hello! I'd like to make a quick announcement.

We're reaching 100 users!

So to keep the system open, accounts with zero balance which have not logged in for 3 days will be deleted. Please log in to your account or make a new one if you wish to keep using the hotwallet beta!

Right now Devil Coins are up and running and there are many exciting things in store. So check it out!

https://199.48.69.241/hotwallet/devicoin.php

Chat soon~

Serena

I think deleting any accounts at this point is a bad idea, you have not yet even included all the most essential functionality. Does it even require any extra resources to have a couple unused (yet) accounts open?

What if an account has a zero balance, but an address from it has already been sent out, then when that person gets paid the money is gone?

[phantastisch]

a free yubikey?

[nimda]

Lol, at least they're better than Fox

[casascius]

update on the ssl issue;

I've decided not to buy one unless I can get it for $5/yr or cheaper.

http://www.techrepublic.com/blog/security/are-self-signed-certificates-safer/3388?tag=btxcsim

SSL CA's are a scam, and using them actually makes me vulnerable to MITM attacks. Fuck that.

I knew I was right. My experience comes from using the stuff, not from reading biased articles on CNN like Nimda.

If $5 is the make-or-break point, one really ought to question whether your solution is viable.  If you are looking to start a real business venture, then getting EV SSL should be a no-brainer and should solve a good chunk of the problem you call a scam.

Nevertheless, you can get one for well under $5/yr at http://cert.startcom.org/

[556j]

ssl is pretty much useless, funny you are getting slammed for that opinion. says more about the people shitting on you then yourself though no worries. This coming from the guy that tries to shit you on any oppurtunity I get 


http://convergence.io/ for real security

[phantastisch]

Finally a Domain !

May I now suggest that i get so see an new default page after i took the tremendous effort in logging into the doghouse.
One of my Wallets would suffice if you need something to begin with.

[RandomQ]

 Even if you use lastpass with a yubikey, hackers can get in with a keylogger or Lastpass can get hacked. Hotwallet can use your yubikey to log you in directly AND encrypt your password with a secure cipher like MARS or RC6. Hackers can't touch that!
*note: hot wallet is currently in alpha. max of 100 users. please do not deposit large amounts of coins until we're out of beta.

I'm a little confused by your logic, Your saying if you use lastpass with a yubikey hackers can get your passwords. But on the next line your saying Hotwallet can use your yubikey to secure your account.

Last time I checked Yubikey creates one time use passwords, when the button is pressed on it. So the same password from the yubikey shouldn't work if its been keylogged because its already been used.

LastPass stores your passwords with PBKDF2 using SHA-256 on the server with a 256-bit salt utilizing 100,000 rounds. Sure lastpass can get hacked but if you use a SECURE password that has never been cracked on any published Password lists then your passwords are safe. Passwords lists are now multi-million long now, so if you think Year1992 is a secure password your in for a big surprise because the last list I saw I think 5k people used it lol.