Bitcoin Forum
December 05, 2016, 08:40:56 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Service: security audits  (Read 2468 times)
a nice guy
Newbie
*
Offline Offline

Activity: 27


View Profile
April 06, 2012, 02:41:11 PM
 #1

Hello,
 
I would like to announce that I now offer my knowledge as part of an audit-service.
 
Some things about me:
I love security and I love to exploit it.
I've been a web-developer for many, many years and I always was interested in security.
In the past weeks I've reported numerous vulnerabilities to various Bitcoin related websites.
 
If you want to me audit your site, please contact me at:
http://img4me.com/Wez3.png
 
Every vulnerability that I find will not be disclosed to anyone but you.
 
kind regards,
a nice guy

1PqBH6NWFBhbVF7Srw5ZYGtmLcya1aaw9g
security audits (http://bitcointalk.org/index.php?topic=75684)
pgp: 0x77DA3A9A @ pgp.mit.edu (http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x83F5BD9E77DA3A9A)
1480927256
Hero Member
*
Offline Offline

Posts: 1480927256

View Profile Personal Message (Offline)

Ignore
1480927256
Reply with quote  #2

1480927256
Report to moderator
1480927256
Hero Member
*
Offline Offline

Posts: 1480927256

View Profile Personal Message (Offline)

Ignore
1480927256
Reply with quote  #2

1480927256
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480927256
Hero Member
*
Offline Offline

Posts: 1480927256

View Profile Personal Message (Offline)

Ignore
1480927256
Reply with quote  #2

1480927256
Report to moderator
1480927256
Hero Member
*
Offline Offline

Posts: 1480927256

View Profile Personal Message (Offline)

Ignore
1480927256
Reply with quote  #2

1480927256
Report to moderator
1480927256
Hero Member
*
Offline Offline

Posts: 1480927256

View Profile Personal Message (Offline)

Ignore
1480927256
Reply with quote  #2

1480927256
Report to moderator
Blind
Full Member
***
Offline Offline

Activity: 235



View Profile
April 06, 2012, 07:44:30 PM
 #2

Out of curiosity, how much do you charge for pen testing?

Government is not the solution to our problem. Government is the problem. -- Ronald Reagan
a nice guy
Newbie
*
Offline Offline

Activity: 27


View Profile
April 06, 2012, 08:47:53 PM
 #3

Hey Blind,

it depends on the size of the site.
I had in mind getting something upfront and a "bounty" for every vulnearbility.

kind regards,
a nice guy

1PqBH6NWFBhbVF7Srw5ZYGtmLcya1aaw9g
security audits (http://bitcointalk.org/index.php?topic=75684)
pgp: 0x77DA3A9A @ pgp.mit.edu (http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x83F5BD9E77DA3A9A)
bccasino
Donator
Full Member
*
Offline Offline

Activity: 199


YOU WIN . WE PAY


View Profile WWW
April 15, 2012, 09:27:46 PM
 #4

hi

just a quick note to let you know that we used OP expertise and are very happy abut the result of the audit and the possible vulnerabilities that were put to light and fixed by OP.

i only can recommend this service to any one that care about their customers privacy.

thanks


 

REASONS TO PLAY @ BC-CASINO.com

BEST CASINO SOFTWARE - PLAYER ANONYMITY - SAFE AND SECURE
Xenland
Legendary
*
Offline Offline

Activity: 980


I'm not just any shaman, I'm a Sha256man


View Profile
April 16, 2012, 01:11:40 AM
 #5

Ive noticed that no security scanner will detect ajax vulnerabilites, is this ajax vulnerabilites apart of your services?
a nice guy
Newbie
*
Offline Offline

Activity: 27


View Profile
April 16, 2012, 05:17:55 PM
 #6

Hello Xenland,

I will search for ajax-vulnerabilities too.

kind regards,
a nice guy

1PqBH6NWFBhbVF7Srw5ZYGtmLcya1aaw9g
security audits (http://bitcointalk.org/index.php?topic=75684)
pgp: 0x77DA3A9A @ pgp.mit.edu (http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x83F5BD9E77DA3A9A)
Xenland
Legendary
*
Offline Offline

Activity: 980


I'm not just any shaman, I'm a Sha256man


View Profile
April 17, 2012, 04:43:46 AM
 #7

Hello Xenland,

I will search for ajax-vulnerabilities too.

kind regards,
a nice guy

Excellent, excellent, I'll be contacting you before the end of the month in that case.
highlevelminer
Jr. Member
*
Offline Offline

Activity: 42



View Profile
April 18, 2012, 11:38:39 PM
 #8

Nice!

I plan on getting into the networking security sector myself so anyone interested in any tidbits on network security feel free to ask.

I can offer semi-professional advice

Smiley

PM or email for Deathbylollipop Youtube Ads

Also be sure to check out our company business agenda vlog

Donations for bitcoin support and advertisements always welcome:

1GsaRJFGqCSFQ97NfaQ9KiMFXMur3bwxk
a nice guy
Newbie
*
Offline Offline

Activity: 27


View Profile
April 19, 2012, 06:42:40 AM
 #9

Hello highlevelminer,

I don't mean to be rude, but could you please use your own thread?!


kind regards,
a nice guy

1PqBH6NWFBhbVF7Srw5ZYGtmLcya1aaw9g
security audits (http://bitcointalk.org/index.php?topic=75684)
pgp: 0x77DA3A9A @ pgp.mit.edu (http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x83F5BD9E77DA3A9A)
highlevelminer
Jr. Member
*
Offline Offline

Activity: 42



View Profile
April 19, 2012, 06:54:39 AM
 #10

Not a problem.

PM or email for Deathbylollipop Youtube Ads

Also be sure to check out our company business agenda vlog

Donations for bitcoin support and advertisements always welcome:

1GsaRJFGqCSFQ97NfaQ9KiMFXMur3bwxk
a nice guy
Newbie
*
Offline Offline

Activity: 27


View Profile
April 21, 2012, 10:16:35 AM
 #11

Hello,

I just want to inform you, that my email-address has changed.
It's now http://img4me.com/Wez3.png.


kind regards,
a nice guy

1PqBH6NWFBhbVF7Srw5ZYGtmLcya1aaw9g
security audits (http://bitcointalk.org/index.php?topic=75684)
pgp: 0x77DA3A9A @ pgp.mit.edu (http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x83F5BD9E77DA3A9A)
Retard
Prime Minister
VIP
Sr. Member
*
Offline Offline

Activity: 448


View Profile
June 01, 2012, 10:02:37 PM
 #12

Nice service , has a reported a little error.
BitcoinOPX
Member
**
Offline Offline

Activity: 112


View Profile
July 29, 2012, 11:56:55 PM
 #13

Good service!
mistfpga
Member
**
Offline Offline

Activity: 84


View Profile
July 30, 2012, 07:58:52 AM
 #14

Hi,

I have a couple of quick questions,

Would you please advise to what standards you audit against.

What accreditation will I receive upon successful audit, and from what body? Which body has licensed you to give this accreditation? How long do you have left before you need to reapply for a licence?

Do you do CREST and CHECK audits too? How about OWASP? which guidelines do you use?

This thread might help?

https://bitcointalk.org/index.php?topic=93118.0
davout
Legendary
*
Offline Offline

Activity: 1358


1davout


View Profile WWW
July 30, 2012, 08:07:29 AM
 #15

Hello,
 
I would like to announce that I now offer my knowledge as part of an audit-service.
 
Some things about me:
I love security and I love to exploit it.
I've been a web-developer for many, many years and I always was interested in security.
In the past weeks I've reported numerous vulnerabilities to various Bitcoin related websites.
 
If you want to me audit your site, please contact me at:

 
Every vulnerability that I find will not be disclosed to anyone but you.
 
kind regards,
a nice guy

Interesting, any references ?

NRF
Member
**
Offline Offline

Activity: 105



View Profile
July 30, 2012, 08:32:05 AM
 #16

Are you able to do ISO/IEC 27001 accreditation?

I would love to find someone that can for Bitcoin's.  It would have a good chance to sway my employers (the board mainly) into getting more involved in crypto currency's. 

The clients that we do software for regularly move considerable amounts of digital currency across boarders (legally).  It is part of the reason that I am doing more research into the subject of bitcoin's and its ilk.
mistfpga
Member
**
Offline Offline

Activity: 84


View Profile
July 30, 2012, 10:07:44 AM
 #17

In the past weeks I've reported numerous vulnerabilities to various Bitcoin related websites.

Just noticed this... Did these various bitcoin websites ask you to pentest their site for them? or did you just decide to poke around at their server and see what happend?

I really hope it is not the latter... that would make me sad... and it would mean that you didnt get your get out of jail free card signed before you 'helped' them out.

If it is the former, keep up the good work Smiley
a nice guy
Newbie
*
Offline Offline

Activity: 27


View Profile
July 30, 2012, 06:55:41 PM
 #18

Hello,

to clarify a few things: I am not a professional, nor will I reveal my identity.

Some of you might think that I am a script kiddo or something in that direction,
but I can assure you that I am not.

These audits/pentestings are for my further personal education and to help
the bitcoin-community.
I have written a ton of PHP-Code in the past years and I know where possible vulnerabilities
may exist.
When pentesting a site I use the site as it was intended to and get some knowledge about the
style the site was developed in, which can be very useful.
After I have done that, I poke a little bit around look for inconsistencies or weird results and try to
figure out if there are actual exploits.
Basically, I cover the whole OWASP top 10.


I did pentest some sites where the owner didn't asked me to do it.
I am fully aware of the risks and potential consequences, that's the reason I am using tor.


thank you all for you interest

kind regards,
a nice guy
 


1PqBH6NWFBhbVF7Srw5ZYGtmLcya1aaw9g
security audits (http://bitcointalk.org/index.php?topic=75684)
pgp: 0x77DA3A9A @ pgp.mit.edu (http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x83F5BD9E77DA3A9A)
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!