a nice guy (OP)
Newbie
 Offline
Activity: 27
Merit: 0
|
 |
April 06, 2012, 02:41:11 PM
Last edit: April 21, 2012, 10:15:25 AM by a nice guy |
|
Hello, I would like to announce that I now offer my knowledge as part of an audit-service. Some things about me: I love security and I love to exploit it. I've been a web-developer for many, many years and I always was interested in security. In the past weeks I've reported numerous vulnerabilities to various Bitcoin related websites. If you want to me audit your site, please contact me at: http://img4me.com/Wez3.png Every vulnerability that I find will not be disclosed to anyone but you. kind regards, a nice guy |
|
|
|
|
|
|
|
Every time a block is mined, a certain amount of BTC (called the
subsidy) is created out of thin air and given to the miner. The
subsidy halves every four years and will reach 0 in about 130 years.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
Blind
|
 |
April 06, 2012, 07:44:30 PM |
|
Out of curiosity, how much do you charge for pen testing?
|
Government is not the solution to our problem. Government is the problem. -- Ronald Reagan
|
|
|
a nice guy (OP)
Newbie
Offline
Activity: 27
Merit: 0
|
|
April 06, 2012, 08:47:53 PM |
|
Hey Blind,
it depends on the size of the site.
I had in mind getting something upfront and a "bounty" for every vulnearbility.
kind regards,
a nice guy
|
|
|
|
|
bccasino
Donator
Full Member
Offline
Activity: 199
Merit: 100
YOU WIN . WE PAY
|
|
April 15, 2012, 09:27:46 PM |
|
hi
just a quick note to let you know that we used OP expertise and are very happy abut the result of the audit and the possible vulnerabilities that were put to light and fixed by OP.
i only can recommend this service to any one that care about their customers privacy.
thanks
|
REASONS TO PLAY @ BC-CASINO.comBEST CASINO SOFTWARE - PLAYER ANONYMITY - SAFE AND SECURE |
|
|
Xenland
Legendary
Offline
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
|
|
April 16, 2012, 01:11:40 AM |
|
Ive noticed that no security scanner will detect ajax vulnerabilites, is this ajax vulnerabilites apart of your services?
|
|
|
|
|
a nice guy (OP)
Newbie
Offline
Activity: 27
Merit: 0
|
|
April 16, 2012, 05:17:55 PM |
|
Hello Xenland,
I will search for ajax-vulnerabilities too.
kind regards,
a nice guy
|
|
|
|
|
Xenland
Legendary
Offline
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
|
|
April 17, 2012, 04:43:46 AM |
|
Hello Xenland,
I will search for ajax-vulnerabilities too.
kind regards,
a nice guy
Excellent, excellent, I'll be contacting you before the end of the month in that case. |
|
|
|
|
highlevelminer
Newbie
Offline
Activity: 42
Merit: 0
|
|
April 18, 2012, 11:38:39 PM |
|
Nice! I plan on getting into the networking security sector myself so anyone interested in any tidbits on network security feel free to ask. I can offer semi-professional advice  |
|
|
|
|
a nice guy (OP)
Newbie
Offline
Activity: 27
Merit: 0
|
|
April 19, 2012, 06:42:40 AM |
|
Hello highlevelminer,
I don't mean to be rude, but could you please use your own thread?!
kind regards,
a nice guy
|
|
|
|
|
highlevelminer
Newbie
Offline
Activity: 42
Merit: 0
|
|
April 19, 2012, 06:54:39 AM |
|
Not a problem.
|
|
|
|
|
a nice guy (OP)
Newbie
Offline
Activity: 27
Merit: 0
|
|
April 21, 2012, 10:16:35 AM |
|
Hello, I just want to inform you, that my email-address has changed. It's now http://img4me.com/Wez3.png. kind regards, a nice guy |
|
|
|
|
Retard
Prime Minister
VIP
Sr. Member
Offline
Activity: 448
Merit: 252
|
|
June 01, 2012, 10:02:37 PM |
|
Nice service , has a reported a little error.
|
|
|
|
|
BitcoinOPX
Member
Offline
Activity: 112
Merit: 10
|
|
July 29, 2012, 11:56:55 PM |
|
Good service!
|
|
|
|
|
mistfpga
Member
Offline
Activity: 86
Merit: 13
|
|
July 30, 2012, 07:58:52 AM |
|
Hi, I have a couple of quick questions, Would you please advise to what standards you audit against. What accreditation will I receive upon successful audit, and from what body? Which body has licensed you to give this accreditation? How long do you have left before you need to reapply for a licence? Do you do CREST and CHECK audits too? How about OWASP? which guidelines do you use? This thread might help? https://bitcointalk.org/index.php?topic=93118.0 |
|
|
|
|
davout
Legendary
Offline
Activity: 1372
Merit: 1007
1davout
|
|
July 30, 2012, 08:07:29 AM |
|
Hello, I would like to announce that I now offer my knowledge as part of an audit-service. Some things about me: I love security and I love to exploit it. I've been a web-developer for many, many years and I always was interested in security. In the past weeks I've reported numerous vulnerabilities to various Bitcoin related websites. If you want to me audit your site, please contact me at:  Every vulnerability that I find will not be disclosed to anyone but you. kind regards, a nice guy Interesting, any references ? |
|
|
|
|
NRF
|
|
July 30, 2012, 08:32:05 AM |
|
Are you able to do ISO/IEC 27001 accreditation?
I would love to find someone that can for Bitcoin's. It would have a good chance to sway my employers (the board mainly) into getting more involved in crypto currency's.
The clients that we do software for regularly move considerable amounts of digital currency across boarders (legally). It is part of the reason that I am doing more research into the subject of bitcoin's and its ilk.
|
|
|
|
|
mistfpga
Member
Offline
Activity: 86
Merit: 13
|
|
July 30, 2012, 10:07:44 AM |
|
In the past weeks I've reported numerous vulnerabilities to various Bitcoin related websites.
Just noticed this... Did these various bitcoin websites ask you to pentest their site for them? or did you just decide to poke around at their server and see what happend? I really hope it is not the latter... that would make me sad... and it would mean that you didnt get your get out of jail free card signed before you 'helped' them out. If it is the former, keep up the good work |
|
|
|
|
a nice guy (OP)
Newbie
Offline
Activity: 27
Merit: 0
|
|
July 30, 2012, 06:55:41 PM |
|
Hello,
to clarify a few things: I am not a professional, nor will I reveal my identity.
Some of you might think that I am a script kiddo or something in that direction,
but I can assure you that I am not.
These audits/pentestings are for my further personal education and to help
the bitcoin-community.
I have written a ton of PHP-Code in the past years and I know where possible vulnerabilities
may exist.
When pentesting a site I use the site as it was intended to and get some knowledge about the
style the site was developed in, which can be very useful.
After I have done that, I poke a little bit around look for inconsistencies or weird results and try to
figure out if there are actual exploits.
Basically, I cover the whole OWASP top 10.
I did pentest some sites where the owner didn't asked me to do it.
I am fully aware of the risks and potential consequences, that's the reason I am using tor.
thank you all for you interest
kind regards,
a nice guy
|
|
|
|
|
|
