Bitcoin Forum
January 19, 2017, 04:34:46 AM *
News: Latest stable version of Bitcoin Core: 0.13.2  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: « 1 ... 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 [76] 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 ... 263 »
  Print  
Author Topic: SatoshiDICE.com - The World's Most Popular Bitcoin Game  (Read 411649 times)
elux
Legendary
*
Offline Offline

Activity: 1459



View Profile
April 24, 2013, 07:13:48 AM
 #1501

SATOSHDICE.COM (Phishing/malware/domain name squatting?)

A link to Satoshdice [dot] com was submitted to HN today, later nuked:

Is this site legitimate?

https://news.ycombinator.com/item?id=5600184

Quote from: elux
Warning: The linked domain is satoshdice.com, not satoshidice.com
Is this malicious? Did SatoshiDice.com get domain-squatted upon expiration?
(It's not a phishing site, since satoshidice doesn't store any account information.)
-----

FWIW, https://www.virustotal.com/en/#url --> satoshdice.com seems fine.
1484800486
Hero Member
*
Offline Offline

Posts: 1484800486

View Profile Personal Message (Offline)

Ignore
1484800486
Reply with quote  #2

1484800486
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1484800486
Hero Member
*
Offline Offline

Posts: 1484800486

View Profile Personal Message (Offline)

Ignore
1484800486
Reply with quote  #2

1484800486
Report to moderator
1484800486
Hero Member
*
Offline Offline

Posts: 1484800486

View Profile Personal Message (Offline)

Ignore
1484800486
Reply with quote  #2

1484800486
Report to moderator
1484800486
Hero Member
*
Offline Offline

Posts: 1484800486

View Profile Personal Message (Offline)

Ignore
1484800486
Reply with quote  #2

1484800486
Report to moderator
mem
Hero Member
*****
Offline Offline

Activity: 644


Herp Derp PTY LTD


View Profile
April 24, 2013, 07:17:05 AM
 #1502

Erik I welcome you to address your association and business relationship with the racist hate speech organization MPEx.

https://bitcointalk.org/index.php?topic=186041.0

Warning to all clients of SatoshiDice, if you are not of the Anglo Saxon persuasion you may want to think long and hard before giving satoshidice any of your business.
Their business partner regularly makes speeches like this one: http://polimedia.us/trilema/2012/the-nigger-homeowners-and-other-niggers/


Matthew N. Wright
Untrustworthy
Hero Member
*****
Offline Offline

Activity: 588


Hero VIP ultra official trusted super staff puppet


View Profile
April 24, 2013, 07:19:09 AM
 #1503

Erik I welcome you to address your association and business relationship with the racist hate speech organization MPEx.

https://bitcointalk.org/index.php?topic=186041.0

Warning to all clients of SatoshiDice, if you are not of the Anglo Saxon persuasion you may want to think long and hard before giving satoshidice any of your business.
Their business partner regularly makes speeches like this one: http://polimedia.us/trilema/2012/the-nigger-homeowners-and-other-niggers/



Business partner? What made you think they were business partners? Don't they just basically host an IPO the same as GLBSE would?

elux
Legendary
*
Offline Offline

Activity: 1459



View Profile
April 24, 2013, 07:20:03 AM
 #1504

The link to [sic] satoshdice dot com was submitted by HackerNews user "SatoshiDice" https://news.ycombinator.com/user?id=SatoshiDice

user:   SatoshiDice
created:   53 minutes ago
karma:   2
avg:   
about:

evoorhees, is this your account?
mem
Hero Member
*****
Offline Offline

Activity: 644


Herp Derp PTY LTD


View Profile
April 24, 2013, 07:26:40 AM
 #1505

Erik I welcome you to address your association and business relationship with the racist hate speech organization MPEx.

https://bitcointalk.org/index.php?topic=186041.0

Warning to all clients of SatoshiDice, if you are not of the Anglo Saxon persuasion you may want to think long and hard before giving satoshidice any of your business.
Their business partner regularly makes speeches like this one: http://polimedia.us/trilema/2012/the-nigger-homeowners-and-other-niggers/



Business partner? What made you think they were business partners? Don't they just basically host an IPO the same as GLBSE would?

Speaking of bleemishes on the bitcoin landscape......hello Matthew, nice to see you slink back into bitcointalk.org after the refusing to honor your bet. 
Can we expect any more childish tantrums, long winded arrogant posts about you educating idiots (apart from yourself) and threats to take your own life to prove a point ?

elux
Legendary
*
Offline Offline

Activity: 1459



View Profile
April 24, 2013, 07:26:51 AM
 #1506

Compare whois data:

1: http://whois.domaintools.com/satoshdice.com

2: http://whois.domaintools.com/satoshidice.com


Matthew N. Wright
Untrustworthy
Hero Member
*****
Offline Offline

Activity: 588


Hero VIP ultra official trusted super staff puppet


View Profile
April 24, 2013, 07:32:44 AM
 #1507

Speaking of bleemishes on the bitcoin landscape......hello Matthew, nice to see you slink back into bitcointalk.org after the refusing to honor your bet. 
Can we expect any more childish tantrums, long winded arrogant posts about you educating idiots (apart from yourself) and threats to take your own life to prove a point ?


Not sure what a bleemish is, but if you're asking have I learned to not troll people when money is involved, then yes. You must not have seen the numerous threads by myself and theymos regarding me paying every better. Check the link in my signature.

Back on topic: what made you think MPEX were business partners?

mem
Hero Member
*****
Offline Offline

Activity: 644


Herp Derp PTY LTD


View Profile
April 24, 2013, 07:36:10 AM
 #1508

Speaking of bleemishes on the bitcoin landscape......hello Matthew, nice to see you slink back into bitcointalk.org after the refusing to honor your bet. 
Can we expect any more childish tantrums, long winded arrogant posts about you educating idiots (apart from yourself) and threats to take your own life to prove a point ?


Not sure what a bleemish is, but if you're asking have I learned to not troll people when money is involved, then yes. You must not have seen the numerous threads by myself and theymos regarding me paying every better. Check the link in my signature.

Back on topic: what made you think MPEX were business partners?

Still Lying Matthew lol Cheesy
Back on ignore you go, please let me know the next time you have a massive public meltdown and then exit with a massive hissy fit - the last one was fucking hilarious.

Stephen Gornick
Legendary
*
Offline Offline

Activity: 2030



View Profile
April 24, 2013, 07:36:52 AM
 #1509

Happy Birthday, SatoshiDICE!

Launch announcement dated April 24, 2012:
 - http://bitcointalk.org/index.php?topic=77870.0   <--  Though there were wagers beginning April 21st, 2012 it isn't known if those were test wagers or private beta, or what.

Zaih
Hero Member
*****
Offline Offline

Activity: 504


View Profile
April 24, 2013, 08:44:55 AM
 #1510

Happy birthday big guys
GCInc.
Hero Member
*****
Offline Offline

Activity: 566


View Profile WWW
April 24, 2013, 12:23:04 PM
 #1511

Congrats. It's stunning how much can happen in one year (read: how much profit you can make) in the bitcoin world!

elux
Legendary
*
Offline Offline

Activity: 1459



View Profile
April 24, 2013, 01:17:18 PM
 #1512

The link to [sic] satoshdice dot com was submitted by HackerNews user "SatoshiDice" https://news.ycombinator.com/user?id=SatoshiDice

user:   SatoshiDice
created:   53 minutes ago
karma:   2
avg:   
about:

evoorhees, is this your account?

wget -r "http://satoshdice [do not visit] com"

Returns some really interesting js, in addition to the standard SD assets.

For example:

Code:
<script style="display: none;" id="hiddenlpsubmitdiv"></script>
<script>try{for(var lastpass_iter=0; lastpass_iter < document.forms.length; lastpass_iter++)
{ var lastpass_f = document.forms[lastpass_iter]; if(typeof(lastpass_f.lpsubmitorig2)=="undefined")
{ lastpass_f.lpsubmitorig2 = lastpass_f.submit; lastpass_f.submit = function(){ var form=this; var customEvent = document.createEvent("Event");
customEvent.initEvent("lpCustomEvent", true, true); var d = document.getElementById("hiddenlpsubmitdiv");
for(var i = 0; i < document.forms.length; i++){ if(document.forms[i]==form){ d.innerText=i; } }
d.dispatchEvent(customEvent); form.lpsubmitorig2(); } } }}catch(e){}</script>

http://en.wikipedia.org/wiki/Lastpass

(Meanwhile, the guy from Hacker News has deleted his account.) Obviously, you should not visit the site!

nebulus
Hero Member
*****
Offline Offline

Activity: 490


... it only gets better...


View Profile
April 24, 2013, 02:15:36 PM
 #1513

Happy Birthday, SatoshiDICE!

Launch announcement dated April 24, 2012:
 - http://bitcointalk.org/index.php?topic=77870.0   <--  Though there were wagers beginning April 21st, 2012 it isn't known if those were test wagers or private beta, or what.

+ 1

elux
Legendary
*
Offline Offline

Activity: 1459



View Profile
April 24, 2013, 02:30:07 PM
 #1514

DOM XSS exploit employed by Satoshdice:

http://blog.mindedsecurity.com/2012/11/dom-xss-on-google-plus-one-button.html

Quote
starting from: jsh=m;/_/apps-static/_/js/gapi/....

becomes "https://apis.google.com/_/apps-static/_/js/gapi/..../cb=gapi.loaded_0" and l[q] is the replace function :

Code:
function W(){
...
531 a = v.XMLHttpRequest,
532 l = l[q](/^https?:\/\/[^\/]+\//, "/"),
533 m = new a;
534 m.open("GET", l, f)
...
}
So on line 532 https://apis.google.com/ is removed and 'l' becomes:

"/_/apps-static/_/js/gapi/..../cb=gapi.loaded_0"

The reason why there is execution is that the response is evaluated using the following code:

Code:
B=function(a,b,c){v.execScript?v.execScript(b,"JavaScript"):c?a.eval(b):
 (a=a.document,c=a.createElement("script"),c.defer=i,
 c.appendChild(a.createTextNode(b)...

And whaddaya know, this seems to be exploited in a weirdly named file, satoshdice[ dot ]com/cb=gapi.loaded_0

Code:
...bad js omitted...



Identitying the identity thief:

Quote from: satoshdice.com/fastbutton.html
<script>var gapi=window.gapi=window.gapi||{};(function() { Math.random();var f=function(c,b){var e=c.match(RegExp(".*(\\?|#|&)"+b+"=([^&#]+)"))||[];return decodeURIComponent(e[e.length-1]||"")},p=function(c,b){function e(a){if(!a.match(/^https?\:\/\//))return"";var b=k.createElement("a");b.href=a;b.pathname=b.search=b.hash="";return b.href.replace(/\/\??\#?$/,"")}function l(){a.parent.postMessage(a.JSON.stringify(d),m||"*");d.s=n+"/"+g+":"+n+":"+d.s;d.g=!1;b&&(d.a=b.slice(1));a.parent.postMessage("!_"+a.JSON.stringify(d),m||"*")}var a=window,k=a.document;if(a.postMessage&&
a.JSON&&a.JSON.stringify&&a!=a.parent){var g=a.name,h=a.location.href,m=e(f(h,"parent")),n=f(h,"pfname"),d={s:c,f:g,r:g,t:f(h,"rpctoken"),a:b||[""],g:"ping"};k.all?a.setTimeout(l,0):l()}},q=function(c,b){p("widget-csi-tick-"+window.name,[c,null,b])},r=function(c){var b=window;return"1"===f(c||b.location.href,"useGapi")};window.gapi.inline=window.gapi.inline||{ping:p,tick:q,shouldUseGapi:r}; })();
</script></head><body class="g-rba-Dh-kQa " marginwidth="0" marginheight="0" style="zoom: 1;"><div id="root"><script type="text/javascript">window.__SSR = {c: 125.0 ,si:1,su:1,e:'brandoncowen@gmail.com',dn:'Brandon Cowen',a:'bubble',at:'AEIZW7T+bkaU4hFtHtCS7snSvYxDQMcjd7EnprcqUem11jOZf+d18o0QydlM8cuHPKCbMYMV0GzlSvWr08E5s6avbCVyVh6K81S0Tq1J924OGHBrcpkPhec\x3d',ld:[,[2,125,[]
,1,106]
]
,r:'http:\/\/satoshidice.com\/',s:'widget',annd: 2.0 ,bp: {}, id:'http:\/\/satoshidice.com\/'}; document.addEventListener && document.addEventListener('DOMContentLoaded', function () {gapi.inline.tick('wdc', new Date().getTime());}, false);</script><div id="plusone" dir="ltr" class="Bg"><span id="widget_bounds"><table cellpadding="0" cellspacing="0"><tbody><tr><td><div class="ZRa"><span id="button" class="hAa ah Bg" title="" role="button" tabindex="0" aria-label="Click here to publicly +1 this as Brandon Cowen (brandoncowen@gmail.com)." aria-pressed="false"><div class="YIa"></div></span></div></td><td><div class="vC"><table cellpadding="0" cellspacing="0"><tbody><tr><td><div class="eX"></div></td><td><div class="U1"><div id="aggregateCount" class="V1">125</div></div></td><td><div class="fX"></div></td></tr></tbody></table>

Ooops, looks like Brandon forgot something.



Next, compare the whois data:

Quote

One point for using a bitcoin-registrar. Tongue

Quote
Domain name: brandoncowen.com

Administrative Contact:
   BncApplications
    Cees (bnc321123@gmail.com)
   +1.905434
   Fax: +1.5555555555
   4748 Sideway Court
   Toronto, S L8N 6Y2
   CA

Technical Contact:
   BncApplications
   Brandon Cees (bnc321123@gmail.com)
   +1.905434
   Fax: +1.5555555555
   4748 Sideway Court
   Toronto, S L8N 6Y2
   CA

Finally, googling "bnc321123@gmail.com + bitcoin" yields ONE hit:

Quote
Lookup, WHOIS express bypassthe.net - Network Tools

network-tools.com/default.asp?prog=express&host=bypassthe.netGetSomeCoin.com
- An introduction to the Bitcoin Internet currency system based ....
CA Administrative Contact: BncApplications Cees (bnc321123@gmail.com) ...

Quote
LinkedIn: http://ca.linkedin.com/pub/brandon-cowen/37/5a8/bb3

Brandon Cowen's Skills & Expertise:

JavaScript | jQuery  | C#  | AJAX  | XML  | PHP  | MySQL

evoorhees, please contact Namecheap, Cloudflare to get the site shut down and blacklisted ASAP.

evoorhees
Legendary
*
Offline Offline

Activity: 994


Democracy is the original 51% attack


View Profile
April 25, 2013, 06:05:57 PM
 #1515

Thank you very much elux. So sick of scammers in this world!!

SD's engineer is on this, and we're contacting the hosts to get this scam site removed asap.  I really appreciate you bringing it to our attention.
Zaih
Hero Member
*****
Offline Offline

Activity: 504


View Profile
April 25, 2013, 06:36:15 PM
 #1516

Ohh thought you were accusing of the real SD site of having that haha. Was expecting shit to hit the fan.
freedomno1
Legendary
*
Offline Offline

Activity: 1120


Activity: 9001 == OP


View Profile WWW
April 26, 2013, 04:17:52 AM
 #1517

Your not getting away Happy Belated Birthday Satoshi Dice Smiley

evoorhees
Legendary
*
Offline Offline

Activity: 994


Democracy is the original 51% attack


View Profile
April 26, 2013, 12:45:07 PM
 #1518

Thank you guys for the happy birthday wishes Smiley  What a crazy year. Bitcoin has become a fucking freight train.
owenprescott
Sr. Member
****
Offline Offline

Activity: 378



View Profile
April 26, 2013, 12:48:09 PM
 #1519

I am 0.2BTC up on Satoshidice after my second bet, I am going to quick while I am ahead.  Grin
evoorhees
Legendary
*
Offline Offline

Activity: 994


Democracy is the original 51% attack


View Profile
May 08, 2013, 04:30:04 PM
 #1520

FYI - SD is down temporary for an upgrade. Should be back live within an hour. All bets will processes normally but may be stuck until the system is back so please be patient (no bets will get lost or messed up).

Thanks!
Pages: « 1 ... 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 [76] 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 ... 263 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!