FastSlots (OP)
|
|
April 09, 2015, 02:40:04 PM |
|
Hey! any eta when your website is fixed ? But well, good i didn't deposit more , hope so this website will be safer after this issue.
It's hard to say atm cause we are still working on a fix. The one thing that is for sure is that FastSlots will be more secure when this is over. We are working with a great group of smart people on this... You do not need to worry about your deposit. If you like I can send it to an address of your liking. Just email me at henry@fastslots.co.
|
|
|
|
Nowi
|
|
April 09, 2015, 05:21:35 PM |
|
Ok Ilost everything, again but its really fun so maybe if I get rich I will try it again.
|
|
|
|
GrandmaJean
|
|
April 09, 2015, 05:49:28 PM |
|
Ok Ilost everything, again but its really fun so maybe if I get rich I will try it again. how did you manage to loose everything if they are fixing the site? thats just impossible
|
|
|
|
yakuza699
|
|
April 10, 2015, 01:23:32 PM |
|
Ok Ilost everything, again but its really fun so maybe if I get rich I will try it again. how did you manage to loose everything if they are fixing the site? thats just impossible That above your post is a perfect example of a paid to post signature campaign noob.They should get banned for a few days minimum.For example I am advertising Bitdice for over 3 weeks for free and don't ask a penny for that.I in past only advertised sites to get some testing coins I knew that I gonna need some coins on testing and I knew I gonna post anyways.Now that I have more than enough coins for testing I advertise them for free since I like their signature.
|
|
|
|
FastSlots (OP)
|
|
April 10, 2015, 08:11:49 PM |
|
Hi guys, We finally know what happened during the hack and can now start fixing things. I cannot disclose many details, all I can say is that the attacker was able to predict server secrets which allowed him to rake in huge wins. We have learned a lot from this incident and the result will be that FastSlots will be more secure than ever. We've worked with a group of trusted bitcointalk users to scrutinize FastSlots' security. The result is that we know much more precisely what our weak points are and are able to address these accordingly. We really like to think of FastSlots as an organism: every time we survive and attack that makes us stronger. We will get back online in a few days. As mentioned previously, just send me an email ( henry@fastslots.co) if you'd like to withdraw your balance. Henry
|
|
|
|
yoloer808
Full Member
Offline
Activity: 288
Merit: 113
Web dev for hire
|
|
April 11, 2015, 04:31:58 PM |
|
Holy s***, Im so sorry this happened man. I've been loosely following your site from the beginning and I thought it was pretty solid... I hope you indeed have enough money to continue running the site, I cant imagine losing 5 btc...
Im glad that you found the problem and are fixing it, hope to see the site up soon. Keep up the great work!
|
|
|
|
FastSlots (OP)
|
|
April 11, 2015, 10:45:40 PM |
|
Holy s***, Im so sorry this happened man. I've been loosely following your site from the beginning and I thought it was pretty solid... I hope you indeed have enough money to continue running the site, I cant imagine losing 5 btc...
Im glad that you found the problem and are fixing it, hope to see the site up soon. Keep up the great work!
Thanks mate appreciate your support. Actually our system is pretty solid. We've had it tested by several talented hackers that could not break anything. However we did have a small vulnerability. With respect to security that's basically just as bad as having no security at all (at least it can cost the same amount of money...). Nonetheless this is a wakeup call for us to double down on security even more and to rethink all aspects of our system. Once we get this done, FastSlots will be even more secure. It's still hard to estimate when exactly we will be back. I have the tendency to be too optimistic in my estimates, but I really hope it will not take more than a few days. If anyone would like to withdraw just email me ( henry@fastslots.co). My purchase of additional coins has now cleared so that I will be able to payout all deposits immediately.
|
|
|
|
yoloer808
Full Member
Offline
Activity: 288
Merit: 113
Web dev for hire
|
|
April 12, 2015, 01:41:08 PM |
|
Holy s***, Im so sorry this happened man. I've been loosely following your site from the beginning and I thought it was pretty solid... I hope you indeed have enough money to continue running the site, I cant imagine losing 5 btc...
Im glad that you found the problem and are fixing it, hope to see the site up soon. Keep up the great work!
Thanks mate appreciate your support. Actually our system is pretty solid. We've had it tested by several talented hackers that could not break anything. However we did have a small vulnerability. With respect to security that's basically just as bad as having no security at all (at least it can cost the same amount of money...). Nonetheless this is a wakeup call for us to double down on security even more and to rethink all aspects of our system. Once we get this done, FastSlots will be even more secure. It's still hard to estimate when exactly we will be back. I have the tendency to be too optimistic in my estimates, but I really hope it will not take more than a few days. If anyone would like to withdraw just email me ( henry@fastslots.co). My purchase of additional coins has now cleared so that I will be able to payout all deposits immediately. such a pity that bitcoin is associated with these kind of people. I am really skeptical about introducing my friends to it because of all the scams.. If you have time, would you mind outlining how exactly he hacked you? (of course after you patch things up)... I think it could be an interesting read, as well as a warning for other sites...
|
|
|
|
FastSlots (OP)
|
|
April 13, 2015, 10:25:58 PM |
|
Sorry for my late reply. Was unsure how to answer your second question (see below) such a pity that bitcoin is associated with these kind of people. I am really skeptical about introducing my friends to it because of all the scams..
I think you should not be. I think consumers are pretty safe these days (at least they are much more than a few years ago). What annoys me most about this incident is that hackers keep the barrier to entry into the gambling world high. Operators need to waste a lot of time and money on security instead of implementing games. This is one of the reasons why building an online casino is hard. If opening an online casino was as easy as writing and online game I'd bet that gambling would be way more awesome (and way more fair for that matter). If you have time, would you mind outlining how exactly he hacked you? (of course after you patch things up)... I think it could be an interesting read, as well as a warning for other sites...
I have though about your question for a bit but have not come to a final conclusion as to how much info to share. I do not want to put too many details out there that might put us in jeopardy in the future. I can however point to resources that people setting up bitcoin casinos might find useful. They are all related to server security as that is what we are focussed on atm. There is a great article on how to get a baseline level of security for a web server. Everybody who want's to get into the bitcoin game as an operator should follow these instructions from day one: https://www.linode.com/docs/security/securing-your-serverThe rest of your security will depend on your application and your level of paranoia. The best in depth resource on server security that I could find on the web is the "Securing Debian Howto". https://www.debian.org/doc/manuals/securing-debian-howto/index.en.htmlWill not share more info atm but might in the future. If anyone knows security related resources that will help us and other operators build more secure casinos, feel free to post them here.
|
|
|
|
CryptoMrM
|
|
April 13, 2015, 11:37:38 PM |
|
Sorry to hear about what happened to you guys.
Best of luck with everything!
|
|
|
|
joter85
|
|
April 16, 2015, 01:48:58 PM |
|
Did you check server seeds if they were the same on all bets? All random functions that run on today computers are calculated based on time. So if two procedures trigger random generator at the same time, you can get duplicate server seeds.... that could be potential risk. We solved it with table that stores all used server seeds, so they are always unique. Random generator just isn't good in this case. Just idea, maybe it helps.
|
|
|
|
Havelivi
|
|
April 16, 2015, 02:00:39 PM |
|
hello admin any time frame when you will get back online, it taking to much to get back the things right, any update about the current situation what is going on there?
|
|
|
|
joter85
|
|
April 16, 2015, 02:04:18 PM |
|
hello admin any time frame when you will get back online, it taking to much to get back the things right, any update about the current situation what is going on there?
They surely won't start it until they have found security problem. And that is not so easy in online casino case.
|
|
|
|
FastSlots (OP)
|
|
April 16, 2015, 02:06:12 PM |
|
Did you check server seeds if they were the same on all bets? All random functions that run on today computers are calculated based on time. So if two procedures trigger random generator at the same time, you can get duplicate server seeds.... that could be potential risk. We solved it with table that stores all used server seeds, so they are always unique. Random generator just isn't good in this case. Just idea, maybe it helps.
Hi joter85, thanks for your input. In the case of this hack this was not the case though. We have detailed logs that show that the server secret was different on each bet. But it is also apparent that the attacker could predict the next server secret, most likely because he had access to the db. hello admin any time frame when you will get back online, it taking to much to get back the things right, any update about the current situation what is going on there?
Basically the problem was about the security of our server and not a problem with our application code. We are currently setting the server back up with all sorts of security measures in place. We will test things thoroughly and will be back most likely in a day or two, but worst case at the beginning of next week. I really do not want to rush this just to get hacked again. Sorry to hear about what happened to you guys.
Best of luck with everything!
Thanks mate :-)
|
|
|
|
joter85
|
|
April 16, 2015, 02:13:19 PM |
|
Hi joter85, thanks for your input. In the case of this hack this was not the case though. We have detailed logs that show that the server secret was different on each bet. But it is also apparent that the attacker could predict the next server secret, most likely because he had access to the db. I see. That is totally different level of problem Do you run your own server or do you have site hosted at third party provider?
|
|
|
|
FastSlots (OP)
|
|
April 16, 2015, 02:16:23 PM |
|
Hi joter85, thanks for your input. In the case of this hack this was not the case though. We have detailed logs that show that the server secret was different on each bet. But it is also apparent that the attacker could predict the next server secret, most likely because he had access to the db. I see. That is totally different level of problem Do you run your own server or do you have site hosted at third party provider? We run our own server. I just noticed that you run http://crypto-games.net. It's a great site! Would love to exchange thought on security with you. Will send you a pm in a bit.
|
|
|
|
joter85
|
|
April 16, 2015, 02:19:20 PM |
|
Hi joter85, thanks for your input. In the case of this hack this was not the case though. We have detailed logs that show that the server secret was different on each bet. But it is also apparent that the attacker could predict the next server secret, most likely because he had access to the db. I see. That is totally different level of problem Do you run your own server or do you have site hosted at third party provider? We run our own server. I just noticed that you run http://crypto-games.net. It's a great site! Would love to exchange thought on security with you. Will send you a pm in a bit. Sure, why not!
|
|
|
|
yoloer808
Full Member
Offline
Activity: 288
Merit: 113
Web dev for hire
|
|
April 18, 2015, 06:51:21 AM |
|
Basically the problem was about the security of our server and not a problem with our application code. We are currently setting the server back up with all sorts of security measures in place. We will test things thoroughly and will be back most likely in a day or two, but worst case at the beginning of next week. I really do not want to rush this just to get hacked again.
good to hear you are on track to reopen again. Just a word of advice: you've been hacked, people may be skeptical of your solvency / ability to pay out winnings and therefore be wary of depositing. It would be a good idea to sign a message with your wallet proving that you are in possession of a bankroll to actually pay out winners. keep your chin up and keep doing what your doing, looking forward to the reopening!
|
|
|
|
FastSlots (OP)
|
|
April 18, 2015, 10:07:10 AM |
|
Basically the problem was about the security of our server and not a problem with our application code. We are currently setting the server back up with all sorts of security measures in place. We will test things thoroughly and will be back most likely in a day or two, but worst case at the beginning of next week. I really do not want to rush this just to get hacked again.
good to hear you are on track to reopen again. Just a word of advice: you've been hacked, people may be skeptical of your solvency / ability to pay out winnings and therefore be wary of depositing. It would be a good idea to sign a message with your wallet proving that you are in possession of a bankroll to actually pay out winners. keep your chin up and keep doing what your doing, looking forward to the reopening! Great point yoloer808. Will actually do that right now: I just signed our new hot wallet which currently holds 5.468 BTC. Address: 1FCEXDW4Em8qVbfNbGcMttFxGmLty7amFG Message: FastSlots Main Wallet - we will be back!Signature: H0iDQlgfXCdtSvO8A8N3yim4/bl7gmxv4n5I/9ueC7ogQmC4B29GGPEGClW/E0j9WpLmed8PBY9BRBBoj6yJf4Y= To verify just head over to https://brainwallet.github.io/#verify, click on Bitcoin-QT, and insert the above.
|
|
|
|
amiryaqot
Legendary
Offline
Activity: 1050
Merit: 1000
|
|
April 18, 2015, 10:20:31 AM |
|
That is great news to hear you are back and now open again for betting, will play there with some amount just waiting for it.
|
|
|
|
|