Bitcoin Forum
November 05, 2024, 06:39:27 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Warning: One or more bitcointalk.org users have reported that they strongly believe that the creator of this topic is a scammer. (Login to see the detailed trust ratings.) While the bitcointalk.org administration does not verify such claims, you should proceed with extreme caution.
Pages: « 1 2 3 [4] 5 »  All
  Print  
Author Topic: OFFICIAL DICEBITCO.IN ANNOUNCEMENT ABOUT THE SKIPPED NONCES INCIDENT  (Read 5511 times)
This is a self-moderated topic. If you do not want to be moderated by the person who started this topic, create a new topic.
DiceBitcoin (OP)
Member
**
Offline Offline

Activity: 84
Merit: 10


View Profile WWW
September 22, 2014, 01:42:46 PM
 #61

There is one aspect of that story that's still bothering me (well there is more than one TBH, but I'm trying to pretend now that it's true). They said the the rogue employee "had to chose manually which player to ‘cheat’". How did he do that if he didn't have access to the production database? Some kind of a backdoor in the UI? All we've seen was two or three lines of code that don't really explain much. I think at the very least DB should have published the whole commit. This is one of those things that would have gone a long way towards credibility.

Good point.

The three line screenshot didn't really show anything. Could we see the whole diff he submitted? The condition for when to apply the nonce-skip would be interesting. I too wonder how the rogue employee was able to chose manually which players to cheat when he didn't have access to the db.

To answer your question there was no backdoor on the UI. Besides the "main" website we also have an application in place that we use to do simple day-to-day operations (such as reseting users password, process manual withdraws etc), an 'admin' application if you like.

In this application the are only stuff that anyone can view (no secret stuff lying around) and do. One of those is that one could view / edit a JSON field on the user that we use primarily for storing meta information (for you techies take a look here: http://www.postgresql.org/docs/9.4/static/datatype-json.html) such as last-login, how much time he is active etc, nothing important. He used this schemaless column to store the data he wanted in order to persist the conditions that when met the skipping happened.

Doog, as for the diff I will post it later Smiley


Here is the diff for the malicious code commit, for what it's worth http://pastebin.com/anXZmNM6

DiceBitco.in| Be The Bank | Dice as it should be !
Joecker
Newbie
*
Offline Offline

Activity: 48
Merit: 0


View Profile
September 22, 2014, 03:32:08 PM
 #62

AHAHAHAHHA MaNteoL was LEGIT !!!

Can't wait to see BR go poof tomorrow! Only this time someone will finally have the guts of tracking your sorry ass down in a shithole, say like Israel, Ukraine or Russia. (no offense to the nice people of these countries).

MantL I am just begging to be bashed by you, nothing would please me more than you wasting time for me =)
Joecker
Newbie
*
Offline Offline

Activity: 48
Merit: 0


View Profile
September 22, 2014, 03:36:17 PM
Last edit: September 22, 2014, 03:56:14 PM by Joecker
 #63

(...) his previous lucky run (...)
Epic


edit: ManLoL, you'll get my FULL trust when 1000btc land here. You've set a new standard for assuming how people can be stupid. So I'm not ashamed at all to beg ;P
dooglus
Legendary
*
Offline Offline

Activity: 2940
Merit: 1333



View Profile
September 22, 2014, 04:15:23 PM
 #64

Here is the diff for the malicious code commit, for what it's worth http://pastebin.com/anXZmNM6

Thanks. I'm surprised how small it is. All it does it changes a couple of <title> tags and adds the cheat code. I was thinking the cheat code would be buried deep among a bunch of complex unrelated changes but apparently not.

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
MICRO
Legendary
*
Offline Offline

Activity: 2464
Merit: 1037


CEO @ Stake.com and Primedice.com


View Profile WWW
September 22, 2014, 04:29:05 PM
 #65

Here is the diff for the malicious code commit, for what it's worth http://pastebin.com/anXZmNM6

Thanks. I'm surprised how small it is. All it does it changes a couple of <title> tags and adds the cheat code. I was thinking the cheat code would be buried deep among a bunch of complex unrelated changes but apparently not.

This way  it was rly hard to miss it. (or NOT) .

Or the question is , why would u hide ur own code ?

      ▄▄████████▄▄
   ▄████████████████▄
 ▄█████▀▀       ▀▀████     ████                  ████
▄████▀            ████    ████▌                 ▐████
█████           ▄████▀   ▐████                  ████▌    ▄▄
█████           ▀▀▀▀    ▄█████████▀            ▐████   ▄███▀
 █████▄           ▄▄███████████▀▀   ▄▄▄▄       ████  ▄███▀
   ▀█████▄▄       ▀████▀████▀     ▄████▀███   ▐███████▀▀        ▄▄▄▄
      ▀███████▄        ▐████    ▄████  ▐██▌   ███████        ▄███▀ ██▌
         ▀▀██████▄▄    ████    ▄███▀   ███   ▐███▌███      ▄███▀  ▄██▌
    ▄▄▄▄     ▀▀█████  ▐████    ████   ▄███   ████ ▐███    ▐████▄▄███▀
  █████▀▀      ▀████▌ ▐████▄▄██████▄▄█████▄▄█████  ▀███   ████
 ████▀          ████▌  ▀████▀▀  ▀████▀  ▀██▀ ███▀   ▀███  ▀████▄▄▄▄██
████▌          █████        ▄▄▄▄   ▄▄▄▄▄▄  ▄ ▄▄ ▄ ▄▄ ▀███   ▀▀████▀▀
████▄       ▄▄████▀       ▄█▀   ▀ ▄█▀  ▀█▄ ██▀▀██▀▀██▀███▄▄      ▄▄██
 ██████████████▀▀  ▄███▄  ██▄     ██▄  ▄██ ██  ██  ██   ▀▀█████████▀▀
   ▀██████▀▀▀      ▀███▀   ▀████▀  ▀████▀  ██  ██  ██



▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█  ▄▀▄             █▀▀▐▀▄▄
█  █▀█             █  ▐  ▐▌
█       ▄██▄       █  ▌  █
█     ▄██████▄     █  ▌ ▐▌
█    ██████████    █ ▐  █
█   ▐██████████▌   █ ▐ ▐▌
█    ▀▀██████▀▀    █ ▌ █
█     ▄▄▄██▄▄▄     █ ▌▐▌
█                  █▐ █
█                  █▐▐▌
█                  █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█
▄▄█████████▄▄
▄█▀▀▀█████████▀▀▀█▄
▄█▀    ▄▀█████▀     ▀█▄
▄█▄    █        ▀▄   ███▄
▄████▀▀▀▀▄       ▄▀▀▀▀▀███▄
████      ▀▄▄▄▄▄▀       ███
███     ▄▄███████▄▄     ▄▀█
█  ▀▄ ▄▀ ▀███████▀ ▀▄ ▄▀  █
▀█   █     ▀███▀     ▀▄  █▀
▀█▄▄█▄      █        █▄█▀
▀█████▄ ▄▀▀ ▀▀▄▄ ▄▄███▀
▀█████        ████▀
▀▀█▄▄▄▄▄▄▄█▀▀



● OVER 1000 GAMES
● DAILY RACES AND BONUSES
● RAKEBACK & VIP RANKS
● 24/7 LIVE SUPPORT
Martijnvdc
Sr. Member
****
Offline Offline

Activity: 322
Merit: 250


View Profile
September 22, 2014, 07:12:38 PM
 #66

Here is the diff for the malicious code commit, for what it's worth http://pastebin.com/anXZmNM6
So basically, the commit was blindly accepted? Seems quite irresponsible...
Where's my refund?
jaysabi
Legendary
*
Offline Offline

Activity: 2044
Merit: 1115


★777Coin.com★ Fun BTC Casino!


View Profile
September 22, 2014, 07:16:54 PM
 #67

Here is the diff for the malicious code commit, for what it's worth http://pastebin.com/anXZmNM6
So basically, the commit was blindly accepted? Seems quite irresponsible...
Where's my refund?

He's always maintained the commit was blindly accepted. The only question to my mind is if this whole 3rd developer thing is concocted or true. Manl's refusal to name the developer is troubling, especially since if he exists, he attempted to steal coins from the players Manl promised to treat fairly by running his site. Protecting this guy (if he exists) does not make you a trustworthy individual.

boumalo
Legendary
*
Offline Offline

Activity: 1918
Merit: 1018


View Profile WWW
September 22, 2014, 07:56:09 PM
 #68

I wasn't implying that was the case with JD, obviously there is a chance of that being the case although I personally lean against that belief. That's how ridiculous these types of investments are, you're a trustworthy person but we ultimately have to take you at your word for 10k-20k coins. Even you'd agree that level of trust is ridiculous, now imagine doing the same with someone completely brand new in the community who has a proven scam record.

lol, 'I wasn't implying that with JD, but I'm still totally implying that with JD.'

You don't even realize what you're saying.

Also, I agree with the post directly above this. You're abusing the trust system by leaving negative trust based on your suspicion on an issue that doesn't even concern you. Your motivations have been made clear here, and everywhere else you post. You continue to bash JD in a passive-aggressive manner, even though you say you're not implying certain things while continuing to imply them in the same sentence. You bash ever other site or site owner that is competition, and even if every single one of them is a legit point, your paranoia has led you to abuse the trust system to preemptively trash people who you think might start a competing site in the future.

Dude, get a hold of yourself. You're not being an asset to the community when you act this way.

When Stunna talked about the potential of investment sites to sc.am thought he was implying it may be the case for JD

But Stunna's post is true : when you are talking about the possibility for someone to sca.m under the radar and on internet on a 20k figure, there is always a risk

MICRO
Legendary
*
Offline Offline

Activity: 2464
Merit: 1037


CEO @ Stake.com and Primedice.com


View Profile WWW
September 22, 2014, 07:59:29 PM
 #69

I wasn't implying that was the case with JD, obviously there is a chance of that being the case although I personally lean against that belief. That's how ridiculous these types of investments are, you're a trustworthy person but we ultimately have to take you at your word for 10k-20k coins. Even you'd agree that level of trust is ridiculous, now imagine doing the same with someone completely brand new in the community who has a proven scam record.

lol, 'I wasn't implying that with JD, but I'm still totally implying that with JD.'

You don't even realize what you're saying.

Also, I agree with the post directly above this. You're abusing the trust system by leaving negative trust based on your suspicion on an issue that doesn't even concern you. Your motivations have been made clear here, and everywhere else you post. You continue to bash JD in a passive-aggressive manner, even though you say you're not implying certain things while continuing to imply them in the same sentence. You bash ever other site or site owner that is competition, and even if every single one of them is a legit point, your paranoia has led you to abuse the trust system to preemptively trash people who you think might start a competing site in the future.

Dude, get a hold of yourself. You're not being an asset to the community when you act this way.

When Stunna talked about the potential of investment sites to sc.am thought he was implying it may be the case for JD

But Stunna's post is true : when you are talking about the possibility for someone to sca.m under the radar and on internet on a 20k figure, there is always a risk

Or maybe EveryDice.

 I never saw him say anything about justdice scamming like that .

      ▄▄████████▄▄
   ▄████████████████▄
 ▄█████▀▀       ▀▀████     ████                  ████
▄████▀            ████    ████▌                 ▐████
█████           ▄████▀   ▐████                  ████▌    ▄▄
█████           ▀▀▀▀    ▄█████████▀            ▐████   ▄███▀
 █████▄           ▄▄███████████▀▀   ▄▄▄▄       ████  ▄███▀
   ▀█████▄▄       ▀████▀████▀     ▄████▀███   ▐███████▀▀        ▄▄▄▄
      ▀███████▄        ▐████    ▄████  ▐██▌   ███████        ▄███▀ ██▌
         ▀▀██████▄▄    ████    ▄███▀   ███   ▐███▌███      ▄███▀  ▄██▌
    ▄▄▄▄     ▀▀█████  ▐████    ████   ▄███   ████ ▐███    ▐████▄▄███▀
  █████▀▀      ▀████▌ ▐████▄▄██████▄▄█████▄▄█████  ▀███   ████
 ████▀          ████▌  ▀████▀▀  ▀████▀  ▀██▀ ███▀   ▀███  ▀████▄▄▄▄██
████▌          █████        ▄▄▄▄   ▄▄▄▄▄▄  ▄ ▄▄ ▄ ▄▄ ▀███   ▀▀████▀▀
████▄       ▄▄████▀       ▄█▀   ▀ ▄█▀  ▀█▄ ██▀▀██▀▀██▀███▄▄      ▄▄██
 ██████████████▀▀  ▄███▄  ██▄     ██▄  ▄██ ██  ██  ██   ▀▀█████████▀▀
   ▀██████▀▀▀      ▀███▀   ▀████▀  ▀████▀  ██  ██  ██



▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█  ▄▀▄             █▀▀▐▀▄▄
█  █▀█             █  ▐  ▐▌
█       ▄██▄       █  ▌  █
█     ▄██████▄     █  ▌ ▐▌
█    ██████████    █ ▐  █
█   ▐██████████▌   █ ▐ ▐▌
█    ▀▀██████▀▀    █ ▌ █
█     ▄▄▄██▄▄▄     █ ▌▐▌
█                  █▐ █
█                  █▐▐▌
█                  █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█
▄▄█████████▄▄
▄█▀▀▀█████████▀▀▀█▄
▄█▀    ▄▀█████▀     ▀█▄
▄█▄    █        ▀▄   ███▄
▄████▀▀▀▀▄       ▄▀▀▀▀▀███▄
████      ▀▄▄▄▄▄▀       ███
███     ▄▄███████▄▄     ▄▀█
█  ▀▄ ▄▀ ▀███████▀ ▀▄ ▄▀  █
▀█   █     ▀███▀     ▀▄  █▀
▀█▄▄█▄      █        █▄█▀
▀█████▄ ▄▀▀ ▀▀▄▄ ▄▄███▀
▀█████        ████▀
▀▀█▄▄▄▄▄▄▄█▀▀



● OVER 1000 GAMES
● DAILY RACES AND BONUSES
● RAKEBACK & VIP RANKS
● 24/7 LIVE SUPPORT
alani123
Legendary
*
Offline Offline

Activity: 2576
Merit: 1509



View Profile
September 22, 2014, 08:05:20 PM
 #70

I believe that we should still give those guys credit for not running with an entire bankroll worth houndreads of thousands of dollars.

███████████████████████████
███████▄████████████▄██████
████████▄████████▄████████
███▀█████▀▄███▄▀█████▀███
█████▀█▀▄██▀▀▀██▄▀█▀█████
███████▄███████████▄███████
███████████████████████████
███████▀███████████▀███████
████▄██▄▀██▄▄▄██▀▄██▄████
████▄████▄▀███▀▄████▄████
██▄███▀▀█▀██████▀█▀███▄███
██▀█▀████████████████▀█▀███
███████████████████████████
 
 Duelbits 
██
██
██
██
██
██
██
██

██

██

██

██

██
TRY OUR UNIQUE GAMES!
    ◥ DICE  ◥ MINES  ◥ PLINKO  ◥ DUEL POKER  ◥ DICE DUELS   
█▀▀











█▄▄
 
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
 
███
▀▀▀

███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
 
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
 
███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
███
▀▀▀
 
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
 KENONEW 
 
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀█











▄▄█
10,000x
 
MULTIPLIER
██
██
██
██
██
██
██
██

██

██

██

██

██
 
NEARLY
UP TO
50%
REWARDS
██
██
██
██
██
██
██
██

██

██

██

██

██
[/tabl
Joecker
Newbie
*
Offline Offline

Activity: 48
Merit: 0


View Profile
September 22, 2014, 08:38:19 PM
 #71

I believe that we should still give those guys credit for not running with an entire bankroll worth houndreads of thousands of dollars.
https://i.imgur.com/5aLV5YB.png
dooglus
Legendary
*
Offline Offline

Activity: 2940
Merit: 1333



View Profile
September 23, 2014, 05:11:21 AM
 #72

Here is the diff for the malicious code commit, for what it's worth http://pastebin.com/anXZmNM6

Thanks. I'm surprised how small it is. All it does it changes a couple of <title> tags and adds the cheat code. I was thinking the cheat code would be buried deep among a bunch of complex unrelated changes but apparently not.

12 hours later, and a thought popped unbidden into my head:

"Hey, I know why I thought the changes would be bigger... because manl SAID they were bigger!

Remember this?

How sure can you be that this malicious ex-employee isn't currently draining the bankroll by playing with a leaked seed?

We rolled back the admin update that it was deployed with the buggy code with an older version(lesser features and more PITA for us to do things but works and its made by us).

Rolling back the update resulted in "lesser features and more PITA for us to do things". But the patch that was presented here did nothing other than change the <title> tags and make the site skip some winning nonces.

Funny how the brain works isn't it?

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
snarlpill
Hero Member
*****
Offline Offline

Activity: 910
Merit: 530


$5 24k Gold FREE 4 sign-up! Mene.com/invite/h5ZRRP


View Profile WWW
September 23, 2014, 09:03:20 AM
 #73

.....
Funny how the brain works isn't it?

Burn!

It's said to be much easier to live an honest life; less lies you have to constantly keep up with and build around.

MICRO
Legendary
*
Offline Offline

Activity: 2464
Merit: 1037


CEO @ Stake.com and Primedice.com


View Profile WWW
September 23, 2014, 10:09:16 AM
 #74

Here is the diff for the malicious code commit, for what it's worth http://pastebin.com/anXZmNM6

Thanks. I'm surprised how small it is. All it does it changes a couple of <title> tags and adds the cheat code. I was thinking the cheat code would be buried deep among a bunch of complex unrelated changes but apparently not.

12 hours later, and a thought popped unbidden into my head:

"Hey, I know why I thought the changes would be bigger... because manl SAID they were bigger!

Remember this?

How sure can you be that this malicious ex-employee isn't currently draining the bankroll by playing with a leaked seed?

We rolled back the admin update that it was deployed with the buggy code with an older version(lesser features and more PITA for us to do things but works and its made by us).

Rolling back the update resulted in "lesser features and more PITA for us to do things". But the patch that was presented here did nothing other than change the <title> tags and make the site skip some winning nonces.

Funny how the brain works isn't it?

Lol , that is so true. They didn't need to roll back update this short code was so easy to spot and remove.

I guess there is argument coming: "We didn't know if he changed some other code or added more malicious code so we rolled back whole update" .

There are so many contradictions in theirs story , like when they stated on chat that he and gary are the only 2 devs , i mean why would u hide the fact that u got a new employee . 

Its just rly shady story with no proofs whatsoever.

      ▄▄████████▄▄
   ▄████████████████▄
 ▄█████▀▀       ▀▀████     ████                  ████
▄████▀            ████    ████▌                 ▐████
█████           ▄████▀   ▐████                  ████▌    ▄▄
█████           ▀▀▀▀    ▄█████████▀            ▐████   ▄███▀
 █████▄           ▄▄███████████▀▀   ▄▄▄▄       ████  ▄███▀
   ▀█████▄▄       ▀████▀████▀     ▄████▀███   ▐███████▀▀        ▄▄▄▄
      ▀███████▄        ▐████    ▄████  ▐██▌   ███████        ▄███▀ ██▌
         ▀▀██████▄▄    ████    ▄███▀   ███   ▐███▌███      ▄███▀  ▄██▌
    ▄▄▄▄     ▀▀█████  ▐████    ████   ▄███   ████ ▐███    ▐████▄▄███▀
  █████▀▀      ▀████▌ ▐████▄▄██████▄▄█████▄▄█████  ▀███   ████
 ████▀          ████▌  ▀████▀▀  ▀████▀  ▀██▀ ███▀   ▀███  ▀████▄▄▄▄██
████▌          █████        ▄▄▄▄   ▄▄▄▄▄▄  ▄ ▄▄ ▄ ▄▄ ▀███   ▀▀████▀▀
████▄       ▄▄████▀       ▄█▀   ▀ ▄█▀  ▀█▄ ██▀▀██▀▀██▀███▄▄      ▄▄██
 ██████████████▀▀  ▄███▄  ██▄     ██▄  ▄██ ██  ██  ██   ▀▀█████████▀▀
   ▀██████▀▀▀      ▀███▀   ▀████▀  ▀████▀  ██  ██  ██



▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█  ▄▀▄             █▀▀▐▀▄▄
█  █▀█             █  ▐  ▐▌
█       ▄██▄       █  ▌  █
█     ▄██████▄     █  ▌ ▐▌
█    ██████████    █ ▐  █
█   ▐██████████▌   █ ▐ ▐▌
█    ▀▀██████▀▀    █ ▌ █
█     ▄▄▄██▄▄▄     █ ▌▐▌
█                  █▐ █
█                  █▐▐▌
█                  █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█
▄▄█████████▄▄
▄█▀▀▀█████████▀▀▀█▄
▄█▀    ▄▀█████▀     ▀█▄
▄█▄    █        ▀▄   ███▄
▄████▀▀▀▀▄       ▄▀▀▀▀▀███▄
████      ▀▄▄▄▄▄▀       ███
███     ▄▄███████▄▄     ▄▀█
█  ▀▄ ▄▀ ▀███████▀ ▀▄ ▄▀  █
▀█   █     ▀███▀     ▀▄  █▀
▀█▄▄█▄      █        █▄█▀
▀█████▄ ▄▀▀ ▀▀▄▄ ▄▄███▀
▀█████        ████▀
▀▀█▄▄▄▄▄▄▄█▀▀



● OVER 1000 GAMES
● DAILY RACES AND BONUSES
● RAKEBACK & VIP RANKS
● 24/7 LIVE SUPPORT
boumalo
Legendary
*
Offline Offline

Activity: 1918
Merit: 1018


View Profile WWW
September 23, 2014, 10:10:05 AM
 #75

Here is the diff for the malicious code commit, for what it's worth http://pastebin.com/anXZmNM6

Thanks. I'm surprised how small it is. All it does it changes a couple of <title> tags and adds the cheat code. I was thinking the cheat code would be buried deep among a bunch of complex unrelated changes but apparently not.

12 hours later, and a thought popped unbidden into my head:

"Hey, I know why I thought the changes would be bigger... because manl SAID they were bigger!

Remember this?

How sure can you be that this malicious ex-employee isn't currently draining the bankroll by playing with a leaked seed?

We rolled back the admin update that it was deployed with the buggy code with an older version(lesser features and more PITA for us to do things but works and its made by us).

Rolling back the update resulted in "lesser features and more PITA for us to do things". But the patch that was presented here did nothing other than change the <title> tags and make the site skip some winning nonces.

Funny how the brain works isn't it?

WOW, hand in the cookie jar

DiceBitcoin (OP)
Member
**
Offline Offline

Activity: 84
Merit: 10


View Profile WWW
September 23, 2014, 10:13:52 AM
 #76

Here is the diff for the malicious code commit, for what it's worth http://pastebin.com/anXZmNM6

Thanks. I'm surprised how small it is. All it does it changes a couple of <title> tags and adds the cheat code. I was thinking the cheat code would be buried deep among a bunch of complex unrelated changes but apparently not.

12 hours later, and a thought popped unbidden into my head:

"Hey, I know why I thought the changes would be bigger... because manl SAID they were bigger!

Remember this?

How sure can you be that this malicious ex-employee isn't currently draining the bankroll by playing with a leaked seed?

We rolled back the admin update that it was deployed with the buggy code with an older version(lesser features and more PITA for us to do things but works and its made by us).

Rolling back the update resulted in "lesser features and more PITA for us to do things". But the patch that was presented here did nothing other than change the <title> tags and make the site skip some winning nonces.

Funny how the brain works isn't it?

Sorry I had to be clearer about the diff. This diff is from the commit that introduced the malicious code. It was part of a feature branch (https://www.atlassian.com/git/tutorials/comparing-workflows/feature-branch-workflow) that he was working on about some frontend and SEO stuff. Actually the changes that the whole branch introduced are a lot more than the changes depicted in this diff.



DiceBitco.in| Be The Bank | Dice as it should be !
dooglus
Legendary
*
Offline Offline

Activity: 2940
Merit: 1333



View Profile
September 23, 2014, 05:50:29 PM
 #77

Sorry I had to be clearer about the diff. This diff is from the commit that introduced the malicious code. It was part of a feature branch (https://www.atlassian.com/git/tutorials/comparing-workflows/feature-branch-workflow) that he was working on about some frontend and SEO stuff. Actually the changes that the whole branch introduced are a lot more than the changes depicted in this diff.

Yeah, that's the only reasonable explanation I could think of too. Smiley

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
Valzador
Hero Member
*****
Offline Offline

Activity: 1316
Merit: 503


View Profile
September 24, 2014, 04:59:18 AM
 #78

Not sure what happened but I've made over 160,000 rolls and I've only had one bad 21 loss streak.....

On JD and DD I would've had a 21 loss streak every 25k bets.
dooglus
Legendary
*
Offline Offline

Activity: 2940
Merit: 1333



View Profile
September 24, 2014, 05:32:41 AM
 #79

Not sure what happened but I've made over 160,000 rolls and I've only had one bad 21 loss streak.....

On JD and DD I would've had a 21 loss streak every 25k bets.

I can check that for you if you like.

Can you tell me your userids on JD and DD?

Seeing a 21 loss streak in just 25k bets sounds pretty unlikely. At 49.5% you should see a 21 loss streak every 1.7 million bets or so on average.

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
bodgybrothers
Member
**
Offline Offline

Activity: 106
Merit: 10


View Profile
September 25, 2014, 04:05:10 AM
Last edit: September 25, 2014, 04:18:16 AM by bodgybrothers
 #80

I did a profile on Manl over multiple accounts when Dicebitcoin started, and he exhibits signs of a classic con man.

The senarios below sum up the testing I did on Dicebitcoin (I also did these same tests on Dooglus, Dean and Stunna. These 3 passed the test)
1. account has over 20btc deposited, manl is very freindly. Even when I ask stupid questions
2. Account has a flakes deposited, manl is very rude, even when I ask legit questions
3. Account has nothing in it. Manl is trolling me hard.

Con men will always get their victims through gaining trust. They gain trust in 3 ways:
1. trust by association
2. trust by acting like a trustworthy figure. Like dressing like a pilot or doctor etc (not possible online)
3. trust by explaining what great deeds they did in the past. <-- this is the biggest sign of a conman.

Dicebitcoin is guilty of 1 & 3. By gaining Dooglus's trust in the beginning they obtained trust by association. This was massive for them and gained the entire community trust which meant they now had everyone's trust (except mine). Doog is not to blame here, he trusted them and they used that to gain more trust in the community.

Dicebitcoin then proceeded to do the long con. They know, gamblers don't usually verify, because most gamblers believe that because it is verifiable then they wont be cheated. Investors trust the owners and cannot verify if they are being cheated. So a dice site like dicebitcoin would play on their own accounts to get income from investors. They would then reduce the payout amount on the player accounts by skipping a few bets here and there to make up for it. It seemed that the amount of this reducing player accounts was indeed buggy, as finnile's account would never have been intended for a setting of 90% bets losing. Then use trust to create a story, since now you got caught stealing.
One would pay out the people who lost because you need to keep the trust levels up. You would then proceed to do the impossible with mateo account (I watched it live for hours). Then to con people into false trust again, you lose all the gains to the bank once everyone has already divested. You then try for new trust by saying it was variance and mateo just got lucky. We actually talked about this while it was happening. We predicted Mateo would lose to the bank at some point to show the betting was legit. And that's what happened.. Mateo's winning was impossible in terms of variance, and hit just so happened that the worlds luckiest guy was around on Dicebitcoin when they got caught stealing.

The entire thing is classic con man. You couldn't write a better psychological example of how con men operate.

The argument of "I didn't run with 7000 btc so i must be trusted" is not a good one, because most con men will run a long term con to make the most profit and keep trust in the community. No good con men works like a petty thief, they are sophisticated in the art of social engineering.

Also, keep in mind we do not know who dicebitcoin are. Whois lookup is false, your names are fake... there is nothing tracing you back to who you are. Dooglus is traceable, and when I tested his character on JD, a year go, he didn't change his personality if i had no money or a lot of money.

Casino investors and players, please do not fall for social engineered scams. People question Stunna at PD all the time, but the fact is, he can't scam investors, because he has none. and he can't scam players, because he has a provably fair algorithm. If you don't like his algorithm, then don't play there. And always verify your bets on all sites!

Pages: « 1 2 3 [4] 5 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!