Bitcoin Forum
December 18, 2017, 05:45:43 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Found a Major Security Flaw  (Read 1813 times)
Armadillo
Jr. Member
*
Offline Offline

Activity: 33


View Profile WWW
October 25, 2014, 05:41:38 AM
 #1

I believe I have found a major security flaw in a companies bitcoin system. I am no cryptologist but the flaw is not a technical one, it is more a procedural weakness. I asked if they were aware of a problem related to this and they said no and could I elaborate. There is a small bounty for finding "bugs" but this basically undermines their whole purpose. They are small but do have a lot of press about their new system.  How should I approach the situation.
1513575943
Hero Member
*
Offline Offline

Posts: 1513575943

View Profile Personal Message (Offline)

Ignore
1513575943
Reply with quote  #2

1513575943
Report to moderator
1513575943
Hero Member
*
Offline Offline

Posts: 1513575943

View Profile Personal Message (Offline)

Ignore
1513575943
Reply with quote  #2

1513575943
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513575943
Hero Member
*
Offline Offline

Posts: 1513575943

View Profile Personal Message (Offline)

Ignore
1513575943
Reply with quote  #2

1513575943
Report to moderator
1513575943
Hero Member
*
Offline Offline

Posts: 1513575943

View Profile Personal Message (Offline)

Ignore
1513575943
Reply with quote  #2

1513575943
Report to moderator
1513575943
Hero Member
*
Offline Offline

Posts: 1513575943

View Profile Personal Message (Offline)

Ignore
1513575943
Reply with quote  #2

1513575943
Report to moderator
LiteCoinGuy
Legendary
*
Offline Offline

Activity: 1148


In Satoshi I Trust


View Profile WWW
October 25, 2014, 05:44:23 AM
 #2

they should give you a bounty for that and you would have a good feeling too  Smiley
(+ no police is hunting you  Tongue )


sounds fair? if they pay nothing, maybe coindesk is interested in this story.

Armadillo
Jr. Member
*
Offline Offline

Activity: 33


View Profile WWW
October 25, 2014, 05:48:15 AM
 #3

Yeah, I assume they wouldn't want it out there. It could put people at risk.
$100 though....that seems almost like not worth even asking for.

Maybe I should just tell them what the deal is.
LiteCoinGuy
Legendary
*
Offline Offline

Activity: 1148


In Satoshi I Trust


View Profile WWW
October 25, 2014, 06:09:49 AM
 #4

if its a big bug, 100 USD is not that much but better than nothing  Smiley

but i would like to know more about this when the gap is closed  Cheesy

Velkro
Legendary
*
Offline Offline

Activity: 1288


<3 Vanity Addresses :)


View Profile
October 25, 2014, 06:25:11 AM
 #5

You shouldn't be cash motivated. If they pay you ANYTHING it is still good.
Find real job for your IT skills.

Q7
Sr. Member
****
Offline Offline

Activity: 448


View Profile WWW
October 25, 2014, 07:23:58 AM
 #6

Just write in and tell them. Not everyone is as honest as you and I'm sure you deserve a reward for pointing it out. Imagine the good things you would have done to save all the account holders. Just hate to hear another bad press that seems to relate to and undermine bitcoin security although in the first place it has nothing to do with bitcoin, only the system that handles it

nextblast
Hero Member
*****
Offline Offline

Activity: 672



View Profile
October 25, 2014, 11:41:28 AM
 #7

The whole bitcoin is open source. If there is such a major flaw, you should let them know, and by them I mean the devs. It's no good reason to hide it, someday someone else will find it out eventually.

blatchcorn
Sr. Member
****
Offline Offline

Activity: 392


View Profile
October 25, 2014, 11:42:56 AM
 #8

If you really found a security flaw you would be exploiting it, rather than revealing it  Cheesy


 
 
           ▄████▄
         ▄████████▄
       ▄████████████▄
     ▄████████████████▄
    ████████████████████      ▄█▄                 ▄███▄                 ▄███▄                 ▄████████████████▀   ▄██████████

  ▄▄▄▀█████▀▄▄▄▄▀█████▀▄▄▄     ▀██▄             ▄██▀ ▀██▄             ▄██▀ ▀██▄             ▄██▀                   ██
▄█████▄▀▀▀▄██████▄▀▀▀▄█████▄     ▀██▄         ▄██▀     ▀██▄         ▄██▀     ▀██▄         ▄██▀        ▄█▄          ▀██████████████▄
████████████████████████████       ▀██▄     ▄██▀         ▀██▄     ▄██▀         ▀██▄     ▄██▀          ▀█▀                        ██
 ▀████████████████████████▀          ▀██▄ ▄██▀             ▀██▄ ▄██▀     ▄█▄     ▀██▄ ▄██▀                                       ██
   ▀████████████████████▀              ▀███▀                 ▀███▀       ▀█▀       ▀███▀      ▄███████████████████████████████████▀
     ▀████████████████▀
       ▀████████████▀
         ▀████████▀
           ▀████▀
║║


║║
.
.

║║
██
║║
.
.

║║
██
║║
.
║║


║║
Soros Shorts
Donator
Legendary
*
Offline Offline

Activity: 1613



View Profile
October 25, 2014, 11:50:19 AM
 #9

The whole bitcoin is open source. If there is such a major flaw, you should let them know, and by them I mean the devs. It's no good reason to hide it, someday someone else will find it out eventually.

The OP title is probably misleading when posted in this sub forum. If you read further you'll see that the security flaw is not in Bitcoin but in the company's procedures.
blatchcorn
Sr. Member
****
Offline Offline

Activity: 392


View Profile
October 25, 2014, 11:51:38 AM
 #10

The whole bitcoin is open source. If there is such a major flaw, you should let them know, and by them I mean the devs. It's no good reason to hide it, someday someone else will find it out eventually.

The OP title is probably misleading when posted in this sub forum. If you read further you'll see that the security flaw is not in Bitcoin but in the company's procedures.
Seems like he edited his original post after posting  Grin


 
 
           ▄████▄
         ▄████████▄
       ▄████████████▄
     ▄████████████████▄
    ████████████████████      ▄█▄                 ▄███▄                 ▄███▄                 ▄████████████████▀   ▄██████████

  ▄▄▄▀█████▀▄▄▄▄▀█████▀▄▄▄     ▀██▄             ▄██▀ ▀██▄             ▄██▀ ▀██▄             ▄██▀                   ██
▄█████▄▀▀▀▄██████▄▀▀▀▄█████▄     ▀██▄         ▄██▀     ▀██▄         ▄██▀     ▀██▄         ▄██▀        ▄█▄          ▀██████████████▄
████████████████████████████       ▀██▄     ▄██▀         ▀██▄     ▄██▀         ▀██▄     ▄██▀          ▀█▀                        ██
 ▀████████████████████████▀          ▀██▄ ▄██▀             ▀██▄ ▄██▀     ▄█▄     ▀██▄ ▄██▀                                       ██
   ▀████████████████████▀              ▀███▀                 ▀███▀       ▀█▀       ▀███▀      ▄███████████████████████████████████▀
     ▀████████████████▀
       ▀████████████▀
         ▀████████▀
           ▀████▀
║║


║║
.
.

║║
██
║║
.
.

║║
██
║║
.
║║


║║
BootstrapCoinDev
Full Member
***
Offline Offline

Activity: 154



View Profile WWW
October 25, 2014, 01:06:43 PM
 #11

just let them know they should revise procedure management politics if an issue is not a technical one and get that bounty

CIYAM
Legendary
*
Offline Offline

Activity: 1862


Ian Knowles - CIYAM Lead Developer


View Profile WWW
October 25, 2014, 01:09:24 PM
 #12

Reported, this is extremely off topic. What the heck went through your mind when you posted this?!

Take a look at his sig and you'll know why (I have already given up trying to report them - the mods will actually just reduce your *accuracy* for reporting them - spamming rubbish into every single topic is *perfectly okay* with this forum unfortunately).

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
rebuilder
Legendary
*
Offline Offline

Activity: 1618



View Profile
October 25, 2014, 01:13:35 PM
 #13

Inform them, if the issue is not fixed and users are at risk, go public.

Selling out to advertisers shows you respect neither yourself nor the rest of us.
---------------------------------------------------------------
Too many low-quality posts? Mods not keeping things clean enough? Self-moderated threads let you keep signature spammers and trolls out!
fathur01
Full Member
***
Offline Offline

Activity: 191


View Profile
October 25, 2014, 01:37:47 PM
 #14

Describe the issue simply and ask for a bounty (dont ask for a lot, just what it could poten. save them if you used the bug). Then explain what happened for you to find the bug.
wangjin098
Full Member
***
Offline Offline

Activity: 238

★Bitin.io★ - Instant Exchange


View Profile
October 25, 2014, 01:46:55 PM
 #15

I believe I have found a major security flaw in a companies bitcoin system. I am no cryptologist but the flaw is not a technical one, it is more a procedural weakness. I asked if they were aware of a problem related to this and they said no and could I elaborate. There is a small bounty for finding "bugs" but this basically undermines their whole purpose. They are small but do have a lot of press about their new system.  How should I approach the situation.
You are very powerful, can discover the bitcoin problem(bug), we support you, hope you can tell us more about  the details of the bug

Armadillo
Jr. Member
*
Offline Offline

Activity: 33


View Profile WWW
October 25, 2014, 03:21:29 PM
 #16

I'm just going to tell him. It is so obvious that it must be just hiding in plain sight. When you get so close to something sometimes it is hard to step back and see something obvious.

OR maybe I'm wrong...but I don't think so.

A lot of people are using this system so the better half of me will feel good knowing it will reduce some serious risk.

 Smiley
Armadillo
Jr. Member
*
Offline Offline

Activity: 33


View Profile WWW
October 25, 2014, 04:14:24 PM
 #17

OK...issue reported.

Let's see what happens.
btc-facebook
Legendary
*
Offline Offline

Activity: 1078



View Profile
October 25, 2014, 06:04:04 PM
 #18

Yeah, I assume they wouldn't want it out there. It could put people at risk.
$100 though....that seems almost like not worth even asking for.

Maybe I should just tell them what the deal is.
It is probably advisable to let them know about the risk. The reward will likely be based on how big their security "hole" was and how much they could potentially lose in the event that someone would have exploited it.

I would certainly disagree that it is not worth asking for $100 if this is an amount that they would owe you. It would only take at most a few minutes to ask at most.

Reported, this is extremely off topic. What the heck went through your mind when you posted this?!

Take a look at his sig and you'll know why (I have already given up trying to report them - the mods will actually just reduce your *accuracy* for reporting them - spamming rubbish into every single topic is *perfectly okay* with this forum unfortunately).

I think,the price of a coin is mainly decided by two convenient, cost is a factor, but the more important is : the relationship between supply and demand.

Reported, this is extremely off topic. What the heck went through your mind when you posted this?!
I hope you both realize that by posting that you reported a post, and talking about why someone posted something that makes zero sense you are yourselves posting something that is off topic? You are doing nothing then distracting from the original discussion of the thread

▄▄▄████████▄▄▄
▄██████████████████▄
▄██████████████████████▄
█████████▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
████████▀                  
███████▀  ▄█▀▀▀▀▀██▄  ▀███████
███████  ███ ███ ████  ███████
███████  ███ ▄▄▄▄ ███  ███████
███████  ███ ████ ███  ███████
███████▄  ▀█▄▄▄▄▄▄█▀  ▄███████
                   ▄████████
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄█████████
▀██████████████████████▀
▀██████████████████▀
▀▀▀████████▀▀▀
███
███ ██
███ ██
███ ██
███ ██
███ ██
███ ██
███ ██
███ ██
███ ██
███ ██
███ ██
███ ██
███ ██
███ ██
███
...Make Bitcoin Great Again...
◉ PRIVACY   ◉ SCALABILITY   ◉ BIG BLOCK SIZE
   ███
██ ███ ██
██ ███ ██
██ ███ ██
██ ███ ██
██ ███ ██
██ ███ ██
██ ███ ██
██ ███ ██
██ ███ ██
██ ███ ██
██ ███ ██
██ ███ ██
██ ███ ██
██ ███ ██
   ███
① Smart Contracts ③ Lightening Network
② Bigger Block ④  Zero-knowledge proof
   ███
██ ███
██ ███
██ ███
██ ███
██ ███
██ ███
██ ███
██ ███
██ ███
██ ███
██ ███
██ ███
██ ███
██ ███
   ███
Telegram
Facebook
Twitter
Medium
Github
API     
Ionchamp
Jr. Member
*
Offline Offline

Activity: 32


View Profile
October 27, 2014, 10:48:12 AM
 #19

Inform them, if the issue is not fixed and users are at risk, go public.

You can go public so that the public would know.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!