Bitcoin Forum
March 28, 2024, 07:16:30 PM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Found a Major Security Flaw  (Read 1908 times)
Armadillo (OP)
Newbie
*
Offline Offline

Activity: 33
Merit: 0


View Profile WWW
October 25, 2014, 05:41:38 AM
 #1

I believe I have found a major security flaw in a companies bitcoin system. I am no cryptologist but the flaw is not a technical one, it is more a procedural weakness. I asked if they were aware of a problem related to this and they said no and could I elaborate. There is a small bounty for finding "bugs" but this basically undermines their whole purpose. They are small but do have a lot of press about their new system.  How should I approach the situation.
1711653390
Hero Member
*
Offline Offline

Posts: 1711653390

View Profile Personal Message (Offline)

Ignore
1711653390
Reply with quote  #2

1711653390
Report to moderator
1711653390
Hero Member
*
Offline Offline

Posts: 1711653390

View Profile Personal Message (Offline)

Ignore
1711653390
Reply with quote  #2

1711653390
Report to moderator
The grue lurks in the darkest places of the earth. Its favorite diet is adventurers, but its insatiable appetite is tempered by its fear of light. No grue has ever been seen by the light of day, and few have survived its fearsome jaws to tell the tale.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
LiteCoinGuy
Legendary
*
Offline Offline

Activity: 1148
Merit: 1010


In Satoshi I Trust


View Profile WWW
October 25, 2014, 05:44:23 AM
 #2

they should give you a bounty for that and you would have a good feeling too  Smiley
(+ no police is hunting you  Tongue )


sounds fair? if they pay nothing, maybe coindesk is interested in this story.

Armadillo (OP)
Newbie
*
Offline Offline

Activity: 33
Merit: 0


View Profile WWW
October 25, 2014, 05:48:15 AM
 #3

Yeah, I assume they wouldn't want it out there. It could put people at risk.
$100 though....that seems almost like not worth even asking for.

Maybe I should just tell them what the deal is.
LiteCoinGuy
Legendary
*
Offline Offline

Activity: 1148
Merit: 1010


In Satoshi I Trust


View Profile WWW
October 25, 2014, 06:09:49 AM
 #4

if its a big bug, 100 USD is not that much but better than nothing  Smiley

but i would like to know more about this when the gap is closed  Cheesy

Velkro
Legendary
*
Offline Offline

Activity: 2296
Merit: 1014



View Profile
October 25, 2014, 06:25:11 AM
 #5

You shouldn't be cash motivated. If they pay you ANYTHING it is still good.
Find real job for your IT skills.
Q7
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


View Profile WWW
October 25, 2014, 07:23:58 AM
 #6

Just write in and tell them. Not everyone is as honest as you and I'm sure you deserve a reward for pointing it out. Imagine the good things you would have done to save all the account holders. Just hate to hear another bad press that seems to relate to and undermine bitcoin security although in the first place it has nothing to do with bitcoin, only the system that handles it

nextblast
Hero Member
*****
Offline Offline

Activity: 658
Merit: 500



View Profile
October 25, 2014, 11:41:28 AM
 #7

The whole bitcoin is open source. If there is such a major flaw, you should let them know, and by them I mean the devs. It's no good reason to hide it, someday someone else will find it out eventually.
blatchcorn
Sr. Member
****
Offline Offline

Activity: 952
Merit: 281


View Profile
October 25, 2014, 11:42:56 AM
 #8

If you really found a security flaw you would be exploiting it, rather than revealing it  Cheesy
Soros Shorts
Donator
Legendary
*
Offline Offline

Activity: 1616
Merit: 1003



View Profile
October 25, 2014, 11:50:19 AM
 #9

The whole bitcoin is open source. If there is such a major flaw, you should let them know, and by them I mean the devs. It's no good reason to hide it, someday someone else will find it out eventually.

The OP title is probably misleading when posted in this sub forum. If you read further you'll see that the security flaw is not in Bitcoin but in the company's procedures.
blatchcorn
Sr. Member
****
Offline Offline

Activity: 952
Merit: 281


View Profile
October 25, 2014, 11:51:38 AM
 #10

The whole bitcoin is open source. If there is such a major flaw, you should let them know, and by them I mean the devs. It's no good reason to hide it, someday someone else will find it out eventually.

The OP title is probably misleading when posted in this sub forum. If you read further you'll see that the security flaw is not in Bitcoin but in the company's procedures.
Seems like he edited his original post after posting  Grin
BootstrapCoinDev
Full Member
***
Offline Offline

Activity: 154
Merit: 100



View Profile
October 25, 2014, 01:06:43 PM
 #11

just let them know they should revise procedure management politics if an issue is not a technical one and get that bounty
CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1072


Ian Knowles - CIYAM Lead Developer


View Profile WWW
October 25, 2014, 01:09:24 PM
 #12

Reported, this is extremely off topic. What the heck went through your mind when you posted this?!

Take a look at his sig and you'll know why (I have already given up trying to report them - the mods will actually just reduce your *accuracy* for reporting them - spamming rubbish into every single topic is *perfectly okay* with this forum unfortunately).

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
rebuilder
Legendary
*
Offline Offline

Activity: 1615
Merit: 1000



View Profile
October 25, 2014, 01:13:35 PM
 #13

Inform them, if the issue is not fixed and users are at risk, go public.

Selling out to advertisers shows you respect neither yourself nor the rest of us.
---------------------------------------------------------------
Too many low-quality posts? Mods not keeping things clean enough? Self-moderated threads let you keep signature spammers and trolls out!
fathur01
Full Member
***
Offline Offline

Activity: 700
Merit: 100


View Profile
October 25, 2014, 01:37:47 PM
 #14

Describe the issue simply and ask for a bounty (dont ask for a lot, just what it could poten. save them if you used the bug). Then explain what happened for you to find the bug.
wangjin098
Full Member
***
Offline Offline

Activity: 238
Merit: 100

★Bitin.io★ - Instant Exchange


View Profile
October 25, 2014, 01:46:55 PM
 #15

I believe I have found a major security flaw in a companies bitcoin system. I am no cryptologist but the flaw is not a technical one, it is more a procedural weakness. I asked if they were aware of a problem related to this and they said no and could I elaborate. There is a small bounty for finding "bugs" but this basically undermines their whole purpose. They are small but do have a lot of press about their new system.  How should I approach the situation.
You are very powerful, can discover the bitcoin problem(bug), we support you, hope you can tell us more about  the details of the bug

Armadillo (OP)
Newbie
*
Offline Offline

Activity: 33
Merit: 0


View Profile WWW
October 25, 2014, 03:21:29 PM
 #16

I'm just going to tell him. It is so obvious that it must be just hiding in plain sight. When you get so close to something sometimes it is hard to step back and see something obvious.

OR maybe I'm wrong...but I don't think so.

A lot of people are using this system so the better half of me will feel good knowing it will reduce some serious risk.

 Smiley
Armadillo (OP)
Newbie
*
Offline Offline

Activity: 33
Merit: 0


View Profile WWW
October 25, 2014, 04:14:24 PM
 #17

OK...issue reported.

Let's see what happens.
btc-facebook
Legendary
*
Offline Offline

Activity: 1862
Merit: 1015


View Profile
October 25, 2014, 06:04:04 PM
 #18

Yeah, I assume they wouldn't want it out there. It could put people at risk.
$100 though....that seems almost like not worth even asking for.

Maybe I should just tell them what the deal is.
It is probably advisable to let them know about the risk. The reward will likely be based on how big their security "hole" was and how much they could potentially lose in the event that someone would have exploited it.

I would certainly disagree that it is not worth asking for $100 if this is an amount that they would owe you. It would only take at most a few minutes to ask at most.

Reported, this is extremely off topic. What the heck went through your mind when you posted this?!

Take a look at his sig and you'll know why (I have already given up trying to report them - the mods will actually just reduce your *accuracy* for reporting them - spamming rubbish into every single topic is *perfectly okay* with this forum unfortunately).

I think,the price of a coin is mainly decided by two convenient, cost is a factor, but the more important is : the relationship between supply and demand.

Reported, this is extremely off topic. What the heck went through your mind when you posted this?!
I hope you both realize that by posting that you reported a post, and talking about why someone posted something that makes zero sense you are yourselves posting something that is off topic? You are doing nothing then distracting from the original discussion of the thread
Ionchamp
Newbie
*
Offline Offline

Activity: 32
Merit: 0


View Profile
October 27, 2014, 10:48:12 AM
 #19

Inform them, if the issue is not fixed and users are at risk, go public.

You can go public so that the public would know.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!