Epoch
Legendary
 Offline
Activity: 922
Merit: 1003
|
 |
June 06, 2012, 08:54:01 PM |
|
Is anyone concerned, in terms of security, with the current website login of:
username: <forum name>
password: <deposit address>
Just thinking out loud, but taking an example, let's say we know someone sent 45 BTC on or before a specific date/time. We know who it was because they posted 'whoa, I just sent 45 BTC!' here in this forum (I notice there are several members who have posted their deposit amounts looking back at the post history).
The blockchain can be easily searched for all 45 BTC transactions prior to that date (for, say, the period 2 or 3 days prior). There may be several matching hits, but likely not a huge number.
We know the user's bitcoinmax.com name from the forum here. We could then try a login at bitcoinmax.com using that name and the various deposit addresses found from the blockchain matching 45 BTC. Eventually the login would be successful and the 'imposter' would have access to the account.
I may be missing something (and I hope I am), but I'm asking for someone to convince me that the <forum name>/<deposit address> system used by bitcoinmax.com is secure from a hack similar to what I've described above.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The forum was founded in 2009 by Satoshi and Sirius. It replaced a
SourceForge forum.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
tgmarks
Donator
Hero Member
Offline
Activity: 490
Merit: 500
|
|
June 06, 2012, 08:59:21 PM |
|
Is anyone concerned, in terms of security, with the current website login of:
username: <forum name>
password: <deposit address>
Just thinking out loud, but taking an example, let's say we know someone sent 45 BTC on or before a specific date/time. We know who it was because they posted 'whoa, I just sent 45 BTC!' here in this forum (I notice there are several members who have posted their deposit amounts looking back at the post history).
The blockchain can be easily searched for all 45 BTC transactions prior to that date (for, say, the period 2 or 3 days prior). There may be several matching hits, but likely not a huge number.
We know the user's bitcoinmax.com name from the forum here. We could then try a login at bitcoinmax.com using that name, and the various deposit addresses found from the blockchain that matched 45 BTC. Eventually the login would be successful and the 'imposter' would have access to the account.
I may be missing something (and I hope I am), but I'm asking for someone to convince me that the <forum name>/<deposit address> system used by bitcoinmax.com is secure from a hack similar to what I've described above.
What is there to be concerned about? So someone could possibly be able to see your deposit address, balance, and toggle whether to reinvest or not. There is no access to your funds through the website. |
|
|
|
|
BTC-engineer
|
|
June 06, 2012, 09:01:02 PM |
|
Is anyone concerned, in terms of security, with the current website login of:
username: <forum name>
password: <deposit address>
Just thinking out loud, but taking an example, let's say we know someone sent 45 BTC on or before a specific date/time. We know who it was since they posted 'whoa, I just sent 45 BTC!' here in this forum (I notice there are several members who have posted their deposit amounts looking back at the post history).
The blockchain can be easily searched for all 45 BTC transactions prior to that date (for, say, the period 2 or 3 days prior). There may be several hits, but likely not a huge number.
We know the user's bitcoinmax.com name from the forum here. We could then try a login at bitcoinmax.com using that name, and the various deposit addresses found from the blockchain that matched 45 BTC. Eventually the login would be successful and the 'imposter' would have access to the account.
I may be missing something (and I hope I am), but I'm asking for someone to convince me that the <forum name>/<deposit address> system used by bitcoinmax.com is secure from a hack similar to what I've described above.
I already worried about the same thing. Because I'm not (yet) able to login I don't know if the user can change the password. If you would change the password before you do an transfer it should not be a problem. Even if someone knows your account data I'm not sure what he really can do without seeing your bitcoins... |
█
▀██
███▄
█████
▄██████████ █████
▄███████████████ █████▄
▄██████████████████ ██████
█████████████████████ ███████
██████████████████████ ████████
▄████████▀ █████████
██████ ▄██████ ██████████
███▀ ▄██████████ ███████████
██ ████████████ ████████████
█████████████ ██████████
█████████████ ███████
█████████████▄ ██▀
██████████████
▀███████████████▄
▀███████████▀
| FLUX | █
█
█ | VALVE UBISOFT GAMING ECOSYSTEM Origin GAMELOFT
█ WEBSITE █ WHITEPAPER █ MEDIUM █ TWITTER █ FACEBOOK █ TELEGRAM █ | █
█
█ | 17 - 24 April
Public Sale
|
|
|
|
Epoch
Legendary
Offline
Activity: 922
Merit: 1003
|
|
June 06, 2012, 09:02:24 PM |
|
What is there to be concerned about? So someone could possibly be able to see your deposit address, balance, and toggle whether to reinvest or not. There is no access to your funds through the website.
I didn't know what is, and what is not, possible to do through the website. If you cannot withdraw (or set/change withdrawal address), then that eliminates one of my key concerns. Thanks. |
|
|
|
|
|
BTC-engineer
|
|
June 06, 2012, 09:57:15 PM |
|
new investors that cannot log in yet, need to go back to the OP and read the FAQ.
creating a login is a manual process, and I'm not going to do that unless i see at least 10 coins come in. even then, i'll probably only be doing that once a day (setting up new logins).
Thank's for clarification. I've now first sent my coins and will check tomorrow again. |
█
▀██
███▄
█████
▄██████████ █████
▄███████████████ █████▄
▄██████████████████ ██████
█████████████████████ ███████
██████████████████████ ████████
▄████████▀ █████████
██████ ▄██████ ██████████
███▀ ▄██████████ ███████████
██ ████████████ ████████████
█████████████ ██████████
█████████████ ███████
█████████████▄ ██▀
██████████████
▀███████████████▄
▀███████████▀
| FLUX | █
█
█ | VALVE UBISOFT GAMING ECOSYSTEM Origin GAMELOFT
█ WEBSITE █ WHITEPAPER █ MEDIUM █ TWITTER █ FACEBOOK █ TELEGRAM █ | █
█
█ | 17 - 24 April
Public Sale
|
|
|
|
|
ErebusBat
|
|
June 06, 2012, 10:58:32 PM |
|
Also people who post in a public forum of 'I just sent xxBTC' obviously are not too concerned with privacy.
|
|
|
|
|
bitdragon
|
|
June 07, 2012, 07:26:24 AM |
|
if anyone else notices deposits missing, please let me know.
thanks.
my additional funds have not shown up yet  |
|
|
|
|
payb.tc (OP)
|
|
June 07, 2012, 07:36:47 AM |
|
if anyone else notices deposits missing, please let me know.
thanks.
my additional funds have not shown up yet okay then, i decided just for now to completely remove the code which tries to limit calls to blockchain.info, and your deposit showed up. it'll now take slightly longer (~1 second) for everyone to log in, but it will force the check every time now. i'll take a further look at the issue later, if i think it's calling blockchain.info too much. |
|
|
|
|
|
ErebusBat
|
|
June 07, 2012, 11:57:27 AM |
|
What about a CHECK button that we can use to initiate the check? That way it doesn't happen EVERYTIME but when we know we have sent money and want it to show we can hit that?
|
|
|
|
|
payb.tc (OP)
|
|
June 07, 2012, 02:15:58 PM |
|
latest investors (who have sent at least 10 btc) should be able to log in to bitcoinmax now.
...although some are missing the withdrawal address, but i'm going through and populating those at the moment.
oh, all these new accounts have been created with reinvest=YES, so if you want to change it, please do so in the login area.
BTC-engineer, your username for bitcoinmax has no dash in it.
|
|
|
|
|
|
xxaudioxx
|
|
June 07, 2012, 02:40:56 PM |
|
thanks payb.tc
|
+1 smracer, +2 MadSweeney, +1 bitdragon, +1 mimarob, +1 Valalvax, +2 dbox, +100 payb.tc, +1 TheBitMan, +2 gusti, +1 hashking, +1 Xunie, +2 wm-center, +1 Scott J https://bitcointalk.org/index.php?topic=484.msg962923#msg962923 |
|
|
John (John K.)
Global Troll-buster and
Legendary
Offline
Activity: 1288
Merit: 1225
Away on an extended break
|
|
June 07, 2012, 02:51:52 PM |
|
|
|
|
|
|
|
ehmdjii
|
|
June 07, 2012, 08:21:45 PM |
|
how does one get an account?
is it referer based? if so, then i would be happy if i could get an invite!
|
BTC: 1LsD5HpnX1Kfyti7CnHiVB1rjUEXGqmR2H
LTC: LQbpdMZmYyJa9bJG6NweBNxkSTfgZorkrG
|
|
|
tgmarks
Donator
Hero Member
Offline
Activity: 490
Merit: 500
|
|
June 07, 2012, 08:30:33 PM |
|
how does one get an account?
is it referer based? if so, then i would be happy if i could get an invite!
You should read the very first post in the thread. |
|
|
|
|
|
|
payb.tc (OP)
|
|
June 09, 2012, 01:57:34 PM
Last edit: June 09, 2012, 02:40:06 PM by payb.tc |
|
over the past couple of hours, i've come up with an 'earnings report' page which is now in the login area of bitcoinmax.
i'm still doing some debugging on this page, but it should show you exactly how your payments are being calculated so you can verify the accuracy of your earnings each week.
thanks.
edit: i've now also extended this to include an estimate of your Next Payment at the top of every page.
|
|
|
|
|
John (John K.)
Global Troll-buster and
Legendary
Offline
Activity: 1288
Merit: 1225
Away on an extended break
|
|
June 09, 2012, 03:15:08 PM |
|
over the past couple of hours, i've come up with an 'earnings report' page which is now in the login area of bitcoinmax.
i'm still doing some debugging on this page, but it should show you exactly how your payments are being calculated so you can verify the accuracy of your earnings each week.
thanks.
edit: i've now also extended this to include an estimate of your Next Payment at the top of every page.
Thanks for this feature!  By the way, you could add a clock to the page too so that we can know what timezone the server makes its calculations on. |
|
|
|
|
|
payb.tc (OP)
|
|
June 09, 2012, 03:37:44 PM |
|
over the past couple of hours, i've come up with an 'earnings report' page which is now in the login area of bitcoinmax.
i'm still doing some debugging on this page, but it should show you exactly how your payments are being calculated so you can verify the accuracy of your earnings each week.
thanks.
edit: i've now also extended this to include an estimate of your Next Payment at the top of every page.
Thanks for this feature! By the way, you could add a clock to the page too so that we can know what timezone the server makes its calculations on. everything is UTC. my brain is UTC. you should see my house too, some of the clocks are UTC. |
|
|
|
|
|
DutchBrat
|
|
June 09, 2012, 04:31:14 PM |
|
Looks great !
Thanks !!!
|
|
|
|
|
|
ErebusBat
|
|
June 09, 2012, 05:05:56 PM |
|
Can't wait until I have my BTC for my first deposit.
|
|
|
|
|
