Bitcoin Forum
November 18, 2024, 05:55:26 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2]  All
  Print  
Author Topic: [BOUNTY] 0.03 BTC for testing  (Read 1580 times)
btc_enigma (OP)
Hero Member
*****
Offline Offline

Activity: 692
Merit: 569


View Profile
December 31, 2014, 12:46:12 PM
 #21

@btc_enigma, did you solved the scripts pointing to the correct location as well as the scripts references?
Me and a user after my comment reported that problem and I just want to know if everything is ok now and your site is fully optimized Wink

Thanks!

Hey thanks, we are still fixing it

btc_enigma (OP)
Hero Member
*****
Offline Offline

Activity: 692
Merit: 569


View Profile
December 31, 2014, 12:53:34 PM
Last edit: January 01, 2015, 10:22:04 AM by btc_enigma
 #22

Update

hexafraction  has found a major security flaw, he has registered and activated account with emailid field containing multiple fields separated by comma.

I will wait few more days for someone to report any more major bugs

Quote
I cant prove this. you need to try this. just register any gmail account and try. The thing is, that someone, who knows the googleplus email of the victim, can register with the same email of the googleplus account. and the database and information is same
I have checked the database you tried to register test@test.com, but were not able to activate it because you don't own the email id. So even if you register no harm done. Real owner of test@test.com can still login with his/her googleplus account

hexafraction
Sr. Member
****
Offline Offline

Activity: 392
Merit: 268

Tips welcomed: 1CF4GhXX1RhCaGzWztgE1YZZUcSpoqTbsJ


View Profile
December 31, 2014, 06:36:08 PM
 #23

Update

hexafraction AT gmail DOT com  has found a major security flaw, he has registered and activated account with emailid field containing multiple fields separated by comma.

I will wait few more days for someone to report any more major bugs

Please don't post my email directly Smiley

I have recently become active again after a long period of inactivity. Cryptographic proof that my account has not been compromised is available.
btc_enigma (OP)
Hero Member
*****
Offline Offline

Activity: 692
Merit: 569


View Profile
January 01, 2015, 10:22:29 AM
Last edit: January 04, 2015, 08:39:04 AM by btc_enigma
 #24



Please don't post my email directly Smiley

Sorry, edited

btc_enigma (OP)
Hero Member
*****
Offline Offline

Activity: 692
Merit: 569


View Profile
January 03, 2015, 11:55:08 AM
 #25

Oh! What a wonderful idea for a service / website. May be you can add some multisig capability where your registered users can login and confirm their wallet transactions in case they are getting hacked. Just thinking out loud. Bravo!
thanks, please considering subscribing to our project development thread https://bitcointalk.org/index.php?topic=880995.0. You can follow updates to our site here.
Quote
May be you can add some multisig capability where your registered users can login and confirm their wallet transactions in case they are getting hacked
Sorry, I didnt get this . Can you elaborate on how this should work?

btc_enigma (OP)
Hero Member
*****
Offline Offline

Activity: 692
Merit: 569


View Profile
January 03, 2015, 12:09:03 PM
 #26

None reported 3 major bugs.

i am giving 0.01 BTC for major bug to hexafraction,
also giving 0.01 BTC for interesting minor bug to small

Please let me know your bitcoin addresses to claim bounty

hexafraction
Sr. Member
****
Offline Offline

Activity: 392
Merit: 268

Tips welcomed: 1CF4GhXX1RhCaGzWztgE1YZZUcSpoqTbsJ


View Profile
January 03, 2015, 12:27:59 PM
 #27

None reported 3 major bugs.

i am giving 0.01 BTC for major bug to hexafraction,
also giving 0.01 BTC for interesting minor bug to small

Please let me know your bitcoin addresses to claim bounty


1G45ku6gQfiNYmPJoFaaMAYD2mx9zq16E

Quote
May be you can add some multisig capability where your registered users can login and confirm their wallet transactions in case they are getting hacked
Sorry, I didnt get this . Can you elaborate on how this should work?

I think the idea was something along the lines of blockonomics having a private key for multisig and using it to co-sign the transaction with an external key.

I have recently become active again after a long period of inactivity. Cryptographic proof that my account has not been compromised is available.
whitewhidow
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
January 03, 2015, 08:23:40 PM
 #28

Update

xxxxxxxxx  has found a major security flaw, he has registered and activated account with emailid field containing multiple fields separated by comma.

I will wait few more days for someone to report any more major bugs

Please don't post my email directly Smiley

Sorry, edited

edited, but its still in all your quotes guys ,  lol

TO WHOEVER STOL MY ACCOUNT AND WAS NOW USING IT AS HIS OWN,   FCK OFF PLEASE   
 - The REAL WHITEWHIDOW
btc_enigma (OP)
Hero Member
*****
Offline Offline

Activity: 692
Merit: 569


View Profile
January 04, 2015, 08:57:07 AM
 #29

tx submitted https://blockchain.info/tx-index/58d836af92faba264da061123a9ff6f1f360dad6af148a546d44dfa15713ec46

franckuestein
Legendary
*
Offline Offline

Activity: 1960
Merit: 1130


Truth will out!


View Profile WWW
January 04, 2015, 01:09:29 PM
 #30


I think that we didn't found major bugs on the site but @akula999 and me made some suggestions on the code/style and Query's, so maybe a tip could be nice!  Wink
Some browsers detect it as a problem so sending recommendations to you is helping, too  Cheesy

[ AVAILABLE SIGNATURE SPACE ]
josef2000
Sr. Member
****
Offline Offline

Activity: 280
Merit: 250


Bro, you need to try http://dadice.com


View Profile WWW
January 05, 2015, 11:21:18 AM
 #31

Update

hexafraction  has found a major security flaw, he has registered and activated account with emailid field containing multiple fields separated by comma.

I will wait few more days for someone to report any more major bugs

Quote
I cant prove this. you need to try this. just register any gmail account and try. The thing is, that someone, who knows the googleplus email of the victim, can register with the same email of the googleplus account. and the database and information is same
I have checked the database you tried to register test@test.com, but were not able to activate it because you don't own the email id. So even if you register no harm done. Real owner of test@test.com can still login with his/her googleplus account
I tried with another email, a gmail.
I successfully registered, but also can login with google plus with that email without the website password. All the informations saved in that account is same as the normal Email account(Wallet-watcher)

Email jcl051000@gmail.com

You need to try to register an gmail-Email. Then register an account with it on your website.
When you try to use Googleplus to login with that email, without even knowing the password of the website.

███████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
█   ⚂⚄⚀⚃⚅⚁    ██  d a d i c e  ██    Next Generation Dice Game
• Low 1% house edge. • Provably Fair.  
███████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!