[BOUNTY] 0.03 BTC for testing

[btc_enigma]

@btc_enigma, did you solved the scripts pointing to the correct location as well as the scripts references?
Me and a user after my comment reported that problem and I just want to know if everything is ok now and your site is fully optimized

Thanks!

Hey thanks, we are still fixing it

[1715397410]

1715397410

[btc_enigma]

Update

hexafraction  has found a major security flaw, he has registered and activated account with emailid field containing multiple fields separated by comma.

I will wait few more days for someone to report any more major bugs

I cant prove this. you need to try this. just register any gmail account and try. The thing is, that someone, who knows the googleplus email of the victim, can register with the same email of the googleplus account. and the database and information is same

I have checked the database you tried to register test@test.com, but were not able to activate it because you don't own the email id. So even if you register no harm done. Real owner of test@test.com can still login with his/her googleplus account

[hexafraction]

Update

hexafraction AT gmail DOT com  has found a major security flaw, he has registered and activated account with emailid field containing multiple fields separated by comma.

I will wait few more days for someone to report any more major bugs

Please don't post my email directly

[btc_enigma]

Please don't post my email directly

Sorry, edited

[btc_enigma]

Oh! What a wonderful idea for a service / website. May be you can add some multisig capability where your registered users can login and confirm their wallet transactions in case they are getting hacked. Just thinking out loud. Bravo!

thanks, please considering subscribing to our project development thread https://bitcointalk.org/index.php?topic=880995.0. You can follow updates to our site here.

May be you can add some multisig capability where your registered users can login and confirm their wallet transactions in case they are getting hacked

Sorry, I didnt get this . Can you elaborate on how this should work?

[btc_enigma]

None reported 3 major bugs.

i am giving 0.01 BTC for major bug to hexafraction,
also giving 0.01 BTC for interesting minor bug to small

Please let me know your bitcoin addresses to claim bounty

[hexafraction]

None reported 3 major bugs.

i am giving 0.01 BTC for major bug to hexafraction,
also giving 0.01 BTC for interesting minor bug to small

Please let me know your bitcoin addresses to claim bounty

1G45ku6gQfiNYmPJoFaaMAYD2mx9zq16E

May be you can add some multisig capability where your registered users can login and confirm their wallet transactions in case they are getting hacked

Sorry, I didnt get this . Can you elaborate on how this should work?

I think the idea was something along the lines of blockonomics having a private key for multisig and using it to co-sign the transaction with an external key.

[whitewhidow]

Update

xxxxxxxxx  has found a major security flaw, he has registered and activated account with emailid field containing multiple fields separated by comma.

I will wait few more days for someone to report any more major bugs

Please don't post my email directly

Sorry, edited

edited, but its still in all your quotes guys ,  lol

[btc_enigma]

tx submitted https://blockchain.info/tx-index/58d836af92faba264da061123a9ff6f1f360dad6af148a546d44dfa15713ec46

[franckuestein]

tx submitted https://blockchain.info/tx-index/58d836af92faba264da061123a9ff6f1f360dad6af148a546d44dfa15713ec46

I think that we didn't found major bugs on the site but @akula999 and me made some suggestions on the code/style and Query's, so maybe a tip could be nice!  
Some browsers detect it as a problem so sending recommendations to you is helping, too  

[josef2000]

Update

hexafraction  has found a major security flaw, he has registered and activated account with emailid field containing multiple fields separated by comma.

I will wait few more days for someone to report any more major bugs

I cant prove this. you need to try this. just register any gmail account and try. The thing is, that someone, who knows the googleplus email of the victim, can register with the same email of the googleplus account. and the database and information is same

I have checked the database you tried to register test@test.com, but were not able to activate it because you don't own the email id. So even if you register no harm done. Real owner of test@test.com can still login with his/her googleplus account

I tried with another email, a gmail.
I successfully registered, but also can login with google plus with that email without the website password. All the informations saved in that account is same as the normal Email account(Wallet-watcher)

Email jcl051000@gmail.com

You need to try to register an gmail-Email. Then register an account with it on your website.
When you try to use Googleplus to login with that email, without even knowing the password of the website.