bodgybrothers
Member
 Offline
Activity: 106
Merit: 10
|
 |
May 13, 2015, 09:40:37 AM |
|
it was a direct change to server side variables that store usernames.
This is a false statement. The variable that "buffoon" played with was on client-end (i.e. his browser end). The client side object was updated, it was sent to the server. The server then updated a variable with this new object. So it did infact update a server side variable. If you asked the server for the user list, it also updated the new username in the list and this represents a server side change happening. The server responded to chat with this variable, not the client. If it was only client side, no one would see the name change. You should also be aware, due to your ability to understand a hackers mind, that it was possible to run javascript on all connected client computers. One could have tipped themselves from another users account and slowly stolen large quantities of bitcoin by simply running some remote javascript code in your uses browsers and withdraw relativity small amounts available in the HW. It could have gone on for months without detection. It is interesting that you only assume the worst thing that happened was trolling, but I can assure you, your faithful users were being targeted for more than trolling. If it is only second on your list you might want to revisit your policy on critical security breach attempts. It always looks like a simple hack on the outside, but what one can do with a simple hack can be quite damaging. As mentioned in this thread by nnlmmn (or whatever his name is), someone could just have used another users name to gain trust and "borrow" bitcoin. Simple hacks are, of cause, the majority that occur. Like MT Gox, nothing complex there, but who knew about it? You can't dismiss the simplicity as less important than Lag. This attitude gets me offside, as it appears you are not humble enough to understand there is always a way in and your code is not perfect. You lack what many engineers have - "security fear". It's either due to ignorance or lack of experience. Be very clear, do not dismiss anything that comes to your attention. If this was my site, I would have run a maintenance page till it was resolved, not let it run for 15 hours. Your closing picture demonstrates your cockiness. And if your customers aren't scared of that, they should consider it heavily! |
|
|
|
|
|
|
|
|
|
|
|
Once a transaction has 6 confirmations, it is extremely unlikely that an attacker without at least 50% of the network's computation power would be able to reverse it.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
LFC_Bitcoin
Legendary
Offline
Activity: 3528
Merit: 9547
#1 VIP Crypto Casino
|
|
May 13, 2015, 09:43:08 AM |
|
Just a test of my new senior member signature - Sorry guys
Looks off, did you miss a "center" maybe? Think/hope I fixed it, thanks shorena. |
|
|
|
dadice_dev
Newbie
Offline
Activity: 48
Merit: 0
|
|
May 13, 2015, 11:13:57 AM
Last edit: May 13, 2015, 11:37:40 AM by dadice_dev |
|
It was possible to see the IP address of every user in your chat.
It was also possible to impersonate you and all your support/mods.
At da dice we are the one to decide priority and we have support from our community / players. Are you one of the players at Da Dice? Both of your statements are wrong and merely accusations  may be when you quote a programmer you should start paying attention to what they have wrote earlier, the IP he was talking about had nothing to do with chat and NO!! the mods carry a special title of "Mod" while staff carries "Staff" title, they were NOT able to impersonate this. Anyway I don't wish to pursue this any further, nevertheless this may be benefical to you but since I have addressed the issue I am not going to argue with you on how should we manage/run our casino. You are more then welcome to do this with your own one (no offence there mate!) ... again as I have stated earlier, this arena is big enough for all the fishes to swim and thrive so it should be accepted with open hearts or at the very least lets pretend to be grown ups here. @bodgybrothers ... I have decided to not quote you any further for a very simple reason: your posts doesn't make sense, exactly what server side object you're talking about there? you have no idea what you're talking about. Again, what you "would have" done, what "could have happened" and all the freagin' "coulds" and "woulds" are totally irrelevant. Since we know our audience, we know behind the scenes of Da Dice, leave that to us? ok? I don't care if you think that I should have created a scene by closing down the whole site just because of a moron troll! Your advices are irrelevant, you have been acting as a "buffer" of this whole incident, rest assured this was not a coincidence that you were around to copy entire chats and etc... ...so... If the purpose is just to slander and SPAM at this thread, proceed as you will! https://i.imgur.com/JpN0fBK.jpgp.s. If you haven't already noticed, let me put this clearly for you: "Nobody gives a fuck about the whole troll mumbojumbo!" that is unfairly being presented as critical with all the "woulds" and "coulds". Regarding the Nico guy, I have personally apologised for the delay to him. |
|
|
|
|
dadice (OP)
Sr. Member
Offline
Activity: 252
Merit: 250
DaDice Administration
|
|
May 13, 2015, 11:52:05 AM |
|
Just a test of my new senior member signature - Sorry guys
Looks off, did you miss a "center" maybe? Think/hope I fixed it, thanks shorena. Looking good now mate! |
<- My trust rating is a joke, due to the poor and worthless implementation of trust ratings at bitcointalk.org
|
|
|
LFC_Bitcoin
Legendary
Offline
Activity: 3528
Merit: 9547
#1 VIP Crypto Casino
|
|
May 13, 2015, 12:12:47 PM |
|
Just a test of my new senior member signature - Sorry guys
Looks off, did you miss a "center" maybe? Think/hope I fixed it, thanks shorena. Looking good now mate! Thanks boss |
|
|
|
dadice (OP)
Sr. Member
Offline
Activity: 252
Merit: 250
DaDice Administration
|
|
May 13, 2015, 12:14:08 PM |
|
Added to my website. I hope that OP is satisfied with screenshot and description (if not, PM me).
Thank you very much iawgoM, all looking good there |
<- My trust rating is a joke, due to the poor and worthless implementation of trust ratings at bitcointalk.org
|
|
|
shorena
Copper Member
Legendary
Offline
Activity: 1498
Merit: 1520
No I dont escrow anymore.
|
|
May 13, 2015, 12:26:25 PM |
|
-snip- @bodgybrothers ... I have decided to not quote you any further for a very simple reason: your posts doesn't make sense, exactly what server side object you're talking about there? you have no idea what you're talking about. Again, what you "would have" done, what "could have happened" and all the freagin' "coulds" and "woulds" are totally irrelevant. Since we know our audience, we know behind the scenes of Da Dice, leave that to us? ok? I don't care if you think that I should have created a scene by closing down the whole site just because of a moron troll! Your advices are irrelevant, you have been acting as a "buffer" of this whole incident, rest assured this was not a coincidence that you were around to copy entire chats and etc... ...so... If the purpose is just to slander and SPAM at this thread, proceed as you will! -picture- p.s. If you haven't already noticed, let me put this clearly for you: "Nobody gives a fuck about the whole troll mumbojumbo!" that is unfairly being presented as critical with all the "woulds" and "coulds". Regarding the Nico guy, I have personally apologised for the delay to him. Let me just ask you a few questions regarding this. Did bodgybrothers disclose the bug to you? If they did not, who did? Did anyone? Did you pay a bug bounty? If you did, how much? If not, why not? Is the bug fixed? If not, when will it be fixed? If yes, is it a temp fix or a proper fix? |
Im not really here, its just your imagination.
|
|
|
|
|
bodgybrothers
Member
Offline
Activity: 106
Merit: 10
|
|
May 13, 2015, 01:00:01 PM |
|
Shows the effort they put into this site. Imagine the server side code cut and pasted from various stackoverflow responses. |
|
|
|
|
dadice_dev
Newbie
Offline
Activity: 48
Merit: 0
|
|
May 13, 2015, 01:11:28 PM |
|
Let me just ask you a few questions regarding this.
Did bodgybrothers disclose the bug to you?
If they did not, who did? Did anyone?
Did you pay a bug bounty?
If you did, how much?
If not, why not?
Is the bug fixed?
If not, when will it be fixed?
If yes, is it a temp fix or a proper fix?
Good question. No bodgybrother alongside his friend didn't disclose this to us, the guy we now refer as "buffoon" did. There is no bug bounty when you abuse the bug. A proper fix has been implemented |
|
|
|
|
bodgybrothers
Member
Offline
Activity: 106
Merit: 10
|
|
May 13, 2015, 01:31:37 PM |
|
Let me just ask you a few questions regarding this.
Did bodgybrothers disclose the bug to you?
If they did not, who did? Did anyone?
Did you pay a bug bounty?
If you did, how much?
If not, why not?
Is the bug fixed?
If not, when will it be fixed?
If yes, is it a temp fix or a proper fix?
Good question. No bodgybrother alongside his friend didn't disclose this to us, the guy we now refer as "buffoon" did. There is no bug bounty when you abuse the bug. A proper fix has been implemented  |
|
|
|
|
dadice (OP)
Sr. Member
Offline
Activity: 252
Merit: 250
DaDice Administration
|
|
May 13, 2015, 01:39:30 PM |
|
Let me just ask you a few questions regarding this.
Did bodgybrothers disclose the bug to you?
If they did not, who did? Did anyone?
Did you pay a bug bounty?
If you did, how much?
If not, why not?
Is the bug fixed?
If not, when will it be fixed?
If yes, is it a temp fix or a proper fix?
Good question. No bodgybrother alongside his friend didn't disclose this to us, the guy we now refer as "buffoon" did. There is no bug bounty when you abuse the bug. A proper fix has been implemented What you are doing here is trolling! All issues were fixed. Secondly most Dice sites [others as well] had issues after going online, that is very well documented in this fine forum. |
<- My trust rating is a joke, due to the poor and worthless implementation of trust ratings at bitcointalk.org
|
|
|
bodgybrothers
Member
Offline
Activity: 106
Merit: 10
|
|
May 13, 2015, 01:52:33 PM |
|
What you are doing here is trolling! All issues were fixed. Secondly most Dice sites [others as well] had issues after going online, that is very well documented in this fine forum.
Yes, yes I am. But you have to admit you are an easy target. Good luck with your awesome site. |
|
|
|
|
|
michinzx
|
|
May 13, 2015, 01:53:54 PM |
|
It was possible to see the IP address of every user in your chat. -> Nonsense
It was also possible to impersonate you and all your support/mods. -> Nonsense
At least da dice officials don't have to go to other dices threads just to show off signature, they have a very successful signature campaign I understand your frustration since you're the only one to carry your banner all over the forum. Must be lonely  have to agree that the signature campaign is very successful and popular but theres a lot of antagonizing posts from this guy, if something like the investment page was a real issue contacting by pm to resolve the matter privately wouldve been a much more professional way of handling the issue. |
|
|
|
|
dadice_dev
Newbie
Offline
Activity: 48
Merit: 0
|
|
May 13, 2015, 01:55:10 PM |
|
It was possible to see the IP address of every user in your chat. -> Nonsense
It was also possible to impersonate you and all your support/mods. -> Nonsense
At least da dice officials don't have to go to other dices threads just to show off signature, they have a very successful signature campaign I understand your frustration since you're the only one to carry your banner all over the forum. Must be lonely LOL... Enviousness is pretty obvious... A site that has been around for 2 years now have currently 19 users online as compared to the site that has been online for 2 months having 80 online at very same moment. Mr. buffoon and his "leash-keeper" webmaster, as I have stated that I don't intend to quote you or persuade your BS. There was a bug, and it has been fixed! What you're doing now is SPAMMING. I am really sad to admit that the one other program I am refering to now was considered with respect from our team as one of the current leaders. Alas they have lost that priviledge with this kind of unseriousness. Just for a couple of spammers here, who have no respect for ethics and moral values, nor they are capable of showing matuirty at any level = TROLLS.  https://i.imgur.com/wzFNarh.gif |
|
|
|
|
|
Da_Dice_Staff
|
|
May 13, 2015, 01:57:35 PM |
|
It was possible to see the IP address of every user in your chat. -> Nonsense
It was also possible to impersonate you and all your support/mods. -> Nonsense
At least da dice officials don't have to go to other dices threads just to show off signature, they have a very successful signature campaign I understand your frustration since you're the only one to carry your banner all over the forum. Must be lonely have to agree that the signature campaign is very successful and popular but theres a lot of antagonizing posts from this guy, if something like the investment page was a real issue contacting by pm to resolve the matter privately wouldve been a much more professional way of handling the issue. Well said |
|
|
|
|
|
fox19891989
|
|
May 13, 2015, 02:30:07 PM |
|
It was possible to see the IP address of every user in your chat. -> Nonsense
It was also possible to impersonate you and all your support/mods. -> Nonsense
At least da dice officials don't have to go to other dices threads just to show off signature, they have a very successful signature campaign I understand your frustration since you're the only one to carry your banner all over the forum. Must be lonely LOL... Enviousness is pretty obvious... A site that has been around for 2 years now have currently 19 users online as compared to the site that has been online for 2 months having 80 online at very same moment. Mr. buffoon and his "leash-keeper" webmaster, as I have stated that I don't intend to quote you or persuade your BS. There was a bug, and it has been fixed! What you're doing now is SPAMMING. I am really sad to admit that the one other program I am refering to now was considered with respect from our team as one of the current leaders. Alas they have lost that priviledge with this kind of unseriousness. Just for a couple of spammers here, who have no respect for ethics and moral values, nor they are capable of showing matuirty at any level = TROLLS.  Yeah, he is trolling here, wow only 19 players online are very pathetic for a 2 years old dice site, they know it is hard to compete with dadice, so they came here to troll, dadice is a famous site now in btc community, around 200 daily active players? Good signature campaign and twitter campaign makes dadice to da moon  |
|
|
|
|
dadice_dev
Newbie
Offline
Activity: 48
Merit: 0
|
|
May 13, 2015, 02:37:49 PM |
|
Yeah, he is trolling here, wow only 19 players online are very pathetic for a 2 years old dice site, they know it is hard to compete with dadice, so they came here to troll, dadice is a famous site now in btc community, around 200 daily active players? Good signature campaign and twitter campaign makes dadice to da moon hey fox! thanks for the compliments buddy! I agree with @crazykiddo above... I think the buffoon is up to trolling only, but his "leash-keeper" is off to some bad marketing tactics. |
|
|
|
|
|
LiQuidx
|
|
May 13, 2015, 02:49:52 PM |
|
The site has a really nice design lots of features and an awesome leveling faucet. The people in chat are really friendly and always eager to help. I would recommend playing here. It's really fun! Keep up the good work guys. |
|
|
|
Csongi
Newbie
Offline
Activity: 1
Merit: 0
|
|
May 13, 2015, 03:09:22 PM |
|
Very good gambling site. In my opinion, the best! It has a leveling system, so you can level up and get higher faucet. People are awesome in the chat. I can only recommend DaDice, it's really good to gamble here. |
|
|
|
|
|
