Topic: 1Broker.com - Vulnerabilty & bug bounty - page 2. (Read 7496 times)
Yes you can count me in, and thanks for the payment :-)
Quote
Nothing found apart of Leet ports and Gangnam Style cookies :p
I'm not really skilled I guess
Good I'm not really skilled I guess
Thanks for trying!Quote
If it was me I would word it totally differently though,
Very good! Rewarded you with 0.075 BTCQuote
Account Security
We advice that you keep your login details secure and never reveal them or write them down. You use our service at your own risk and liability, every effort has been taken in ensuring your account is secure and our servers and software are tested regularly. As such, should your account be compromised as a result of your negligence we accept no liability and will not refund your account.
We advice that you keep your login details secure and never reveal them or write them down. You use our service at your own risk and liability, every effort has been taken in ensuring your account is secure and our servers and software are tested regularly. As such, should your account be compromised as a result of your negligence we accept no liability and will not refund your account.
In general our language quality is not what I expect it to be. Therefore, I'm now searching for an English native speaker who helps us to rewrite some things, write "news" and helps with language problems in general. Of course this person gets some BTCs for his/her work.
If anyone is interested to do this small job (<1h/week) convince me that you have the required language skills, especially with formal/marketing language. If more persons want to do this I will try to pick the best one in the next few days. Can I count you in, whitenight639?
Nothing found apart of Leet ports and Gangnam Style cookies :p
I'm not really skilled I guess
I'm not really skilled I guess
https://1broker.com/?c=about_tos
This is Bad Grammar, and doesn’t make sense are you trying to say the following:
OR are you trying to say:
If it was me I would word it totally differently though,
P.s I can re-write the rest of you Legal pages if you like.
12j2DRmNAW9ZQRGbSFvZUT56PuGNRj1bW7
Quote
Account Hack
If our system has/had no weaknesses which make a hack of a customer account possible we will not refund stolen Bitcoins. Every customer is advised to use safe and unique passwords and to store the Master Key at a safe place.
If our system has/had no weaknesses which make a hack of a customer account possible we will not refund stolen Bitcoins. Every customer is advised to use safe and unique passwords and to store the Master Key at a safe place.
This is Bad Grammar, and doesn’t make sense are you trying to say the following:
Quote
Account Hack
If our system has or is found to have weaknesses which make compromising customer account(s) possible we will not refund the stolen Bitcoins. Every customer is advised to use safe and unique passwords and to store the Master Key at a safe place.
If our system has or is found to have weaknesses which make compromising customer account(s) possible we will not refund the stolen Bitcoins. Every customer is advised to use safe and unique passwords and to store the Master Key at a safe place.
OR are you trying to say:
Quote
Account Hack
Our system has no known weaknesses which make a hack of a customer account possible, we will not refund stolen Bitcoins. Every customer is advised to use safe and unique passwords and to store the Master Key at a safe place.
Our system has no known weaknesses which make a hack of a customer account possible, we will not refund stolen Bitcoins. Every customer is advised to use safe and unique passwords and to store the Master Key at a safe place.
If it was me I would word it totally differently though,
Quote
Account Security
We advice that you keep your login details secure and never reveal them or write them down. You use our service at your own risk and liability, every effort has been taken in ensuring your account is secure and our servers and software are tested regularly. As such, should your account be compromised as a result of your negligence we accept no liability and will not refund your account.
We advice that you keep your login details secure and never reveal them or write them down. You use our service at your own risk and liability, every effort has been taken in ensuring your account is secure and our servers and software are tested regularly. As such, should your account be compromised as a result of your negligence we accept no liability and will not refund your account.
P.s I can re-write the rest of you Legal pages if you like.
12j2DRmNAW9ZQRGbSFvZUT56PuGNRj1bW7
Quote
1; Upon transaction sent, show the user that the transaction is confirming and the amount of it. Just to have the newcomers to know things are happening behind.
Good suggestion. Added it to the TODO list.Quote
2; Create a dashboard page, having data centralized is much more easy to navigate.
I'll think about this.Quote
3; API, of course, which could grab the Bitcoin community attention + increase your service popularity.
It is on the long-term TODO list.Quote
Wish you good business.
Thanks 
Hi, glad I found this service despite I am only holding a really tiny amount of coins.
Just a bit of suggestion to your service.
1; Upon transaction sent, show the user that the transaction is confirming and the amount of it. Just to have the newcomers to know things are happening behind.
2; Create a dashboard page, having data centralized is much more easy to navigate.
3; API, of course, which could grab the Bitcoin community attention + increase your service popularity.
Wish you good business.
Just a bit of suggestion to your service.
1; Upon transaction sent, show the user that the transaction is confirming and the amount of it. Just to have the newcomers to know things are happening behind.
2; Create a dashboard page, having data centralized is much more easy to navigate.
3; API, of course, which could grab the Bitcoin community attention + increase your service popularity.
Wish you good business.
Sorry for the delayed answer.
Sent you 0.125 BTC.
Quote
https://1broker.com/?c=contact
it says "bug- and feature requests send to:" with a '-' after 'bug'
In Searching:
Not sure if it's bug:
when search for 'inc', there's a name "Nokia Oyj" on the bottom, with 0 bid and ask, and it doesn't show in any categories
Good finds! Thanks!it says "bug- and feature requests send to:" with a '-' after 'bug'
In Searching:
Not sure if it's bug:
when search for 'inc', there's a name "Nokia Oyj" on the bottom, with 0 bid and ask, and it doesn't show in any categories
Quote
1. it seems that leverage has 1~15 range, as it keeps jumping to 15 input a larger number, but input as 0.1 is allowed, which will jump to 1 when clicking -/+ again, it's confusing.
Intentional. The more auto corrections, the more annoying it can get when editing the value. You can see a list of the maximum leverages here: https://1broker.com/?c=cfdsQuote
2. not sure if desired: when right click on the -/+ for leverage, the number auto-decrease/increase, and click again will stop it
In general a slider would be better here and will be implemented sometime.Quote
3. if input any invalid charactors in leverage, like '-', '*', when there's an amount, the feedback says "In words: If the price of *** goes up by 1% you will win NaN BTC", the NaN looks too Javascript
Right.Quote
suggestion:
highlight the current one if selected:
Account Info
Access Log
Transaction Log
Account Settings
Yeah this needs a redesign.highlight the current one if selected:
Account Info
Access Log
Transaction Log
Account Settings
Sent you 0.125 BTC.
https://1broker.com/?c=contact
it says "bug- and feature requests send to:" with a '-' after 'bug'
In Searching:
Not sure if it's bug:
when search for 'inc', there's a name "Nokia Oyj" on the bottom, with 0 bid and ask, and it doesn't show in any categories
In 'Open order':
(Chrome Version 24.0.1312.52)
1. it seems that leverage has 1~15 range, as it keeps jumping to 15 input a larger number, but input as 0.1 is allowed, which will jump to 1 when clicking -/+ again, it's confusing.
2. not sure if desired: when right click on the -/+ for leverage, the number auto-decrease/increase, and click again will stop it
3. if input any invalid charactors in leverage, like '-', '*', when there's an amount, the feedback says "In words: If the price of *** goes up by 1% you will win NaN BTC", the NaN looks too Javascript
suggestion:
highlight the current one if selected:
Account Info
Access Log
Transaction Log
Account Settings
it says "bug- and feature requests send to:" with a '-' after 'bug'
In Searching:
Not sure if it's bug:
when search for 'inc', there's a name "Nokia Oyj" on the bottom, with 0 bid and ask, and it doesn't show in any categories
In 'Open order':
(Chrome Version 24.0.1312.52)
1. it seems that leverage has 1~15 range, as it keeps jumping to 15 input a larger number, but input as 0.1 is allowed, which will jump to 1 when clicking -/+ again, it's confusing.
2. not sure if desired: when right click on the -/+ for leverage, the number auto-decrease/increase, and click again will stop it
3. if input any invalid charactors in leverage, like '-', '*', when there's an amount, the feedback says "In words: If the price of *** goes up by 1% you will win NaN BTC", the NaN looks too Javascript
suggestion:
highlight the current one if selected:
Account Info
Access Log
Transaction Log
Account Settings
edit: I think if you capitalize the last V it works:
19VYu6KyJ56jegfYCqSWxgZDnSkHLb8gsV
Worked 19VYu6KyJ56jegfYCqSWxgZDnSkHLb8gsV
Thanks for the research. Wanted to send 0.025 BTC but bitcoind says to your signature address:
Code:
<./bitcoind validateaddress 19VYu6KyJ56jegfYCqSWxgZDnSkHLb8gsv
>{
> "isvalid" : false
>}
hmm, 9 transactions have been successfully processed to this address: http://blockchain.info/address/19VYu6KyJ56jegfYCqSWxgZDnSkHLb8gsv
edit: I think if you capitalize the last V it works:
19VYu6KyJ56jegfYCqSWxgZDnSkHLb8gsV
I don't know how that happened. thank you, btw!
On https://1broker.com/?c=about_privacy there are 7 occurrences of "Personal identification information." The conventional way to state this according to http://en.wikipedia.org/wiki/Personally_identifiable_information is in one of four ways:
Personally Identifiable Information
Personally Identifying Information
Personal Identifying Information
Personal Identifiable Information
Other sources for this nomenclature:
http://www.doncio.navy.mil/ContentView.aspx?id=2428
http://www.dol.gov/dol/ppii.htm#.UPZoVaG8HrE
http://www.dhs.gov/xlibrary/assets/privacy/privacy_guide_spii_handbook.pdf
Personally Identifiable Information
Personally Identifying Information
Personal Identifying Information
Personal Identifiable Information
Other sources for this nomenclature:
http://www.doncio.navy.mil/ContentView.aspx?id=2428
http://www.dol.gov/dol/ppii.htm#.UPZoVaG8HrE
http://www.dhs.gov/xlibrary/assets/privacy/privacy_guide_spii_handbook.pdf
Thanks for the research. Wanted to send 0.025 BTC but bitcoind says to your signature address:
Code:
<./bitcoind validateaddress 19VYu6KyJ56jegfYCqSWxgZDnSkHLb8gsv
>{
> "isvalid" : false
>}
Anyone confirms this is legit?
On https://1broker.com/?c=about_privacy there are 7 occurrences of "Personal identification information." The conventional way to state this according to http://en.wikipedia.org/wiki/Personally_identifiable_information is in one of four ways:
Personally Identifiable Information
Personally Identifying Information
Personal Identifying Information
Personal Identifiable Information
Other sources for this nomenclature:
http://www.doncio.navy.mil/ContentView.aspx?id=2428
http://www.dol.gov/dol/ppii.htm#.UPZoVaG8HrE
http://www.dhs.gov/xlibrary/assets/privacy/privacy_guide_spii_handbook.pdf
Personally Identifiable Information
Personally Identifying Information
Personal Identifying Information
Personal Identifiable Information
Other sources for this nomenclature:
http://www.doncio.navy.mil/ContentView.aspx?id=2428
http://www.dol.gov/dol/ppii.htm#.UPZoVaG8HrE
http://www.dhs.gov/xlibrary/assets/privacy/privacy_guide_spii_handbook.pdf
I closed position at BTC/USD, got 0.09603989 BTC, placed all on "Short" with leverage at 5 and immidiately lost 0.0028 BTC (-2.95%). 
I haven't noticed any price change inbetween moment of closing and opening position. What I am missing there?
Every CFD has a Bid and an Ask price. If you open a short position you sell for the bid price. The -2.95% shows what you would get if you close the position (buy it back for the ask price).I haven't noticed any price change inbetween moment of closing and opening position. What I am missing there?
The bid is always lower than the ask price price so everytime a position is opened you start with a small loss. (... and higher leverages result in a greater initial loss of course) This is called the spread which exists in all financial markets around the world.
Balance shown on right side should be accurate to 8 digits. I just tried to ForEx a little with BTC/USD, clicked on "Short", copy
pasted balance value shown - 0.0976 - to "Amount/Margin" field, clicked on "Open Order" and ended surprised with "Insufficient
funds!" message. It took me a while to find out I actualy have less than 0.0976 BTC!
https://i.imgur.com/NSyR6.png
Known problem. Full precision is not shown everywhere, because it wouldn't look good. However, I changed it to Math.floor() instead of Math.round() => you won't see that problem again. Additionally, now it also shows a full precision tooltip onmouseover.pasted balance value shown - 0.0976 - to "Amount/Margin" field, clicked on "Open Order" and ended surprised with "Insufficient
funds!" message. It took me a while to find out I actualy have less than 0.0976 BTC!
https://i.imgur.com/NSyR6.png
Autocomplete attribute is not disabled in HTML form / input element containing password type input. Passwords may be stored in browsers
and retrieved.
or
Whenever possible ensure the cache-control HTTPHeader is set with no-cache, no-store, must-revalidate and private.
This is intentional. I don't want to overrule users here. Some people want to handle their passwords with Lastpass or a Firefox master password. (including myself) The autocomplete=off is really annoying sometimes. (However, Master Key inputs have the autocomplete=off parameter of course)and retrieved.
or
Whenever possible ensure the cache-control HTTPHeader is set with no-cache, no-store, must-revalidate and private.
0.1 BTC for the private attribute in Cache control of images (very few attack possibilities, if any)
You want it to your 1Broker account or to a specific Bitcoin address?
1Broker account please, I'm currious how long will it take me to lose everything due to my (stock)exchange bad luck.
BTW, fees page could be more clear - 0.00 BTC does not neccessarly equal "no BTC will be taken". 8 decimal places would remove doubt.
Fees page updated.Quote
Quote
Quote
I have more of a question than bug. I looked at this picture https://1broker.com/img/about_security1.jpg
What character set is used on this paper and is it font that enables telling the difference between l, I, o, O and 0?
I saw oO0 and l but no I.
Extremely good find. I can't remember what font was used, but the l(L) is slightly higher and thinner than the I(i). I think you can see this at the beginning of the second last line of the first sheet. (IRL it's clearly visible)What character set is used on this paper and is it font that enables telling the difference between l, I, o, O and 0?
I saw oO0 and l but no I.
Nevertheless I'll reward you with 0.1 BTC for this, and I'll switch to better font of course. (And I need your Bitcoin address too)
1AWHB4h1ZprDZpBkALPxEuPtvaZRwzrG5D
That would be embarrassing if OCR couldn't read it too, and someone had to manually process this backup.
Yeah manual processing would be horrible, but backups are also stored on USB sticks.Thanks and 0.1 sent!
I have more of a question than bug. I looked at this picture https://1broker.com/img/about_security1.jpg
What character set is used on this paper and is it font that enables telling the difference between l, I, o, O and 0?
I saw oO0 and l but no I.
Extremely good find. I can't remember what font was used, but the l(L) is slightly higher and thinner than the I(i). I think you can see this at the beginning of the second last line of the first sheet. (IRL it's clearly visible)What character set is used on this paper and is it font that enables telling the difference between l, I, o, O and 0?
I saw oO0 and l but no I.
Nevertheless I'll reward you with 0.1 BTC for this, and I'll switch to better font of course. (And I need your Bitcoin address too)
1AWHB4h1ZprDZpBkALPxEuPtvaZRwzrG5D
That would be embarrassing if OCR couldn't read it too, and someone had to manually process this backup.
Autocomplete attribute is not disabled in HTML form / input element containing password type input. Passwords may be stored in browsers
and retrieved.
or
Whenever possible ensure the cache-control HTTPHeader is set with no-cache, no-store, must-revalidate and private.
This is intentional. I don't want to overrule users here. Some people want to handle their passwords with Lastpass or a Firefox master password. (including myself) The autocomplete=off is really annoying sometimes. (However, Master Key inputs have the autocomplete=off parameter of course)and retrieved.
or
Whenever possible ensure the cache-control HTTPHeader is set with no-cache, no-store, must-revalidate and private.
0.1 BTC for the private attribute in Cache control of images (very few attack possibilities, if any)
You want it to your 1Broker account or to a specific Bitcoin address?
I have more of a question than bug. I looked at this picture https://1broker.com/img/about_security1.jpg
What character set is used on this paper and is it font that enables telling the difference between l, I, o, O and 0?
I saw oO0 and l but no I.
Extremely good find. I can't remember what font was used, but the l(L) is slightly higher and thinner than the I(i). I think you can see this at the beginning of the second last line of the first sheet. (IRL it's clearly visible)What character set is used on this paper and is it font that enables telling the difference between l, I, o, O and 0?
I saw oO0 and l but no I.
Nevertheless I'll reward you with 0.1 BTC for this, and I'll switch to better font of course. (And I need your Bitcoin address too)
I have more of a question than bug. I looked at this picture https://1broker.com/img/about_security1.jpg
What character set is used on this paper and is it font that enables telling the difference between l, I, o, O and 0?
I saw oO0 and l but no I.
What character set is used on this paper and is it font that enables telling the difference between l, I, o, O and 0?
I saw oO0 and l but no I.
Jump to: