I don't think this incident did any harm to exchange-api users.
As far as I understand, the problem was mainly that some leaked data got cached on some search engines like google and was therefor longer available and publicly readable.
But as an user of exchange api's this would not affect us, because api calls are surely not indexed by spiders. I this incident is more of a problem for "normal sites". But I could be wrong here.
Some other things to put into perspective:
- Only sites which used cloudflare are possibly affected. (Here a list of possibly affected sites).
In our CAT perspective: Possibly affected: btc-e.com, poloniex.com, kraken.com.
All other trading sites, f.e. bitstamp.net, bittrex, bitfinex are surely not affected.
- The greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage (that’s about 0.00003% of requests).
Meaning: If you didn't use CAT on this timespan on the mentioned exchanges there was most surely no leak of your data.
As you can also see, only 0.00003% of requests were affected by this leak. It is highly inlikely that someone of here was even inside those requests.
And even if they were, those requests must have been captured or cached to become a serious problem. The probability for that is even smaller.
- If you have withdrawal disabled on your api key, any possible leak could not directly steal any funds from you. The only thing an attacker could do is buy/sell coins on your behalf, but they would still remains on your account. It is not even sure, that anyone was/is trying to make profit of this leak. I would really doubt that anyone would just messing around with some unknown trading portfolio if he can't use the fund for himself afterwards.
So, as far as I can see, only 3 sites from here are affected and it's highly unlikely to be even a real problem.
I don't think its necessary to change the keys. If your paranoid you can change btc-e, polo and kraken if you used them in the mentioned timespan.
Just my two cents.
Topic: 【BOT】 🌟 C.A.T. Cryptocurrency Automatic Trader 🌟 (New Price List 04/2021) - page 126. (Read 531511 times)
February 25, 2017, 07:10:00 AM
February 25, 2017, 05:34:03 AM
NEVER CHANGE YOUR API KEY
Or you won't be able to use CAT.
I know there's a problem on poloniex. Hope they'll be able to solve.
Your API Key should not have the withdraw option activated, so no risk for you.
Or you won't be able to use CAT.
I know there's a problem on poloniex. Hope they'll be able to solve.
Your API Key should not have the withdraw option activated, so no risk for you.
Hi, Sampey
After the recent #Cloudbleed
discovery users of most cryptoexchanges are strongly advised to change their passwords, 2FA and APIs 
But after that we won't be able to use C.A.T.!
So what would you propose to solve this problem?
February 24, 2017, 08:22:25 PM
NEVER CHANGE YOUR API KEY
Or you won't be able to use CAT.
I know there's a problem on poloniex. Hope they'll be able to solve.
Your API Key should not have the withdraw option activated, so no risk for you.
Or you won't be able to use CAT.
I know there's a problem on poloniex. Hope they'll be able to solve.
Your API Key should not have the withdraw option activated, so no risk for you.
Maybe, I am wrong, but it has a trading ability. Somebody could trade on my expenses to his crap coin!
I think we should find another mechanism that allows us to change the keys by our own. E.g., to have an account with you, and get there a key, which only fits to exchanges we paid for.
Make a CAT key pair for each user. In each version you just give in the keys and allowed exchanges for that key. Then we can use our own keys as we need to.
February 24, 2017, 06:01:20 PM
Considering recent price rise i will give a 15% Discount during all the Weekend!!
February 24, 2017, 03:37:49 PM
Tomorrow BETA will be ready.
I need to add 3 things, but it's not about system test, if you want to try the beta pm me
I need to add 3 things, but it's not about system test, if you want to try the beta pm me
February 24, 2017, 03:36:57 PM
I'm thinking about it......but i'm not sure there's a solution......if you have auto.backup probably best solution is to reload.
AND.....in CAT 4.8 ....
I do nothing now; - I will wait for 4.8 AND.....in CAT 4.8 ....
February 24, 2017, 01:38:27 PM
I'm thinking about it......but i'm not sure there's a solution......if you have auto.backup probably best solution is to reload.
AND.....in CAT 4.8 there will be the restore WITHOUT any prompt message/confirmation message : 1 Click -> RESTORE ALL
AND.....in CAT 4.8 there will be the restore WITHOUT any prompt message/confirmation message : 1 Click -> RESTORE ALL
Code:
1 Click -> RESTORE ALL
ahh...wonderful
February 24, 2017, 01:34:08 PM
I'm thinking about it......but i'm not sure there's a solution......if you have auto.backup probably best solution is to reload.
AND.....in CAT 4.8 there will be the restore WITHOUT any prompt message/confirmation message : 1 Click -> RESTORE ALL
AND.....in CAT 4.8 there will be the restore WITHOUT any prompt message/confirmation message : 1 Click -> RESTORE ALL
February 24, 2017, 01:28:23 PM
Are we talking about a new frozen situation than yesterday?
If yes can you explain me what action did you perform and check if there's a log in CATSystem Folder? Something like CAT_LOG.
JAVA 8 on your operative system is the official one right? Not OPEN JDK i hope...
not a new rozen situation, its from yesterday.If yes can you explain me what action did you perform and check if there's a log in CATSystem Folder? Something like CAT_LOG
JAVA 8 on your operative system is the official one right? Not OPEN JDK i hope...
have done nothing yet because only killall possible seems
Code:
java -version
java version "1.8.0_121"
Java(TM) SE Runtime Environment (build 1.8.0_121-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.121-b13, mixed mode)
February 24, 2017, 01:15:49 PM
Are we talking about a new frozen situation than yesterday?
If yes can you explain me what action did you perform and check if there's a log in CATSystem Folder? Something like CAT_LOG.
JAVA 8 on your operative system is the official one right? Not OPEN JDK i hope...
If yes can you explain me what action did you perform and check if there's a log in CATSystem Folder? Something like CAT_LOG
JAVA 8 on your operative system is the official one right? Not OPEN JDK i hope...
February 24, 2017, 01:13:28 PM
Someone suggest to create EXE files
http://stackoverflow.com/questions/1057247/how-can-i-set-the-process-name-for-a-java-program
But, when you say "kill only the exchange" you mean that you were logged on more than 1 exchange and you want to kill 1 process and let the others run on the same CAT instance?
That's not possible for sure because it's not a separate process.
In CAT process are
- Ping Pong Algorithm
- Some asynchronous routines
- Auto-backup/General checking routines.
The fact that you log on 2 or more exchanges doesnt creates 2 ore more process.
it seems to me that the other tasks (exchanges) are workinghttp://stackoverflow.com/questions/1057247/how-can-i-set-the-process-name-for-a-java-program
But, when you say "kill only the exchange" you mean that you were logged on more than 1 exchange and you want to kill 1 process and let the others run on the same CAT instance?
That's not possible for sure because it's not a separate process.
In CAT process are
- Ping Pong Algorithm
- Some asynchronous routines
- Auto-backup/General checking routines.
The fact that you log on 2 or more exchanges doesnt creates 2 ore more process.
e.g.
GENERAL_API_LOG_...
the time only is minutes ago...
only the GUI is inaccessible..
February 24, 2017, 01:06:02 PM
Hum well.....all lines seems equals.....is this screenshot a taskmanager??
its from htop in linux... February 24, 2017, 01:03:46 PM
Someone suggest to create EXE files
http://stackoverflow.com/questions/1057247/how-can-i-set-the-process-name-for-a-java-program
But, when you say "kill only the exchange" you mean that you were logged on more than 1 exchange and you want to kill 1 process and let the others run on the same CAT instance?
That's not possible for sure because it's not a separate process.
In CAT process are
- Ping Pong Algorithm
- Some asynchronous routines
- Auto-backup/General checking routines.
The fact that you log on 2 or more exchanges doesnt creates 2 ore more process.
http://stackoverflow.com/questions/1057247/how-can-i-set-the-process-name-for-a-java-program
But, when you say "kill only the exchange" you mean that you were logged on more than 1 exchange and you want to kill 1 process and let the others run on the same CAT instance?
That's not possible for sure because it's not a separate process.
In CAT process are
- Ping Pong Algorithm
- Some asynchronous routines
- Auto-backup/General checking routines.
The fact that you log on 2 or more exchanges doesnt creates 2 ore more process.
February 24, 2017, 01:00:37 PM
Hum well.....all lines seems equals.....is this screenshot a taskmanager??
February 24, 2017, 12:57:03 PM
Do you have auto-backup active?
If yes get the last version and reload in a new CAT copy.
I will take a look at this error.
Are you using 4.7 right?
is it possible that this is a Java graphic issue?
(only whole CAT window is able to minimize/maximize)
is it possible to close or kill only this one exchange that freezes the CAT?
how to find which one to kill?
thx
February 24, 2017, 06:02:26 AM
yes 4.8 sorry 
I need to add and test something more on 4.8 but things are 99% tested.
The concept of "stability" is very hard sometimes : you can use CAT in 1000 ways.
Usually i test in a precise way according to test technique. But only when a release goes live i'm able to find any problem.
This is why sometimes is a good idea to release and give full support with immediate fix.
Statistically talking, on 70 release i got serious problems in 1-2 release.
I need to add and test something more on 4.8 but things are 99% tested.
The concept of "stability" is very hard sometimes : you can use CAT in 1000 ways.
Usually i test in a precise way according to test technique. But only when a release goes live i'm able to find any problem.
This is why sometimes is a good idea to release and give full support with immediate fix.
Statistically talking, on 70 release i got serious problems in 1-2 release.
February 24, 2017, 05:51:27 AM
Ok guys, found the problem :
This problem could occurs only if your Nonce is "broken"
Nonce is a progressive number that exchange wants inside any Private Api call.
Nonce used by CAT is always higher than previous nonce (because is your local time stamp expressed as milliseconds).
Poloniex API have (sometimes) problem about this Nonce : you get an error message like "You send me X i was waiting for Y"
In this case, CAT Parse Y, then start use Y as nonce, and increasing Y Value instead of local time as milliseconds.
Something changes yesterday on Poloniex API system : Errors are returned in the Http Error Stream and not in the Http Output Stream.
This is why CAT is not able to read the message and continue works.
This is a bad behaviour from Poloniex Exchange : you must not change your API Version system after put in production environment.
I Mean, if API System V1 works in a way, if you change something you must create a V2 API System.
This is what happens if someone interface following a set of rules and you change that set of rules.
Solution :
Give me no more than 48 hours and i will release 4.7 Version.
This is the best i can do
This problem could occurs only if your Nonce is "broken"
Nonce is a progressive number that exchange wants inside any Private Api call.
Nonce used by CAT is always higher than previous nonce (because is your local time stamp expressed as milliseconds).
Poloniex API have (sometimes) problem about this Nonce : you get an error message like "You send me X i was waiting for Y"
In this case, CAT Parse Y, then start use Y as nonce, and increasing Y Value instead of local time as milliseconds.
Something changes yesterday on Poloniex API system : Errors are returned in the Http Error Stream and not in the Http Output Stream.
This is why CAT is not able to read the message and continue works.
This is a bad behaviour from Poloniex Exchange : you must not change your API Version system after put in production environment.
I Mean, if API System V1 works in a way, if you change something you must create a V2 API System.
This is what happens if someone interface following a set of rules and you change that set of rules.
Solution :
Give me no more than 48 hours and i will release 4.7 Version.
This is the best i can do
I assume you mean 4.8.....no worries waiting a few days to ensure stability in the next release..
February 24, 2017, 05:31:09 AM
Ok guys, found the problem :
This problem could occurs only if your Nonce is "broken"
Nonce is a progressive number that exchange wants inside any Private Api call.
Nonce used by CAT is always higher than previous nonce (because is your local time stamp expressed as milliseconds).
Poloniex API have (sometimes) problem about this Nonce : you get an error message like "You send me X i was waiting for Y"
In this case, CAT Parse Y, then start use Y as nonce, and increasing Y Value instead of local time as milliseconds.
Something changes yesterday on Poloniex API system : Errors are returned in the Http Error Stream and not in the Http Output Stream.
This is why CAT is not able to read the message and continue works.
This is a bad behaviour from Poloniex Exchange : you must not change your API Version system after put in production environment.
I Mean, if API System V1 works in a way, if you change something you must create a V2 API System.
This is what happens if someone interface following a set of rules and you change that set of rules.
Solution :
Give me no more than 48 hours and i will release 4.7 Version.
This is the best i can do
This problem could occurs only if your Nonce is "broken"
Nonce is a progressive number that exchange wants inside any Private Api call.
Nonce used by CAT is always higher than previous nonce (because is your local time stamp expressed as milliseconds).
Poloniex API have (sometimes) problem about this Nonce : you get an error message like "You send me X i was waiting for Y"
In this case, CAT Parse Y, then start use Y as nonce, and increasing Y Value instead of local time as milliseconds.
Something changes yesterday on Poloniex API system : Errors are returned in the Http Error Stream and not in the Http Output Stream.
This is why CAT is not able to read the message and continue works.
This is a bad behaviour from Poloniex Exchange : you must not change your API Version system after put in production environment.
I Mean, if API System V1 works in a way, if you change something you must create a V2 API System.
This is what happens if someone interface following a set of rules and you change that set of rules.
Solution :
Give me no more than 48 hours and i will release 4.7 Version.
This is the best i can do
February 24, 2017, 04:26:05 AM
NEVER CHANGE YOUR API KEY
Or you won't be able to use CAT.
I know there's a problem on poloniex. Hope they'll be able to solve.
Your API Key should not have the withdraw option activated, so no risk for you.
Or you won't be able to use CAT.
I know there's a problem on poloniex. Hope they'll be able to solve.
Your API Key should not have the withdraw option activated, so no risk for you.
February 24, 2017, 04:21:50 AM
Jump to: