Pages:
Author

Topic: China biggest bitcoin portal www.hxtop.com was hacked! (Read 62095 times)

legendary
Activity: 1428
Merit: 1000
Could this have anything to do with the recent sell off?   Huh
No. The recent sell off has been caused by finding out that BFL is a scam and there will be no ASIC.

LoL
sr. member
Activity: 546
Merit: 252
Proof-of-Stake Blockchain Network
Could this have anything to do with the recent sell off?   Huh
No. The recent sell off has been caused by finding out that BFL is a scam and there will be no ASIC.
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
but anyway: good work; if you could make it bitcoin aware (eg provide functions/triggers which communicate directly with bitcoind) i might take a look instead of reinventing the wheel.

Thanks - I will be adding support for "bitcoind" calls as part of the first application I intend to promote with the launch of the system later this year (can't say much about the application itself).

Apart from the "secret application" it already has Forum and Blog packages and it will also have a complete webmail application as well (with GPG support).
legendary
Activity: 1428
Merit: 1000

The really good thing about the system/platform is that you can build complete web applications without writing code at all. Smiley


thats the reason i dont like it Wink

but anyway: good work; if you could make it bitcoin aware (eg provide functions/triggers which communicate directly with bitcoind) i might take a look instead of reinventing the wheel.
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
It's perhaps a little more like a complete platform (such as Ruby on Rails) and sure I understand not everyone wants to learn how to work with such a beast.

The really good thing about the system/platform is that you can build complete web applications without writing code at all. Smiley
legendary
Activity: 1428
Merit: 1000
ok, but this requires a rewrite of all sql statements of the existing site.
so their is no need for your layer - just go with named parameters then and you are fine

Well not a rewrite of SQL statements (as there are none in my system) but it would be an entirely new application so I do understand that it's probably more likely that some sort of minimal approach (as you suggest) to fixing things up would be taken.


ah ok now understand you.
you offer a middleware/appserver which exposes some functions (like Authenticate(user, pwd)) and you do all the fancy sql stuff in there?

personally i dont like seperate server (esp. not if using asp.net), but anyhow its a working solution.
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
ok, but this requires a rewrite of all sql statements of the existing site.
so their is no need for your layer - just go with named parameters then and you are fine

Well not a rewrite of SQL statements (as there are none in my system) but it would be an entirely new application so I do understand that it's probably more likely that some sort of minimal approach (as you suggest) to fixing things up would be taken.
legendary
Activity: 1428
Merit: 1000
select * from users where user='flower' and pwd='flower'
select * from users where user='flower' and pwd='flower' or ''=''

how does your layer detect the second fraudulent call?

There are no SQL queries manually coded anywhere in my system - all SQL is generated by the application server so the above simply could not occur.

A big advantage to this approach (apart from security) is that fields can be renamed without having to manually change any code (after renaming a "regenerate" performs all require changes).


ok, but this requires a rewrite of all sql statements of the existing site.
so their is no need for your layer - just go with named parameters then and you are fine
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
select * from users where user='flower' and pwd='flower'
select * from users where user='flower' and pwd='flower' or ''=''

how does your layer detect the second fraudulent call?

There are no SQL queries manually coded anywhere in my system - all SQL is generated by the application server so the above simply could not occur.

A big advantage to this approach (apart from security) is that fields can be renamed without having to manually change any code (after renaming a "regenerate" performs all require changes).
legendary
Activity: 1428
Merit: 1000
If you are interested in having a website that is SQL injection proof and cannot have source code stolen then you might be interested in the technology that I've developed (all back end code is compiled C++, all queries are via an abstraction layer that ensures SQL injection is impossible and all URLs cannot be tampered with due to checksum protection).

The one weakness at this stage with the technology is that Google can't even search your site (all queries are through the main website URL). Smiley


how are you doing this?

select * from users where user='flower' and pwd='flower'
select * from users where user='flower' and pwd='flower' or ''=''

how does your layer detect the second fraudulent call?
vip
Activity: 1052
Merit: 1155
For sure the volume has greatly increased since last year - but nothing has dramatically changed very recently (was actually a little surprised that the "memorydealers" visit seemingly had no effect this time when last time it caused a huge jump in volume).


I actually wasn't able to go earlier this moth as I had planned.
I'm sure I will make another visit to China again soon.
hero member
Activity: 1071
Merit: 500

The one weakness at this stage with the technology is that Google can't even search your site (all queries are through the main website URL). Smiley


That's not a weakness. It's a deal breaker. Wink

Actually, google isnt the biggest engine in china...

Actually, google isnt the biggest engine in china...
that correct google.com can not be accessed because of a national firewall in China, Chinese users can only access with google.cn, however, limited functionality, a lot of good foreign websites are filtered!
hero member
Activity: 588
Merit: 500
Yeah, use parameters in the database and/or remove all double quotes from all input fields anywhere on the website.  Any site that gets hit by an SQL injection fired a programmer that graduated at least a decade ago because nobody these days is that stupid.

Right, the history of programming incompetence at Bitcoin websites is astounding, especially for businesses dealing with money.  Assuming typical Microsoft service stack of 2003/SQL/IIS/ASP.NET, .NET has had a built-in query framework called LINQ for quite a few years, which does proper parametrization automatically.  I'm sure we will next hear that the hacked machine had a 100% hot wallet on it.
sr. member
Activity: 392
Merit: 250
Yeah, use parameters in the database and/or remove all double quotes from all input fields anywhere on the website.  Any site that gets hit by an SQL injection fired a programmer that graduated at least a decade ago because nobody these days is that stupid.
newbie
Activity: 16
Merit: 0
Linux r0x.
donator
Activity: 3108
Merit: 1166
I'm sorry to hear it but to take a positive view, this means that bitcoin has arrived in China. Wink
bitcoin has arrived in China long time just you never know it or less know it.

China <3 bitcoin long time http://bitcoincharts.com/charts/btcnCNY#igDailyztgSzm1g20zm2g50zvzl but mostly last June was the hottest
legendary
Activity: 1358
Merit: 1002

The one weakness at this stage with the technology is that Google can't even search your site (all queries are through the main website URL). Smiley


That's not a weakness. It's a deal breaker. Wink

Actually, google isnt the biggest engine in china...

If google can't index it neither can any other search engine.
legendary
Activity: 1288
Merit: 1000
Enabling the maximal migration

The one weakness at this stage with the technology is that Google can't even search your site (all queries are through the main website URL). Smiley


That's not a weakness. It's a deal breaker. Wink

Actually, google isnt the biggest engine in china...
hero member
Activity: 1071
Merit: 500
By comparing last year's transaction data (btcchina.com)   1000 btc per day has been great progress.
That means the Chinese market gradually bigger .
dod't you think?

For sure the volume has greatly increased since last year - but nothing has dramatically changed very recently (was actually a little surprised that the "memorydealers" visit seemingly had no effect this time when last time it caused a huge jump in volume).



China is a traditional country, and the country's legal and institutional severe restrictions "free", BITCOIN's spirit of freedom, so the national government can not let you "free".
But we will try to make more and more Chinese people receive BITCOIN and use it.
There is so much trading volume, and I think that also need more foreigners to cooperate or help us to open this big market in China.
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
By comparing last year's transaction data (btcchina.com)   1000 btc per day has been great progress.
That means the Chinese market gradually bigger .
dod't you think?

For sure the volume has greatly increased since last year - but nothing has dramatically changed very recently (was actually a little surprised that the "memorydealers" visit seemingly had no effect this time when last time it caused a huge jump in volume).
Pages:
Jump to: