[CLOSED] CoinLenders - page 15. | Bitcointalksearch.org

shawshankinmate37927

hero member

Activity: 854

Merit: 1000

Bitcoin: The People's Bailout

Quote from: shawshankinmate37927 on July 15, 2013, 04:43:11 PM

TradeFortress, I tried to make a withdrawal from my CoinLenders account a while ago, but it's still not appearing in my Inputs.io wallet. Can you please look into it?

Resolved. Thank you.

mechs

full member

Activity: 210

Merit: 100

Hi Trade,
What sort of things do you invest the bitcoins in to have such a high guaranteed return?

gweedo

legendary

Activity: 1498

Merit: 1000

Quote from: 🏰 TradeFortress 🏰 on July 12, 2013, 03:20:48 AM

It's out of context because I do hash passwords. I said that in that thread. However, you don't include that portion, which makes people think I don't hash passwords (when I do).

So let people make their own conclusion you need to take a PR class. The more you threaten and attack me the worst it looks for you just let it be and let people see the image and make up their own mind.

wolverine.ks

sr. member

Activity: 375

Merit: 250

TradeFortress,

is there anyway to leverage your site to offer loans of our own?

🏰 TradeFortress 🏰

vip

Activity: 1316

Merit: 1043

👻

PM'd.

gweedo

legendary

Activity: 1498

Merit: 1000

Quote from: 🏰 TradeFortress 🏰 on July 12, 2013, 03:17:29 AM

Gweedo is spreading FUD that I don't do this. He is posting a misleading screenshot out of context.

How is it out of context? It is your words right?

shawshankinmate37927

hero member

Activity: 854

Merit: 1000

Bitcoin: The People's Bailout

TradeFortress, I tried to make a withdrawal from my CoinLenders account a while ago, but it's still not appearing in my Inputs.io wallet. Can you please look into it?

🏰 TradeFortress 🏰

vip

Activity: 1316

Merit: 1043

👻

bumping.

QuiveringGibbage

hero member

Activity: 617

Merit: 543

http://idontALT.com

same result, Sad

Code:

jason@jason-DellXPS17-L702X:~$ gpg --decrypt test
gpg: encrypted with 2048-bit RSA key, ID 86FCAAEF, created 2013-05-22
      "Jason Soon "
5849b52194a9831fgpg: WARNING: message was not integrity protected
jason@jason-DellXPS17-L702X:~$ gpg --decrypt http://pastebin.com/z92DkV5N
gpg: can't open `http://pastebin.com/z92DkV5N'
gpg: decrypt_message failed: file open error
jason@jason-DellXPS17-L702X:~$ gpg --decrypt test.txt
gpg: encrypted with 2048-bit RSA key, ID 86FCAAEF, created 2013-05-22
      "Jason Soon <####[email protected]>"
5849b52194a9831fgpg: WARNING: message was not integrity protected
jason@jason-DellXPS17-L702X:~$

is just me then?

QG

gweedo

legendary

Activity: 1498

Merit: 1000

Quote from: 🏰 TradeFortress 🏰 on July 12, 2013, 03:10:33 AM

That's for coinchat, not CoinLenders. I posted proof that CoinLenders does hash and salt.

In fact check the client JS, it's hashed right in your browser.

Just more FUD from gweedo as usual.

FUD as usual? I never post FUD and this is no difference, are you stalking all my post?

Images are not FUD

🏰 TradeFortress 🏰

vip

Activity: 1316

Merit: 1043

👻

Hi QuiveringGibbage,

Have you tried saving it to a file and then calling gpg like this:

gpg --decrypt myfile.txt

QuiveringGibbage

hero member

Activity: 617

Merit: 543

http://idontALT.com

Hi,

Credit Rating Support Needed

Having trouble linking my to my OTC nick QG. I get this:

Code:

string too short, not a MPIstring too short, not a MPIstring too short, not a MPI

On the occasions that it does work, I fail to decrypt.

I'm a bit of a noob with GPG. What am I doing wrong:

Terminal output -

Code:

jason@jason-DellXPS17-L702X:~$ gpg --decrypt
-----BEGIN PGP MESSAGE-----
Version: CreditRatingVerify v1.4.7

hQEMAzqakJaG/KrvAQgAmALZUD9njg+ksTsMlozHCZzoyok5SitzUo/T3ven
RP4I0w8dp8pLQknbU+nMvAwFZLBW/EzwMym0s1xADgujzte0iJ+0pBCgexAh
Cw/QpRedVCz7+40SOERn/IJlNH2foHySh3u9sEZi7FnL3Lbwbl5OStkdLOo0
KG1Xa6HQQP/JWkaytAHC6SI9t5uq6MBWMswvv5YhH59sJawvcEB6p+ut6F4Y
JBS6unwXM/vGV2YhI87X0oSn9+VKobXOYleddhib63EJcgMdvgOzrhQJSDFH
10S8ahsR1jw/nZ6TKm9V4U/sFfkyX/5H5KzSDTOewcY2P7fFFveQREhB/u+5
66QuqfsF4qeL5+gyv+lLlzmSFMf45pTbOf9CT5W+oLUMjesezY18ECVjl1LV
IYIP6w==
=7zV5
-----END PGP MESSAGE-----gpg: encrypted with 2048-bit RSA key, ID 86FCAAEF, created 2013-05-22
      "Jason Soon "
5849b52194a9831fgpg: WARNING: message was not integrity protected
jason@jason-DellXPS17-L702X:~$

Should I copy "5849b52194a9831fgpg: WARNING: message was not integrity protected" into the decrypt box?

Cheers,
QG

gweedo

legendary

Activity: 1498

Merit: 1000

Quote from: 🏰 TradeFortress 🏰 on July 12, 2013, 03:02:22 AM

VIP can't make red icons. Only moderators and admins are supposed to. Move to a new topic if you want to talk about that.

Just so people know, I've already shown I hash and salt your passwords for CoinLenders (it's actually hashed twice, once at your client and once on the server). gweedo is just spreading FUD.

Also, keep in mind that CoinLenders and Inputs.io are one of the very few Bitcoin sites that handles more than 10k BTC and hasn't been hacked. A lot others have been - some of them I found vulnerabilities in them myself (and reported of course).

How is it FUD if I have image proof?

So gratz on being a mod!

katie.mckinley

full member

Activity: 131

Merit: 100

old user name chris3spice

Quote from: 🏰 TradeFortress 🏰 on July 12, 2013, 08:00:38 AM

Quote from: vlees on July 12, 2013, 07:00:11 AM

How stupid can one be to not read the difference between CoinChat and CoinLenders.

One thing I noticed though is that I saw that the salt is a global variable in CoinLenders -> the salt is the same for everyone? -> if the database leaks the attacker can find people having the same password easily since the sha256 of (salt.pwd) is the same for everyone when pwd1 === pwd2

This is no longer the case. All passwords has been rehashed and salted with a user unique salt.

Can we make sure my salt is Kosher?

🏰 TradeFortress 🏰

vip

Activity: 1316

Merit: 1043

👻

Quote from: vlees on July 12, 2013, 07:00:11 AM

How stupid can one be to not read the difference between CoinChat and CoinLenders.

One thing I noticed though is that I saw that the salt is a global variable in CoinLenders -> the salt is the same for everyone? -> if the database leaks the attacker can find people having the same password easily since the sha256 of (salt.pwd) is the same for everyone when pwd1 === pwd2

This is no longer the case. All passwords has been rehashed and salted with a user unique salt.

gweedo

legendary

Activity: 1498

Merit: 1000

Quote from: 🏰 TradeFortress 🏰 on July 12, 2013, 02:52:39 AM

Yeah, I can see why you want to protect your reputation even through you code vulnerable sites. Tongue

While wanting the full source code and database of coinlenders as proof. Also, my challenge for you to do the red icon still stands (create a new thread, this is about coinlenders).

So are you going to post these vulnerables that don't exist. Also why would I waste 50BTC so I can make a red icon on my post?

So for people that are just waking up or logging on here is what TF is trying to bury with his bad attack at extortion and threatening that my sites are vulnerable which is highly unlikely. Cause I let you in on a little secret, I currently don't own any servers, or have any sites Wink

So not only would you be hacking innocent people but you also didn't do any research. All my sites are either partners in their name, or sold. So good job keep up the great work!

🏰 TradeFortress 🏰

vip

Activity: 1316

Merit: 1043

👻

Quote from: Kouye on July 12, 2013, 07:14:34 AM

The problem is that people tend to use the same password for all those registrations...
I'm pretty sure a lot of people on CoinChat have the same password on their input account.

You can argue that they shouldn't, although it wouldn't really be their fault if the CoinChat db is leaked and their input account gets hacked.

When you sign up for Inputs, we have giant text telling you to not reuse passwords. Unfortunately some people don't follow that, but they are the same kind of user who will enter their passwords on inputsio.myfreesite.com or download wallet.dat.exe.

Kouye

sr. member

Activity: 336

Merit: 250

Cuddling, censored, unicorn-shaped troll.

Quote from: vlees on July 12, 2013, 07:00:11 AM

How stupid can one be to not read the difference between CoinChat and CoinLenders.

The problem is that people tend to use the same password for all those registrations...
I'm pretty sure a lot of people on CoinChat have the same password on their input account.

You can argue that they shouldn't, although it wouldn't really be their fault if the CoinChat db is leaked and their input account gets hacked.

gweedo

legendary

Activity: 1498

Merit: 1000

Quote from: 🏰 TradeFortress 🏰 on July 12, 2013, 02:37:34 AM

Please provide me with a written & signed contract to pentest your site and I will post the vulnerabilities.

I don't think anyone will hire you as a programmer anymore after that through.

LMAO written and signed contract LMAO You want a birthday card as well. LMAO You have nothing it is ok, I knew it.

vlees

full member

Activity: 196

Merit: 100

How stupid can one be to not read the difference between CoinChat and CoinLenders.

One thing I noticed though is that I saw that the salt is a global variable in CoinLenders -> the salt is the same for everyone? -> if the database leaks the attacker can find people having the same password easily since the sha256 of (salt.pwd) is the same for everyone when pwd1 === pwd2

Topic: [CLOSED] CoinLenders - page 15. (Read 226445 times)