Pages:
Author

Topic: [dicenow.com] btc/ltc casino - 10,000 rolls per click - play/invest - multi edge (Read 15317 times)

hero member
Activity: 784
Merit: 1000
Casper - A failed entrepenuer who looks like Zhou
A few pics from today's party. House profit moved from 30-> 150-180 in a single day







Other recent parties (images from pitboss)






legendary
Activity: 1918
Merit: 1018
So dicenow is still cruising with a few problems but PD (signature) remains the biggest in the market

Tried dicenow and liked it
legendary
Activity: 2156
Merit: 1131
member
Activity: 94
Merit: 10
dicenow.com

...

But your site has the another flaw - so called sql-injection flaw.

P.S.: I happen to protect some https enabled servers and I patched the SSL LOGN TIME AGO. We had several sql-injection attacks, none successful, but even so...

You should find a professional help, security wise.

I don't even use an sql database... Angry
member
Activity: 93
Merit: 10
we are now fully patched for the openssl heartbleed bug.
all previous remembered login cookies have been invalidated,
so you will need to relogin to access your old account.


http://filippo.io/Heartbleed/#dicenow.com



I hope you're aware that heartbleed bug enables the attacker to reveal several (some - possibly all) user passwords.

ALL PASSWORDS SHOULD BE CHANGED.

It seems that the attacker somehow revealed passwords for at least two accounts. But you cannot be sure - if he revealed more than these two passwords.

But your site has the another flaw - so called sql-injection flaw.

P.S.: I happen to protect some https enabled servers and I patched the SSL LOGN TIME AGO. We had several sql-injection attacks, none successful, but even so...

You should find a professional help, security wise.
member
Activity: 93
Merit: 10
dicenow
Hello! Today two accounts (my 13773 and my wife 14532) was hacked and all bitcoins was withdrawed to 1NHQEzpernPm4BKh1E3P1Sh4Bn4YA6bXy6
Passwords not changed, 2fa is on. How can this happens? Can you help me to understand what is going on?
Man in the middle attack.
Support tell me, that my accounts was accessed from unfamiliar IP, but how can it be with 2fa on I don't understand.
The only one my mistake, the passwords was same on both accounts. But accounts was on different PC's and with different providers. e-mails was different too.


In the case of a man-in-the-middle attack, the hacker steal your logged-session which is valid for an hour or more.
The only way to protect from this kind of attack is to enable an automatic-logout-on-IP-change but I almost never saw it.
Even if it exist, the hacker can spoof your IP so yeah you can't do much...

It is quite a high level hacking IMO unless you computer is full of trojans.


Don't spread bullshit. Accounts were accessed from some foreign IPs. Sessions are https - so encrypted. But even so, fund withdrawing should not be possible, without 2fa.

The site has, most probably some kind of sql-injection security flaw and the attacker managed to access the SQL database directly and made the redraw action without the user inteface.

The owner of the site should refund your coins - as the site is hacked.

It's not your fault at all.
legendary
Activity: 2352
Merit: 1064
Bitcoin is antisemitic
hero member
Activity: 784
Merit: 1000
Casper - A failed entrepenuer who looks like Zhou
seems this ship is finally getting slightly... slightly more active with a few more guys betting.....
member
Activity: 94
Merit: 10
dicenow.com
What does "10,000 rolls per click mean?"

You can pre-program a bot on dicenow and it will roll it for you. The bot supports up to 10k iteration for 1 click you made. Try it with  free coins Smiley

yes this is one of our more unique features.
it is inspired by ggdice
hero member
Activity: 784
Merit: 1000
Casper - A failed entrepenuer who looks like Zhou
What does "10,000 rolls per click mean?"

You can pre-program a bot on dicenow and it will roll it for you. The bot supports up to 10k iteration for 1 click you made. Try it with  free coins Smiley
legendary
Activity: 1918
Merit: 1018
What does "10,000 rolls per click mean?"

I guess the computer simulates 10,000rolls and gives u the result instantly

You can ask to bet 1satoshi and x2 if you lose but return to 1 if you win; it will do i t 10,000times in an instant and gives you the result : +5000 or you don't have enough to make the last bet



XD

nice
newbie
Activity: 29
Merit: 0
What does "10,000 rolls per click mean?"
legendary
Activity: 1918
Merit: 1018
DN seemed a bit sketchy and ED seemed like a better bet, it turns out DN has been growing steadily and hasn't shut down when ED is probably finished; I wonder what would happen if DN lost a lot to a player though
hero member
Activity: 784
Merit: 1000
Casper - A failed entrepenuer who looks like Zhou
newbie
Activity: 57
Merit: 0
Build it and they will come. Sounds like the easy part of the problem
legendary
Activity: 1386
Merit: 1000
Become the cryptsy of dicers, start adding every frickin coin possible. Sounds like an excellent business scheme to me

You've got to have houses backing all of the currencies, however.
newbie
Activity: 57
Merit: 0
Become the cryptsy of dicers, start adding every frickin coin possible. Sounds like an excellent business scheme to me
donator
Activity: 3108
Merit: 1166
Forget the request to add BC, but please to consider adding Darkcoin

With it's emphasis on anonymity it would be a very good match IMO.
member
Activity: 94
Merit: 10
dicenow.com
Site will be down for ~6 hours this Friday May 23 starting 9AM and ending around 3-4PM Pacific Standard Time.
Sorry for the inconvenience.

Edit: Whoops actually it is Friday May 23, not Saturday.
legendary
Activity: 1918
Merit: 1018
dicenow
Hello! Today two accounts (my 13773 and my wife 14532) was hacked and all bitcoins was withdrawed to 1NHQEzpernPm4BKh1E3P1Sh4Bn4YA6bXy6
Passwords not changed, 2fa is on. How can this happens? Can you help me to understand what is going on?
Man in the middle attack.
Support tell me, that my accounts was accessed from unfamiliar IP, but how can it be with 2fa on I don't understand.
The only one my mistake, the passwords was same on both accounts. But accounts was on different PC's and with different providers. e-mails was different too.


In the case of a man-in-the-middle attack, the hacker steal your logged-session which is valid for an hour or more.
The only way to protect from this kind of attack is to enable an automatic-logout-on-IP-change but I almost never saw it.
Even if it exist, the hacker can spoof your IP so yeah you can't do much...

It is quite a high level hacking IMO unless you computer is full of trojans.


That is a way for someone to access your account protected by f2a; getting your f2a back up is an other way

If each withdrawal is protected by f2a he won't be able to withdraw even if he got access to your account stealing your logged-session
Pages:
Jump to: