Topic: Dumb Question : If I found a security flaw with a major bitcoin company .. - page 2. (Read 7345 times)
March 27, 2013, 09:01:14 AM
What was the exploit? Bitcoind available for everyone without password?
March 26, 2013, 09:10:58 PM
Can we say names or...?
The OP's 8 hour timeline seems to coincide with the announced resolved from said company.
March 26, 2013, 09:06:15 PM
blockchain.info
March 26, 2013, 08:58:27 PM
Can we say names or...?
March 26, 2013, 08:36:32 PM
100 coin max exploit? It's obvious who the company is then.
Yep.
Should be fix soon.
March 26, 2013, 08:30:59 PM
100 coin max exploit? It's obvious who the company is then.
BFL ? 
March 26, 2013, 06:08:21 PM
100 coin max exploit? It's obvious who the company is then.
March 26, 2013, 03:33:06 PM
I once worked for a guy who said "Do the right thing" pretty often.
He ended up ripping me off.
just remember this.
NO GOOD DEED GOES UNPUNISHED
watch your back.
The OP is right to be an honest person.
just remember this:
You get what you deserve.
He ended up ripping me off.
just remember this.
NO GOOD DEED GOES UNPUNISHED
watch your back.
The OP is right to be an honest person.
just remember this:
You get what you deserve.
I dont think many here understand what I meant.
So he pokes around and finds a bug (felony already).
He discloses info to the web site. (nice guy).
Website fixes bug but the CEO is pissed anyway and files police report (it happens).
Good guy OP gets arrested for trying to do a good deed.
I seriously hope that is not the outcome, I protected the identity (and will continue until the bug is fixed) and the poking around was purely an accident... which led me to believe that this was an idiot level mistake.
The owner is on it, and confirmed the exploit.
March 26, 2013, 03:24:32 PM
I once worked for a guy who said "Do the right thing" pretty often.
He ended up ripping me off.
just remember this.
NO GOOD DEED GOES UNPUNISHED
watch your back.
The OP is right to be an honest person.
just remember this:
You get what you deserve.
He ended up ripping me off.
just remember this.
NO GOOD DEED GOES UNPUNISHED
watch your back.
The OP is right to be an honest person.
just remember this:
You get what you deserve.
I dont think many here understand what I meant.
So he pokes around and finds a bug (felony already).
He discloses info to the web site. (nice guy).
Website fixes bug but the CEO is pissed anyway and files police report (it happens).
Good guy OP gets arrested for trying to do a good deed.
March 26, 2013, 03:06:53 PM
When You will be old, sitting alone next to crappy computer, You will remember this possibility of getting 100 coins worth about 8 millions. Life is not fair and never will be, get used to it and act!
March 26, 2013, 03:02:27 PM
I promise you that I will.
March 26, 2013, 02:59:23 PM
ok I gave them exactly how to duplicate the flaw.
I also showed them how to correct it.
I also showed them how to correct it.
After it's been corrected could you explain what the flaw was and who it was with?
March 26, 2013, 02:56:50 PM
ok I gave them exactly how to duplicate the flaw.
I also showed them how to correct it.
I also showed them how to correct it.
March 26, 2013, 02:49:30 PM
THEY RESPONDED
Text of the response: F**k off! There is no exploit. Thanks for ass king! hero member
Activity: 588
Merit: 500
Hero VIP ultra official trusted super staff puppet
March 26, 2013, 02:47:32 PM
The flaw is idiot level. It's something that I assume was explored, methods against it were conceived and mostly implemented and someone forgot to upload it.
It had to have been something like that.
Good news though we're talking about at most a hundred coins.. Not thousands
It had to have been something like that.
Good news though we're talking about at most a hundred coins.. Not thousands
Send them an email, tell them that you will take the coins so they are safe and no one else steal them (if someone else steal the coins, you'll be on the hook for it since you contacted them)
Grab the coins and email them and telling them you did it to prevent a not so honest person do the same..
I'm sure when they see the issue, they'll understand.
What about taking the coins then sending them to a known address of the company or company's owner. That might work.
Sure, whatever, but if the coins are left there in the open, someone else might find that flaw and actually steal the coins.
I'd grab them and send them to an address and then simply give them the private key once they acknowledge how stupid they are.
They better reward you or at least offer you a reward even if you choose not to accept it!
I tried exactly this once with a popular social media site half a decade ago, and they pretended to be thankful for finding the glaring security holes and kept asking me for more help and even asked for me to write up some security suggestions for them. They even offered me points on their website for a reward and such, and because I accepted, they tried to later say that I had blackmailed them. Turns out, they were trying to collect information to post about me and brand me as a "blackmailer hacker". They even recorded our phone calls (which was illegal in their state and thus they didn't use it). The employees who did this were subsequently fired of course by the corporate owners who took over the company and brought in an entirely new management group that I became friends with.
Moral of the story? There isn't one. Some people are dicks and you have to do what you do and deal with it as it comes.
March 26, 2013, 02:47:17 PM
March 26, 2013, 02:46:13 PM
March 26, 2013, 02:44:11 PM
THEY RESPONDED
March 26, 2013, 02:42:05 PM
Do not publish the bug. And do not exploit it. Keep trying to reach them. Usually it takes some time for your email to reach the right person within the company. Do not rush and do not take any action to be blamed about in the future.
March 26, 2013, 02:41:45 PM
The flaw is idiot level. It's something that I assume was explored, methods against it were conceived and mostly implemented and someone forgot to upload it.
It had to have been something like that.
Good news though we're talking about at most a hundred coins.. Not thousands
It had to have been something like that.
Good news though we're talking about at most a hundred coins.. Not thousands
Send them an email, tell them that you will take the coins so they are safe and no one else steal them (if someone else steal the coins, you'll be on the hook for it since you contacted them)
Grab the coins and email them and telling them you did it to prevent a not so honest person do the same..
I'm sure when they see the issue, they'll understand.
Like noticing someone dropped their wallet, picking it up and handing it back to them?
Jump to: