...
Sounds like it's not a major bitcoin company...
Sounds like it's not a major bitcoin company...
Seems so...
Topic: Dumb Question : If I found a security flaw with a major bitcoin company .. - page 3. (Read 7345 times)
March 26, 2013, 02:41:08 PM
Seems so...
March 26, 2013, 02:39:54 PM
I remember one guy who discovered flaw in university system, notified about it the responsible persons and got kicked out afterwards. If he would not be such white knight on donkey and instead anonymously vandalized the database and then leaked it on piratebay, no one would know who did it.
It really was bad idea to contact the owners about exploit.
It really was bad idea to contact the owners about exploit.
hero member
Activity: 588
Merit: 500
Hero VIP ultra official trusted super staff puppet
March 26, 2013, 02:36:50 PM
The flaw is idiot level. It's something that I assume was explored, methods against it were conceived and mostly implemented and someone forgot to upload it.
It had to have been something like that.
Good news though we're talking about at most a hundred coins.. Not thousands
It had to have been something like that.
Good news though we're talking about at most a hundred coins.. Not thousands
Send them an email, tell them that you will take the coins so they are safe and no one else steal them (if someone else steal the coins, you'll be on the hook for it since you contacted them)
Grab the coins and email them and telling them you did it to prevent a not so honest person do the same..
I'm sure when they see the issue, they'll understand.
What about taking the coins then sending them to a known address of the company or company's owner. That might work.
March 26, 2013, 02:36:15 PM
There is no issue if you disclose their name publicly. They could be pointed to this thread, or contacted by other means and people, if we know who they are.
If the flaw is truly boneheaded, disclosing the name might be risky.
How does a bitcoin business manage to amass hundreds of coins with an obvious flaw in their system? Does not compute!
@the founder disclose the name please, or PM a bitcointalk staff member that can assist you further.
March 26, 2013, 02:35:02 PM
Fuck the law, if you live in another country just grab the damn coins!
Wow, you definitely make it on to my "do not trust, ever" list.I will give OP idea - if trying to crash market, announce here that it it MtGox and post receiving address here and say you will transfer there n amount of coins from MtGox. Then transfer coins from your MtGox account to the address afterwards. No exploit involved but many would believe in that and start sell sell sell
IT'S NOT THAT BIG OF A FLAW TO CRASH ANY MARKET!
It's a major bitcoin company... but the exploit isn't freaking stealing their whole wallet, just some people that utilize it.
March 26, 2013, 02:34:41 PM
The flaw is idiot level. It's something that I assume was explored, methods against it were conceived and mostly implemented and someone forgot to upload it.
It had to have been something like that.
Good news though we're talking about at most a hundred coins.. Not thousands
It had to have been something like that.
Good news though we're talking about at most a hundred coins.. Not thousands
Hmm.. Not responding to emails, only holds a hundred coins... sounds like a bitgem ripoff site or gambling site to me.
Sounds like it's not a major bitcoin company...
March 26, 2013, 02:33:36 PM
Fuck the law, if you live in another country just grab the damn coins!
Wow, you definitely make it on to my "do not trust, ever" list.I will give OP idea - if trying to crash market, announce here that it is MtGox and post receiving address here and say you will transfer there n amount of coins from MtGox. Then transfer coins from your MtGox account to the address afterwards. No exploit involved but many would believe in that and start sell sell sell
March 26, 2013, 02:33:20 PM
The flaw is idiot level. It's something that I assume was explored, methods against it were conceived and mostly implemented and someone forgot to upload it.
It had to have been something like that.
Good news though we're talking about at most a hundred coins.. Not thousands
It had to have been something like that.
Good news though we're talking about at most a hundred coins.. Not thousands
Hmm.. Not responding to emails, only holds a hundred coins... sounds like a bitgem ripoff site or gambling site to me.
Trust me it's a widely used service, but the exploit only shows a limited number of coins... there's an easy fix to this.
This is not a problem that would destabilize bitcoin... it's the type of flaw that could get media writing though.. which is what I am trying to prevent.
Bitcoin has a 850 million dollar economy, we're talking about at most a few thousand dollars worth of exploit... it's something that should be fixed... but it's not something crazy like millions of dollars.
hero member
Activity: 588
Merit: 500
Hero VIP ultra official trusted super staff puppet
March 26, 2013, 02:29:31 PM
The flaw is idiot level. It's something that I assume was explored, methods against it were conceived and mostly implemented and someone forgot to upload it.
It had to have been something like that.
Good news though we're talking about at most a hundred coins.. Not thousands
It had to have been something like that.
Good news though we're talking about at most a hundred coins.. Not thousands
Hmm.. Not responding to emails, only holds a hundred coins... sounds like a bitgem ripoff site or gambling site to me.
March 26, 2013, 02:28:14 PM
The flaw is idiot level. It's something that I assume was explored, methods against it were conceived and mostly implemented and someone forgot to upload it.
It had to have been something like that.
Good news though we're talking about at most a hundred coins.. Not thousands
It had to have been something like that.
Good news though we're talking about at most a hundred coins.. Not thousands
March 26, 2013, 02:27:20 PM
If they keep ignoring you there is only one way, give them a ultimatum.
Tell them to fix the problem within a set time frame if they don't respond or fix the problem you will share the info with the public. Put this ultimatum up in a public place, name them and wait for response ...
if they don't fix it or ignore you disclose the info. If they sew you have the right to inform people about possible threads to there well being. (unless you had to break it to there systems to get the info)
speaking from experience it usually doesn't get that far
Tell them to fix the problem within a set time frame if they don't respond or fix the problem you will share the info with the public. Put this ultimatum up in a public place, name them and wait for response ...
if they don't fix it or ignore you disclose the info. If they sew you have the right to inform people about possible threads to there well being. (unless you had to break it to there systems to get the info)
speaking from experience it usually doesn't get that far
hero member
Activity: 588
Merit: 500
Hero VIP ultra official trusted super staff puppet
March 26, 2013, 02:25:17 PM
There is no issue if you disclose their name publicly. They could be pointed to this thread, or contacted by other means and people, if we know who they are.
If the flaw is truly boneheaded, disclosing the name might be risky.
Indeed.
1. I will not steal or publish the results.
I had a few hundred coins stolen from me 2 years ago, at today's prices it would be $20,946.88
I do not wish that to happen to anyone ever.
2. I attempted for a second time to inform the company, no response yet. When it comes in I will let you guys know what I found and how the exploit happened... that's after giving the owners time to correct the problem.
I got blasted via private message on bitcointalk for not publishing the exploit and stealing coins.
I hope that a few years from now if I was on the other side of the table people would handle it like this rather than freaking stealing coins. If people were Honourable they would reward this type of behaviour rather than sending private messages like that...
I had a few hundred coins stolen from me 2 years ago, at today's prices it would be $20,946.88
I do not wish that to happen to anyone ever.
2. I attempted for a second time to inform the company, no response yet. When it comes in I will let you guys know what I found and how the exploit happened... that's after giving the owners time to correct the problem.
I got blasted via private message on bitcointalk for not publishing the exploit and stealing coins.
I hope that a few years from now if I was on the other side of the table people would handle it like this rather than freaking stealing coins. If people were Honourable they would reward this type of behaviour rather than sending private messages like that...
Remember a few years back I called you because your site dropped off the internet and i wanted to see if you were okay?
Well, now I know. You're okay.
March 26, 2013, 02:20:19 PM
There is no issue if you disclose their name publicly. They could be pointed to this thread, or contacted by other means and people, if we know who they are.
If the flaw is truly boneheaded, disclosing the name might be risky.
March 26, 2013, 02:18:50 PM
Fuck the law, if you live in another country just grab the damn coins!
Wow, you definitely make it on to my "do not trust, ever" list.
March 26, 2013, 02:16:46 PM
Fuck the law, if you live in another country just grab the damn coins!
Wow, you definitely make it on to my "do not trust, ever" list. March 26, 2013, 02:15:58 PM
No Reply to the first or second attempt.
There is no issue if you disclose their name publicly. They could be pointed to this thread, or contacted by other means and people, if we know who they are.
March 26, 2013, 02:11:00 PM
Send me all their coins?
March 26, 2013, 02:07:39 PM
You are either attention whore trying to cause bubble burst and there is no exploit
or
You are so rich that don't care about money or reward for your unique skills.
or
You are so rich that don't care about money or reward for your unique skills.
I'm guessing option #1, this combine with someone else trying to cause a panic makes more sense than either post does alone.
March 26, 2013, 02:04:31 PM
You are either attention whore trying to cause bubble burst and there is no exploit
or
You are so rich that don't care about money or reward for your unique skills.
or
You are so rich that don't care about money or reward for your unique skills.
March 26, 2013, 01:42:24 PM
No Reply to the first or second attempt.
Jump to: