Dumb Question : If I found a security flaw with a major bitcoin company .. - page 4.

MiningBuddy

hero member

Activity: 927

Merit: 1000

฿itcoin ฿itcoin ฿itcoin

Quote from: the founder on March 26, 2013, 12:20:40 PM

1. I will not steal or publish the results.

I had a few hundred coins stolen from me 2 years ago, at today's prices it would be $20,946.88
I do not wish that to happen to anyone ever.

2. I attempted for a second time to inform the company, no response yet. When it comes in I will let you guys know what I found and how the exploit happened... that's after giving the owners time to correct the problem.

I got blasted via private message on bitcointalk for not publishing the exploit and stealing coins.

I hope that a few years from now if I was on the other side of the table people would handle it like this rather than freaking stealing coins. If people were Honourable they would reward this type of behaviour rather than sending private messages like that...

Good for you man! This is what we need, more genuine and honest people like yourself around here.
If you found a flaw in one of my sites I would be sure to buy you a beer or two at the very least!

Bit_Happy

legendary

Activity: 2114

Merit: 1040

A Great Time to Start Something!

I once worked for a guy who said "Do the right thing" pretty often.
He ended up ripping me off.

Quote from: fcmatt on March 26, 2013, 12:24:09 PM

just remember this.

NO GOOD DEED GOES UNPUNISHED

watch your back.

The OP is right to be an honest person.
just remember this:
You get what you deserve.

the founder

sr. member

Activity: 448

Merit: 251

Bitcoin

whoever just tipped me .035 thank you!

Bit_Happy

legendary

Activity: 2114

Merit: 1040

A Great Time to Start Something!

Quote from: the founder on March 26, 2013, 12:20:40 PM

...If people were Honourable they would reward this type of behaviour rather than sending private messages like that...

Thank you for setting a good example.

fcmatt

legendary

Activity: 2072

Merit: 1001

Quote from: the founder on March 26, 2013, 12:20:40 PM

1. I will not steal or publish the results.

I had a few hundred coins stolen from me 2 years ago, at today's prices it would be $20,946.88
I do not wish that to happen to anyone ever.

2. I attempted for a second time to inform the company, no response yet. When it comes in I will let you guys know what I found and how the exploit happened... that's after giving the owners time to correct the problem.

I got blasted via private message on bitcointalk for not publishing the exploit and stealing coins.

I hope that a few years from now if I was on the other side of the table people would handle it like this rather than freaking stealing coins. If people were Honourable they would reward this type of behaviour rather than sending private messages like that...

just remember this.

NO GOOD DEED GOES UNPUNISHED

watch your back.

the founder

sr. member

Activity: 448

Merit: 251

Bitcoin

1. I will not steal or publish the results.

I had a few hundred coins stolen from me 2 years ago, at today's prices it would be $20,946.88
I do not wish that to happen to anyone ever.

2. I attempted for a second time to inform the company, no response yet. When it comes in I will let you guys know what I found and how the exploit happened... that's after giving the owners time to correct the problem.

I got blasted via private message on bitcointalk for not publishing the exploit and stealing coins.

I hope that a few years from now if I was on the other side of the table people would handle it like this rather than freaking stealing coins. If people were Honourable they would reward this type of behaviour rather than sending private messages like that...

flix

legendary

Activity: 1227

Merit: 1000

Quote from: the founder on March 26, 2013, 11:24:15 AM

I found a security flaw which allowed a thief to steal bitcoins from a company.
I contacted them and they don't reply, what should I do?
I want to see the security issue resolved, and the company in question is not responding to me.

The security flaw is so stupid that it most likely got overlooked.

Take 100 BTC to prove it. Make it public. Return the coins when you get an apology and a thankyou.

Seriously, if I was in charge of that co. I would be desperate to be the first to know about potential flaws and would offer a sizeable bounty for anybody that pointed them out (with proof).

Elwar

legendary

Activity: 3598

Merit: 2386

Viva Ut Vivas

Quote from: christop on March 26, 2013, 12:08:03 PM

Quote from: Elwar on March 26, 2013, 12:04:00 PM

Is it the MtGox one where you can put anyone else's public Bitcoin address in the url and automatically get all of their bitcoins?

Please tell me this is a joke.

christop

member

Activity: 84

Merit: 10

Quote from: Elwar on March 26, 2013, 12:04:00 PM

Is it the MtGox one where you can put anyone else's public Bitcoin address in the url and automatically get all of their bitcoins?

Please tell me this is a joke.

Elwar

legendary

Activity: 3598

Merit: 2386

Viva Ut Vivas

Is it the MtGox one where you can put anyone else's public Bitcoin address in the url and automatically get all of their bitcoins?

MysteryMiner

legendary

Activity: 1540

Merit: 1049

Death to enemies!

Fuck the law, if you live in another country just grab the damn coins!

sgravina

sr. member

Activity: 451

Merit: 250

Quote from: rme on March 26, 2013, 11:28:07 AM

Make the flaw public will be the fastest way of been fixed.

This also invites a lawsuit.

Sukrim

legendary

Activity: 2618

Merit: 1007

Well, if you're a customer there you might not want them to be robbed from the outside...?!

You could transfer a nontrivial but also not business threatening amount of BTC to one of your addresses (maybe ennounce that here? On the other hand it might be easy to know which business has this flaw via network analysis) and then immediately send them back - that should hopefully trigger some alerts...

sgravina

sr. member

Activity: 451

Merit: 250

Quote from: the founder on March 26, 2013, 11:24:15 AM

I found a security flaw which allowed a thief to steal bitcoins from a company.
I contacted them and they don't reply, what should I do?
I want to see the security issue resolved, and the company in question is not responding to me.

The security flaw is so stupid that it most likely got overlooked.

Don't steal the coins. You will be criminally liable for that even if you intend to return them and even if you do return them. In fact returning them becomes evidence against you.

Just try again.

rme

hero member

Activity: 756

Merit: 504

Make the flaw public will be the fastest way of been fixed.

the founder

sr. member

Activity: 448

Merit: 251

Bitcoin

THEY RESPONDED

I found a security flaw which allowed a thief to steal bitcoins from a company.
I contacted them and they don't reply, what should I do?
I want to see the security issue resolved, and the company in question is not responding to me.

The security flaw is so stupid that it most likely got overlooked.

EDIT: We're talking a minor exploit that at most can yield 100 coins or so. Not thousand, not millions, just 100 or so bitcoins.

It's not going to destabilize bitcoin, or affect prices to any large extent. It's a single company that has a minor problem that they haven't contacted me back yet.

That's the extent of this flaw. I asked for advice not because I wanted to freaking start a panic, it's just how to get a company to respond.

100 BTC at max.... that's it.. nothing more.

Topic: Dumb Question : If I found a security flaw with a major bitcoin company .. - page 4. (Read 7382 times)