Author

Topic: Found a Major Security Flaw (Read 1929 times)

newbie
Activity: 32
Merit: 0
October 27, 2014, 05:48:12 AM
#19
Inform them, if the issue is not fixed and users are at risk, go public.

You can go public so that the public would know.
legendary
Activity: 1862
Merit: 1015
October 25, 2014, 01:04:04 PM
#18
Yeah, I assume they wouldn't want it out there. It could put people at risk.
$100 though....that seems almost like not worth even asking for.

Maybe I should just tell them what the deal is.
It is probably advisable to let them know about the risk. The reward will likely be based on how big their security "hole" was and how much they could potentially lose in the event that someone would have exploited it.

I would certainly disagree that it is not worth asking for $100 if this is an amount that they would owe you. It would only take at most a few minutes to ask at most.

Reported, this is extremely off topic. What the heck went through your mind when you posted this?!

Take a look at his sig and you'll know why (I have already given up trying to report them - the mods will actually just reduce your *accuracy* for reporting them - spamming rubbish into every single topic is *perfectly okay* with this forum unfortunately).

I think,the price of a coin is mainly decided by two convenient, cost is a factor, but the more important is : the relationship between supply and demand.

Reported, this is extremely off topic. What the heck went through your mind when you posted this?!
I hope you both realize that by posting that you reported a post, and talking about why someone posted something that makes zero sense you are yourselves posting something that is off topic? You are doing nothing then distracting from the original discussion of the thread
newbie
Activity: 33
Merit: 0
October 25, 2014, 11:14:24 AM
#17
OK...issue reported.

Let's see what happens.
newbie
Activity: 33
Merit: 0
October 25, 2014, 10:21:29 AM
#16
I'm just going to tell him. It is so obvious that it must be just hiding in plain sight. When you get so close to something sometimes it is hard to step back and see something obvious.

OR maybe I'm wrong...but I don't think so.

A lot of people are using this system so the better half of me will feel good knowing it will reduce some serious risk.

 Smiley
full member
Activity: 238
Merit: 100
★Bitin.io★ - Instant Exchange
October 25, 2014, 08:46:55 AM
#15
I believe I have found a major security flaw in a companies bitcoin system. I am no cryptologist but the flaw is not a technical one, it is more a procedural weakness. I asked if they were aware of a problem related to this and they said no and could I elaborate. There is a small bounty for finding "bugs" but this basically undermines their whole purpose. They are small but do have a lot of press about their new system.  How should I approach the situation.
You are very powerful, can discover the bitcoin problem(bug), we support you, hope you can tell us more about  the details of the bug
full member
Activity: 700
Merit: 100
October 25, 2014, 08:37:47 AM
#14
Describe the issue simply and ask for a bounty (dont ask for a lot, just what it could poten. save them if you used the bug). Then explain what happened for you to find the bug.
legendary
Activity: 1615
Merit: 1000
October 25, 2014, 08:13:35 AM
#13
Inform them, if the issue is not fixed and users are at risk, go public.
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
October 25, 2014, 08:09:24 AM
#12
Reported, this is extremely off topic. What the heck went through your mind when you posted this?!

Take a look at his sig and you'll know why (I have already given up trying to report them - the mods will actually just reduce your *accuracy* for reporting them - spamming rubbish into every single topic is *perfectly okay* with this forum unfortunately).
full member
Activity: 154
Merit: 100
October 25, 2014, 08:06:43 AM
#11
just let them know they should revise procedure management politics if an issue is not a technical one and get that bounty
sr. member
Activity: 952
Merit: 281
October 25, 2014, 06:51:38 AM
#10
The whole bitcoin is open source. If there is such a major flaw, you should let them know, and by them I mean the devs. It's no good reason to hide it, someday someone else will find it out eventually.

The OP title is probably misleading when posted in this sub forum. If you read further you'll see that the security flaw is not in Bitcoin but in the company's procedures.
Seems like he edited his original post after posting  Grin
donator
Activity: 1617
Merit: 1012
October 25, 2014, 06:50:19 AM
#9
The whole bitcoin is open source. If there is such a major flaw, you should let them know, and by them I mean the devs. It's no good reason to hide it, someday someone else will find it out eventually.

The OP title is probably misleading when posted in this sub forum. If you read further you'll see that the security flaw is not in Bitcoin but in the company's procedures.
sr. member
Activity: 952
Merit: 281
October 25, 2014, 06:42:56 AM
#8
If you really found a security flaw you would be exploiting it, rather than revealing it  Cheesy
hero member
Activity: 658
Merit: 500
October 25, 2014, 06:41:28 AM
#7
The whole bitcoin is open source. If there is such a major flaw, you should let them know, and by them I mean the devs. It's no good reason to hide it, someday someone else will find it out eventually.
Q7
sr. member
Activity: 448
Merit: 250
October 25, 2014, 02:23:58 AM
#6
Just write in and tell them. Not everyone is as honest as you and I'm sure you deserve a reward for pointing it out. Imagine the good things you would have done to save all the account holders. Just hate to hear another bad press that seems to relate to and undermine bitcoin security although in the first place it has nothing to do with bitcoin, only the system that handles it
legendary
Activity: 2296
Merit: 1014
October 25, 2014, 01:25:11 AM
#5
You shouldn't be cash motivated. If they pay you ANYTHING it is still good.
Find real job for your IT skills.
legendary
Activity: 1148
Merit: 1014
In Satoshi I Trust
October 25, 2014, 01:09:49 AM
#4
if its a big bug, 100 USD is not that much but better than nothing  Smiley

but i would like to know more about this when the gap is closed  Cheesy
newbie
Activity: 33
Merit: 0
October 25, 2014, 12:48:15 AM
#3
Yeah, I assume they wouldn't want it out there. It could put people at risk.
$100 though....that seems almost like not worth even asking for.

Maybe I should just tell them what the deal is.
legendary
Activity: 1148
Merit: 1014
In Satoshi I Trust
October 25, 2014, 12:44:23 AM
#2
they should give you a bounty for that and you would have a good feeling too  Smiley
(+ no police is hunting you  Tongue )


sounds fair? if they pay nothing, maybe coindesk is interested in this story.
newbie
Activity: 33
Merit: 0
October 25, 2014, 12:41:38 AM
#1
I believe I have found a major security flaw in a companies bitcoin system. I am no cryptologist but the flaw is not a technical one, it is more a procedural weakness. I asked if they were aware of a problem related to this and they said no and could I elaborate. There is a small bounty for finding "bugs" but this basically undermines their whole purpose. They are small but do have a lot of press about their new system.  How should I approach the situation.
Jump to: