Inform them, if the issue is not fixed and users are at risk, go public.
You can go public so that the public would know.
Topic: Found a Major Security Flaw (Read 1925 times)
You can go public so that the public would know.
Yeah, I assume they wouldn't want it out there. It could put people at risk.
$100 though....that seems almost like not worth even asking for.
Maybe I should just tell them what the deal is.
It is probably advisable to let them know about the risk. The reward will likely be based on how big their security "hole" was and how much they could potentially lose in the event that someone would have exploited it. $100 though....that seems almost like not worth even asking for.
Maybe I should just tell them what the deal is.
I would certainly disagree that it is not worth asking for $100 if this is an amount that they would owe you. It would only take at most a few minutes to ask at most.
Reported, this is extremely off topic. What the heck went through your mind when you posted this?!
Take a look at his sig and you'll know why (I have already given up trying to report them - the mods will actually just reduce your *accuracy* for reporting them - spamming rubbish into every single topic is *perfectly okay* with this forum unfortunately).
I think,the price of a coin is mainly decided by two convenient, cost is a factor, but the more important is : the relationship between supply and demand.
Reported, this is extremely off topic. What the heck went through your mind when you posted this?!
OK...issue reported.
Let's see what happens.
Let's see what happens.
I'm just going to tell him. It is so obvious that it must be just hiding in plain sight. When you get so close to something sometimes it is hard to step back and see something obvious.
OR maybe I'm wrong...but I don't think so.
A lot of people are using this system so the better half of me will feel good knowing it will reduce some serious risk.
OR maybe I'm wrong...but I don't think so.
A lot of people are using this system so the better half of me will feel good knowing it will reduce some serious risk.
I believe I have found a major security flaw in a companies bitcoin system. I am no cryptologist but the flaw is not a technical one, it is more a procedural weakness. I asked if they were aware of a problem related to this and they said no and could I elaborate. There is a small bounty for finding "bugs" but this basically undermines their whole purpose. They are small but do have a lot of press about their new system. How should I approach the situation.
You are very powerful, can discover the bitcoin problem(bug), we support you, hope you can tell us more about the details of the bug
Describe the issue simply and ask for a bounty (dont ask for a lot, just what it could poten. save them if you used the bug). Then explain what happened for you to find the bug.
Inform them, if the issue is not fixed and users are at risk, go public.
Reported, this is extremely off topic. What the heck went through your mind when you posted this?!
Take a look at his sig and you'll know why (I have already given up trying to report them - the mods will actually just reduce your *accuracy* for reporting them - spamming rubbish into every single topic is *perfectly okay* with this forum unfortunately).
just let them know they should revise procedure management politics if an issue is not a technical one and get that bounty
The whole bitcoin is open source. If there is such a major flaw, you should let them know, and by them I mean the devs. It's no good reason to hide it, someday someone else will find it out eventually.
The OP title is probably misleading when posted in this sub forum. If you read further you'll see that the security flaw is not in Bitcoin but in the company's procedures.
The whole bitcoin is open source. If there is such a major flaw, you should let them know, and by them I mean the devs. It's no good reason to hide it, someday someone else will find it out eventually.
The OP title is probably misleading when posted in this sub forum. If you read further you'll see that the security flaw is not in Bitcoin but in the company's procedures.
If you really found a security flaw you would be exploiting it, rather than revealing it 
The whole bitcoin is open source. If there is such a major flaw, you should let them know, and by them I mean the devs. It's no good reason to hide it, someday someone else will find it out eventually.
Just write in and tell them. Not everyone is as honest as you and I'm sure you deserve a reward for pointing it out. Imagine the good things you would have done to save all the account holders. Just hate to hear another bad press that seems to relate to and undermine bitcoin security although in the first place it has nothing to do with bitcoin, only the system that handles it
You shouldn't be cash motivated. If they pay you ANYTHING it is still good.
Find real job for your IT skills.
Find real job for your IT skills.
if its a big bug, 100 USD is not that much but better than nothing
but i would like to know more about this when the gap is closed
but i would like to know more about this when the gap is closed
Yeah, I assume they wouldn't want it out there. It could put people at risk.
$100 though....that seems almost like not worth even asking for.
Maybe I should just tell them what the deal is.
$100 though....that seems almost like not worth even asking for.
Maybe I should just tell them what the deal is.
they should give you a bounty for that and you would have a good feeling too
(+ no police is hunting you
)
sounds fair? if they pay nothing, maybe coindesk is interested in this story.
(+ no police is hunting you
)sounds fair? if they pay nothing, maybe coindesk is interested in this story.
I believe I have found a major security flaw in a companies bitcoin system. I am no cryptologist but the flaw is not a technical one, it is more a procedural weakness. I asked if they were aware of a problem related to this and they said no and could I elaborate. There is a small bounty for finding "bugs" but this basically undermines their whole purpose. They are small but do have a lot of press about their new system. How should I approach the situation.
Jump to: