Topic: Hack Into BitDice And Get 1BTC! - page 4. (Read 6829 times)

2FA is really a great way to secure your account. Indeed it won't hurt get another layer of protection into your account and having more would be better. A hacker though, if he really wanted to hack a gambling site, they would not go for an individuals account. Why target small fish if you can catch all the fish in it, right? So I guess accounts would be out of the questions if a hackers does go for a casino. He would for sure target the whole bankroll.

2fa is just another security layer and with some extra security it wont be hurting yourself. Everyone is actually responsible for their own security so if you are using the same password all over anything you sign up to then thats your responsibility not that even the site with the best security will be able to help you

But not all people are using this 2fa as their protection though because they think that they are not going to play on particular site for long enough. So why should they get 2fa then? It will just annoying to see a lot of 2fa numbers on many sites. For me I prefer to put 2fa on some specific sites that I visit often

The security should be a given. At the very least there should be email authentication.


Are you stupid? Who would even know the difference? This is just to advertise their security. Keeping a bitcoin in the account is completely pointless. Though, even if they did keep the bitcoin in there they could just simply block all withdrawal/tip requests from the account.

---

And you're rewarding someone that exploits security flaws?
The only real reason you might want to keep funds in there is in case there /are/ flaws - someone who exploited them would probably withdraw the bitcoins and then you can close and investigate the site.

... but why go through the trouble of "purchasing" insurance when in reality you can just remove the 'reward' and monitor the account activity (with IP connections)? And it's also more likely that if someone found a security vulnerability, they would go after whales instead of a measly 1 BTC.

---

Why would they bother crediting someone?

... and in the case of screenshots as proof, I'll leave it at this: Photoshop has existed for a very long time.

---

And people would find out the email how exactly? Keep in mind that both email authentication and 2FA are possibilities for security reinforcement on the site - email is just on by default. And hey, if the email password is the same... then that's the user's fault.

---

---

Wtf. So you have 2FA? That's your big gimmick as to why I should gamble with you? This is poor at best. A lot of people use the same passwords everywhere even h they know they shouldn't, so this isn't saying you have good security, it's just that you have 2FA. It's good, but if the email password is the same it's useless.

Well, you just spoke the truth man.
I still don't know though any other way to be more secure than these 2 for online purposes...

Changing the password frequently in my opinion is pointless unless you use the same password for all your sites. Normally with a keylogger or some trojan, they will just use the current password anyways so it doesn't make sense to keep changing it.

2FA is good however, many exchanges let you simply reset it when you confirm your email. And when your computer is hacked normally the hacker has access to your mail also.

It's really not to good to store large amounts of BTC in exchangers but it's not so easy to wothdraw every time and leave there a specific amount.
For me 2 are the best options : 2FA and safe keeping of the key and/or frequently changing passwords.
Imho these are the best options atm...

Yes I had this issue also, especially if you are on an iPhone.  You can backup almost everything, including the app however it will not backup the 2fa recovery codes for you. It was a big pain however there is an even bigger security risk because as long as someone has access to your email, they can easily reset the 2fa. Hence why its never a good idea to store large amounts of money in any online sites or exchanges.

Yeah, I had an issue one time with an upgrade on Google Authenticator that wiped all 2FA codes from my device. What a nightmare that was. I since switched to Authy which allows you to backup your 2FA codes. I do recommend that you backup your codes or save your recovery key in case something happens as it can be a pain to regain access to sites.

It's a sad truth far too few people back their 2FA code up. Then what we see is them crying here on BCT that they've lost their 2FA and need help...

2FA is more secure way that's why you need to be carefull.
When and if you enable it, you MUST store somewhere your 16-digit code/key.
If you don't and you loose your devise, you are in a black hole...

They also have a 2FA option to use your phone as 2FA with Google Authenticator or similar. This is probably an even more secure method than email as they would have to have access to your phone in order to get the 2FA code.

But if a hacker had hacked the email and he has the password to the account can't he just reset the withdrawal address and the IP address? Or by 2FA you mean other thing than email? I'm sorry if my question was a stupid one, I'm new to this thing.

As far as I checked, the only weak point of this is the email account.
I can't tell you why exactly, but an user I know instead of using secure mails uses exploitable mails even if he feels safe.
So yeah, all you need here is some social engineering.

Yes it only seems they have email authentication system like few sites and specially blockchain and yobit have right now. However that simple process can add great security feature to any platform.

But there is also no point to remove it from that account, by keeping that 1 btc in that account and giving username password combo they are trying to attract more users to play in their platform which i have never seen done by any other gambling platform before.

Big possibilities that they would not end up this event since it can be appealing to massive public to show their great security, and i also feel interested the way community speaks about the bitdice itself and i would surely try to play at them after the christmas party


That 1 btc is a though challenge for the intruders.

Even if they did remove it, all you need to do is to show the screenshot of yourself manage to get into the account and they will still credit your account with 1 btc given that they havent end this event yet however pretty sure that they wont end it , just showcassing this actually give the site some credibility

Yeah, I suppose its not really a "promo" per se and is designed to show off the security features of the site. However, the 1 BTC reward acts as a bounty if someone did manage to get in the account. Nobody would know if they removed it unless someone managed to get into the account. While unlikely, it is possible someone manages to find a bug or something. There is really no reason for them to prematurely remove the 1 BTC either. I'm sure after a certain length of time has passed, they will publicly state they are removing it if no one was successful in accessing it.

Impossible? You mean... 2FA is only possible with logins but not withdrawals? Where have you been, mate? It's not risking their reputation -- in fact, it would further establish it. If BitDice were in the position to be able to allow players to log into an account where they could see the balance but not do anything with it, then that would surely show off their security - more than this current thread.

Of course, such a demonstration would require the implementation of a few things: restriction on betting, restriction on tipping, restriction on withdrawals
Betting restrictions could be time-based or toggled with 2FA along with tipping, and withdrawals can require an authentication (via Google Authenticator or SMS)

[though if really necessary the server could just simply ignore all withdrawal/tip/bet requests from that specific account, acting as if it were secure]

---

Again, not harming if they do it correctly. And it's not really a "promo" per se since it's to show off their new "security" which is just a simple email authentication (from foreign ips or otherwise).

But what would be the point of keeping the 1 BTC there? Nobody would know if they removed it.