Pages:
Author

Topic: Hack Into BitDice And Get 1BTC! - page 4. (Read 6848 times)

hero member
Activity: 868
Merit: 535
December 22, 2016, 01:08:15 AM
Wtf. So you have 2FA? That's your big gimmick as to why I should gamble with you? This is poor at best. A lot of people use the same passwords everywhere even h they know they shouldn't, so this isn't saying you have good security, it's just that you have 2FA. It's good, but if the email password is the same it's useless.

2fa is just another security layer and with some extra security it wont be hurting yourself. Everyone is actually responsible for their own security so if you are using the same password all over anything you sign up to then thats your responsibility not that even the site with the best security will be able to help you

2FA is really a great way to secure your account. Indeed it won't hurt get another layer of protection into your account and having more would be better. A hacker though, if he really wanted to hack a gambling site, they would not go for an individuals account. Why target small fish if you can catch all the fish in it, right? So I guess accounts would be out of the questions if a hackers does go for a casino. He would for sure target the whole bankroll.
legendary
Activity: 1064
Merit: 1000
December 22, 2016, 12:40:32 AM
Wtf. So you have 2FA? That's your big gimmick as to why I should gamble with you? This is poor at best. A lot of people use the same passwords everywhere even h they know they shouldn't, so this isn't saying you have good security, it's just that you have 2FA. It's good, but if the email password is the same it's useless.

2fa is just another security layer and with some extra security it wont be hurting yourself. Everyone is actually responsible for their own security so if you are using the same password all over anything you sign up to then thats your responsibility not that even the site with the best security will be able to help you
legendary
Activity: 1834
Merit: 1008
December 21, 2016, 07:14:02 PM
Hey guys,

Whole thing was to prove default settings. As I've mentioned it in the first post, I did not set any additional security settings. This is security by default, which each user gets after registration. You can lower it, if you feel comfortable, or increase. It's up to you. But by default you should be as safe as your email provider.

Regarding security problems with email, your account still can be safe even if your email has been compromised. Just set 2FA. You can also set IP address lock, or withdrawal address lock. We provide as many options as you can possibly use.

Regards,
Alex

But if a hacker had hacked the email and he has the password to the account can't he just reset the withdrawal address and the IP address? Or by 2FA you mean other thing than email? I'm sorry if my question was a stupid one, I'm new to this thing.

They also have a 2FA option to use your phone as 2FA with Google Authenticator or similar. This is probably an even more secure method than email as they would have to have access to your phone in order to get the 2FA code.

2FA is more secure way that's why you need to be carefull.
When and if you enable it, you MUST store somewhere your 16-digit code/key.
If you don't and you loose your devise, you are in a black hole... Roll Eyes

It's a sad truth far too few people back their 2FA code up. Then what we see is them crying here on BCT that they've lost their 2FA and need help...

But not all people are using this 2fa as their protection though because they think that they are not going to play on particular site for long enough. So why should they get 2fa then? It will just annoying to see a lot of 2fa numbers on many sites. For me I prefer to put 2fa on some specific sites that I visit often
copper member
Activity: 2562
Merit: 2510
Spear the bees
December 21, 2016, 06:39:02 PM
Yes it only seems they have email authentication system like few sites and specially blockchain and yobit have right now. However that simple process can add great security feature to any platform.

The security should be a given. At the very least there should be email authentication.

But there is also no point to remove it from that account, by keeping that 1 btc in that account and giving username password combo they are trying to attract more users to play in their platform which i have never seen done by any other gambling platform before.

Are you stupid? Who would even know the difference? This is just to advertise their security. Keeping a bitcoin in the account is completely pointless. Though, even if they did keep the bitcoin in there they could just simply block all withdrawal/tip requests from the account.



Yeah, I suppose its not really a "promo" per se and is designed to show off the security features of the site. However, the 1 BTC reward acts as a bounty if someone did manage to get in the account. Nobody would know if they removed it unless someone managed to get into the account. While unlikely, it is possible someone manages to find a bug or something. There is really no reason for them to prematurely remove the 1 BTC either. I'm sure after a certain length of time has passed, they will publicly state they are removing it if no one was successful in accessing it.

And you're rewarding someone that exploits security flaws? Roll Eyes
The only real reason you might want to keep funds in there is in case there /are/ flaws - someone who exploited them would probably withdraw the bitcoins and then you can close and investigate the site.

... but why go through the trouble of "purchasing" insurance when in reality you can just remove the 'reward' and monitor the account activity (with IP connections)? And it's also more likely that if someone found a security vulnerability, they would go after whales instead of a measly 1 BTC.



Even if they did remove it, all you need to do is to show the screenshot of yourself manage to get into the account and they will still credit your account with 1 btc given that they havent end this event yet however pretty sure that they wont end it , just showcassing this actually give the site some credibility

Why would they bother crediting someone?

... and in the case of screenshots as proof, I'll leave it at this: Photoshop has existed for a very long time.



Wtf. So you have 2FA? That's your big gimmick as to why I should gamble with you? This is poor at best. A lot of people use the same passwords everywhere even h they know they shouldn't, so this isn't saying you have good security, it's just that you have 2FA. It's good, but if the email password is the same it's useless.

And people would find out the email how exactly? Keep in mind that both email authentication and 2FA are possibilities for security reinforcement on the site - email is just on by default. And hey, if the email password is the same... then that's the user's fault.




legendary
Activity: 966
Merit: 1042
December 21, 2016, 06:34:58 PM
Wtf. So you have 2FA? That's your big gimmick as to why I should gamble with you? This is poor at best. A lot of people use the same passwords everywhere even h they know they shouldn't, so this isn't saying you have good security, it's just that you have 2FA. It's good, but if the email password is the same it's useless.
legendary
Activity: 3038
Merit: 1104
This is what I do. I drink and I know things.
December 21, 2016, 06:28:55 PM
Hey guys,

Whole thing was to prove default settings. As I've mentioned it in the first post, I did not set any additional security settings. This is security by default, which each user gets after registration. You can lower it, if you feel comfortable, or increase. It's up to you. But by default you should be as safe as your email provider.

Regarding security problems with email, your account still can be safe even if your email has been compromised. Just set 2FA. You can also set IP address lock, or withdrawal address lock. We provide as many options as you can possibly use.

Regards,
Alex

But if a hacker had hacked the email and he has the password to the account can't he just reset the withdrawal address and the IP address? Or by 2FA you mean other thing than email? I'm sorry if my question was a stupid one, I'm new to this thing.

They also have a 2FA option to use your phone as 2FA with Google Authenticator or similar. This is probably an even more secure method than email as they would have to have access to your phone in order to get the 2FA code.

2FA is more secure way that's why you need to be carefull.
When and if you enable it, you MUST store somewhere your 16-digit code/key.
If you don't and you loose your devise, you are in a black hole... Roll Eyes

It's a sad truth far too few people back their 2FA code up. Then what we see is them crying here on BCT that they've lost their 2FA and need help...

Yeah, I had an issue one time with an upgrade on Google Authenticator that wiped all 2FA codes from my device. What a nightmare that was. I since switched to Authy which allows you to backup your 2FA codes. I do recommend that you backup your codes or save your recovery key in case something happens as it can be a pain to regain access to sites.

Yes I had this issue also, especially if you are on an iPhone.  You can backup almost everything, including the app however it will not backup the 2fa recovery codes for you. It was a big pain however there is an even bigger security risk because as long as someone has access to your email, they can easily reset the 2fa. Hence why its never a good idea to store large amounts of money in any online sites or exchanges.

It's really not to good to store large amounts of BTC in exchangers but it's not so easy to wothdraw every time and leave there a specific amount.
For me 2 are the best options : 2FA and safe keeping of the key and/or frequently changing passwords.
Imho these are the best options atm...

Changing the password frequently in my opinion is pointless unless you use the same password for all your sites. Normally with a keylogger or some trojan, they will just use the current password anyways so it doesn't make sense to keep changing it.

2FA is good however, many exchanges let you simply reset it when you confirm your email. And when your computer is hacked normally the hacker has access to your mail also.

Well, you just spoke the truth man. Smiley
I still don't know though any other way to be more secure than these 2 for online purposes...
legendary
Activity: 3808
Merit: 1723
December 21, 2016, 05:23:15 PM
Hey guys,

Whole thing was to prove default settings. As I've mentioned it in the first post, I did not set any additional security settings. This is security by default, which each user gets after registration. You can lower it, if you feel comfortable, or increase. It's up to you. But by default you should be as safe as your email provider.

Regarding security problems with email, your account still can be safe even if your email has been compromised. Just set 2FA. You can also set IP address lock, or withdrawal address lock. We provide as many options as you can possibly use.

Regards,
Alex

But if a hacker had hacked the email and he has the password to the account can't he just reset the withdrawal address and the IP address? Or by 2FA you mean other thing than email? I'm sorry if my question was a stupid one, I'm new to this thing.

They also have a 2FA option to use your phone as 2FA with Google Authenticator or similar. This is probably an even more secure method than email as they would have to have access to your phone in order to get the 2FA code.

2FA is more secure way that's why you need to be carefull.
When and if you enable it, you MUST store somewhere your 16-digit code/key.
If you don't and you loose your devise, you are in a black hole... Roll Eyes

It's a sad truth far too few people back their 2FA code up. Then what we see is them crying here on BCT that they've lost their 2FA and need help...

Yeah, I had an issue one time with an upgrade on Google Authenticator that wiped all 2FA codes from my device. What a nightmare that was. I since switched to Authy which allows you to backup your 2FA codes. I do recommend that you backup your codes or save your recovery key in case something happens as it can be a pain to regain access to sites.

Yes I had this issue also, especially if you are on an iPhone.  You can backup almost everything, including the app however it will not backup the 2fa recovery codes for you. It was a big pain however there is an even bigger security risk because as long as someone has access to your email, they can easily reset the 2fa. Hence why its never a good idea to store large amounts of money in any online sites or exchanges.

It's really not to good to store large amounts of BTC in exchangers but it's not so easy to wothdraw every time and leave there a specific amount.
For me 2 are the best options : 2FA and safe keeping of the key and/or frequently changing passwords.
Imho these are the best options atm...

Changing the password frequently in my opinion is pointless unless you use the same password for all your sites. Normally with a keylogger or some trojan, they will just use the current password anyways so it doesn't make sense to keep changing it.

2FA is good however, many exchanges let you simply reset it when you confirm your email. And when your computer is hacked normally the hacker has access to your mail also.
legendary
Activity: 3038
Merit: 1104
This is what I do. I drink and I know things.
December 21, 2016, 05:04:56 PM
Hey guys,

Whole thing was to prove default settings. As I've mentioned it in the first post, I did not set any additional security settings. This is security by default, which each user gets after registration. You can lower it, if you feel comfortable, or increase. It's up to you. But by default you should be as safe as your email provider.

Regarding security problems with email, your account still can be safe even if your email has been compromised. Just set 2FA. You can also set IP address lock, or withdrawal address lock. We provide as many options as you can possibly use.

Regards,
Alex

But if a hacker had hacked the email and he has the password to the account can't he just reset the withdrawal address and the IP address? Or by 2FA you mean other thing than email? I'm sorry if my question was a stupid one, I'm new to this thing.

They also have a 2FA option to use your phone as 2FA with Google Authenticator or similar. This is probably an even more secure method than email as they would have to have access to your phone in order to get the 2FA code.

2FA is more secure way that's why you need to be carefull.
When and if you enable it, you MUST store somewhere your 16-digit code/key.
If you don't and you loose your devise, you are in a black hole... Roll Eyes

It's a sad truth far too few people back their 2FA code up. Then what we see is them crying here on BCT that they've lost their 2FA and need help...

Yeah, I had an issue one time with an upgrade on Google Authenticator that wiped all 2FA codes from my device. What a nightmare that was. I since switched to Authy which allows you to backup your 2FA codes. I do recommend that you backup your codes or save your recovery key in case something happens as it can be a pain to regain access to sites.

Yes I had this issue also, especially if you are on an iPhone.  You can backup almost everything, including the app however it will not backup the 2fa recovery codes for you. It was a big pain however there is an even bigger security risk because as long as someone has access to your email, they can easily reset the 2fa. Hence why its never a good idea to store large amounts of money in any online sites or exchanges.

It's really not to good to store large amounts of BTC in exchangers but it's not so easy to wothdraw every time and leave there a specific amount.
For me 2 are the best options : 2FA and safe keeping of the key and/or frequently changing passwords.
Imho these are the best options atm...
legendary
Activity: 3808
Merit: 1723
December 21, 2016, 12:30:34 PM
Hey guys,

Whole thing was to prove default settings. As I've mentioned it in the first post, I did not set any additional security settings. This is security by default, which each user gets after registration. You can lower it, if you feel comfortable, or increase. It's up to you. But by default you should be as safe as your email provider.

Regarding security problems with email, your account still can be safe even if your email has been compromised. Just set 2FA. You can also set IP address lock, or withdrawal address lock. We provide as many options as you can possibly use.

Regards,
Alex

But if a hacker had hacked the email and he has the password to the account can't he just reset the withdrawal address and the IP address? Or by 2FA you mean other thing than email? I'm sorry if my question was a stupid one, I'm new to this thing.

They also have a 2FA option to use your phone as 2FA with Google Authenticator or similar. This is probably an even more secure method than email as they would have to have access to your phone in order to get the 2FA code.

2FA is more secure way that's why you need to be carefull.
When and if you enable it, you MUST store somewhere your 16-digit code/key.
If you don't and you loose your devise, you are in a black hole... Roll Eyes

It's a sad truth far too few people back their 2FA code up. Then what we see is them crying here on BCT that they've lost their 2FA and need help...

Yeah, I had an issue one time with an upgrade on Google Authenticator that wiped all 2FA codes from my device. What a nightmare that was. I since switched to Authy which allows you to backup your 2FA codes. I do recommend that you backup your codes or save your recovery key in case something happens as it can be a pain to regain access to sites.

Yes I had this issue also, especially if you are on an iPhone.  You can backup almost everything, including the app however it will not backup the 2fa recovery codes for you. It was a big pain however there is an even bigger security risk because as long as someone has access to your email, they can easily reset the 2fa. Hence why its never a good idea to store large amounts of money in any online sites or exchanges.
legendary
Activity: 1736
Merit: 1023
December 21, 2016, 10:40:52 AM
Hey guys,

Whole thing was to prove default settings. As I've mentioned it in the first post, I did not set any additional security settings. This is security by default, which each user gets after registration. You can lower it, if you feel comfortable, or increase. It's up to you. But by default you should be as safe as your email provider.

Regarding security problems with email, your account still can be safe even if your email has been compromised. Just set 2FA. You can also set IP address lock, or withdrawal address lock. We provide as many options as you can possibly use.

Regards,
Alex

But if a hacker had hacked the email and he has the password to the account can't he just reset the withdrawal address and the IP address? Or by 2FA you mean other thing than email? I'm sorry if my question was a stupid one, I'm new to this thing.

They also have a 2FA option to use your phone as 2FA with Google Authenticator or similar. This is probably an even more secure method than email as they would have to have access to your phone in order to get the 2FA code.

2FA is more secure way that's why you need to be carefull.
When and if you enable it, you MUST store somewhere your 16-digit code/key.
If you don't and you loose your devise, you are in a black hole... Roll Eyes

It's a sad truth far too few people back their 2FA code up. Then what we see is them crying here on BCT that they've lost their 2FA and need help...

Yeah, I had an issue one time with an upgrade on Google Authenticator that wiped all 2FA codes from my device. What a nightmare that was. I since switched to Authy which allows you to backup your 2FA codes. I do recommend that you backup your codes or save your recovery key in case something happens as it can be a pain to regain access to sites.
legendary
Activity: 2018
Merit: 1108
December 21, 2016, 10:21:29 AM
Hey guys,

Whole thing was to prove default settings. As I've mentioned it in the first post, I did not set any additional security settings. This is security by default, which each user gets after registration. You can lower it, if you feel comfortable, or increase. It's up to you. But by default you should be as safe as your email provider.

Regarding security problems with email, your account still can be safe even if your email has been compromised. Just set 2FA. You can also set IP address lock, or withdrawal address lock. We provide as many options as you can possibly use.

Regards,
Alex

But if a hacker had hacked the email and he has the password to the account can't he just reset the withdrawal address and the IP address? Or by 2FA you mean other thing than email? I'm sorry if my question was a stupid one, I'm new to this thing.

They also have a 2FA option to use your phone as 2FA with Google Authenticator or similar. This is probably an even more secure method than email as they would have to have access to your phone in order to get the 2FA code.

2FA is more secure way that's why you need to be carefull.
When and if you enable it, you MUST store somewhere your 16-digit code/key.
If you don't and you loose your devise, you are in a black hole... Roll Eyes

It's a sad truth far too few people back their 2FA code up. Then what we see is them crying here on BCT that they've lost their 2FA and need help...
legendary
Activity: 3038
Merit: 1104
This is what I do. I drink and I know things.
December 21, 2016, 09:52:05 AM
Hey guys,

Whole thing was to prove default settings. As I've mentioned it in the first post, I did not set any additional security settings. This is security by default, which each user gets after registration. You can lower it, if you feel comfortable, or increase. It's up to you. But by default you should be as safe as your email provider.

Regarding security problems with email, your account still can be safe even if your email has been compromised. Just set 2FA. You can also set IP address lock, or withdrawal address lock. We provide as many options as you can possibly use.

Regards,
Alex

But if a hacker had hacked the email and he has the password to the account can't he just reset the withdrawal address and the IP address? Or by 2FA you mean other thing than email? I'm sorry if my question was a stupid one, I'm new to this thing.

They also have a 2FA option to use your phone as 2FA with Google Authenticator or similar. This is probably an even more secure method than email as they would have to have access to your phone in order to get the 2FA code.

2FA is more secure way that's why you need to be carefull.
When and if you enable it, you MUST store somewhere your 16-digit code/key.
If you don't and you loose your devise, you are in a black hole... Roll Eyes
legendary
Activity: 1736
Merit: 1023
December 21, 2016, 07:49:44 AM
Hey guys,

Whole thing was to prove default settings. As I've mentioned it in the first post, I did not set any additional security settings. This is security by default, which each user gets after registration. You can lower it, if you feel comfortable, or increase. It's up to you. But by default you should be as safe as your email provider.

Regarding security problems with email, your account still can be safe even if your email has been compromised. Just set 2FA. You can also set IP address lock, or withdrawal address lock. We provide as many options as you can possibly use.

Regards,
Alex

But if a hacker had hacked the email and he has the password to the account can't he just reset the withdrawal address and the IP address? Or by 2FA you mean other thing than email? I'm sorry if my question was a stupid one, I'm new to this thing.

They also have a 2FA option to use your phone as 2FA with Google Authenticator or similar. This is probably an even more secure method than email as they would have to have access to your phone in order to get the 2FA code.
hero member
Activity: 1274
Merit: 622
December 20, 2016, 08:45:41 AM
Hey guys,

Whole thing was to prove default settings. As I've mentioned it in the first post, I did not set any additional security settings. This is security by default, which each user gets after registration. You can lower it, if you feel comfortable, or increase. It's up to you. But by default you should be as safe as your email provider.

Regarding security problems with email, your account still can be safe even if your email has been compromised. Just set 2FA. You can also set IP address lock, or withdrawal address lock. We provide as many options as you can possibly use.

Regards,
Alex

But if a hacker had hacked the email and he has the password to the account can't he just reset the withdrawal address and the IP address? Or by 2FA you mean other thing than email? I'm sorry if my question was a stupid one, I'm new to this thing.
full member
Activity: 172
Merit: 100
December 20, 2016, 03:56:42 AM
As far as I checked, the only weak point of this is the email account.
I can't tell you why exactly, but an user I know instead of using secure mails uses exploitable mails even if he feels safe.
So yeah, all you need here is some social engineering.
legendary
Activity: 966
Merit: 1006
December 20, 2016, 03:53:04 AM
Again, not harming if they do it correctly. And it's not really a "promo" per se since it's to show off their new "security" which is just a simple email authentication (from foreign ips or otherwise).

But what would be the point of keeping the 1 BTC there? Nobody would know if they removed it.
Yes it only seems they have email authentication system like few sites and specially blockchain and yobit have right now. However that simple process can add great security feature to any platform.

But there is also no point to remove it from that account, by keeping that 1 btc in that account and giving username password combo they are trying to attract more users to play in their platform which i have never seen done by any other gambling platform before.
hero member
Activity: 2632
Merit: 787
Jack of all trades 💯
December 20, 2016, 03:17:58 AM
Again, not harming if they do it correctly. And it's not really a "promo" per se since it's to show off their new "security" which is just a simple email authentication (from foreign ips or otherwise).

But what would be the point of keeping the 1 BTC there? Nobody would know if they removed it.

Yeah, I suppose its not really a "promo" per se and is designed to show off the security features of the site. However, the 1 BTC reward acts as a bounty if someone did manage to get in the account. Nobody would know if they removed it unless someone managed to get into the account. While unlikely, it is possible someone manages to find a bug or something. There is really no reason for them to prematurely remove the 1 BTC either. I'm sure after a certain length of time has passed, they will publicly state they are removing it if no one was successful in accessing it.

Even if they did remove it, all you need to do is to show the screenshot of yourself manage to get into the account and they will still credit your account with 1 btc given that they havent end this event yet however pretty sure that they wont end it , just showcassing this actually give the site some credibility


Big possibilities that they would not end up this event since it can be appealing to massive public to show their great security, and i also feel interested the way community speaks about the bitdice itself and i would surely try to play at them after the christmas party Smiley


That 1 btc is a though challenge for the intruders.
legendary
Activity: 1540
Merit: 1016
December 20, 2016, 01:49:51 AM
Again, not harming if they do it correctly. And it's not really a "promo" per se since it's to show off their new "security" which is just a simple email authentication (from foreign ips or otherwise).

But what would be the point of keeping the 1 BTC there? Nobody would know if they removed it.

Yeah, I suppose its not really a "promo" per se and is designed to show off the security features of the site. However, the 1 BTC reward acts as a bounty if someone did manage to get in the account. Nobody would know if they removed it unless someone managed to get into the account. While unlikely, it is possible someone manages to find a bug or something. There is really no reason for them to prematurely remove the 1 BTC either. I'm sure after a certain length of time has passed, they will publicly state they are removing it if no one was successful in accessing it.

Even if they did remove it, all you need to do is to show the screenshot of yourself manage to get into the account and they will still credit your account with 1 btc given that they havent end this event yet however pretty sure that they wont end it , just showcassing this actually give the site some credibility
legendary
Activity: 1736
Merit: 1023
December 19, 2016, 08:37:31 PM
Again, not harming if they do it correctly. And it's not really a "promo" per se since it's to show off their new "security" which is just a simple email authentication (from foreign ips or otherwise).

But what would be the point of keeping the 1 BTC there? Nobody would know if they removed it.

Yeah, I suppose its not really a "promo" per se and is designed to show off the security features of the site. However, the 1 BTC reward acts as a bounty if someone did manage to get in the account. Nobody would know if they removed it unless someone managed to get into the account. While unlikely, it is possible someone manages to find a bug or something. There is really no reason for them to prematurely remove the 1 BTC either. I'm sure after a certain length of time has passed, they will publicly state they are removing it if no one was successful in accessing it.
copper member
Activity: 2562
Merit: 2510
Spear the bees
December 19, 2016, 04:58:19 PM
If they actually do that then it will only harm themselves with all the negativity. That is an impossible thig for them to do and 1 btc is only a small amount for a site like bitdice. They have been in the gambling industry for far too long just to risk their reputation with only 1 btc so you can be assure of this one
Impossible? You mean... 2FA is only possible with logins but not withdrawals? Where have you been, mate? It's not risking their reputation -- in fact, it would further establish it. If BitDice were in the position to be able to allow players to log into an account where they could see the balance but not do anything with it, then that would surely show off their security - more than this current thread.

Of course, such a demonstration would require the implementation of a few things: restriction on betting, restriction on tipping, restriction on withdrawals
Betting restrictions could be time-based or toggled with 2FA along with tipping, and withdrawals can require an authentication (via Google Authenticator or SMS)

[though if really necessary the server could just simply ignore all withdrawal/tip/bet requests from that specific account, acting as if it were secure]



Yep, there isn't any incentive for them to harm their reputation in this manner. This promo is obviously to show the strengths / security of their login system so it is unlikely someone will get in, but if they do I'm sure the 1 BTC will still be there waiting.

Again, not harming if they do it correctly. And it's not really a "promo" per se since it's to show off their new "security" which is just a simple email authentication (from foreign ips or otherwise).

But what would be the point of keeping the 1 BTC there? Nobody would know if they removed it.
Pages:
Jump to: