Pages:
Author

Topic: Hack Into BitDice And Get 1BTC! - page 7. (Read 6848 times)

legendary
Activity: 2018
Merit: 1108
December 13, 2016, 03:39:33 PM
#71
If you have a dynamic Ip like mine, you will get asked everytime to do that. It's a sort of 2fa via mail.

It's probably best to activate 2FA. Going through email every time will surely become a pain. Also time-based 2FA is the safer option...
full member
Activity: 172
Merit: 100
December 13, 2016, 03:34:22 PM
#70
If you have a dynamic Ip like mine, you will get asked everytime to do that. It's a sort of 2fa via mail.
hero member
Activity: 826
Merit: 502
December 13, 2016, 03:23:24 PM
#69
I checked and found that you have a very good system for the security of accounts of the members but I have a question that will it have any effect on those members who have dynamic IP addresses? is that system affected by IPs or only on the device used for?
legendary
Activity: 1400
Merit: 1009
December 12, 2016, 01:50:28 PM
#68
It is actually very nice idea of showing people that your security is more robust than competition. So if someone successfully get access to that hack_me account he can withdraw the money freely?
Because I have a feeling that he will be be greeted by "withdrawal denied" message. Also if you are a regular user you are not forced to confirm your log in attempts with an email every time?
If you'll have the complete access to email account, then you would be able to withdraw 1 btc freely as advertised. you might even get rewarded more, if you explain in detail how were you able to bypass/hack.
legendary
Activity: 2018
Merit: 1108
December 12, 2016, 12:50:09 PM
#67
It is actually very nice idea of showing people that your security is more robust than competition. So if someone successfully get access to that hack_me account he can withdraw the money freely?
Because I have a feeling that he will be be greeted by "withdrawal denied" message. Also if you are a regular user you are not forced to confirm your log in attempts with an email every time?

I can pretty much guarantee it can be withdrawn without problems if people get in the account. It probably won't be an easy task though xD
legendary
Activity: 3472
Merit: 3217
Playbet.io - Crypto Casino and Sportsbook
December 11, 2016, 06:44:21 PM
#66
so what exactly do we have to do to get 1 btc?
login into hack_me account? disrupt the site's operation? manipulate a bet's outcome?
its rather vague to be honest


You only need to login with that account then you can withdraw the available balance on the account (1btc). Sounds simple, right? But the hard thing to do is to login because you need confirmation email to login.
Whoever able to acces the email of the account then he will get the 1btc easily.
It sounds really simple since admin do give already the log-in details but the authorization will really bet you down your make you itch on your head since you don't have the password on the particular email which means you would really need to bruteforce it but it would be a 1 in a million chance or 0% at all. We all know that emails is very hard to hack.

I can't see the simplicity of that hack test program but as i've see its near to impossible to get that bounty since surely the admin put some tighten security to that accounts aswell as in his site so he can make sure and assure that theyre storing system is truly safe, this test would be a great example for that, and brute force cannot truly guarantee that we can hack the gmail used by the said account since passwords given by it is not truly accurate.
We can not say that their site is high protected for hackers everything is possible they are monitoring it like recording cookies and use collected cookies to use for login.. so it is still not safe i just heard this thing about hackers in deepweb which is they are deeply study about penetrating and hacking.. and i am sure they can invented a new ways or software that can hack every website or this website..  because program is made only for human so it can be still possible to hack..
legendary
Activity: 1288
Merit: 1000
December 11, 2016, 06:32:42 PM
#65
It is actually very nice idea of showing people that your security is more robust than competition. So if someone successfully get access to that hack_me account he can withdraw the money freely?
Because I have a feeling that he will be be greeted by "withdrawal denied" message. Also if you are a regular user you are not forced to confirm your log in attempts with an email every time?
hero member
Activity: 2632
Merit: 787
Jack of all trades 💯
December 11, 2016, 05:24:59 PM
#64
so what exactly do we have to do to get 1 btc?
login into hack_me account? disrupt the site's operation? manipulate a bet's outcome?
its rather vague to be honest


You only need to login with that account then you can withdraw the available balance on the account (1btc). Sounds simple, right? But the hard thing to do is to login because you need confirmation email to login.
Whoever able to acces the email of the account then he will get the 1btc easily.
It sounds really simple since admin do give already the log-in details but the authorization will really bet you down your make you itch on your head since you don't have the password on the particular email which means you would really need to bruteforce it but it would be a 1 in a million chance or 0% at all. We all know that emails is very hard to hack.

I can't see the simplicity of that hack test program but as i've see its near to impossible to get that bounty since surely the admin put some tighten security to that accounts aswell as in his site so he can make sure and assure that theyre storing system is truly safe, this test would be a great example for that, and brute force cannot truly guarantee that we can hack the gmail used by the said account since passwords given by it is not truly accurate.
hero member
Activity: 644
Merit: 500
December 11, 2016, 04:18:39 PM
#63
This iz just a joke really i can give my password @polo and let them get 2fa to get in it doesnt work like that hackers are much smarter 90% of all hacks is user related not site
legendary
Activity: 3052
Merit: 1188
December 11, 2016, 03:09:18 PM
#62
While I liked this but the problem is that when you provide a particular account you have better safety for it, no ?

I mean if my account is hacked then the hacker might also get the IP address and hence the system won't ask for a email confirmation while since you provided details directly we don't know the country and hence system asks email obviously.
hero member
Activity: 2926
Merit: 722
DGbet.fun - Crypto Sportsbook
December 11, 2016, 09:57:41 AM
#61
so what exactly do we have to do to get 1 btc?
login into hack_me account? disrupt the site's operation? manipulate a bet's outcome?
its rather vague to be honest


You only need to login with that account then you can withdraw the available balance on the account (1btc). Sounds simple, right? But the hard thing to do is to login because you need confirmation email to login.
Whoever able to acces the email of the account then he will get the 1btc easily.
It sounds really simple since admin do give already the log-in details but the authorization will really bet you down your make you itch on your head since you don't have the password on the particular email which means you would really need to bruteforce it but it would be a 1 in a million chance or 0% at all. We all know that emails is very hard to hack.
legendary
Activity: 3500
Merit: 1354
December 11, 2016, 09:46:33 AM
#60
so what exactly do we have to do to get 1 btc?
login into hack_me account? disrupt the site's operation? manipulate a bet's outcome?
its rather vague to be honest


You only need to login with that account then you can withdraw the available balance on the account (1btc). Sounds simple, right? But the hard thing to do is to login because you need confirmation email to login.
Whoever able to acces the email of the account then he will get the 1btc easily.
legendary
Activity: 2016
Merit: 1107
December 11, 2016, 09:37:30 AM
#59
so what exactly do we have to do to get 1 btc?
login into hack_me account? disrupt the site's operation? manipulate a bet's outcome?
its rather vague to be honest
legendary
Activity: 1876
Merit: 1303
DiceSites.com owner
December 09, 2016, 10:09:33 PM
#58
Oh nice feature but if someone really wanted to get into someones account and got a hold of their account my guess is their computer was infected.
So they could just login remotely through the users profile and cash out, in most cases if you got their password they got keylogged which means they likely got that email pass.
I think the most common way to obtain someone's password is by a database leak and by using the same password on multiple sites. So: 1) hack some (more insecure) bitcoin site 2) get usernames/passwords 3) try on all gambling sites.

Another example: I could create a faucet site, "get some free bits by just signing up". Meanwhile I am obtaining all usernames/passwords from those users and try them on gambling sites (and exchanges etc.)

Also phishing sites are pretty common, but so far mostly for blockchain.info and bitcoin exchanges (haven't seen many for gambling sites yet.)

I think those situations are more common than some targeted keylogger. For those situations, this protection by BitDice works pretty well. Still if they use the same password for their email... obvious they can still be hacked Tongue
sr. member
Activity: 1638
Merit: 364
https://shuffle.com?r=nba
December 09, 2016, 09:58:01 PM
#57
Well this is that easy to get that 1 Bitcoin,
The only thing that you can claim this 1 bitcoin is to login or to know also the password of email that use in that account.
 This is waste of time instead.
hero member
Activity: 896
Merit: 1000
December 09, 2016, 08:03:32 PM
#56
Oh nice feature but if someone really wanted to get into someones account and got a hold of their account my guess is their computer was infected.
So they could just login remotely through the users profile and cash out, in most cases if you got their password they got keylogged which means they likely got that email pass.
legendary
Activity: 3472
Merit: 3217
Playbet.io - Crypto Casino and Sportsbook
December 09, 2016, 02:16:32 PM
#55
Not even going to bother. Cheesy
With 2FA enabled it is next to impossible to crack into someone's account. Wink
That is one of the great way to secured every account or members who joined and i think there is no other way to hack the site unless if there is a bug happen.. not always the site is protected and i think there is always a bug happen for every site.

If there is a new ways to inject some script in the site that can destroy the website that can get bugs by some members.. but for now the security was updated and i think if they are doing this to post just to hack the website they are still not protected and they are still looking for other bugs that they can fix as soon as possible.. just like from other site that i heard like yobit before that someone found a bug but he gain almost 0.1 as reward by yobit..
legendary
Activity: 2018
Merit: 1108
December 09, 2016, 01:16:30 PM
#54
Wow nice bounty offer you got there but I wish I was a skilled programmer and I have read that NLNico is the one who help Baryom for his bitsler website for this security measures and Baryom vouch him for good work, maybe he can help you for this thing. As quoted below,

As bitsler's main admin, I can vouch for NLnico who have made a great work with us. He is very skilled and professional. He gave us full explanation + fix.

Thanks again !
Thanks Tongue I actually tried some basic things right after seeing this thread, but I am afraid I am unable to bypass this device/IP-check Sad



one more security feature of sms authorization
SMS is actually really insecure way: http://blog.kraken.com/post/153209105847/security-advisory-mobile-phones non-SMS 2FA is much better.

Glad you didn't find any way to bypass it Tongue Means it's quite secure...

I also read that kraken blog a while ago and it immediately made me switch from Authy. Some good points made there...
legendary
Activity: 1876
Merit: 1303
DiceSites.com owner
December 09, 2016, 09:17:19 AM
#53
Wow nice bounty offer you got there but I wish I was a skilled programmer and I have read that NLNico is the one who help Baryom for his bitsler website for this security measures and Baryom vouch him for good work, maybe he can help you for this thing. As quoted below,

As bitsler's main admin, I can vouch for NLnico who have made a great work with us. He is very skilled and professional. He gave us full explanation + fix.

Thanks again !
Thanks Tongue I actually tried some basic things right after seeing this thread, but I am afraid I am unable to bypass this device/IP-check Sad



one more security feature of sms authorization
SMS is actually really insecure way: http://blog.kraken.com/post/153209105847/security-advisory-mobile-phones non-SMS 2FA is much better.
legendary
Activity: 1190
Merit: 1002
December 08, 2016, 04:14:56 PM
#52

To prove our security, we run a HackMe event. I've tipped user hack_me with 1BTC.

Here's registration email: [email protected]
And password: Jy45kFbGJX9n5q8

Yes! We've posted password from an account with 1BTC on it. Simply sign-in and take it Smiley

Couldn't? Well, that's because our security is so safe that even leaking your password can't do anything bad. We are safer than Bitfinex  Grin

User hack_me was registered with default settings, nothing has been changed under his profile.

Join to one of the safest casino worldwide.

In BitDice We Trust!



The security feature which you are telling is used by so many exchanges and sites, even coinbase is also very strong exchange due to they also implemented the email authorization and sms authorization if you are using any other IP address which is not authorized.

So if you add one more security feature of sms authorization then your site will become more secure as if anyone hacks email account then they can access the site but hacker cannot hack the mobile number
Pages:
Jump to: