Very well done, except you don't think people would notice that it only showing a different address after they click submit? That is your flaw, after the submit I see it is a different address, then what is submitted, so at that point I wouldn't give the link out.
Of course it's a different address, because I haven't taken over qcl.me. The point is that if I *did* hack your server or DNS, it would be trivial to put up a site that doled out bogus addresses, and yes, with all the right URLs. You continue to claim that this is somehow not true, even though I've just demonstrated that with 5 minutes of work I can get 90% of the way there. Please note also that I'm not claiming that thewalletlist.com isn't susceptible to this sort of attack. It is. I think it's important for site operators to only claim their site is as secure as it actually is.
For DNS hijacking, I employ some security measures but now we are talking about going to great lengths to take over a site, that is probably not worth that. The cyptro isn't giving me a headache it is giving me the ability to not be trusted which is what bitcoin is all about.
I am not upset, I love debating security. I just thought it was funny that you employ no security and have someone that had a site hacked and coins stolen, helping you.
I also like how you think that the "fancy" internal crypto does nothing, hey lets why use "fancy" crypto just store passwords in plaintext...
Of course we don't store passwords in plaintext. We use bcrypt like anyone sensible. What I don't do is make up some crypto that I can't / am not willing to explain and then claim that my site is somehow impervious to hacking.
I like that you need validation from the market place to then get the kick in your ass to actually build your site out LOL That isn't how it works, you really should have done research, but now knowing that you don't have a verifiable database, I can't see anyone using it and that is sad.
Don't get me wrong -- I think the security practices are decent at thewalletlist.com. Bcrypt passwords, public-key authentication to the server, etc. But I will also confess there's a little more we could do, in particular in terms of setting off alarms if there was a breach of security.
I'm confident enough that for reasonable amounts of coin, I'm happy to tell people "send it to my thewalletlist.com address." I would not ask someone to send 1000 bitcoins without triple-checking the address, whether it was determined through thewalletlist.com, qcl.me, or any other service.
Now your just slandering my security that I employ, that isn't cool. Also I wasn't talking about the URL obviously I was talking about the bitcoin address, if I submit a bitcoin address, I get a completely different bitcoin address, I think people would notice that.
Also I didn't make up any crypto, hashing and salting to cover up the shortname, yet still look it up, and AES-256 to encrypted using the shortname and a different salt, are straight forward techniques. Now that is different from saying I just made up some crypto to make it sound secure. I would never do that, and you can guarantee, I would stand by that with my rep. Also I never said it was impervious to a hacking, that would be impossible, but I have made it very difficult, and probably not worth the time of hacker. That would be the correct way to say it, and the only way I have said it during this entire thread.
Also with my rep I can say that sending 1000 coin with my service is probably the most secure out of the two and don't require much checking. Now stop with the slander and discuses this like you were doing before otherwise, I will stop responding cause that is just dirty.
I like that you need validation from the market place to then get the kick in your ass to actually build your site out LOL That isn't how it works
To a degree you're right, but there's another side to it as well. Nobody would bother hacking our site right now, because with only a handful of users they're not going to earn any coin by doing so. So we're not a target. Once we have a significant number of users, the story starts to change.
Ladies and gentlemen this is the kind of security that is employed on a sub par site, for a sub par user. I think that is an insult, to your project and the users that use it, and I hope they see that. When you think a hacker will hack it then you will do something. I always have security in my mind, if 1 person is using it or a million, that what makes my service superior to yours.