Pages:
Author

Topic: Please delete - page 3. (Read 23127 times)

hero member
Activity: 910
Merit: 1005
December 19, 2012, 09:41:02 AM
#78
Roger has pointed me to this thread.

Roger owns part of blockchain, so has access to the admin panel along with me. The admin panel is very basic but there is the ability to query wallets based on certain information. Recently the ability to query a wallet by bitcoin address was added, when notifications are enabled.

These queries are designed to help users recover a forgotten wallet identifier and is not supposed to be used for any other purpose.



If a wallet is found the results are shown as follows:

[Wallet {email='zootreeves@gmail.com'
, guid='abf66471-fe0a-6820-8977-55d7e8c1f6b2'
, shared_key='XXX-XXX-XXX-XXX'
, secret_phrase='My Secret'
, alias='piuk'
, created=Tue Jan 03 12:52:07 GMT 2012
, updated=Tue Dec 18 19:47:40 GMT 2012
, created_ip='81.187.238.52'
, updated_ip='127.0.0.1'
, sms_number='+44 7525431876'
, country='GBP'}
]

So you have the date the wallet was created, when it was last updated, the ip that created it and the ip that updated it. The secret phrase is the phrase required in order to reset two-factor authentication, not the password. The password, wallet balance, other addresses cannot be viewed.

I am going to change notifications to store SHA256(bitcoin_address) rather than the plain bitcoin address which will remove the ability to lookup a wallet by address entirely.


sr. member
Activity: 322
Merit: 250
December 19, 2012, 09:40:32 AM
#77
He has also since threatened my family with the following statement that is obviously directed towards me:  "FuckingTheDeadBodyOfRogersMom"

How the threat was made and by what kind of media?
[/quote]

Guess, blockchain secret key
vip
Activity: 1052
Merit: 1155
December 19, 2012, 09:40:09 AM
#76
Otherwise I could have reset your password and taken the money you owe me.

Wow. What a scumbag.

Why should anyone trust you after this? After all, you have no problems going into people's accounts and just taking what you think you are owed in a completely separate business venture. You claim not to be capable, but I'm not sure that I believe a word you say.

BlockChain.info says: "Be your own bank"

What it actually means is: "Open an account at the Roger Ver Bank."

Please look up the difference between "could" and "would"

I would never do such a thing even if I could.
vip
Activity: 756
Merit: 504
December 19, 2012, 09:36:12 AM
#75
The Bitcoin address and payments in question are:  http://blockchain.info/address/1H4UR5M72Ybpo4zrqWe8JKKYSeN1gxqBcU

What are the transactions ID of the BTC supposedly sent to Nikolaos?

The current privacy policy states:

But we will disclose these information ...... to protect against misuse or unauthorized use of our website.

I think this falls pretty clearly within that.

That is not what the privacy policy implies. Your policy suggest that you will only disclose personal information only when legally required by a government agency. Moreover, the user did not misused the Internet page.

http://memorydealers.com/terms-and-privacy/

He has also since threatened my family with the following statement that is obviously directed towards me:  "FuckingTheDeadBodyOfRogersMom"

How the threat was made and by what kind of media?
staff
Activity: 4270
Merit: 1209
I support freedom of choice
December 19, 2012, 09:35:53 AM
#74

This is NO PASSWORD RESET for Blockchain.info

If you have a secure password,  your money is safe no matter what.

Otherwise I could have reset your password and taken the money you owe me.

Can you contact another admin of blockchain.info and acting as someone else that wants back his own wallet? (and giving the secretpass)
If this is an open possibility, than it's better to find a way to make it harder or better impossible.

Saving the hash of the password seems a good start.
full member
Activity: 210
Merit: 100
December 19, 2012, 09:35:31 AM
#73
Otherwise I could have reset your password and taken the money you owe me.

Wow. What a scumbag.

Why should anyone trust you after this? After all, you have no problems going into people's accounts and just taking what you think you are owed in a completely separate business venture. You claim not to be capable, but I'm not sure that I believe a word you say.

BlockChain.info says: "Be your own bank"

What it actually means is: "Open an account at the Roger Ver Bank."
newbie
Activity: 44
Merit: 0
December 19, 2012, 09:35:18 AM
#72

Blockchain.info has some of the best services for newbies - can we please not scare them off and do as much damage control here as possible?
hero member
Activity: 532
Merit: 500
December 19, 2012, 09:32:07 AM
#71
This is a secret phrase that can be used to help blockchain verify your identity in case of a lost wallet identifier or yubikey or other 2nd factor authentification reset request.   It in no way grants access to the account funds in any way.  

Basically it is used so Blockchain can verify that they are communicating with the actual account owner or a part-owner of the site or anyone else allowed to just look these up..

FYP
vip
Activity: 1052
Merit: 1155
December 19, 2012, 09:30:50 AM
#70
And reset their passwords? maybe?

This is NO PASSWORD RESET for Blockchain.info

If you have a secure password,  your money is safe no matter what.

Otherwise I could have reset your password and taken the money you owe me.
legendary
Activity: 1372
Merit: 1002
sr. member
Activity: 322
Merit: 250
December 19, 2012, 09:27:33 AM
#68
Wait, wait, wait. So Roger Ver has access to see users wallet passwords in plaintext? So he can theoretically log in to any account on Blockchain.info and send himself whatever he wants? Blaming it on "hackers"? Is that what is happening here?

NO,  this is not possible.

If it was,  I could have just taken my money back,  and none of this would have been an issue.


What is this then?

Quote
secret_phrase='Neurobion'



Sincere question, I've never used bitchain.

This is a secret phrase that can be used to help blockchain verify your identity in case of a lost wallet identifier or yubikey or other 2nd factor authentification reset request.   It in no way grants access to the account funds in any way.  

Basically it is used so Blockchain can verify that they are communicating with the actual account owner.


And reset their passwords? maybe?

Ill try to stay ontopic: Just a reminder I do not owe you anything. I got what i have sent you, then the address was gotten by someone else. It WAS anon. And i re-request proof which you dont give that it isnt


Also, why some people try to get into my account? I got my funds away as soon as he showed me that he has access to that info, MY info!
donator
Activity: 826
Merit: 1060
December 19, 2012, 09:26:30 AM
#67
This is a secret phrase that can be used to help blockchain verify your identity in case of a lost wallet identifier or yubikey or other 2nd factor authentification reset request.   It in no way grants access to the account funds in any way.  

Basically it is used so Blockchain can verify that they are communicating with the actual account owner.
So obviously it needs to be securely hashed, or else anyone who compromises the database (or has authorised access to it) can impersonate the actual account owner.
vip
Activity: 1052
Merit: 1155
December 19, 2012, 09:25:09 AM
#66
I want to know every informations that an admin of blockchain.info can see.
I thought that most of them were encrypted...

It is all encrypted,  but it depends on  your privacy settings.

Quoted from: https://blockchain.info/wallet/anonymity

Alerts Disabled: If you have notifications disabled your public keys are stored encrypted inside your wallet. In this mode we are unable to view your public keys and hence cannot view your balance or transactions.


Alerts Enabled: When notifications are enabled your public keys are inserted in a separate table along with your email, skype handle or google talk username. This mode does sacrifice some Anonymity as we can now see your public keys and view your wallet balance. However just because a wallet contains a public key does not necessarily mean they are the owner of said key (as you can add keys without the respective private key).

In this case the scammer with my bitcoins had Alerts enabled for his wallet,  so I could easily verify %100 for sure that he has my money in his Blockchain wallet.

If he had his alerts set to Disabled,  I wouldn't know if he really had my money or not.
legendary
Activity: 1288
Merit: 1227
Away on an extended break
December 19, 2012, 09:22:41 AM
#65
Wait, wait, wait. So Roger Ver has access to see users wallet passwords in plaintext? So he can theoretically log in to any account on Blockchain.info and send himself whatever he wants? Blaming it on "hackers"? Is that what is happening here?

NO,  this is not possible.

If it was,  I could have just taken my money back,  and none of this would have been an issue.


What is this then?

Quote
secret_phrase='Neurobion'

Sincere question, I've never used bitchain.

That would be a key to retrieve wallet identifiers or disable the 2FA:
Quote
Secret Phrase
A secret phrase can be set in your "Account Details" panel after login. In the case of lost wallet identifiers, yubikeys or lost email access the secret phrase can be given to us to help verify account ownership. This is reviewed manually on a case by case basis.
The password used to encrypt the wallet containing the privkeys is not sent to the server.
vip
Activity: 1052
Merit: 1155
December 19, 2012, 09:21:17 AM
#64
Wait, wait, wait. So Roger Ver has access to see users wallet passwords in plaintext? So he can theoretically log in to any account on Blockchain.info and send himself whatever he wants? Blaming it on "hackers"? Is that what is happening here?

NO,  this is not possible.

If it was,  I could have just taken my money back,  and none of this would have been an issue.


What is this then?

Quote
secret_phrase='Neurobion'

Sincere question, I've never used bitchain.

This is a secret phrase that can be used to help blockchain verify your identity in case of a lost wallet identifier or yubikey or other 2nd factor authentification reset request.   It in no way grants access to the account funds in any way.  

Basically it is used so Blockchain can verify that they are communicating with the actual account owner.
staff
Activity: 4270
Merit: 1209
I support freedom of choice
December 19, 2012, 09:18:51 AM
#63
I want to know every informations that an admin of blockchain.info can see.
I thought that most of them were encrypted...
hero member
Activity: 952
Merit: 1009
December 19, 2012, 09:17:07 AM
#62
Wait, wait, wait. So Roger Ver has access to see users wallet passwords in plaintext? So he can theoretically log in to any account on Blockchain.info and send himself whatever he wants? Blaming it on "hackers"? Is that what is happening here?

NO,  this is not possible.

If it was,  I could have just taken my money back,  and none of this would have been an issue.


What is this then?

Quote
secret_phrase='Neurobion'

Sincere question, I've never used bitchain.
sr. member
Activity: 322
Merit: 250
December 19, 2012, 09:16:14 AM
#61
Wait, wait, wait. So Roger Ver has access to see users wallet passwords in plaintext? So he can theoretically log in to any account on Blockchain.info and send himself whatever he wants? Blaming it on "hackers"? Is that what is happening here?

I guess but this is not the case. He admited that he has access to the given info, dont know if he can manage too
vip
Activity: 1052
Merit: 1155
December 19, 2012, 09:16:05 AM
#60
Roger, can you please cool down, blank your first post, and seek a better outcome than a flamewar?

I don't want the next news article about Bitcoin to be entitled "In the lawless Bitcoin world, business owners seek revenge by publishing customer information"


Done.
vip
Activity: 1052
Merit: 1155
December 19, 2012, 09:15:31 AM
#59
Wait, wait, wait. So Roger Ver has access to see users wallet passwords in plaintext? So he can theoretically log in to any account on Blockchain.info and send himself whatever he wants? Blaming it on "hackers"? Is that what is happening here?

NO,  this is not possible.

If it was,  I could have just taken my money back,  and none of this would have been an issue.
Pages:
Jump to: