Topic: OpenEx to be shut down[Hacked] (Read 14875 times)
Every single customer should have received an email notice about the "forfeiture" of coins. Sorry about the hack, but your lack of communication will forever keep me away from any of your future endeavors. You are as good as a scammer in my book, whether you started out with that intent or not.
@ -MarkM-
You said it best. Getting hacked is just a lame excuse to steal people funds. It's so easy to say
I was hacked.
You said it best. Getting hacked is just a lame excuse to steal people funds. It's so easy to say
I was hacked.
Yes, and that won't change while almost everyone here is ready to throw coins at yet another exchange without doing any due diligence whatsoever. In the meantime https://x-bt.com has been running for almost a year without any incident, check it out if you want to trade serious altcoins.
@ -MarkM-
You said it best. Getting hacked is just a lame excuse to steal people funds. It's so easy to say
I was hacked.
You said it best. Getting hacked is just a lame excuse to steal people funds. It's so easy to say
I was hacked.
Withdraw all your coins? The compensation?
Be hardly worthy of belief, is this true?
I think you made an incorrect call here.
If it were a scam then you wouldn't be in discourse with him, the line would be dead. Scammers don't hang around expending energy to placate their marks.
We have seen (since your post) that @sumantso has withdrawn and regained his coin.
If it were a scam then you wouldn't be in discourse with him, the line would be dead. Scammers don't hang around expending energy to placate their marks.
We have seen (since your post) that @sumantso has withdrawn and regained his coin.
R3wt has said time and time again Justin hacked the servers/Wrote shit code,
but yet the whole time he was just hiding under the name mblanchard Working with R3wt.
I have seen the name Mblanchard in openEx chat and was listed as a dev since the beginning.
this whole thing was a scam.
There has to be a way to stop this guy from releasing another exchange!
https://i.imgur.com/kNKxGXE.jpg
https://i.imgur.com/mtYwgFv.jpg
https://i.imgur.com/mbbea02.jpg
MySQL injection is not "bad", it is a deliberate excuse for people to lose their money.
It is deliberate because only by deliberately refusing to address the simplest most basic aspects of web app programming can it even become at all possible.
It is pretty much impossible to study how secure financial apps on the web are built without learning how NOT to make SQL injection possible, thus the only way to make it possible is to deliberately refuse to actually do secure web app development, instead opting to just spam out any garbage that looks pretty enough to sucker people into putting money into it so you can steal it and pretend it was someone else not yourself who stole it.
Any research at all into how to actually not steal people's money in web apps would cover MySQL injection.
So obviously the programmer knew full well what it was and how to prevent it and chose instead to make it possible.
It is not a "mistake", it is one of the first things anyone researchiong MySQL + Web apps is told to prevent and how to prevent.
-MarkM-
It is deliberate because only by deliberately refusing to address the simplest most basic aspects of web app programming can it even become at all possible.
It is pretty much impossible to study how secure financial apps on the web are built without learning how NOT to make SQL injection possible, thus the only way to make it possible is to deliberately refuse to actually do secure web app development, instead opting to just spam out any garbage that looks pretty enough to sucker people into putting money into it so you can steal it and pretend it was someone else not yourself who stole it.
Any research at all into how to actually not steal people's money in web apps would cover MySQL injection.
So obviously the programmer knew full well what it was and how to prevent it and chose instead to make it possible.
It is not a "mistake", it is one of the first things anyone researchiong MySQL + Web apps is told to prevent and how to prevent.
-MarkM-
R3wt's response
"But Justin DDOS TEH SERVERS AND TOOK ALL DE BITCOMS!"
MySQL injection is not "bad", it is a deliberate excuse for people to lose their money.
It is deliberate because only by deliberately refusing to address the simplest most basic aspects of web app programming can it even become at all possible.
It is pretty much impossible to study how secure financial apps on the web are built without learning how NOT to make SQL injection possible, thus the only way to make it possible is to deliberately refuse to actually do secure web app development, instead opting to just spam out any garbage that looks pretty enough to sucker people into putting money into it so you can steal it and pretend it was someone else not yourself who stole it.
Any research at all into how to actually not steal people's money in web apps would cover MySQL injection.
So obviously the programmer knew full well what it was and how to prevent it and chose instead to make it possible.
It is not a "mistake", it is one of the first things anyone researchiong MySQL + Web apps is told to prevent and how to prevent.
-MarkM-
It is deliberate because only by deliberately refusing to address the simplest most basic aspects of web app programming can it even become at all possible.
It is pretty much impossible to study how secure financial apps on the web are built without learning how NOT to make SQL injection possible, thus the only way to make it possible is to deliberately refuse to actually do secure web app development, instead opting to just spam out any garbage that looks pretty enough to sucker people into putting money into it so you can steal it and pretend it was someone else not yourself who stole it.
Any research at all into how to actually not steal people's money in web apps would cover MySQL injection.
So obviously the programmer knew full well what it was and how to prevent it and chose instead to make it possible.
It is not a "mistake", it is one of the first things anyone researchiong MySQL + Web apps is told to prevent and how to prevent.
-MarkM-
R3wt's response
"But Justin DDOS TEH SERVERS AND TOOK ALL DE BITCOMS!"
MySQL injection is not "bad", it is a deliberate excuse for people to lose their money.
It is deliberate because only by deliberately refusing to address the simplest most basic aspects of web app programming can it even become at all possible.
It is pretty much impossible to study how secure financial apps on the web are built without learning how NOT to make SQL injection possible, thus the only way to make it possible is to deliberately refuse to actually do secure web app development, instead opting to just spam out any garbage that looks pretty enough to sucker people into putting money into it so you can steal it and pretend it was someone else not yourself who stole it.
Any research at all into how to actually not steal people's money in web apps would cover MySQL injection.
So obviously the programmer knew full well what it was and how to prevent it and chose instead to make it possible.
It is not a "mistake", it is one of the first things anyone researching MySQL + Web apps is told to prevent and how to prevent.
Thus there is probably no point even trying to "help" the perpetrator make a secure system since it is already more than obvious that they WANT there to be a way to hack, because they WANT something to point to as an "explanation" of how it could theoretically not have been an inside job.
No matter how many exploits you explain how to prevent, they will find another one, or will pretend to have made a silly error in implementing what you explained, or whatever they can do to create a loophole they can point to so as to pretend it is not them who is stealing people's coins.
Remember too this is a serial scammer/thief, gosh knows how many times over already.
-MarkM-
It is deliberate because only by deliberately refusing to address the simplest most basic aspects of web app programming can it even become at all possible.
It is pretty much impossible to study how secure financial apps on the web are built without learning how NOT to make SQL injection possible, thus the only way to make it possible is to deliberately refuse to actually do secure web app development, instead opting to just spam out any garbage that looks pretty enough to sucker people into putting money into it so you can steal it and pretend it was someone else not yourself who stole it.
Any research at all into how to actually not steal people's money in web apps would cover MySQL injection.
So obviously the programmer knew full well what it was and how to prevent it and chose instead to make it possible.
It is not a "mistake", it is one of the first things anyone researching MySQL + Web apps is told to prevent and how to prevent.
Thus there is probably no point even trying to "help" the perpetrator make a secure system since it is already more than obvious that they WANT there to be a way to hack, because they WANT something to point to as an "explanation" of how it could theoretically not have been an inside job.
No matter how many exploits you explain how to prevent, they will find another one, or will pretend to have made a silly error in implementing what you explained, or whatever they can do to create a loophole they can point to so as to pretend it is not them who is stealing people's coins.
Remember too this is a serial scammer/thief, gosh knows how many times over already.
-MarkM-
Remember guys all businesses make mistakes.
r3wt why no security auditing? If you need a security audit we can help you with it, if you plan to relaunch the exchange that is, contact us here:
https://twitter.com/RaxeSoftware
[email protected]
Skype: raxe.io (Raxe.io Support)
Raxe.
r3wt why no security auditing? If you need a security audit we can help you with it, if you plan to relaunch the exchange that is, contact us here:
https://twitter.com/RaxeSoftware
[email protected]
Skype: raxe.io (Raxe.io Support)
Raxe.
thanks for the tip. i'll keep it in mind.
No problem, all it needs is some penetration testers and your good to go. The MySQL injection was bad but as your coding you need someone to test it, if you are one individual it's going to be extremely hard to cover every area of security.
Raxe.
Remember guys all businesses make mistakes.
r3wt why no security auditing? If you need a security audit we can help you with it, if you plan to relaunch the exchange that is, contact us here:
https://twitter.com/RaxeSoftware
[email protected]
Skype: raxe.io (Raxe.io Support)
Raxe.
r3wt why no security auditing? If you need a security audit we can help you with it, if you plan to relaunch the exchange that is, contact us here:
https://twitter.com/RaxeSoftware
[email protected]
Skype: raxe.io (Raxe.io Support)
Raxe.
thanks for the tip. i'll keep it in mind.
Remember guys all businesses make mistakes.
r3wt why no security auditing? If you need a security audit we can help you with it, if you plan to relaunch the exchange that is, contact us here:
https://twitter.com/RaxeSoftware
[email protected]
Skype: raxe.io (Raxe.io Support)
Raxe.
r3wt why no security auditing? If you need a security audit we can help you with it, if you plan to relaunch the exchange that is, contact us here:
https://twitter.com/RaxeSoftware
[email protected]
Skype: raxe.io (Raxe.io Support)
Raxe.
https://twitter.com/_OpenEx_/status/449270787875143680
https://twitter.com/_OpenEx_/status/449385169661612032
https://twitter.com/_OpenEx_/status/449394468269993984
https://twitter.com/_OpenEx_/status/449385169661612032
https://twitter.com/_OpenEx_/status/449394468269993984
Sorry for all the hate you're receiving, r3wt. There's not much more you can do on your end aside from what you've already done.
R3wt that's an interesting name for an alt.
null
i disagree. r3wt know's what he's doing he just doesnt know anything but php so he's getting justin's help for lua
I was basically saying he's an incompetent scammer. He's trying to scam but he's to stupid to pull it off in addition to that he's coding illiterate.
My little bit of BTC/KDC is gone, i've accepted it.
My little bit of BTC/KDC is gone, i've accepted it.
The exchange was vulnerable to the most famous obvious and well known idiotic attack, SQL injection.
That alone proves the thing is built by a total moron who doesn't know the first thing about web+SQL systems regardless of what language such systems happen to be coded in.
-MarkM-
That alone proves the thing is built by a total moron who doesn't know the first thing about web+SQL systems regardless of what language such systems happen to be coded in.
-MarkM-
i disagree. r3wt know's what he's doing
If after all that drama and the story above you still believe he does you're so oblivious that it's scary.
i disagree. r3wt know's what he's doing he just doesnt know anything but php so he's getting justin's help for lua
Jump to: