Pages:
Author

Topic: OpenEx to be shut down[Hacked] (Read 14908 times)

legendary
Activity: 938
Merit: 1000
April 09, 2014, 01:01:02 PM
Every single customer should have received an email notice about the "forfeiture" of coins. Sorry about the hack, but your lack of communication will forever keep me away from any of your future endeavors. You are as good as a scammer in my book, whether you started out with that intent or not.
newbie
Activity: 47
Merit: 0
April 06, 2014, 04:20:40 AM
@ -MarkM- 
You said it best. Getting hacked is just a lame excuse to steal people funds. It's so easy to say
I was hacked.

Yes, and that won't change while almost everyone here is ready to throw coins at yet another exchange without doing any due diligence whatsoever. In the meantime https://x-bt.com has been running for almost a year without any incident, check it out if you want to trade serious altcoins.
newbie
Activity: 34
Merit: 0
March 30, 2014, 11:32:34 AM
@ -MarkM- 
You said it best. Getting hacked is just a lame excuse to steal people funds. It's so easy to say
I was hacked.
newbie
Activity: 14
Merit: 0
March 30, 2014, 02:08:10 AM
Withdraw all your coins? The compensation?


Be hardly worthy of belief, is this true?
newbie
Activity: 28
Merit: 0
March 30, 2014, 12:24:04 AM
I think you made an incorrect call here.

If it were a scam then you wouldn't be in discourse with him, the line would be dead. Scammers don't hang around expending energy to placate their marks.

We have seen (since your post) that @sumantso has withdrawn and regained his coin.
newbie
Activity: 24
Merit: 0
March 29, 2014, 09:36:15 PM

R3wt has said time and time again Justin hacked the servers/Wrote shit code,
but yet the whole time he was just hiding under the name mblanchard Working with R3wt.
I have seen the name Mblanchard  in openEx chat and was listed as a dev since the beginning.
this whole thing was a scam.

There has to be a way to stop this guy from releasing another exchange!


https://i.imgur.com/kNKxGXE.jpg
https://i.imgur.com/mtYwgFv.jpg
https://i.imgur.com/mbbea02.jpg


MySQL injection is not "bad", it is a deliberate excuse for people to lose their money.

It is deliberate because only by deliberately refusing to address the simplest most basic aspects of web app programming can it even become at all possible.

It is pretty much impossible to study how secure financial apps on the web are built without learning how NOT to make SQL injection possible, thus the only way to make it possible is to deliberately refuse to actually do secure web app development, instead opting to just spam out any garbage that looks pretty enough to sucker people into putting money into it so you can steal it and pretend it was someone else not yourself who stole it.

Any research at all into how to actually not steal people's money in web apps would cover MySQL injection.

So obviously the programmer knew full well what it was and how to prevent it and chose instead to make it possible.

It is not a "mistake", it is one of the first things anyone researchiong MySQL + Web apps is told to prevent and how to prevent.

-MarkM-


R3wt's response

"But Justin DDOS TEH SERVERS AND TOOK ALL DE BITCOMS!"
hero member
Activity: 616
Merit: 500
Crypto Knight
March 29, 2014, 05:35:53 PM
MySQL injection is not "bad", it is a deliberate excuse for people to lose their money.

It is deliberate because only by deliberately refusing to address the simplest most basic aspects of web app programming can it even become at all possible.

It is pretty much impossible to study how secure financial apps on the web are built without learning how NOT to make SQL injection possible, thus the only way to make it possible is to deliberately refuse to actually do secure web app development, instead opting to just spam out any garbage that looks pretty enough to sucker people into putting money into it so you can steal it and pretend it was someone else not yourself who stole it.

Any research at all into how to actually not steal people's money in web apps would cover MySQL injection.

So obviously the programmer knew full well what it was and how to prevent it and chose instead to make it possible.

It is not a "mistake", it is one of the first things anyone researchiong MySQL + Web apps is told to prevent and how to prevent.

-MarkM-


R3wt's response

"But Justin DDOS TEH SERVERS AND TOOK ALL DE BITCOMS!"
legendary
Activity: 2940
Merit: 1090
March 29, 2014, 05:32:51 PM
MySQL injection is not "bad", it is a deliberate excuse for people to lose their money.

It is deliberate because only by deliberately refusing to address the simplest most basic aspects of web app programming can it even become at all possible.

It is pretty much impossible to study how secure financial apps on the web are built without learning how NOT to make SQL injection possible, thus the only way to make it possible is to deliberately refuse to actually do secure web app development, instead opting to just spam out any garbage that looks pretty enough to sucker people into putting money into it so you can steal it and pretend it was someone else not yourself who stole it.

Any research at all into how to actually not steal people's money in web apps would cover MySQL injection.

So obviously the programmer knew full well what it was and how to prevent it and chose instead to make it possible.

It is not a "mistake", it is one of the first things anyone researching MySQL + Web apps is told to prevent and how to prevent.

Thus there is probably no point even trying to "help" the perpetrator make a secure system since it is already more than obvious that they WANT there to be a way to hack, because they WANT something to point to as an "explanation" of how it could theoretically not have been an inside job.

No matter how many exploits you explain how to prevent, they will find another one, or will pretend to have made a silly error in implementing what you explained, or whatever they can do to create a loophole they can point to so as to pretend it is not them who is stealing people's coins.

Remember too this is a serial scammer/thief, gosh knows how many times over already.

-MarkM-
full member
Activity: 238
Merit: 100
March 29, 2014, 04:50:28 PM
Remember guys all businesses make mistakes.

r3wt why no security auditing? If you need a security audit we can help you with it, if you plan to relaunch the exchange that is, contact us here:

https://twitter.com/RaxeSoftware
[email protected]
Skype: raxe.io (Raxe.io Support)

Raxe.

thanks for the tip. i'll keep it in mind.

No problem, all it needs is some penetration testers and your good to go.  The MySQL injection was bad but as your coding you need someone to test it, if you are one individual it's going to be extremely hard to cover every area of security.

Raxe.
hero member
Activity: 686
Merit: 504
always the student, never the master.
March 29, 2014, 04:25:26 PM
Remember guys all businesses make mistakes.

r3wt why no security auditing? If you need a security audit we can help you with it, if you plan to relaunch the exchange that is, contact us here:

https://twitter.com/RaxeSoftware
[email protected]
Skype: raxe.io (Raxe.io Support)

Raxe.

thanks for the tip. i'll keep it in mind.
full member
Activity: 238
Merit: 100
March 29, 2014, 04:07:32 PM
Remember guys all businesses make mistakes.

r3wt why no security auditing? If you need a security audit we can help you with it, if you plan to relaunch the exchange that is, contact us here:

https://twitter.com/RaxeSoftware
[email protected]
Skype: raxe.io (Raxe.io Support)

Raxe.
hero member
Activity: 616
Merit: 500
Crypto Knight
March 29, 2014, 04:01:18 PM
hero member
Activity: 763
Merit: 534
March 29, 2014, 03:59:21 PM
null
hero member
Activity: 616
Merit: 500
Crypto Knight
March 29, 2014, 12:44:43 PM
i disagree. r3wt know's what he's doing he just doesnt know anything but php so he's getting justin's help for lua

I was basically saying he's an incompetent scammer. He's trying to scam but he's to stupid to pull it off in addition to that he's coding illiterate.
newbie
Activity: 28
Merit: 0
March 29, 2014, 08:32:27 AM
My little bit of BTC/KDC is gone, i've accepted it.
newbie
Activity: 28
Merit: 0
March 29, 2014, 08:29:52 AM
My little bit of BTC/KDC is gone, i've accepted it.
legendary
Activity: 2940
Merit: 1090
March 27, 2014, 04:21:06 PM
The exchange was vulnerable to the most famous obvious and well known idiotic attack, SQL injection.

That alone proves the thing is built by a total moron who doesn't know the first thing about web+SQL systems regardless of what language such systems happen to be coded in.

-MarkM-
newbie
Activity: 47
Merit: 0
March 27, 2014, 03:38:27 PM
i disagree. r3wt know's what he's doing

If after all that drama and the story above you still believe he does you're so oblivious that it's scary.
hero member
Activity: 518
Merit: 500
Bitrated user: ahmedbodi.
March 27, 2014, 06:55:04 AM
i disagree. r3wt know's what he's doing he just doesnt know anything but php so he's getting justin's help for lua
Pages:
Jump to: