Not sure if it poses security or customer service issues, but it sure makes losing my money easy
Topic: SatoshiDICE.com - The World's Most Popular Bitcoin Game - page 197. (Read 495688 times)
FYI - I like how these guys implemented semi-accountless rolling: www.coinroll.it
Not sure if it poses security or customer service issues, but it sure makes losing my money easy
Not sure if it poses security or customer service issues, but it sure makes losing my money easy
FYI - SD is down temporary for an upgrade. Should be back live within an hour. All bets will processes normally but may be stuck until the system is back so please be patient (no bets will get lost or messed up).
Thanks!
Thanks!
It's back up now, thanks all.
FYI - SD is down temporary for an upgrade. Should be back live within an hour. All bets will processes normally but may be stuck until the system is back so please be patient (no bets will get lost or messed up).
Thanks!
Thanks!
I am 0.2BTC up on Satoshidice after my second bet, I am going to quick while I am ahead. 
Thank you guys for the happy birthday wishes What a crazy year. Bitcoin has become a fucking freight train.
What a crazy year. Bitcoin has become a fucking freight train. 
Your not getting away Happy Belated Birthday Satoshi Dice
Ohh thought you were accusing of the real SD site of having that haha. Was expecting shit to hit the fan.
Thank you very much elux. So sick of scammers in this world!!
SD's engineer is on this, and we're contacting the hosts to get this scam site removed asap. I really appreciate you bringing it to our attention.
SD's engineer is on this, and we're contacting the hosts to get this scam site removed asap. I really appreciate you bringing it to our attention.
DOM XSS exploit employed by Satoshdice:
http://blog.mindedsecurity.com/2012/11/dom-xss-on-google-plus-one-button.html
And whaddaya know, this seems to be exploited in a weirdly named file, satoshdice[ dot ]com/cb=gapi.loaded_0
Identitying the identity thief:
http://blog.mindedsecurity.com/2012/11/dom-xss-on-google-plus-one-button.html
Quote
starting from: jsh=m;/_/apps-static/_/js/gapi/....
becomes "https://apis.google.com/_/apps-static/_/js/gapi/..../cb=gapi.loaded_0" and l[q] is the replace function :
"/_/apps-static/_/js/gapi/..../cb=gapi.loaded_0"
The reason why there is execution is that the response is evaluated using the following code:
becomes "https://apis.google.com/_/apps-static/_/js/gapi/..../cb=gapi.loaded_0" and l[q] is the replace function :
Code:
function W(){
...
531 a = v.XMLHttpRequest,
532 l = l[q](/^https?:\/\/[^\/]+\//, "/"),
533 m = new a;
534 m.open("GET", l, f)
...
}
So on line 532 https://apis.google.com/ is removed and 'l' becomes:...
531 a = v.XMLHttpRequest,
532 l = l[q](/^https?:\/\/[^\/]+\//, "/"),
533 m = new a;
534 m.open("GET", l, f)
...
}
"/_/apps-static/_/js/gapi/..../cb=gapi.loaded_0"
The reason why there is execution is that the response is evaluated using the following code:
Code:
B=function(a,b,c){v.execScript?v.execScript(b,"JavaScript"):c?a.eval(b):
(a=a.document,c=a.createElement("script"),c.defer=i,
c.appendChild(a.createTextNode(b)...
(a=a.document,c=a.createElement("script"),c.defer=i,
c.appendChild(a.createTextNode(b)...
And whaddaya know, this seems to be exploited in a weirdly named file, satoshdice[ dot ]com/cb=gapi.loaded_0
Code:
...bad js omitted...
Identitying the identity thief:
Quote from: satoshdice.com/fastbutton.html
Ooops, looks like Brandon forgot something. Next, compare the whois data: Quote One point for using a bitcoin-registrar.  Quote Domain name: brandoncowen.com Administrative Contact: BncApplications Cees ([email protected]) +1.905434 Fax: +1.5555555555 4748 Sideway Court Toronto, S L8N 6Y2 CA Technical Contact: BncApplications Brandon Cees ([email protected]) +1.905434 Fax: +1.5555555555 4748 Sideway Court Toronto, S L8N 6Y2 CA Finally, googling "[email protected] + bitcoin" yields ONE hit: Quote Lookup, WHOIS express bypassthe.net - Network Tools network-tools.com/default.asp?prog=express&host=bypassthe.netGetSomeCoin.com - An introduction to the Bitcoin Internet currency system based .... CA Administrative Contact: BncApplications Cees ([email protected]) ... Quote LinkedIn: http://ca.linkedin.com/pub/brandon-cowen/37/5a8/bb3 Brandon Cowen's Skills & Expertise: JavaScript | jQuery | C# | AJAX | XML | PHP | MySQL evoorhees, please contact Namecheap, Cloudflare to get the site shut down and blacklisted ASAP. Happy Birthday, SatoshiDICE! Launch announcement dated April 24, 2012: - https://bitcointalksearch.org/topic/satoshidicecom-the-worlds-most-popular-bitcoin-game-77870 <-- Though there were wagers beginning April 21st, 2012 it isn't known if those were test wagers or private beta, or what. + 1 The link to [sic] satoshdice dot com was submitted by HackerNews user "SatoshiDice" https://news.ycombinator.com/user?id=SatoshiDice Quote from: https://news.ycombinator.com/user?id=SatoshiDice user: SatoshiDice created: 53 minutes ago karma: 2 avg: about: evoorhees, is this your account? wget -r "http://satoshdice [do not visit] com" Returns some really interesting js, in addition to the standard SD assets. For example: Code: http://en.wikipedia.org/wiki/Lastpass (Meanwhile, the guy from Hacker News has deleted his account.) Obviously, you should not visit the site!
Congrats. It's stunning how much can happen in one year (read: how much profit you can make) in the bitcoin world!
Happy birthday big guys
Happy Birthday, SatoshiDICE!
Launch announcement dated April 24, 2012: - https://bitcointalksearch.org/topic/satoshidicecom-the-worlds-most-popular-bitcoin-game-77870 <-- Though there were wagers beginning April 21st, 2012 it isn't known if those were test wagers or private beta, or what. Speaking of bleemishes on the bitcoin landscape......hello Matthew, nice to see you slink back into bitcointalk.org after the refusing to honor your bet. Can we expect any more childish tantrums, long winded arrogant posts about you educating idiots (apart from yourself) and threats to take your own life to prove a point ? Not sure what a bleemish is, but if you're asking have I learned to not troll people when money is involved, then yes. You must not have seen the numerous threads by myself and theymos regarding me paying every better. Check the link in my signature. Back on topic: what made you think MPEX were business partners? Still Lying Matthew lol  Back on ignore you go, please let me know the next time you have a massive public meltdown and then exit with a massive hissy fit - the last one was fucking hilarious. hero member
 Activity: 588
Merit: 500
 Hero VIP ultra official trusted super staff puppet
 Speaking of bleemishes on the bitcoin landscape......hello Matthew, nice to see you slink back into bitcointalk.org after the refusing to honor your bet. Can we expect any more childish tantrums, long winded arrogant posts about you educating idiots (apart from yourself) and threats to take your own life to prove a point ? Not sure what a bleemish is, but if you're asking have I learned to not troll people when money is involved, then yes. You must not have seen the numerous threads by myself and theymos regarding me paying every better. Check the link in my signature. Back on topic: what made you think MPEX were business partners?
Compare whois data:
1: http://whois.domaintools.com/satoshdice.com 2: http://whois.domaintools.com/satoshidice.com Erik I welcome you to address your association and business relationship with the racist hate speech organization MPEx. https://bitcointalksearch.org/topic/boycott-mpex-sdice-racism-186041 Warning to all clients of SatoshiDice, if you are not of the Anglo Saxon persuasion you may want to think long and hard before giving satoshidice any of your business. Their business partner regularly makes speeches like this one: http://polimedia.us/trilema/2012/the-nigger-homeowners-and-other-niggers/ Business partner? What made you think they were business partners? Don't they just basically host an IPO the same as GLBSE would? Speaking of bleemishes on the bitcoin landscape......hello Matthew, nice to see you slink back into bitcointalk.org after the refusing to honor your bet. Can we expect any more childish tantrums, long winded arrogant posts about you educating idiots (apart from yourself) and threats to take your own life to prove a point ?
The link to [sic] satoshdice dot com was submitted by HackerNews user "SatoshiDice" https://news.ycombinator.com/user?id=SatoshiDice
Quote from: https://news.ycombinator.com/user?id=SatoshiDice user: SatoshiDice created: 53 minutes ago karma: 2 avg: about: evoorhees, is this your account? hero member
Activity: 588
Merit: 500
Hero VIP ultra official trusted super staff puppet
Erik I welcome you to address your association and business relationship with the racist hate speech organization MPEx. https://bitcointalksearch.org/topic/boycott-mpex-sdice-racism-186041 Warning to all clients of SatoshiDice, if you are not of the Anglo Saxon persuasion you may want to think long and hard before giving satoshidice any of your business. Their business partner regularly makes speeches like this one: http://polimedia.us/trilema/2012/the-nigger-homeowners-and-other-niggers/ Business partner? What made you think they were business partners? Don't they just basically host an IPO the same as GLBSE would? Jump to:
|
