StrongCoin key leak. - page 2. | Bitcointalksearch.org

dogisland

sr. member

Activity: 262

Merit: 250

Quote from: tkbx on April 03, 2013, 09:08:38 AM

As far as online wallets go, StrongCoin seems pretty secure, but is there any legitimate reason to use an online wallet?

(Unless you were stupid enough to buy a Chromebook, then I have no sympathy for you)

Benefits are.

1. Ease of use, nothing to install.
2. You don't have to do your own backups.
3. Accessible from anywhere.

tkbx

sr. member

Activity: 350

Merit: 251

As far as online wallets go, StrongCoin seems pretty secure, but is there any legitimate reason to use an online wallet?

(Unless you were stupid enough to buy a Chromebook, then I have no sympathy for you)

tiptopgemdotcom

legendary

Activity: 1736

Merit: 1000

Truly decentralized stable asset

Quote from: TheSeven on April 03, 2013, 07:57:49 AM

Quote from: dogisland on April 03, 2013, 07:31:36 AM

Quote from: anfedorov on April 03, 2013, 06:35:59 AM

Quote from: dogisland on April 03, 2013, 03:46:02 AM

Quote from: [email protected]

Over the easter weekend due to a bug in the strongcoin interface hackers were able to access all encrypted private keys held on the Strongcoin server. This means for people who had weak passwords on their keys or people who had a lot of information in their clue field the BTC may have already been stolen.

This is a thread to answer questions on the StrongCoin key and clue field leak.

1) what was the bug? what do you mean by "interface"?
2) what are you doing to prevent such bugs from occurring again?
3) do you know of anyone's coins being stolen?

1. It was possible to change the id in a URL and see another users encrypted key. That is now fixed.
2. I'm posting a notice on the site to advise people to use longer passwords. There was already a widget to give the user feedback as to how strong there password was.
3. Yes.

This sounds like the whole source code of the site should undergo a very tight review and penetration testing ASAP.

^THIS

TheSeven

hero member

Activity: 504

Merit: 500

FPGA Mining LLC

Quote from: dogisland on April 03, 2013, 07:31:36 AM

Quote from: anfedorov on April 03, 2013, 06:35:59 AM

Quote from: dogisland on April 03, 2013, 03:46:02 AM

Quote from: [email protected]

Over the easter weekend due to a bug in the strongcoin interface hackers were able to access all encrypted private keys held on the Strongcoin server. This means for people who had weak passwords on their keys or people who had a lot of information in their clue field the BTC may have already been stolen.

This is a thread to answer questions on the StrongCoin key and clue field leak.

1) what was the bug? what do you mean by "interface"?
2) what are you doing to prevent such bugs from occurring again?
3) do you know of anyone's coins being stolen?

1. It was possible to change the id in a URL and see another users encrypted key. That is now fixed.
2. I'm posting a notice on the site to advise people to use longer passwords. There was already a widget to give the user feedback as to how strong there password was.
3. Yes.

This sounds like the whole source code of the site should undergo a very tight review and penetration testing ASAP.

🏰 TradeFortress 🏰

vip

Activity: 1316

Merit: 1043

👻

LOL, why would anyone want to use it exactly.

No.

dogisland

sr. member

Activity: 262

Merit: 250

Quote from: anfedorov on April 03, 2013, 06:35:59 AM

Quote from: dogisland on April 03, 2013, 03:46:02 AM

Quote from: [email protected]

Over the easter weekend due to a bug in the strongcoin interface hackers were able to access all encrypted private keys held on the Strongcoin server. This means for people who had weak passwords on their keys or people who had a lot of information in their clue field the BTC may have already been stolen.

This is a thread to answer questions on the StrongCoin key and clue field leak.

1) what was the bug? what do you mean by "interface"?
2) what are you doing to prevent such bugs from occurring again?
3) do you know of anyone's coins being stolen?

1. It was possible to change the id in a URL and see another users encrypted key. That is now fixed.
2. I'm posting a notice on the site to advise people to use longer passwords. There was already a widget to give the user feedback as to how strong there password was.
3. Yes.

jago25_98

hero member

Activity: 900

Merit: 1000

Crypto Geek

I see I signed up for it at some point. Balance is zero. Perhaps it always was. Can't remember and there's no history. O well...

deja vu, never mind :p !

manface

full member

Activity: 126

Merit: 100

Can you explain what happened? I looked at strongcoin once but compared to blockchain.info they didn't seem to offer much.

omgitsmehehe

full member

Activity: 580

Merit: 108

I used StrongCoin once. Then I seen their 1% fee. Seriously? I can transfer my own money for free and more securely.

Jurek

member

Activity: 117

Merit: 10

anfedorov

newbie

Activity: 44

Merit: 0

Quote from: dogisland on April 03, 2013, 03:46:02 AM

Quote from: [email protected]

Over the easter weekend due to a bug in the strongcoin interface hackers were able to access all encrypted private keys held on the Strongcoin server. This means for people who had weak passwords on their keys or people who had a lot of information in their clue field the BTC may have already been stolen.

This is a thread to answer questions on the StrongCoin key and clue field leak.

1) what was the bug? what do you mean by "interface"?
2) what are you doing to prevent such bugs from occurring again?
3) do you know of anyone's coins being stolen?

rme

hero member

Activity: 756

Merit: 504

Quote from: wopwop on April 03, 2013, 03:51:33 AM

this is me caring

+1

wopwop

sr. member

Activity: 252

Merit: 250

this is me caring

dogisland

sr. member

Activity: 262

Merit: 250

This is a thread to answer questions on the StrongCoin key and clue field leak.

Topic: StrongCoin key leak. - page 2. (Read 4658 times)