Re: I have a +EV method for a dice site,[CONFIRMED +EV is possible]
I can't speak to any specific conversations that either Dooglus or subSTRATA had with this site's owner, or the owner of other sites. However if it were me that had found the exploit, then I would have told them something along the following:
"I have found an issue with your site that others could potentially use to steal from you, I have no intention of disclosing it to anyone other then you, nor do I have any intention of using such exploit personally, although I cannot guarantee that others will not use the same public information to exploit this same issue."
I think the above would pass the test of not being blackmail, while still being reasonably compensated for your time/skills.
The fact is that gambling sites are for-profit entities, and giving advice as to how to prevent yourself from getting robbed when large amounts of money is at stake should not be given for free. These sites should invest in the time/effort to prevent these kinds of exploits from existing in the first place.
"I have found an issue with your site that others could potentially use to steal from you, I have no intention of disclosing it to anyone other then you, nor do I have any intention of using such exploit personally, although I cannot guarantee that others will not use the same public information to exploit this same issue."
I think the above would pass the test of not being blackmail, while still being reasonably compensated for your time/skills.
The fact is that gambling sites are for-profit entities, and giving advice as to how to prevent yourself from getting robbed when large amounts of money is at stake should not be given for free. These sites should invest in the time/effort to prevent these kinds of exploits from existing in the first place.
https://bitcointalk.org/index.php?topic=1106133.msg11780169#msg11780169
Quote
the admin of the site seems rather hostile and is trying to rip both me and dooglus off, demanding a lower bounty for the deal, i am entertaining offers in this thread or through pm regarding this. a percentage of this will be paid to dooglus for his help in confirming this issue.
Am I misunderstanding something here?
I know that here, the owner of the site said:
Quote
Exploit it please, and earn 1 btc. When you do we are willing to pay you 1.5btc extra to tell us about it. We are tired of this lame scam attempts. We get mails of exploits weekly, but no one proved or steal anything. Only reason why we offered you any amount is because you have others users backing you up.
If something similar was said about selling the exploit, then the OP trying to sell it would be fair game. If something similar was not said, then trying to sell it would not be appropriate. When it comes to bug reports, there is a very fine line between blackmail and responsible disclosure.
That post by the owner was made AFTER the exploit was being sold. subSTRATA admitted this thread was created with intentions to sell it at first...
Anyway, subSTRATA admitted he made a mistake so I'm done here.
I will drop some negative feedback on joter85 so hopefully others will no longer invest or play there without knowing about these bugs and exploits. Who knows, these exploits may have been in place for a reason. Like to slowly drain the investors
