Man in the middle attack isn't a problem for luckybit because:
1.- MITM is a LAN attack. That mean the only users who will be affected are those who are on the local area network of the attacker. Users access point is users responsability, if you are on a not secure network better don't use bitcoin, because if you are under MITM attack, the hacker will not change the betting addys, he will get your blockchain.info wallet access information.
It depends on the wallet. blockchain.info uses an HTTPS conection, so it's unlikely to be affected. Even if you're affected, the HTTPS conection will be gone and the lock in address box of the browser won't appear.
Please read the point 3.About the LAN attack, well, you can take care about your network, but when this goes to your ISP, international routes and so, you lose the control of what goes on.
If you lose control of what goes on your network, there is not much luckybit can do for you.2.- MITM can be detected by users with tools like wireshark. But is responsability of the user to verify if the network is secure.
Do you really expect average people to use wireshark in order to detect if there's a MITM happening?
If people is paranoid about the attack, then they should find a way to avoid it.It's much more simple having an HTTPS website. If it isn't encrypted, there will be lock on the browser. If it presents an invalid certificate, you'll receive an alert.
Again please read the point 3.3.- MITM have a tool called sslstrip to bypass the SSL connection, so, change the site to SSL will fix nothing about the attack.
sslstrip turns HTTPS traffic in HTTP. But to be effective, the user needs to go further and ignore the lack of HTTPS. Aside of this, there are tools and settings to avoid these types of downgrading, like HSTS.
You should learn a lil more about sslstrip, it really works fine to make the MITM to SSL connections.Make a man in the middle to change luckybit addys, is one of the worst things you can do with this attack. Because if the users don't see the bets rolling they will ask to support what happen?, then we will ask for the TX ID, and in that moment we will see the fake addy. How much the hacker get? 0.005? 0.01?... not really a big lost. So, that attack is just a waste of time if some one is thinking about use it that way.
I want to make emphasis on the point of; This has never happened to luckybit and isn't something to worry about.
Well, a more sophisticated attack can try to replace the entire game too.
A sophisticated hacker know how stupid is the idea of edit the gambling site with MITM to change addys and catch some satoshis if he have luck.And again, the "this never happened" isn't a good reason. You need to consider the possibilities and risks, not the "it never happened".
We consider possibilities and risks... Chance to get a user hacked to change the betting addys, zero. Risks, only one user hacked because some one vuln his network. But it seems you think it's more simple to deal with an eventual problem than fixing the origin of it. OK, it's your choice. A bad choice, I think, but, well...
The only problem here is all this trash talk, and we are working on it.I will say it clear because you are confusing our customers.
Luckybit is not worried about a MITM attack.Because the MITM attack goes for one target, the target must be in the same attacker local network, and if users got hacked with this attack we wasn't the reason or the vuln and we are not the target.
If the hacker have a success attack to one of our users, other users will be not affected, and we are a gambling site not a Internet Security Service. Of course we care about out customers security, but only for problems relevant to luckybit. If a random guy on internet get hacked by this attack should be our problem? if that guy use windows and some one use a trojan to hack it, should be our problem? i think not.
For all the luckybit users:
*This is not a luckybit security problem. it's the user responsibility to be on a secure network.
*This is not a problem because it will not happen, to have the hacker in the same local network is really hard. And if you have a hacker on your LAN change the addys of luckybit to take the user bitcoins isn't a smart idea, as i say before if the users send one bet and it don't roll, support will ask for the tx id, and there we will see the fake addys.
*In a fantasy world this is possible, but in the real world, this is almost impossible, is a bad idea, hard as hell and a waste of time.