Re: Dumb Question : If I found a security flaw with a major bitcoin company ..

Quote from: Nicolai on March 28, 2013, 09:21:53 PM

On the screenshot we can see that you just searched for "site:instawallet.org", this is something that has been known for ages (e.g.

Aka "Google hacking", "google dork", whatever it has nothing to do with hacking.

But simply asking google not to index or list items on your website, doesn't "fix" it because it has never been a security problem in instawallet. As I said before, it is best practice to do what you helped them with, but not a security problem to not do it. You want it to be a security problem to make instawallet look bad for not paying you, but please just face that it isn't and will never be a security problem.

Changing the "site" command to e.g. "allintext" and volá free bitcoins:

But no, I'm not blaming instawallet.

1 - freaking linking like that to someone's wallet ? seriously?

2 - You didn't find that link directly on Google, you found someone that was scraping or whatever then linking to it, show me that screenshot of where you found it because I'm willing to bet you found it on a scraper using the allintext operator.

3 - Someone trusts their bitcoins to instawallet, and instawallet's structure allows someone to steal those coins, how is that not a security problem? Please enlighten all of us.