Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Beginners & Help
Re: BIPS Wallet security breach
by
assortmentofsorts
on 03/12/2013, 09:25:50 UTC
Quote from: dark_kn1ght on December 02, 2013, 05:30:06 PM
Quote from: assortmentofsorts on November 29, 2013, 08:29:23 PM
Quote from: phpgeek on November 29, 2013, 02:05:32 PM
Kris was interviewed to a danish news site eailer today:
http://translate.google.com/translate?sl=da&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&u=http%3A%2F%2Fwww.version2.dk%2Fartikel%2Fny-forklaring-om-det-store-danske-bitcoin-roeveri-ddos-angreb-var-kun-et-roegsloer-55179&act=url

A short summary:
- The DDoS not the actually attack. Just a way to remove the focus from the sys admins so they could get through another security hole.

Its BS. Kris was the only guy working on BIPS. Lemme share with you guys a bug I helped fix. The secret that you entered in your IPN page was generating wrong hashes for any word that was 8-16 characters in length (weird?). I had to literally beg Kris to understand that this is a serious bug and had to write various test cases to demonstrate it. When he realized that there was indeed a bug he chose to just publish a "Enter less than 8 characters and greater than 16 characters" or something like that instead of actually fixing it. When I questioned him, he told me that he wrote his own crypto lib functions. Which fool would try to rewrite crypto when there are so many well tested modules available? This kind of shit brings in all the security loop-holes.

Quote
- There was a bug with the way their algorithm works with hot and cold wallets. ALL bitcoins were in the hot wallet and because of this they were easier to access by hackes.

Tell the world the technical details of the bug. I bet Kris hasn't fixed it yet. If he couldn't find time to fix that buggy PHP hashing module I bet he is still using that same shitty hand written module (or many more like that) for everything inside BIPS.

Quote
- All funds are lost for the users. According to Kris he/BIPS are not responsible due to their TOS.

BS here as well. I can write whatever I like in my TOS. But when it comes to the courts the TOS is as good as shit. You need to make sure your TOS doesn't violate the law first. The very fact that he is saying that he isn't responsible for the funds lost is itself BS. I'll see you in court Kris... the deadline of 72 hours is ending soon.

Quote
- Kris advice people NOT to use hot wallets anymore - only with very low amounts of Bitcoins.

Thanks for the advice Saint Kris.

Quote
- Kris tells BIPS will continue as a payment provider - but have closed down there wallets for good.

I'll make sure you do not.

Quote
I think thats a pretty good summary of the article. Otherwise - try the above google translation Smiley

Thanks Smiley


do you have personal vendetta with Kris or what?
If you were that close with Kris that you knew so much of Bips operational,
and you knew there was weakness with Bips security config as you mentioned,
why didn't you do something before?
or you could have place your btc somewhere else instead of keeping it there??

stop embarrassing yourself mate

Stop using your shill accounts Kris. We know its you. Come out in the open about the hack and save yourself some embarrassment.