All posts by LeoTheo Bing
| Mar 30th 2008, 06:39 LeoTheo Bing |
General Investment Discussion » ACE Database Compromised; No Backup of BNT Shareholder List Re: ACE Database Compromised; No Backup of BNT Shareholder List |
|
| LOL - you can just tell they don't have a clue what to do :) I love the way he keeps pointing out how its not his fault - classic :) | ||
| Apr 13th 2008, 00:57 LeoTheo Bing |
General Investment Discussion » Ancapex WARNING - IntLibber Brautigan rogue trader. Ancapex WARNING (Insecure); IntLibber Brautigan rogue trader. Edited by moderator Apr 13th 2008, 01:50 |
|
| Dear reader, (This is in no way related to the 2 week Ancapex outage - that was another (unrelated) chronic example of incompetence) Ancapex has (or had); a major design flaw - it literally had no transaction security. As a result anyone can use anyone elses account to buy and sell shares - this is shocking for a service that claims to be secure. Since its opening, anyone has been able to change the account number on the transaction confirmation page (using notepad e.t.c.) and sell your shares. It requires no hacking of any kind (before accusations are made) and allows the complete emptying of you account or false inflation of a share price. Some additional info: I complained to IntLibber Brautigan about the shocking security holes in Ancapex at 4pm SLT on 12th April 2007 I was banned from SL by 12.30 SLT on 13 April 2007 (although possibly sooner) After banning me from SL - IntLibber Brautigan decided that he would sort out the problems after-all - and took down http://www.ace-exchange.com/ (again) So basically - he has used his influence to suspended my SL account for no reason at all User ID (in one of the submission forms) It should be verified against the password/user account on the server side - but it isn't - allowing you to buy or sell anybodies shares just by editing one number - it's so fundementally flawed that I actually discovered it by accident (I switched accounts prior to completing a transaction). Its bad enough that the site has no secure data transfer - but leaving an exploit that basic is entirely negligent. In light of other recent examples of Ancapex negligence I find this disgusting. |
||
| Apr 30th 2008, 14:43 LeoTheo Bing |
General Investment Discussion » Never a Dull moment - BNT style... Re: Never a Dull moment - BNT style... |
|
| I've been keeping an eye on this to see who else IntLibber Brautigan has managed to wrong or bully in the last week or so. Last week I noticed all the reasons were removed (and in fairness they were the most relevant aspect to anyone reading). Now I've noticed his name itself has been replaced by "****" on the petition site. What sort of respectable person goes around the internet censoring what his potential investors have a right to know... suspicious? - I think so :) |
||
| Apr 30th 2008, 16:28 LeoTheo Bing |
General Investment Discussion » Never a Dull moment - BNT style... Re: Never a Dull moment - BNT style... |
|
| Hi, This is old news now. The vulnerability was that you could alter the account ID on the buy/sell form. In terms of ACE - I pointed out that there was an issue to Cliff Eclipse (who is/was apparently ACE staff and was in the giant BOT camping traffic-hack center ACE operates floating above their main exchange (which is funny to see BTW)) about a week before they reopened. Couldn't tell whether they did anything or not because the domain was down. On the opening day I put 600L into the account I decided I would demonstrate a 10X multiplyer - and took 6000L out. Because the vulnerability didn't allow you to see the account cash balances I had to randomly try accounts starting from number 1 upwards. As a result I did dip into "multiple accounts" - but most had no or only a few $L in them so I just moved on until I made the 6K :). I didn't touch actual share holdings because I was afraid it would be much more difficult for them to correct afterwards. The rest, as they say, is history. ACE seem to have misappropriated my original 600L. And I am waiting for my account to come back online. Something I found strange was that after a few days passed LL responded to my request to know why I was disabled. They said it was a 14 day suspension for "Violation: Terms of Service: Permissions Exploit"... I personally think it was the hidden TOS Violation "Not paying as much tier as Int Libber". Anyway - the whole episode irritated and disturbed me - so this is the last I shall say on the matter. Thanks for your interest anyway :) |
||
1 
Sort by: