| Poster | Thread |
 phoenixkonsole
|  |
Re: First release of AmiWallet
Posted on 6-Feb-2015 19:34:32
| | [ #1 ] |
|
|
 |
Super Member
 |
Joined: 8-Nov-2009
Posts: 1772
From: Unknown | | |
|
| |
| Status: Offline |
|
|
tomazkid
 | |
Re: First release of AmiWallet
Posted on 6-Feb-2015 20:06:44
| | [ #2 ] |
|
|
 |
Team Member
 |
Joined: 31-Jul-2003
Posts: 11694
From: Kristianstad, Sweden | | |
|
| fixed
_________________
Site admins are people too..pooff!
|
|
| Status: Offline |
|
|
phoenixkonsole
| |
Re: First release of AmiWallet
Posted on 6-Feb-2015 20:19:09
| | [ #3 ] |
|
|
|
Super Member
|
Joined: 8-Nov-2009
Posts: 1772
From: Unknown | | |
|
| Thank you : )
_________________
AROS Broadway - AEROS - Aminux - AmiCloud - indieGO! Appstore - AmiWallet - VAN lossless video codec - AMC Amiga media Center -KrypUnite - LibertyNet - MinX - amigaNX
|
|
| Status: Offline |
|
|
Cheese
|  |
Re: First release of AmiWallet
Posted on 6-Feb-2015 21:36:34
| | [ #4 ] |
|
|
 |
Regular Member
 |
Joined: 23-Oct-2006
Posts: 315
From: Unknown | | |
|
| Just wanted to warn you that AmiWallet is completely missing transport layer security (TLS)
https://sintonen.fi/pics/amiwallet-no-tls.png
https://sintonen.fi/pics/amiwallet-no-tls-2.png
passwords, transactions are being sent in clear text over internet.
_________________
x86/MorphOS 4.0
"Delving into the past can be a dangerous exercise." -hyperionmp
"I've been a supporter of "REACTION" GUI because is an Amiga OS thing." -Snuffy
"I personally prefer a vision of do'ers and makers rather than
|
|
| Status: Offline |
|
|
phoenixkonsole
| |
Re: First release of AmiWallet
Posted on 6-Feb-2015 22:12:52
| | [ #5 ] |
|
|
|
Super Member
|
Joined: 8-Nov-2009
Posts: 1772
From: Unknown | | |
|
| Hi,
Yes reason is that not all supported systems offer ssl/tls yet.
The risk is zero to loose any money because only registered devs can recieve money. And those transaction don't happen from client to client.
So no hacker could transfer anything to a anonymous account.
We will resolve the issue soon with a own encryption system.
As soon this is done we will open transaction in any direction. (But also than transactions are tracked). This is no anonymous system.
Just use a unique password or let the system restore /auto-create one so in case someone snifs your wifi he gets only access to this one.
If someone has a keylogger running on his computer, this doesn't help either. Last edited by phoenixkonsole on 07-Feb-2015 at 07:57 AM.
Last edited by phoenixkonsole on 06-Feb-2015 at 10:16 PM.
_________________
AROS Broadway - AEROS - Aminux - AmiCloud - indieGO! Appstore - AmiWallet - VAN lossless video codec - AMC Amiga media Center -KrypUnite - LibertyNet - MinX - amigaNX
|
|
| Status: Offline |
|
|
broadblues
| |
Re: First release of AmiWallet
Posted on 7-Feb-2015 16:35:33
| | [ #6 ] |
|
|
 |
Amiga Developer Team
 |
Joined: 20-Jul-2004
Posts: 4447
From: Portsmouth England | | |
|
| It's utterly iresposible of you to offer a service relating to finacial transactions that is not secure.
Quote:
Yes reason is that not all supported systems offer ssl/tls yet.
|
Then don;t support those plaforms at all.
Quote:
The risk is zero to loose any money because only registered devs can recieve money. And those transaction don't happen from client to client.
So no hacker could transfer anything to a anonymous account.
|
That's not really the point.
Quote:
We will resolve the issue soon with a own encryption system.
|
You should have resolved this critical feature before even releasing a beta!
Quote:
As soon this is done we will open transaction in any direction. (But also than transactions are tracked). This is no anonymous system.
Just use a unique password or let the system restore /auto-create one so in case someone snifs your wifi he gets only access to this one.
|
No one with any sense would use your system after gaff like this.
Quote:
If someone has a keylogger running on his computer, this doesn't help either.
|
Huh? Your excuse for negligence is some other criminal activity might expose thisinfo anyway? No point locking my front door then the burglar might just come in through the window....
Sometimes I think people have been unfair to you on these fora, but I'm afriad you just proved them right....
_________________
BroadBlues On Blues BroadBlues On Amiga Walker Broad
|
|
| Status: Offline |
|
|
phoenixkonsole
| |
Re: First release of AmiWallet
Posted on 7-Feb-2015 17:33:00
| | [ #7 ] |
|
|
|
Super Member
|
Joined: 8-Nov-2009
Posts: 1772
From: Unknown | | |
|
| Well... if you have a problem with it in this state than don't use it.
Again.. the service is still safe. So where is the problem?
Do you have a wired connection to your angry neighbor? Me not. The chance is higher to be spied out on Windows every day.
The only problem is that the password can be read out and so just use something unique which isn't used for anything else or use a username you don't use anywhere else.
And? Nothing which can happen from that point is irreversible .
What i can offer quickly is a two point validation (email with pin) for each transaction.
-> But really guys.. I know how much i pay out -> we are talking of 300potential users (21 devs , where around 5 will be just test-dummies).. We know each other.
Huh?
Calm down a bit... this is nothing where you could loose something.
This is a service where "I" (in words "I") throw money out to users to spend it and motivate devs. Just a funny thing. Paying in (real money) and paining out (real money) is done by "me".. not a computer.
Drama drama.
BTW: I am using one of those limited systems and the real security pain are those which offers the needed functions.
Whatever:
We are working further but I thought some may have fun with it anyway.
It is fun.
Don't stess yourself, isn't there a graphic app you could work on? Your last sense is really nice... you start with "ahh you arm boy" and than prove the others right.. cool because you were IMO one of those already.
------
Everyone else please wait for a updated version... Last edited by phoenixkonsole on 07-Feb-2015 at 05:37 PM.
Last edited by phoenixkonsole on 07-Feb-2015 at 05:35 PM.
_________________
AROS Broadway - AEROS - Aminux - AmiCloud - indieGO! Appstore - AmiWallet - VAN lossless video codec - AMC Amiga media Center -KrypUnite - LibertyNet - MinX - amigaNX
|
|
| Status: Offline |
|
|
TheAMIgaOne
| |
Re: First release of AmiWallet
Posted on 8-Feb-2015 1:17:46
| | [ #8 ] |
|
|
 |
Cult Member
 |
Joined: 10-Jan-2004
Posts: 776
From: United Kingdom | | |
|
| I agree, this should not of been released without proper security in place.
All you need is someone to sniff public unsecured wifi(not everyone has wired internet), and they have obtained the users username, password. Oh no worries, amiwallet is no use to a non-amiga user.......... the again how many people use the same password for many accounts, that user will then risk other sites they belong too once the details have been obtained.
If I knew I was released a crippled software I would of at least implemented other protection techniques, like the simplest form for your issue would be encryption, use a public and private key encryption between Amiwallet and your server, or even at minimum some form of obfuscation before sending.
If you have no knowledge of implementing public key encryption or obfuscation.. stop now and learn about it.
_________________
Cross-developer on Windows, OS3, OS4, Linux; Current Projects:-
Nephele Cloud App OS4
UserProfile System OS4
AmigaOneXE OS4.1.6
TaoSoftwareBlog Youtube
|
|
| Status: Offline |
|
|
Spirantho
| |
Re: First release of AmiWallet
Posted on 10-Feb-2015 10:23:42
| | [ #9 ] |
|
|
|
Super Member
|
Joined: 4-Jun-2004
Posts: 1044
From: Aberystwyth, Wales | | |
|
| @phoenixconsole
I don't want this to sound discouraging, but security on any financial transaction is an absolute must - no-one will use an unsecured system even if the developer does say there's no chance of losing money.
Don't take this the wrong way, but the reason why AmiStore took so long to implement wasn't the GUI - it was getting the security correct. You asked why AmigaKit re-invented the wheel and made their own app store when you already had one in the works - but with this release you've answered your own question, I'm afraid.
Work on the SSL - and if a system doesn't support it (does any system not support SSL at all?) then don't support that system. Then do another release, and it'll be taken far more seriously.
(Please take this post as constructive advice, which is how it is intended) |
|
| Status: Offline |
|
|
phoenixkonsole
| |
Re: First release of AmiWallet
Posted on 10-Feb-2015 15:48:45
| | [ #10 ] |
|
|
|
Super Member
|
Joined: 8-Nov-2009
Posts: 1772
From: Unknown | | |
|
| I've got it : )
I am willing to Pay Development of https support im Hollywood. How exactly did amistore circumvent this?
_________________
AROS Broadway - AEROS - Aminux - AmiCloud - indieGO! Appstore - AmiWallet - VAN lossless video codec - AMC Amiga media Center -KrypUnite - LibertyNet - MinX - amigaNX
|
|
| Status: Offline |
|
|
broadblues
| |
Re: First release of AmiWallet
Posted on 11-Feb-2015 12:38:27
| | [ #11 ] |
|
|
|
Amiga Developer Team
|
Joined: 20-Jul-2004
Posts: 4447
From: Portsmouth England | | |
|
| |
| Status: Offline |
|
|
phoenixkonsole
| |
Re: First release of AmiWallet
Posted on 11-Feb-2015 17:50:54
| | [ #12 ] |
|
|
|
Super Member
|
Joined: 8-Nov-2009
Posts: 1772
From: Unknown | | |
|
| I see... arexx + brwoser... ok.
Meanwhile I am looking for a developer for a https: Hollywood plugin.
Whoever likes to do it (payed job) can contact me. I also contact some people I would trust to manage this task.
_________________
AROS Broadway - AEROS - Aminux - AmiCloud - indieGO! Appstore - AmiWallet - VAN lossless video codec - AMC Amiga media Center -KrypUnite - LibertyNet - MinX - amigaNX
|
|
| Status: Offline |
|
|
broadblues
| |
Re: First release of AmiWallet
Posted on 11-Feb-2015 20:21:26
| | [ #13 ] |
|
|
|
Amiga Developer Team
|
Joined: 20-Jul-2004
Posts: 4447
From: Portsmouth England | | |
|
| Quote:
I see... arexx + brwoser... ok.
|
No, you jump to a conclusion there, it doesn't use a browser.
Quote:
Meanwhile I am looking for a developer for a https: Hollywood plugin.
Whoever likes to do it (payed job) can contact me. I also contact some people I would trust to manage this task.
|
Thanks but no thanks.....
_________________
BroadBlues On Blues BroadBlues On Amiga Walker Broad
|
|
| Status: Offline |
|
|
phoenixkonsole
| |
Re: First release of AmiWallet
Posted on 12-Feb-2015 6:37:55
| | [ #14 ] |
|
|
|
Super Member
|
Joined: 8-Nov-2009
Posts: 1772
From: Unknown | | |
|
| : )
Payment is done via browser at least.
Downloading as well.
I didn't meant you directly when I wrote about a plugin development. Was just a sort of open letter (my fault should have made it more obvious.
Meanwhile I am glad to have found a developer.
_________________
AROS Broadway - AEROS - Aminux - AmiCloud - indieGO! Appstore - AmiWallet - VAN lossless video codec - AMC Amiga media Center -KrypUnite - LibertyNet - MinX - amigaNX
|
|
| Status: Offline |
|
|
broadblues
| |
Re: First release of AmiWallet
Posted on 12-Feb-2015 14:43:42
| | [ #15 ] |
|
|
|
Amiga Developer Team
|
Joined: 20-Jul-2004
Posts: 4447
From: Portsmouth England | | |
|
| Quote:
: )
Payment is done via browser at least.
|
Payment is currently via Paypal, and yes the only way to access that is in a browser.
Quote:
No it's not handled by a browser, there is a separate client.
Quote:
I didn't meant you directly when I wrote about a plugin development. Was just a sort of open letter (my fault should have made it more obvious.
|
I know 
Quote:
Meanwhile I am glad to have found a developer.
|
Glad to hear it.
_________________
BroadBlues On Blues BroadBlues On Amiga Walker Broad
|
|
| Status: Offline |
|
|
21 crawler(s) on-line.
82 guest(s) on-line.
1 member(s) on-line.
