5Dimes Security Issue

**leetreaper** · 02-14-15, 11:07 AM

mmmkay...and why you post this on SBR instead of talking to 5Dimes...???

**SBR Forum** · 02-14-15, 11:12 AM

Hi Nunya,

It is not uncommon to confirm your password. Many sportsbooks do so.

**mintpicks79** · 02-14-15, 11:28 AM

I recommend changing password often

**Kaabee** · 02-14-15, 11:48 AM

Originally posted by SBR Forum

Hi Nunya,

It is not uncommon to confirm your password. Many sportsbooks do so.

He's talking about by email.

**NunyaBidness** · 02-14-15, 11:50 AM

Originally posted by SBR Forum

Hi Nunya,

It is not uncommon to confirm your password. Many sportsbooks do so.

It is NOT common to confirm your password by email. No books do that.

**NunyaBidness** · 02-14-15, 11:52 AM

Originally posted by leetreaper

mmmkay...and why you post this on SBR instead of talking to 5Dimes...???

Originally posted by NunyaBidness

I have mentioned this to them several times, but have gotten no traction

Originally posted by NunyaBidness

I have mentioned this to them several times, but have gotten no traction

Originally posted by NunyaBidness

I have mentioned this to them several times, but have gotten no traction

Originally posted by NunyaBidness

I have mentioned this to them several times, but have gotten no traction

Originally posted by NunyaBidness

I have mentioned this to them several times, but have gotten no traction

Originally posted by NunyaBidness

I have mentioned this to them several times, but have gotten no traction

Originally posted by NunyaBidness

I have mentioned this to them several times, but have gotten no traction

Originally posted by NunyaBidness

I have mentioned this to them several times, but have gotten no traction

Originally posted by NunyaBidness

I have mentioned this to them several times, but have gotten no traction

Originally posted by NunyaBidness

I have mentioned this to them several times, but have gotten no traction

Originally posted by NunyaBidness

I have mentioned this to them several times, but have gotten no traction

Originally posted by NunyaBidness

I have mentioned this to them several times, but have gotten no traction

Originally posted by NunyaBidness

I have mentioned this to them several times, but have gotten no traction

Originally posted by NunyaBidness

I have mentioned this to them several times, but have gotten no traction

Originally posted by NunyaBidness

I have mentioned this to them several times, but have gotten no traction

Originally posted by NunyaBidness

I have mentioned this to them several times, but have gotten no traction

Originally posted by NunyaBidness

I have mentioned this to them several times, but have gotten no traction

Originally posted by NunyaBidness

I have mentioned this to them several times, but have gotten no traction

Originally posted by NunyaBidness

I have mentioned this to them several times, but have gotten no traction

Originally posted by NunyaBidness

I have mentioned this to them several times, but have gotten no traction

Originally posted by NunyaBidness

I have mentioned this to them several times, but have gotten no traction

Originally posted by NunyaBidness

I have mentioned this to them several times, but have gotten no traction

How's that reading comprehension working out for you?

**leetreaper** · 02-14-15, 11:54 AM

Originally posted by NunyaBidness

How's that reading comprehension working out for you?

Stop crying, nothing you can do about it. Use a different book, there are plenty.

**NunyaBidness** · 02-14-15, 01:42 PM

Being alone on Valentines day is really stressing you out, huh?

**Hareeba!** · 02-14-15, 02:11 PM

Originally posted by SBR Forum

Hi Nunya,

It is not uncommon to confirm your password. Many sportsbooks do so.

This ought NEVER to happen.
Only the computer system should know your password.

**DCTrue** · 02-14-15, 02:26 PM

5Dimes will ask you for the password every time you contact live support too. It really is a bad idea on their part and I wish they'd change this since it's unprofessional to say the least. Other books ask that under no circumstances should you ever reveal your password and that no employee will ask you for this information. Anyway, that's just their policy at the moment I guess and if they won't change it all one can do is choose another password regularly.

Bookmaker has the same flaw.

**bobtoma** · 02-14-15, 03:04 PM

6 fimes id beeut

**NunyaBidness** · 02-14-15, 03:21 PM

Originally posted by DCTrue

5Dimes will ask you for the password every time you contact live support too. It really is a bad idea on their part and I wish they'd change this since it's unprofessional to say the least. Other books ask that under no circumstances should you ever reveal your password and that no employee will ask you for this information. Anyway, that's just their policy at the moment I guess and if they won't change it all one can do is choose another password regularly.

Bookmaker has the same flaw.

This is true of most books, email is infinitely less secure than live chat.

**Optional** · 02-14-15, 03:44 PM

Geez. Narcisistic enough Nunya?

Oh my god, you told them to change it several times yet they STILL have not dropped everything and done what you told them was better for their business!

Ever consider that they heard you but dont agree?

Never seen so many know it alls in one place as here.

**NunyaBidness** · 02-14-15, 04:11 PM

Originally posted by Optional

Geez. Narcisistic enough Nunya?

Oh my god, you told them to change it several times yet they STILL have not dropped everything and done what you told them was better for their business!

Ever consider that they heard you but dont agree?

Never seen so many know it alls in one place as here.

How is that narcissism?

I didn't "Tell them to change it" I suggested to them that it was a security flaw that they should look into. If they don't see it as a security flaw, it is not a matter of opinion, they are simply wrong. Not a single company in any other industry would ask you to confirm your password via e-mail.

The few companies who will still send your password to you via email rather than a link to clickthrough are frequently vilified by security industry experts.

I'm posting about a security problem that affects the majority of 5dimes users. I would think supposed "Industry Watchdog" SBR would want to protect its players?

Are you guys really so dumb to not see the problem here?

Perhaps I'll post about it to 4chan instead and see if those guys want to look into it.

**NunyaBidness** · 02-14-15, 04:18 PM

Passwords In Email -- Not Secure!

http://www.thebitmill.com/articles/password_email.html

Sending passwords through email is a common practice. It is also a very bad practice. If you are on the receiving end of a password transferred this way, be sure to change it immediately.

404 Not Found

http://plaintextoffenders.com/faq/non-devs

Emailed passwords are dangerous for all of the following reasons:

email is sent in plain text
email often is stored on several systems along the way to your mailbox
email often is stored on your computer in plain text or other unencrypted format
many copies may exist in many places, even after "deletion"
even encrypted email can be broken in to, given enough computing time
your account's security may have been compromised even before you read your email (changing the password will not help in this case)

**Optional** · 02-14-15, 04:20 PM

Originally posted by NunyaBidness

How is that narcissism?

I'm posting about a security problem that affects the majority of 5dimes users. I would think supposed "Industry Watchdog" SBR would want to protect its players?

Are you guys really so dumb to not see the problem here?

Perhaps I'll post about it to 4chan instead and see if those guys want to look into it.

Keep stamping your feet.

Boo hoo. 5Dimes didnt jump when I told them how to change their business. Even though I told them to do it multiple times! How dare they!

That's why it's narcissistic.

BTW, you are only the 100th or so person to comment on this. It's not a personal affront to you that they haven't listened. Strange system indeed but neither you or I know enough about their business to TELL them that a decision they stick with after years of people suggesting a change is wrong.

**NunyaBidness** · 02-14-15, 04:23 PM

Originally posted by Optional

Keep stamping your feet.

Boo hoo. 5Dimes didnt jump when I told them how to change their business. Even though I told them to do it multiple times! How dare they!

That's why it's narcissistic.

BTW, you are only the 100th or so person to comment on this. It's not a personal affront to you that they haven't listened. Strange system indeed but neither you or I know enough about their business to TELL them that a decision they stick with after years of people suggesting a change is wrong.

I don't even give a shit about 5dimes, I barely play there as my limits are meaningless.

Was trying to protect the rest of the booger-eating morons who play there.

I guess constructive criticism isn't allowed towards "A" books (like betislands).

Where are the other 100 people to comment on this? Is it still because you don't realize I'm not talking about live chat?

**NunyaBidness** · 02-14-15, 04:28 PM

Originally posted by Hareeba!

This ought NEVER to happen.
Only the computer system should know your password.

The computer shouldn't even know your password, it should be stored in a one-way hash which is irretrievable. That is why most sites send you a change your password link to your email, they couldn't tell you your password if they wanted to.

**Hareeba!** · 02-14-15, 04:31 PM

Rather surprised at Optional's attitude to Nunya here.

He's raised a legitimate concern but is copping unwarranted criticism.

**Hareeba!** · 02-14-15, 04:34 PM

Originally posted by NunyaBidness

The computer shouldn't even know your password, it should be stored in a one-way hash which is irretrievable. That is why most sites send you a change your password link to your email, they couldn't tell you your password if they wanted to.

I don't know what a "one-way hash" is but surely that's something on the computer, which is what I meant?
Passwords should not be able to be viewed by anyone.

**NunyaBidness** · 02-14-15, 04:36 PM

Originally posted by Hareeba!

Rather surprised at Optional's attitude to Nunya here.

He's raised a legitimate concern but is copping unwarranted criticism.

Yeah, not sure why he's so butthurt about it? Not sure what anyone thinks I have to gain about this.

From another forum: "Optional is usually reasonable but just clearly ignorant here. Doesn't understand what you're saying.

In most systems, passwords are encrypted and could never simply be looked up by personnel, let alone requested through email where it can easily be intercepted. Imagine if your bank asked you to confirm password by phone or email. Laughable.

Does Optional have history with you? Weird that he'd be that aggressive for no reason."

**NunyaBidness** · 02-14-15, 04:37 PM

Originally posted by Hareeba!

I don't know what a "one-way hash" is but surely that's something on the computer, which is what I meant?
Passwords should not be able to be viewed by anyone.

Yeah, I'm agreeing with you, just pointing out the method that is used.

**Optional** · 02-14-15, 04:42 PM

Originally posted by NunyaBidness

I don't even give a shit about 5dimes, I barely play there as my limits are meaningless.

Was trying to protect the rest of the booger-eating morons who play there.

I guess constructive criticism isn't allowed towards "A" books (like betislands).

Where are the other 100 people to comment on this? Is it still because you don't realize I'm not talking about live chat?

Us booger eating morons are appreciative that the only smart guy on SBR is here to protect us.

You guess wrong. Try reading the forum and you will probably find a crack about Betislands posted multiple times every day, still.

Same goes for all the previous comments about passwords being asked for by CS.

I do know you mean emailing a reply for contest prizes with your password. And honestly I agree that it seems like a potential hole not having non-readable encrypted passwords for all interactions. But for some reason 5D choose to stick with it and to date their secondary security appears good enough to have avoided problems from it.

**Optional** · 02-14-15, 04:44 PM

Originally posted by Hareeba!

Rather surprised at Optional's attitude to Nunya here.

He's raised a legitimate concern but is copping unwarranted criticism.

I was reacting to the attitude, not the content.

I am sure you have seen me post I agree this does not look like the best system before.

**NunyaBidness** · 02-14-15, 04:48 PM

Originally posted by Optional

I was reacting to the attitude, not the content.

I am sure you have seen me post I agree this does not look like the best system before.

There was ZERO "attitude" until your asinine responses appeared.

**NunyaBidness** · 02-14-15, 04:52 PM

Originally posted by Optional

Us booger eating morons are appreciative that the only smart guy on SBR is here to protect us.

I do know you mean emailing a reply for contest prizes with your password. And honestly I agree that it seems like a potential hole not having non-readable encrypted passwords for all interactions. But for some reason 5D choose to stick with it and to date their secondary security appears good enough to have avoided problems from it.

You're welcome.

If you agree that it is a hole, and you see that there is no reason for requiring it, why not use your good relationship with dimes to encourage them to stop asking for it?

A few months ago betonline was having an issue with logging people out every few minutes. SBR stepped up, surveyed the users affected, and got them to fix it. Why is a security issue less important than that?

I had far more to gain there, why wasn't I narcisstic then? Why wasn't I "Stamping my feet, demanding they fix the problem" that time?

**Optional** · 02-14-15, 05:10 PM

Originally posted by NunyaBidness

If you agree that it is a hole, and you see that there is no reason for requiring it, why not use your good relationship with dimes to encourage them to stop asking for it?

I agree that it's not the most secure way things can be done. But I do think there must be a reason they choose to continue to do it that way, and believe they think their internal procedures have the security covered. I just don't know what the reason is.

I'm pretty sure the powers that be at SBR have spoken to them about it more than once btw. This thread will probably see the subject come up again though.

**lovetobet** · 02-19-15, 12:41 PM

Why are there so many idiots that jumped on Nunya for pointing this out?? Just don't like the guy or what?? What he is saying is just factually accurate and can't be argued. I guess it would be better to say that you could argue it but would just be proving what a total moron you are in doing so, see several posts above for proof.

**YorkHunt** · 02-19-15, 12:50 PM

"Knock Knock"
"Whose there"
"Nunya"
"Nunya who?"
"Nunya Business"

**trytrytry** · 02-19-15, 05:57 PM

with he 5 in a row what did you choose..the bluetooth speaker or the backpack? maybe the sleeping bag?

**BitCoinTalk** · 02-20-15, 09:13 AM

Its easy, I just change me password every time I give it out.

I'll sometimes change it to something else, send the email or support query, then when it's done, o change it back.