Bitcoin Forum

Economy => Service Discussion => Topic started by: leickr on February 25, 2014, 09:45:58 AM



Title: html source of mtgox.com
Post by: leickr on February 25, 2014, 09:45:58 AM
<html>
   <head>
      <title>MtGox.com</title>
   </head>
   <body>
      <!-- put announce for mtgox acq here -->
   </body>
</html>


Title: Re: html source of mtgox.com
Post by: Kluge on February 25, 2014, 09:50:10 AM
Huh. Confirmed. Idunno many words which start with "acq." Acquisition comes to mind. (Oh - maybe just acquisition of gox.com)


<html>
   <head>
      <title>MtGox.com</title>
   </head>
   <body>
      <!-- put announce for mtgox acq here -->
   </body>
</html>

MtGox PR is stellar.


Title: Re: html source of mtgox.com
Post by: MrPiggles on February 25, 2014, 09:51:04 AM
http://www.scrabblefinder.com/starts-with/Acq/


Title: Re: html source of mtgox.com
Post by: MrPiggles on February 25, 2014, 09:55:04 AM
MtGox expects to be Acquitted of any wrongdoing.


Title: Re: html source of mtgox.com
Post by: Kluge on February 25, 2014, 10:08:38 AM
http://www.scrabblefinder.com/starts-with/Acq/
Oh. Maybe Gox has found some new acquaintances they'd like to introduce. Maybe Browbeat, Floggem & Harassem.  ...Horribly long word... good to keep in mind for Scrabble, now that it's mentioned. (quaint->acquaint->acquaintance->acquaintances->acquaintanceship->acquaintanceships ;D )


Title: Re: html source of mtgox.com
Post by: st4nl3y on February 25, 2014, 10:12:14 AM
i think this might have been done purposely to deceive in to thinking gox is coming back. 


Title: Re: html source of mtgox.com
Post by: HumanFractal on February 25, 2014, 10:19:49 AM
i think this might have been done purposely to deceive in to thinking gox is coming back. 

Yes, though this thread has been entertaining, this is not what I'm seeing for HTML source.


Title: Re: html source of mtgox.com
Post by: MrPiggles on February 25, 2014, 10:23:33 AM
i think this might have been done purposely to deceive in to thinking gox is coming back. 

Yes, though this thread has been entertaining, this is not what I'm seeing for HTML source.

I'm seeing it.

Makes no sense though.


Title: Re: html source of mtgox.com
Post by: Kluge on February 25, 2014, 10:24:27 AM
i think this might have been done purposely to deceive in to thinking gox is coming back. 

Yes, though this thread has been entertaining, this is not what I'm seeing for HTML source.
In all seriousness, there's a fair chance your web requests are being redirected by malware or a malicious DNS server if you're not seeing that. What are you seeing? It has the SSL certification icon when you connect? (my troll hat's genuinely off)


Title: Re: html source of mtgox.com
Post by: Juneass on February 25, 2014, 10:27:28 AM
i think this might have been done purposely to deceive in to thinking gox is coming back. 
Could have been a good tactic to steal more money, if they left the market open....


Title: Re: html source of mtgox.com
Post by: V4Vendettas on February 25, 2014, 10:30:51 AM
Yea I also see it.

So either Gox is up for sale or its waiting to make an  announcement about a new owner.

Or its sick joke as he waddles away laughing his ass off.


Title: Re: html source of mtgox.com
Post by: st4nl3y on February 25, 2014, 10:37:44 AM
fatfuck is probably just buying some more time with this source so he can get off quietly and avoid angry customers. I hope i am wrong tho


Title: Re: html source of mtgox.com
Post by: HumanFractal on February 25, 2014, 10:56:14 AM
i think this might have been done purposely to deceive in to thinking gox is coming back. 

Yes, though this thread has been entertaining, this is not what I'm seeing for HTML source.
In all seriousness, there's a fair chance your web requests are being redirected by malware or a malicious DNS server if you're not seeing that. What are you seeing? It has the SSL certification icon when you connect? (my troll hat's genuinely off)

Haha! You caused me to have a good freak out there, but I've figured out what's going on.

The first clue was that this was only happening to me in Chrome. (I have Chrome in super locked down mode with cookies and javascript disabled by default)

This is what I was seeing:

<html><head><title>MtGox.com loading</title></head><body><p>Please wait...</p><script>function xdec(data){var o="[bunch of random text]=";var o1,o2,o3,h1,h2,h3,h4,bits,i=0,ac=0,dec="",tmp_arr=[];if(!data){return data}data+='';do{h1=o.indexOf(data.charAt(i++));h2=o.indexOf(data.charAt(i++));h3=o.indexOf(data.charAt(i++));h4=o.indexOf(data.charAt(i++));bits=h1<<18|h2<<12|h3<<6|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){tmp_arr[ac++]=String.fromCharCode(o1)}else if(h4==64){tmp_arr[ac++]=String.fromCharCode(o1,o2)}else{tmp_arr[ac++]=String.fromCharCode(o1,o2,o3)}}while(i<data.length);dec=tmp_arr.join('');return dec};document.cookie=xdec('[More Random Text]').replace(String.fromCharCode(0),'').split('').reverse().join(''); location.href='/';</script></body></html>

So you see, they set a cookie before refreshing the page.

End panic mode.

Seriously though, thanks for the heads up. Everything checks out SSL and DNS-wise.
Correct me if I'm wrong, but DNS attacks couldn't actually forge data under SSL, could they?
(Unless of course Gox's server keys were compromised)


Title: Re: html source of mtgox.com
Post by: Kluge on February 25, 2014, 11:16:38 AM
i think this might have been done purposely to deceive in to thinking gox is coming back. 

Yes, though this thread has been entertaining, this is not what I'm seeing for HTML source.
In all seriousness, there's a fair chance your web requests are being redirected by malware or a malicious DNS server if you're not seeing that. What are you seeing? It has the SSL certification icon when you connect? (my troll hat's genuinely off)

Haha! You caused me to have a good freak out there, but I've figured out what's going on.

The first clue was that this was only happening to me in Chrome. (I have Chrome in super locked down mode with cookies and javascript disabled by default)

This is what I was seeing:

<html><head><title>MtGox.com loading</title></head><body><p>Please wait...</p><script>function xdec(data){var o="[bunch of random text]=";var o1,o2,o3,h1,h2,h3,h4,bits,i=0,ac=0,dec="",tmp_arr=[];if(!data){return data}data+='';do{h1=o.indexOf(data.charAt(i++));h2=o.indexOf(data.charAt(i++));h3=o.indexOf(data.charAt(i++));h4=o.indexOf(data.charAt(i++));bits=h1<<18|h2<<12|h3<<6|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){tmp_arr[ac++]=String.fromCharCode(o1)}else if(h4==64){tmp_arr[ac++]=String.fromCharCode(o1,o2)}else{tmp_arr[ac++]=String.fromCharCode(o1,o2,o3)}}while(i<data.length);dec=tmp_arr.join('');return dec};document.cookie=xdec('[More Random Text]').replace(String.fromCharCode(0),'').split('').reverse().join(''); location.href='/';</script></body></html>

So you see, they set a cookie before refreshing the page.

End panic mode.

Seriously though, thanks for the heads up. Everything checks out SSL and DNS-wise.
Correct me if I'm wrong, but DNS attacks couldn't actually forge data under SSL, could they?
(Unless of course Gox's server keys were compromised)
Oh, I see - the loading screen. Yeah, I got that, too - didn't even think about it. At first, I thought it might be me, so I checked with a VM machine using Firefox instead of Chrome "with some urgency." :D Heh, sorry about the scare. :-[

DNS attack shouldn't be able to adequately forge SSL certificate in most reasonable scenarios (though it's happened outside cert keys just being stolen/compromised - google comodo attack, allegedly done by a single guy). DNS attacker who was really specific (targeting crypto users, maybe) would probably just self-sign certificates for fake crypto websites and hope you click through the browser warnings (so to answer your question - no - or at least "no, I don't think so."). Idunno SSL cert mechanics well enough to fully answer you, though.


Title: Re: html source of mtgox.com
Post by: HumanFractal on February 25, 2014, 11:25:28 AM
Oh, I see - the loading screen. Yeah, I got that, too - didn't even think about it. At first, I thought it might be me, so I checked with a VM machine using Firefox instead of Chrome "with some urgency." :D Heh, sorry about the scare. :-[

DNS attack shouldn't be able to adequately forge SSL certificate in most reasonable scenarios (though it's happened outside cert keys just being stolen/compromised - google comodo attack, allegedly done by a single guy). DNS attacker who was really specific (targeting crypto users, maybe) would probably just self-sign certificates for fake crypto websites and hope you click through the browser warnings (so to answer your question - no - or at least "no, I don't think so."). Idunno SSL cert mechanics well enough to fully answer you, though.

Yeah, I'm fairly certain they would need the keys to forge data... Unless you run Safari or iOS ;)
http://www.macworld.com/article/2099987/what-you-need-to-know-about-apples-ssl-bug.html

Though I wouldn't completely write off the possibility that Gox had their keys stolen- at least this panic has a happy ending not requiring me to reinstall any of my machines yet again.


Title: Re: html source of mtgox.com
Post by: shadyz on February 25, 2014, 11:35:19 AM
fatfuck is probably just buying some more time with this source so he can get off quietly and avoid angry customers. I hope i am wrong tho

Yes. Forget about what these people coming out with the instant public messages are saying. It is an industry wide problem, its not gox's problem or the customer's problem. Its the entire industry fucking up badly. Bitcoin is at stake as much as its customer funds on gox. Not the price of it, not whether you can speculate on it ,or what's low and what's high, sure that's still fine, but only if you can trust ANYONE in this community.


Title: Re: html source of mtgox.com
Post by: Klestin on February 25, 2014, 01:39:12 PM
From their facebook page:

Quote
We are in a process of being acquired, at the current time I am not in the position to give you further information. I can only reassure you, that your funds are securely kept in our cold storage.

An official statement is to be released tomorrow.


Title: Re: html source of mtgox.com
Post by: MrPiggles on February 25, 2014, 01:53:57 PM
From their facebook page:

Quote
We are in a process of being acquired, at the current time I am not in the position to give you further information. I can only reassure you, that your funds are securely kept in our cold storage.

An official statement is to be released tomorrow.
The last post on fb by mtgox is december 2013


Title: Re: html source of mtgox.com
Post by: Klestin on February 25, 2014, 02:12:58 PM
It's on the gox.com facebook page at https://www.facebook.com/goxbitcoin

It would seem that the legitimacy of this site is not yet certain.


Title: Re: html source of mtgox.com
Post by: MrPiggles on February 25, 2014, 02:16:03 PM
It's on the gox.com facebook page at https://www.facebook.com/goxbitcoin

It would seem that the legitimacy of this site is not yet certain.

Joined Facebook
2 hours ago


Title: Re: html source of mtgox.com
Post by: Klestin on February 25, 2014, 02:18:23 PM
It's on the gox.com facebook page at https://www.facebook.com/goxbitcoin

It would seem that the legitimacy of this site is not yet certain.

Joined Facebook
2 hours ago

... and is becoming less and less certain all the time.  Sorry for the (apparently) false spark of hope. The only remaining hope would seem to be the page source of mtgox.com mentioning an apparent acq[uisition].


Title: Re: html source of mtgox.com
Post by: mp420 on February 25, 2014, 02:23:51 PM
This whole thing looks like it could be a well-executed attack by some very influential actor (possible suspects include all kinds of hackers, law enforcement and intelligence services and Gox themselves). We've heard nothing from Gox that couldn't be just someone fucking with us.


Title: Re: html source of mtgox.com
Post by: not.you on February 25, 2014, 02:46:50 PM
gox.com seems to be forwarding to mtgox.com. Is that new?


Title: Re: html source of mtgox.com
Post by: st4nl3y on February 25, 2014, 03:13:24 PM
Just viewed the source of mtgox again and I have just seen about 20 lines of code with the phrases "mark" ,"my account id: ,and my correct ip address showing in one of the lines, when i refreshed the page to make a screenshot it was gone and now back to this again:

<html>
   <head>
      <title>MtGox.com</title>
   </head>
   <body>
      <!-- put announce for mtgox acq here -->
   </body>
</html>





Title: Re: html source of mtgox.com
Post by: Klestin on February 25, 2014, 04:10:50 PM
And now:
Quote
Dear MtGox Customers,

In the event of recent news reports and the potential repercussions on MtGox's operations and the market, a decision was taken to close all transactions for the time being in order to protect the site and our users. We will be closely monitoring the situation and will react accordingly.

Best regards,
MtGox Team

This is not much of a denial of those news reports. Yikes.


Title: Re: html source of mtgox.com
Post by: V4Vendettas on February 25, 2014, 04:26:31 PM
Hang on just a second why would they cease trading to protect the pitiful goxcoin price if they are allegedly buying up all the cheep coins in an attempt to regain liquidity?

Run out of Fiat mark? Or that conspiracy theory just lost some ground.