|
Title: FYI: "ownership change queued" Post by: theymos on December 14, 2018, 04:41:28 AM As an extra protection against any possible social engineering attacks, whenever* the administration changes an account's email address from its current value, the following process occurs:
- The change is queued. - It is listed in seclog.php (https://bitcointalk.org/seclog.php). - The old email receives a warning. - After 7 days, the change goes through and another seclog.php entry is added. The account stays locked throughout all of this. Hopefully it will be essentially unheard of, but if an account is going to be incorrectly transferred, everyone who knows about the incorrect change should noisily post all of the evidence they have so that we can at least put the change on hold and re-review the evidence. * Admins can act outside of procedure and bypass the queue if necessary, but hardly ever will. Title: Re: FYI: "ownership change queued" Post by: Findingnemo on December 14, 2018, 05:10:02 AM Is it I understand correctly?
When someone want to change his email on BTT account,then he can't use his/her account for those 7 days because "The account stays locked throughout all of this. Title: Re: FYI: "ownership change queued" Post by: theymos on December 14, 2018, 05:12:46 AM Is it I understand correctly? When someone want to change his email on BTT account,then he can't use his/her account for those 7 days because "The account stays locked throughout all of this. No, the queue only applies when the administration changes the email address, not when you change it yourself. It's for recovering hacked accounts and similar. Most people don't need to care about it. Title: Re: FYI: "ownership change queued" Post by: iwantapony_alt on December 14, 2018, 05:18:19 AM I didn't understand anything. My account is locked because of email changing. will it unlock in 7 days?
please help me clear this issue. Title: Re: FYI: "ownership change queued" Post by: Findingnemo on December 14, 2018, 05:21:57 AM No, the queue only applies when the administration changes the email address, not when you change it yourself. It's for recovering hacked accounts and similar. Most people don't need to care about it. Thank you for clearing it. :) :)I didn't understand anything. My account is locked because of email changing. will it unlock in 7 days? I think this system will be implemented from today so you may need to follow the old procedure since you locked your account for a while now.please help me clear this issue. Title: Re: FYI: "ownership change queued" Post by: theymos on December 14, 2018, 05:25:06 AM will it unlock in 7 days? No. This is a component of a comprehensive new set of recovery procedures which will be fully rolled out in the very near future (before the end of the year). This will allow recoveries to move forward at a reasonable pace again. But there is no immediate impact of this component to most people; I just needed to document it because the seclog entries are starting to appear. If you are given an email address on the page which tells you that your account is locked, then it may have recently changed. If so, sending an email to the new address may expedite things. Title: Re: FYI: "ownership change queued" Post by: iwantapony_alt on December 14, 2018, 05:59:08 AM No. This is a component of a comprehensive new set of recovery procedures which will be fully rolled out in the very near future (before the end of the year). This will allow recoveries to move forward at a reasonable pace again. But there is no immediate impact of this component to most people; I just needed to document it because the seclog entries are starting to appear. If you are given an email address on the page which tells you that your account is locked, then it may have recently changed. If so, sending an email to the new address may expedite things. Thanks, I just sent an email to locked...@bitcointalk.org Title: Re: FYI: "ownership change queued" Post by: Kopyleft on December 14, 2018, 08:30:18 AM This is a welcome development and would significantly lighten the long line of hacked and locked accounts waiting to have their issue addressed.
And allowing the community weigh in on decisions would also help reduce wrongful claiming of accounts. Although it would do little for those who sold their accounts and attempted to reclaim it. This I believe might not be an issue the admins would be much interested in Title: Re: FYI: "ownership change queued" Post by: Quickseller on December 14, 2018, 02:38:37 PM Does this mean that more password reset / account unlock requests will be processed by the admins?
Title: Re: FYI: "ownership change queued" Post by: mdayonliner on December 14, 2018, 02:56:13 PM Does this mean that more password reset / account unlock requests will be processed by the admins? Good question. Hope theymos have this in mind.Title: Re: FYI: "ownership change queued" Post by: jackg on December 14, 2018, 03:21:15 PM will it unlock in 7 days? No. This is a component of a comprehensive new set of recovery procedures which will be fully rolled out in the very near future (before the end of the year). This will allow recoveries to move forward at a reasonable pace again. But there is no immediate impact of this component to most people; I just needed to document it because the seclog entries are starting to appear. If you are given an email address on the page which tells you that your account is locked, then it may have recently changed. If so, sending an email to the new address may expedite things. Is it still just going to be via public key signing? If not, I’d there a way to opt for it to be for each account to make accounts much more secure, unless a large amount of develop,went is put into the new system as you mention social engineering, we might become a victim to that otherwise inless other factors are taken into account such as Mac addresses/iPs. Title: Re: FYI: "ownership change queued" Post by: CoinLearn_org on December 14, 2018, 08:41:44 PM Is it I understand correctly? When someone want to change his email on BTT account,then he can't use his/her account for those 7 days because "The account stays locked throughout all of this. No, the queue only applies when the administration changes the email address, not when you change it yourself. It's for recovering hacked accounts and similar. Most people don't need to care about it. Nice to know that you still recover hacked accounts. My account CoinLearn (https://bitcointalk.org/index.php?action=profile;u=228243) was hacked more than a year ago. I sent you & Cyrus the first signed message in PM on September 03, 2017. Next, I re-sent the same to you on October 17, 2018. Here is my public thread - https://bitcointalk.org/index.php?topic=2156605.0. Current owner even accepted that he bought it... I don't remember that username of seller account. If you read through the links provided, and some of my posts above, you'll see what seller sent me account pass without escrow. And as i got it, i paid him directly. Is there any hope left to get my account back? Title: Re: FYI: "ownership change queued" Post by: coupable-1 on December 14, 2018, 10:31:47 PM Finally some good news :)
It wasn't expected that the system will be fully set before the end of this year as mentioned by Theymos three months ago after responsing suggestions from @hilarious : maybe theymos and cyrus should just take a day or two out of every month to investigate and restore them. It would take at least a couple hours every day to deal with them. Each case typically requires a lot of follow-up. And it's really annoying work. I used to do them sort-of regularly, but at some point I just couldn't stand it anymore, in addition to not really having time. Cyrus is still doing some, though not enough to keep up. There's no need for any fee, and a fee probably wouldn't be appropriate unless absolutely necessary. Money is not a problem. If I could throw $100k at the problem and make it go away, I would do so. But in the real world, there is no magic wishing well where you can throw money and make things happen. You give people money and they don't do what you want, or the people you hire turn out not to be trustworthy, or you fill out the tax forms wrong and then later have to spend more time&money dealing with that than you would've by just doing the thing with current sub-optimal resources, etc. I acknowledge that the current situation is very bad, and we have some plans for fixing it. I hope to have manual account reviews going smoothly again before the end of the year at the latest. I am still waiting to read from Mods if they got information about this queue. We still don't know how the recoveries will be rolled out but seems that Mods will have the ability to change emails. We just have to wait for few other days until full set. Title: Re: FYI: "ownership change queued" Post by: JusticeForYou on December 15, 2018, 05:06:04 AM Ownership change queue will help in a more effective way to get the cases of Hacked/Locked/Compressed accounts to be studied as it will give us a list of usernames to the accounts which are in the process of recovery.
Also if any user finds his related or known account in the Ownership change queue displayed in the seclog.php (https://bitcointalk.org/seclog.php), he could check if its done by the real owner. This will increases the scope of finding a scammer and each case can be studied in depth. I am happy that some of the updates will be upcoming until the end of the year and most of the account in a queue to be recovered from months (some from years ) would get a decision from the administration. Thanks for a update @theymos. Title: Re: FYI: "ownership change queued" Post by: Marshall14 on December 15, 2018, 05:31:54 AM Ownership change queue will help in a more effective way to get the cases of Hacked/Locked/Compressed accounts...... I understand your explanation a bit more and even better,so the general idea if I'm not wrong is to provide a comprehensive lists of the accounts that have been hacked and that which theymos,cryrus and the mods are working or in the process of recovering it to the real owner. Also if any user finds his related or known account in the Ownership change queue displayed in the seclog.php (https://bitcointalk.org/seclog.php), he could check if its done by the real owner Thus is the general community going to be involved in the recovery process?And is it by checking if the post pattern or whatever he or she can lay hands on varies from the Initial owner(poster)or something like that Title: Re: FYI: "ownership change queued" Post by: JusticeForYou on December 15, 2018, 05:49:31 AM Thus is the general community going to be involved in the recovery process? You could get a answer in the OP.And is it by checking if the post pattern or whatever he or she can lay hands on varies from the Initial owner(poster)or something like that everyone who knows about the incorrect change should noisily post all of the evidence they have so that we can at least put the change on hold and re-review the evidence. Title: Re: FYI: "ownership change queued" Post by: LeGaulois on December 15, 2018, 08:34:18 AM Is it I understand correctly? When someone want to change his email on BTT account,then he can't use his/her account for those 7 days because "The account stays locked throughout all of this. No, the queue only applies when the administration changes the email address, not when you change it yourself. It's for recovering hacked accounts and similar. Most people don't need to care about it. Is it the new year resolution for 2019? Because hacked accounts are usually never recovered Title: Re: FYI: "ownership change queued" Post by: cryptomax217 on December 15, 2018, 02:45:05 PM i didn't know that there is such a thing. how is this done? who manages the accounts then?
Title: Re: FYI: "ownership change queued" Post by: TryNinja on December 15, 2018, 02:47:53 PM Is it the new year resolution for 2019? Because hacked accounts are usually never recovered But they will be. Take a look at his second reply to this thread. This is a component of a comprehensive new set of recovery procedures which will be fully rolled out in the very near future (before the end of the year). This will allow recoveries to move forward at a reasonable pace again. But there is no immediate impact of this component to most people; I just needed to document it because the seclog entries are starting to appear. Title: Re: FYI: "ownership change queued" Post by: Alone055 on December 15, 2018, 05:21:58 PM What's with the color differences of the accounts shown in the Security log page? May I/we have some clarity on that?
Title: Re: FYI: "ownership change queued" Post by: suchmoon on December 15, 2018, 05:48:45 PM What's with the color differences of the accounts shown in the Security log page? May I/we have some clarity on that? I added color-coding to the usernames in this log. That'll make it easier to pick out more valuable accounts from the list. The colors are the same as the colors on Who's Online (https://bitcointalk.org/index.php?action=who): - Admins = red - Global mods = dark blue - Donators = green - VIPs = violet - Staff = pink - Regular users are various shades of grey, getting darker with seniority. - Legendary = lightish blue Also, I made the "reset recently" text darker and larger. |