|
Title: Mass hacking of forum accounts Post by: Blazr on May 21, 2013, 02:00:32 PM I've noticed recently that there has been a massive increase in the amount of BitcoinTalk account's being hacked.
See here for some examples: https://bitcointalk.org/index.php?topic=211977.0;topicseen https://bitcointalk.org/index.php?topic=211801.msg2221021#msg2221021 I would recommend that anyone who has re-used their account passwords on any other website (including BTC related websites) to immediately change these passwords (use something like LastPass to manage your password), the same goes for your email addresses. Make sure you use a strong password (letters, numb3rs, $ymbols and upPeR CaSe LeTteRs). Be careful when trading with people, the account may be hacked, look out for suspicious behaviour, use escrow when possible and do not trade with anyone who may be a risk. It may be a good idea to add optional Google Authenticator 2FA. This would definitely help reduce the amount of hacked accounts. Title: Re: Mass hacking of forum accounts Post by: pekv2 on May 21, 2013, 02:30:44 PM stay safe link in my sig.
& https://bitcointalk.org/index.php?topic=159424.msg1685280#msg1685280 Title: Re: Mass hacking of forum accounts Post by: DobZombie on May 21, 2013, 07:13:09 PM Speaking of signatures, I saw this earlier...
Quote Bicknellski https://bitcointalk.org/index.php?action=profile;u=76550 Hero Member Posts: 631 Canadian Montessori School AVALON DELIVERS: Reference Documentation, Bill of Materials, Chip Communication and etc. LINK FOR THIS ^^^ https://bitcointalk.org/index.php?topic=200668.new#new The Race is ON: Klondike DIY AVALON by BKKcoins LINK FOR THIS ^^^ https://109.201.133.65.DONTFUKGOHERE/index.php?topic=190731.msg2095159#msg2095159 I added "DONTFUKGOHERE" in the link so it is useless. Gives an SSL warning, and I just happen to be logged out. Title: Re: Mass hacking of forum accounts Post by: 2112 on May 22, 2013, 01:43:54 AM I added "DONTFUKGOHERE" in the link so it is useless. C'mon, this is completely safe. 109.201.133.65 is just the current IPv4 address for the bitcointalk.org. The browser store the authentication cookie indexed by the string value of the "website" portion of the URL. The warning was propably that "109.201.133.65" != "bitcointalk.org". You can safely log in to https://109.201.133.65/ with the same credentials as to the https://bitcointalk.org/ after verifying that the certificate is indeed for "bitcointalk.org". Same browsers are/were so paranoid that would force another session when the URL would be https://bitcointalk.org:443/ , where 443 is the default HTTPS port.Gives an SSL warning, and I just happen to be logged out. I think that as far as browsers go only Internet Explorer (maybe some older versions, like IE6) had a cookie and/or authentication credentials storage indexed by the server certificates, not by the URL strings. Several HTTP/HTTPS libraries have this functionality built-in. Title: Re: Mass hacking of forum accounts Post by: DobZombie on May 22, 2013, 02:28:12 PM I'd rather be paranoid than trusting ;D
Title: Re: Mass hacking of forum accounts Post by: dexX7 on May 22, 2013, 06:46:50 PM There is a phishing BTC-E website going around (btceXXXXX.site40.net) and spread by email. Maybe that's linked?
|