|
Title: Clarification as to the Reason why the Forum was down for ~5 Days Post by: ForceField on October 07, 2013, 04:36:51 AM Theymos, it would be nice to hear an update as to:
1) Why it took this long of downtime to identify and fix the problem and what steps were needed to address all of the issues? 2) What protection have you implemented (or plan to implement) to prevent further such attacks in the future? 3) If, as you mentioned in the Reddit thread (http://www.reddit.com/r/Bitcoin/comments/1nmdq4/bitcointalk_hacked/), the hack was caused by a vulnerability in the news section of this website, then maybe it would be better to remove the news section entirely? I am glad that the BitcoinTalk forum is back up and I am sure that I was not the only one suffering while it was unavailable. Also this was the email I received on 10/3/2013 after the forum was offline: Subject: Bitcoin Forum Compromised Quote -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Unfortunately, it was recently discovered that the Bitcoin Forum's server was compromised. It is currently believed that the attacker(s) *could* have accessed the database, but at this time it is unknown whether they actually did so. If they accessed the database, they would have had access to all personal messages, emails, and password hashes. To be safe, it is recommended that all Bitcoin Forum users consider any password used on the Bitcoin Forum in 2013 to be insecure: if you used this password on a different site, change it. When the Bitcoin Forum returns, change your password. Passwords on the Bitcoin Forum are hashed with 7500 rounds of sha256crypt. This is very strong. It may take years for reasonably-strong passwords to be cracked. Even so, it is best to assume that the attacker will be able to crack your passwords. The Bitcoin Forum will return within the next several days after a full investigation has been conducted and we are sure that this problem cannot recur. Check http://www.reddit.com/r/Bitcoin/ and #bitcoin on Freenode for more info as it develops. We apologize for the inconvenience. -----BEGIN PGP SIGNATURE----- iF4EAREIAAYFAlJNCE8ACgkQxlVWk9q1kecABgD9H5sbb0DopdLsODAmv6LWmIaW kgfyYTlh8GezYbYx7c8A/iTh0/DCwaXuNKK/qUWpewR/L6HEOuAqa/ML1D+K9mZc =1NYs -----END PGP SIGNATURE----- Title: Re: Clarification as to the Reason why the Forum was down for ~5 Days Post by: DPoS on October 07, 2013, 04:51:22 AM I am sure that I was not the only one suffering while it was unavailable. lulz troll withdrawal is a terrible thing!! Title: Re: Clarification as to the Reason why the Forum was down for ~5 Days Post by: favdesu on October 07, 2013, 05:05:48 AM maybe a global "change your password" message would be helpful
Title: Re: Clarification as to the Reason why the Forum was down for ~5 Days Post by: Tomatocage on October 07, 2013, 05:10:54 AM maybe a global "change your password" message would be helpful The news banner is probably disabled since it's suspect in whatever attack vector the hax0r used. Title: Re: Clarification as to the Reason why the Forum was down for ~5 Days Post by: DPoS on October 07, 2013, 05:14:43 AM maybe a global "change your password" message would be helpful if they can use people's passwords then it would be too late anyway.. you know they would be on watch for the board to be back up before 99% of the users would know Title: Re: Clarification as to the Reason why the Forum was down for ~5 Days Post by: Maged on October 07, 2013, 05:20:39 AM maybe a global "change your password" message would be helpful if they can use people's passwords then it would be too late anyway.. you know they would be on watch for the board to be back up before 99% of the users would know That being said, it's not worse than before. For the last several months, the hackers had access to any account they pleased. Title: Re: Clarification as to the Reason why the Forum was down for ~5 Days Post by: MrHempstock on October 07, 2013, 05:37:14 AM That being said, it's not worse than before. For the last several months, the hackers had access to any account they pleased. Since 2011. Title: Re: Clarification as to the Reason why the Forum was down for ~5 Days Post by: Maged on October 07, 2013, 05:38:10 AM That being said, it's not worse than before. For the last several months, the hackers had access to any account they pleased. Since 2011. Title: Re: Clarification as to the Reason why the Forum was down for ~5 Days Post by: MrHempstock on October 07, 2013, 05:47:24 AM No worries!
But that is a much longer time to tackle those PWs. Finally a reason to be glad I'm not one of the BTC-laden early adopters (target) Title: Re: Clarification as to the Reason why the Forum was down for ~5 Days Post by: BorderBits on October 07, 2013, 06:04:04 AM It was the same person who did the CosbyCoin hack and they used the same exploit. . lol! Guaranteed it will happen again, too. What exactly has Theymos done with the tens of thousands of dollars donated to this forum?? ? ? ?
Title: Re: Clarification as to the Reason why the Forum was down for ~5 Days Post by: bitspill on October 07, 2013, 06:08:33 AM maybe a global "change your password" message would be helpful The news banner is probably disabled since it's suspect in whatever attack vector the hax0r used. Quote News: Change your forum password |