Bitcoin Forum
November 14, 2024, 11:14:01 PM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
  Home Help Search Login Register More  
  Show Posts
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 »
1  Other / Meta / Re: Influx of Hacked Accounts on: May 25, 2015, 10:09:31 PM
When I say 80% I am underestimating. Like I said even satoshi would be locked out, if you think it's a good idea to make 80% of accounts here unrecoverable then you are a complete idiot. Don't waste your time replying to this.

It makes perfect sense for a likely compromised account to be trying to dissuade Theymos and others from good security advice.

Whether the number is 50% or 90% , they mostly are comprised of shill accounts so it will be great to purge those.

If you are going to ban 80% of accounts here including satoshi and all VIP members except 2 who used real emails you might as well delete the whole forum and start over from scratch. Even this account's email "support@mtgox.com" had expired.
2  Other / Meta / Re: Disable Account in the Forum on: May 25, 2015, 10:06:02 PM
Me too, want it gone or username changed

Who do I need to email hourly to get this done.

I have an admin account here now, PM me your desired username and I will change it for you.
3  Other / Meta / Re: Need more information on hack on: May 25, 2015, 10:05:01 PM
No. The database was copied, there are many copies now many people have it.
And where can I get a copy of the database?

If you don't know where to get one then you can't have one. You are such a scammer for asking that too.
4  Other / Meta / Re: Influx of Hacked Accounts on: May 25, 2015, 10:02:59 PM
no i mean 80% of the emails are invalid, they aren't temporary emails, they are invalid that bounce emails back. Most people just entered sadasdsdfgdfgdfgdfa@gmail.com or similar, the email accounts don't exist. The only authentication the forum has is password/security question, email is no good for us, even satoshi's account has an invalid email.

I understood you the first time. Who cares if they are invalid. I clearly stated that those users who are stupid enough not to maintain a throwaway email for this exact scenario deserve to become newbies again.

What is worse : a few hero accounts being frozen where the users are forced to start over or a ton of compromised accounts trolling and scamming on this forum?

The choice is clear to me ... hopefully Theymos makes the right decision, otherwise he is choosing usability over security like apple did before fappergate.

When I say 80% I am underestimating. Like I said even satoshi would be locked out, if you think it's a good idea to make 80% of accounts here unrecoverable then you are a complete idiot. Don't waste your time replying to this.
5  Other / Meta / Re: Influx of Hacked Accounts on: May 25, 2015, 09:55:33 PM
about 80% of accounts here have a fake email address set. People are reluctant to use real email addresses so they can stay anonymous. Only thing people can do is log in and change their password before the hacker can crack it.

Some of those 80% will still have access to the fake/throwaway email accounts, some wont. It takes 5 minutes to setup a spare email account for security / spam and it only needs to be checked 1 a year to make sure it remains active. Anyone that isn't maintaining these accounts in a password manager is irresponsible and deserves to become a newbie again.

no i mean 80% of the emails are invalid, they aren't temporary emails, they are invalid that bounce emails back. Most people just entered sadasdsdfgdfgdfgdfa@gmail.com or similar, the email accounts don't exist. The only authentication the forum has is password/security question, email is no good for us, even satoshi's account has an invalid email though that is likely on purpose.
6  Other / Meta / Re: Need more information on hack on: May 25, 2015, 09:52:03 PM
One question walla1234, did you pay a proxyban fee when creating this account?

A what?

What is this, am i talking to the hacker now? What are you guys all talking about?

Follow the white rabbit.

Hacker or not, can you get my personal data out of the database including this topic, Mr. Wizard?

No. The database was copied, there are many copies now many people have it.
7  Other / Meta / Re: Influx of Hacked Accounts on: May 25, 2015, 09:50:06 PM

Protect all which accounts? The ones posting here now? Or the accounts on the db dumps? Those probably changed hands a few times by now.

If Theymos changes all passwords and drops the security question table and prompts the users to reset via email on file the only vulnerable accounts will be those that have the same password /security question for their email as here and fail to respond timely.

about 80% of accounts here have a fake email address set. People are reluctant to use real email addresses so they can stay anonymous. Only thing people can do is log in and change their password before a hacker can crack it.
8  Other / Meta / Re: About the recent server compromise on: May 25, 2015, 09:47:25 PM
If our account still gets compromised, are you still able to revert permissions back with a PGP btc address to confirm user?

Yes. I also have a database snapshot from a little before the attack which I can use to verify people by email if necessary.
I'm sorry, but has theymos actually confirmed his forum identity after the attack yet?  And also, is it just me or is the forum currently loading slower than normal?

Was running ok earlier but it's got a bit sluggish now, but that's to be expected as everyone tries logging on and resetting their passwords etc. Wouldn't surprise me if the forum will get ddosed as well.

ddosbtc is fucking around with his annoying booter.
9  Other / Meta / Re: Influx of Hacked Accounts on: May 25, 2015, 09:45:24 PM

>Yeah I've seen some old accounts just started posting again today after years of not being used Sad.

How is this going to change above?  The hacked accounts make it pretty clear that either the passwords weren't salted, or the hackers managed to do much more than garb a db of password hashes & emails. Theymos did say he was rooted :


You cannot assume Theymos is lying and the database wasn't salted. We don't know if the security question was encrypted and salted as well.
I'm assuming nothing. Merely laying out the possibilities, so that they could be eliminated, one by one. In other words, theymos is not lying, the passwords were salted, which leaves only one plausible explanation for shitloads of VIP accounts flooding online: The hackers got a lot more than password hashes & emails.

Quote
Any old accounts compromised likely used easy passwords or easy security questions.
VIP accounts in a forum that's all about privicy, security & crypto? You sure?

Quote
Forcing a password reset where the recovery must happen through email will protect all those accounts unless the user were ignorant enough to use the same password for their email account as here.
Protect all which accounts? The ones posting here now? Or the accounts on the db dumps? Those probably changed hands a few times by now.


You can still crack salted passwords you know.... you just can't use a rainbow table to speed up the process.
10  Other / Meta / Re: Need more information on hack on: May 25, 2015, 09:43:03 PM
One question walla1234, did you pay a proxyban fee when creating this account?

A what?

What is this, am i talking to the hacker now? What are you guys all talking about?

Follow the white rabbit.
11  Other / Meta / Re: Need more information on hack on: May 25, 2015, 09:40:59 PM
I would like to know which IP addresses of me were exactly leaked out.

91.180.77.90

Thats the hackers IP, not his , unless you meant it in the other way.

Doubt the hacker has the same provider as me  Wink

Thanks Mt. Gox. Could you please remove my account and all data of me in your database?

Sure, but I'm not the person who hacked the forum and I can't change his/her copy. I'm like a grey-hat hacker I guess.

Grey-hat would be incorrect.  You seem like a troll.  I call scrypt kiddie.  Guessing you do know who did it though... you could get quite a reward if your turn in who did this.   

Impress me tell me my IP.  Or old password.

I don't know your IP because I don't have any databases but I'll take a random guess:

207.254.173.84

you spelt script wrong BTW.
12  Other / Meta / Re: theymos is a government agent | do not use this forum it is honeypot on: May 25, 2015, 09:39:04 PM
We are starting to see hacked accounts from the leak appear and begin to troll these forums. Theymos needs to force a password reset on all unchanged passwords ASAP.

What will that do? it'll only make it slightly easier for the hacker, he won't have to go through as many mouse clicks to reset a password after he logs in.

Precisely, odds are the attacker will log on and go directly to change the passwords of compromised accounts. I however am more curious to see if my account gets hacked (doubtful) but it would interest me considering the strength of the hash.

You should change your password. I'm guessing a lot of people have the dump by now. Password crackers are really smart, almost any password a human can think of can be cracked within a few hours with under $10,000 worth of GPU's.
13  Other / Meta / Re: Need more information on hack on: May 25, 2015, 09:36:59 PM
One question walla1234, did you pay a proxyban fee when creating this account?
14  Other / Meta / Re: Need more information on hack on: May 25, 2015, 09:34:18 PM
I would like to know which IP addresses of me were exactly leaked out.

91.180.77.90

Thats the hackers IP, not his , unless you meant it in the other way.

Doubt the hacker has the same provider as me  Wink

Thanks Mt. Gox. Could you please remove my account and all data of me in your database?

Sure, but I'm not the person who hacked the forum and I can't change his/her copy. I'm like a grey-hat hacker I guess.
15  Other / Meta / Re: Influx of Hacked Accounts on: May 25, 2015, 09:32:15 PM
This.
That.
Probably more. Roll Eyes
for the first you are just paranoid that he doesnt have a username and that he hasnt posted in some time, if you look at his post history, a few years ago, most of his posts were in the german section, although he speaks english now, if you look closely, it is obviously not his first language, he probably received the email today and decided that he will come back
About the first: the account was originally in possession of a German, who started a service that soon turned into (possibly) the second largest ponzi here at bitcointalk. He claimed to have sold the account to another German, who then claimed to have sold to a Russian. Nobody knows if the original account ever changed owners in the first place. But today, the account came back with a very fluent English speaker, potentially with a Dutch origin. Paranoid I may be, but that does not mean that I'm wrong Wink

You are next. enjoy.
16  Other / Meta / Re: theymos is a government agent | do not use this forum it is honeypot on: May 25, 2015, 09:30:00 PM
We are starting to see hacked accounts from the leak appear and begin to troll these forums. Theymos needs to force a password reset on all unchanged passwords ASAP.

What will that do? it'll only make it slightly easier for the hacker, he won't have to go through as many mouse clicks to reset a password after he logs in.
17  Other / Meta / Re: Influx of Hacked Accounts on: May 25, 2015, 09:28:20 PM
It seems that the primary target (at least so far) of hacked accounts has been VIP accounts.
IDK. They just happen to be the ones I keep an extra eye on.
Theymos mentioned that weak passwords would require dedicated brute force to be hacked.
I guess that's what the attacker is doing. Obviously going for the most valuable accounts first.

The attacker is sleeping right now. he has no idea the shitstorm he is going to wake up to.
18  Other / Meta / Re: Influx of Hacked Accounts on: May 25, 2015, 09:27:05 PM

Fond memories:
https://www.youtube.com/watch?v=LKrOHAfMdxI
19  Other / Meta / Re: Influx of Hacked Accounts on: May 25, 2015, 09:20:31 PM
I wonder why the hackers targeting those high ranked accounts are coming out as such obvious trolls. Perhaps they deemed them not worthy? I wonder if more accounts were hacked and are going to be sold in a stealthy way.

The only people who sell accounts and scam here are kids. If you know some stuff about hacking you wouldn't stick around here for more than occasional trolling. Better targets out there than bitcoiners, and stealing from bitcoiners is a real douchebag move.
20  Other / Meta / Re: Influx of Hacked Accounts on: May 25, 2015, 09:15:25 PM

Such slander. MtGox has the best security practices ever.
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 »
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!