It's not entirely clear if the attacker got access to the Mt.Gox source code, but at the moment it's probably safer to assume the salt was compromised as well.
It's definitely NOT safe, someone just showed me a big list of cracked mtgox passwords on IRC channels. It's likely that salt has already been discovered.
|
|
|
If the salt hasn't been compromised, then the passwords should be safe, no?
No, absolutely not. I have already seen cracked mtgox passwords being shared in the IRC channels. Do not take a chance, change them as soon as possible, everywhere you used it.
|
|
|
Man from the future, you seem to know this stuff. How hard would it be for people to bruteforce or crack a reasonably strong password with the encryption in the MtGox file? Say 10 characters alphanumeric.
If the hacker also got their hand on the mtgox sourcecode, it's pretty trivial to crack, probably 5-10 accounts per hour depending on password strength.
|
|
|
The front page of mtgox is redirecting to something showing this now: UPDATE REGARDING LEAKED ACCOUNT INFORMATIONS
We will address this issue too and prevent logins from each users. Leaked information includes username, email and hashed password, which does not allow anyone to get to the actual password, should it be complex enough. If you used a simple password you will not be able to login on Mt.Gox until you change your password to something more secure. If you used the same password on different places, it is recommended to change it as soon as possible.
It also says "One account with a lot of coins was compromised" and "Apart from this no account was compromised, and nothing was lost". If that's true, how did everyone's password hashes end up on the Internet for public download? Something fishy is going on. One have to be an idiot to believe that statement, someone has 500k+ btc just sitting in their mtgox account? lol
|
|
|
I think some one must be EXTREMELY stupid to leave 500k+ BTC in their mtgox? Is there even one person that owns more than 500k+ BTC? AND not care about it enough to have their password hacked?
|
|
|
conspiracy theories ahoy! is tradehill still up? tradehill is up, just slow and sometime timeout
|
|
|
MtGox has more than one employee, it's not just a one-man operation.
who? even magic tux is not dedicated to mtgox, he's working on other projects
|
|
|
I think it's just huge traffic increase to tradehill from refugees of mtgox
|
|
|
It doesn't matter who is attacking, the fact of the matter is, mtgox is a one man hobby operation, that isn't designed to handle to security/volume demand of the current btc market. Tradehill is far better than mtgox.
|
|
|
Well, should we start to panick ?
that's never a good solution MTGOX HAXED? i mean, who will sell that much bitcoins?
more likely an early adopter got his wallet taken over. No early adopter has 1M+ btc
|
|
|
yep, mtgox was probably hacked, someone sold all BTC from everyone that had them in their mtgox account
|
|
|
I think someone hacked mtgox, selling all BTC from everyone's accounts
|
|
|
I think someone hacked mtgox, selling all BTC from everyone's accounts
I can still place buy orders:
Buying 240 0.1 Active 24 06/19 14:02 cancel
|
|
|
I can still place buy orders:
Buying 240 0.1 Active 24 06/19 14:02 cancel
|
|
|
I think someone hacked mtgox, selling all BTC from everyone's accounts
|
|
|
someone just sold over 1 million BTC on mtgox, or the data is wrong on mtgox, one or the other.
|
|
|
No, someone just sold to every outstanding buy order on mtgox wtf just happened?! did someone just buy EVERY outstanding bitcoin on mt gox?!
|
|
|
Some more confirmations from somebody else? Looks like good and easy method. I would (personally) avoid this - if the wires cross somehow you're blowing the vid interface rather than your VGA converter. Use the VGA converter that comes with every video card, and just put the resistor between pins 1 and 6 - you only need one resistor (there is no benefit to 3, just costs 3x as much). W a signal from resistor can blow the vid interface or the VGA converter? how does that work exactly?
|
|
|
|