I suggest to pay more attention, after the forum attack a lot of forum account were hacked... so it is probable that we are not talking with the real owner (I hope you understand what I wanted to say ). PS: Ask always a signed message from a bitcoin address, now more times... due the forum hack.
|
|
|
It wasn't the forum's fault but the hosting. Theymos claims it was the hosting. That's what you meant to say. He openly states, in this very thread, that before any of the alleged social engineering took place, "... The attacker was able to acquire KVM access credentials for the server. The investigation into how this was possible is still ongoing, so I don't know everything ..." Not sure why everyone is acting like lax DC security is the issue, The hoster denied beeing attacked with SE. It is still not clear how attacker gained access and why. Where did you see this? People here are still under the impression it was Social Engineering.... I don't remember where it was. It was one of the crypto news sites. They wrote, they have called NFOrce about the incident and they denied beeing attacked with SE. of course they would deny it. Social engineering is the worst PR for them, no one would trust them anymore Exactly, I have started to think ....that with a simple thing you can ruin all the security that you have created. A soc. eng. attack is a simple concept but it is not simple to do, it brought me back to my mind the story of 'kevin mitnick".
|
|
|
Hi,
i have a SSD VPS Server with a 10GB/s Connection, should create a node ?
Yes you should create a bitcoin node to support the bitcoin network , the upload is the best thing ... because you should 'broadcast' and validate the transaction. PS: but also the download band is an important thing, because it will continue to downl. the btc blockchain.
|
|
|
There are some very clever hackers hiding on this forum and in bitcoin-world in general. You need to stay on your toes at all times.
You can always leave and also the OP can always leave . However, yes this time due a social engineering attack... really impressive how it was easy.
|
|
|
Can I please get my account deleted from the site?
No you can't get your account deleted from this forum, however move this thread in the right section (Meta : https://bitcointalk.org/index.php?board=24.0). PS: The next time make a little research, before open a thread like this. ,,|,, fuck you That is sweet, is that a pie? No one cares to troll threw your few posts just to try and identify you. Log out and do not log back in. As said above look out for the threads that have already gone over more than 5 times in 1 day and you would have been answered you would also not get upset with someone helping you Yes, really sweet! Maybe the forum staff should stick a thread and say that it is not 'possible' to delete forum accounts (you can delete all the forum posts, if you want).
|
|
|
Can I please get my account deleted from the site?
No you can't get your account deleted from this forum, however move this thread in the right section (Meta : https://bitcointalk.org/index.php?board=24.0). PS: The next time make a little research, before open a thread like this.
|
|
|
I have a feeling we will be seeing a lot of hacked accounts in the near future (abandoned but high ranked accounts for example). Stay alert guys!
Yeah I've seen some old accounts just started posting again today after years of not being used . Which ones? Maybe a list should be compiled, though what Quickseller said in another thread will also be relevant that many older inactive members will be likely to return to change their passwords by the email they received from theymos. Yes, it is probable that old users will return to change their password just for precaution, but posting nonsense from inactive accounts for years? That should ring a bell.This, like the Mt.gox support's account... he is trolling and post useless posts around the forum . This should alert everyone that those account(s) were hacked and it is (or better they are) under the control of the 'hacker' who has attacked the forum .
|
|
|
I can see how many people are just going to ignore this ever even happened and are not planning to change their password. Sure, it may be hard to obtain the actual password, but it is not impossible either. I am hoping at least the most prominent users will use reason.
Exactly, a lot of users (people) don't understand how to protect after an hack their account... but they will surely cry sooner or later and say "why my account was hacked,why I can't access on my account, bla bla?". This is the funny thing, in my honest opinion theymos should send also a general PM here in the forum and say "you should change the password, because the forum was hacked... ". I know he sent an email, but a lot of users are using a random e-mail.
|
|
|
I don't really see this excitement among members. Unfortunately, those coins could have been spent in a better way i think.
Disclaimer: i really like SMF. I don't want to change this.
Note:only thing i'd change is, the hashing of secret answers, maybe a bit more won't be bad for the security.
I lie SMF, I am really used to it, and I am very used to it. I have been on this account for 40 days, which is 960 hours. I do admit the forum is looking very old and in my opinion not the prettiest. I would definitely have to get used to it, but I would rather spend a couple hours getting uesd to it then having to still use the current version. We should also think about the security (in the first place)... the 'design' is a secondary thing. I also like SMF but (why not) I will continue to use the forum (with the new *software) but they should improve the security and use a secure inter. service provider , or host the forum on an 'home-made' strong build server.
|
|
|
I am curious to know why more people didn't try to warn others about entrusting TF with such large amounts of money if it was so obvious that TF was such bad news.
He was able to game DefaultTrust early on when the trust system came out. Anyone who attempted to question his trustworthiness was given a negative rating by TF and his friends from coinchat and their concerns were ignored by everyone due to the rating. That sounds somewhat familiar to what happened with someone who was recently removed from level 1 default trust, although the use of negative ratings was not used. Massive amounts of positive ratings were used though. That's what happens when you have un-moderated trust feedback. Quick and easy fix : hire Vod as staff, let him moderate trust,and give his word a final say when it comes to abuse of trust; ta daa, problem solved. At the least, scammer tags should have stayed along with this current default trust joke; so scammers would remain tagged Just imagine how many scammers (and soon-to-be-one's) would loose their mind to this, aww jiss cheers Hmmm ... no. This will be really a stupid thing, why a mod should moderate the trust system? Wasn't it untrusted? However OP, I think you can close the thread because you have received the reply from the directly interested user ( $username aka TF).
|
|
|
Admins:
Please delete my account. The option to delete account seems to be only visible to admins. Thank you.
As stated above. You need to manage your account. Delete all your posts, (all 1 of them?). Then change your email and password to a long one. That's it. But he wants to delete his account, and theymos or another admin can do this thing only in few cases... and I think they are busy at the moment (due the recent attack(s) ). Delete all his posts will not delete at all his forum account. That's true. But i don't know if the admins will do this. I think they are going to tell him to delete his content. In his case it will take a few seconds to delete his post. They can surely do this, but now it is not a good moment to asking... I think theymos and all the staff are really worried about the forum safety (in these years the forum was attacked a lot of times... now the things should change and a new forum software it is not the priority).
|
|
|
I recieved the email that the server was compromised and data was stolen. i want to know what can i do now that my data is out there how can i secure myself from attacks?
The first thing you should do is to change your password into something secure and write or store it into some secure place. Next thing is to avoid, as much as possible, clicking some emails into the email that you used in registering into this forum. Next is to be sure that you won't post any of your personal info of yours in the internet; hackers could definitely use it against you in some attempts of attack and/or blackmails. If you used the same password in this forum to another online site, change them so as to minimize the risks of getting those other accounts compromised. He should also change all the password (of various accounts on the exchanges, etc...) if he used the same one for all the accounts (a bad practice). You should change them quickly if you want to save your 'internet identity). However is really 'fun' that with a simple attack you can ruin a lot of things... was it really a soc. eng. attack?
|
|
|
Admins:
Please delete my account. The option to delete account seems to be only visible to admins. Thank you.
As stated above. You need to manage your account. Delete all your posts, (all 1 of them?). Then change your email and password to a long one. That's it. But he wants to delete his account, and theymos or another admin can do this thing only in few cases... and I think they are busy at the moment (due the recent attack(s) ). Delete all his posts will not delete at all his forum account.
|
|
|
Why this news should be related with bitcointalk? However it is only a question of social engineering and there is not a real solution for this type of problem.... the human (employee) is the problem.
|
|
|
If our account still gets compromised, are you still able to revert permissions back with a PGP btc address to confirm user?
Yes. I also have a database snapshot from a little before the attack which I can use to verify people by email if necessary. I'm sorry, but has theymos actually confirmed his forum identity after the attack yet? And also, is it just me or is the forum currently loading slower than normal? Was running ok earlier but it's got a bit sluggish now, but that's to be expected as everyone tries logging on and resetting their passwords etc. Wouldn't surprise me if the forum will get ddosed as well. ddosbtc is fucking around with his annoying booter. Another hacked account , WTF ... welcome back Mt.Gox support !
|
|
|
-----BEGIN BITCOIN SIGNED MESSAGE----- redsn0w confirms that his account is not hacked as of May 25 2015.
The unedited post where my Bitcoin address can be found is here -> https://bitcointalk.org/index.php?topic=996318.msg10822914#msg10822914 -----BEGIN SIGNATURE----- 1redsY74u97ECVVKx7Gz9QWJWECUuzsrj HAcHC4cwdSYVUPD4cGf1vyQ1W4zDbAz9acZzz/DkrxBfYENSCy9sl9rzQYpun/0n8FQAFD0qMLAHWRaYG21or9I= -----END BITCOIN SIGNED MESSAGE----- .
|
|
|
I don't think using the new forum software would have stopped this hack/attack.
I think this is one additional reason to show that theymos needs to be 100% sure about the security of the new forum software before implementing it as there will be many people who will attempt to exploit any security holes in it.
To be honest everything can be hacked. Even the bigger networks, services can be penetrated by hackers. People need to understand this. But I understand what is the problem here. Users are disappointed/angry that despite having multi million dollar budget we still have old forum software, that is the problem. No ETA or any news regarding this upgrade and recent compromise of bitcointalk did not really help either. I think these type of attack (or general) will increase when the new forum software will be 'released' fully functional.. because I think it will come with a lot of bug . Again: you can build a strong security but if an employes will reset the pwd ... then you are really fuc**d.
|
|
|
Thanks theymos, I have changed my password yesterday and also today... and I hope to be 'safe' (a big word) now . XAU for his real identity, it is a lot of money.... and I do not think he is stupid (he made a soc. engir. attack... only a few people are able to do it). PS: however good luck with the search. You'd probably be suprised by how easy some people can trick others into giving them sensitive information. I've seen it done on a much smaller scale and all it took was a little bit of confidence. There's also been reports over the years of simple techniques used against big companies and much more sensitive data. Yes I am surprised and I know that a 100% security doesn't really exist but c'mon... we are talking about a big service provider and it should not be easy to trick them (in my honest opinion) but everything is possible. The real problem is always the people, you can build the security that you want but you are fuc**ed if an employee will reset the pwd .
|
|
|
Hello, everyone.
I created a new blockchain wallet last Thursday and besides the default receiving address that it comes with, I quickly created 3 new receiving addresses.
I double checked all four of them and saved them into my organizer.
From my sports betting accounts online Saturday, I withdrew from the casino about 7 coins to each address.
On Sunday, I noticed that one 7 coin transfer had not arrived.
I thought the casino ripped me off, but when I logged back into the blockchain wallet, I noticed I only had 3 receiving addresses and not 4.
The last receiving address had totally disappeared from the wallet.
Double checking the address in blockchain, the 7 coins were indeed transferred there, but I have no way to access them?
How is it that I had 4 receiving addresses in my wallet and now one is gone?
Because it was a new wallet and all the addresses just created, I'm thinking maybe the blockchain reset right after the addresses creation or maybe a server error it somehow didn't save the last one, or maybe I didn't log out properly, or........I don't really know.
The prospect of wallet addresses just up and disappearing seems kind of frightening, so I thought I'd ask the forum if they've ever seen anything like this?
What I do know for sure, is that I double checked all four addresses at the time of creating the wallet Thursday and they were all there, but as of Sunday only three.
Can you at least provide one bitcoin address or better a transaction ID? So we can make a supposition, but I think that your 'blockchain. info' account was compromised (do you use 2FA on *BC.info?). *BC.info = blockchain. info
|
|
|
I also think that it is a stupid idea, it is not the right moment to allow users delete their own forum accounts... I think there are a lot of compromised accounts and if the malicious 'hackers' want to delete them (then it will be really easy).
|
|
|
|