|
You aren't going to get a loan without any collateral. Nice attempt though.
|
|
|
|
|
Yes it is stored in the database. To my knowledge, it will never be deleted even if you post with a different IP address.
|
|
|
|
|
Using Bitaddress.org to generate a paper wallet, does have some risks and issues. For example, one of the minor issues is the private keys that begin with 5 are uncompressed private keys. These are an older type of private key. Meaning with these the transactions they make are bigger, as a result you'll likely need to pay slightly higher transaction fees. Although, it's not a huge inconvenience.
Gmaxwell and a few other members have urged users not to use ANY browser based private key generator as you expose yourself to many different kind of attacks. I would have to agree.
|
|
|
|
answer:
stop using generic email providers. and instead purchase your own domain/pop service and have your own independant and fully personalised email
If you do take this approach, only host it yourself. Otherwise you are relying on a third party which themselves could go offline at any point, or be exploited. |
|
|
|
Are you looking for malevolent? He used to be a member of staff and went in active for a few weeks recently. |
|
|
|
Compromise notification email said reset question was less brute-force resistant, so I wanted to remove it. Is blanking QnA form (and save) enough to disable it?
You can always test it yourself by going to the "forgotten password" and selecting "Ask me my security question". It will tell you if it's not enabled on your account. That's if you want to double check. |
|
|
|
Yes, I am sure he was originally smart1985, who later changed his name to mybitcointrade.com. I remember some of his posts from 2011/2012.
Wasn't he also the guy who sent bulanula 25 BTC instead of 2.5 BTC?
That's correct. He was orignally "smart1985", then changed his name to "Smart-Mybitcointrade.com" I believe. He was called just "mybitcointrade.com" at some point. |
|
|
|
It would be a wasted effort.
The campaign participants would then just create posts that contained the ad in the post itself instead of in the sig.
Although, that would be against the rules. Advertisements in posts aren't allowed unless the post is really substantial and useful. I do agree that signature advertising has become an annoyance and have reverted to using grue's approach and disabling them through external methods. I wouldn't be completely against the idea of removing signatures or putting more restrictions on them. |
|
|
|
-----BEGIN BITCOIN SIGNED MESSAGE----- This is Welsh from Bitcointalk.org, This account has not been hacked. 26/05/2015 at 19:00:21 GMT+1 The unedited post where my address was posted: https://bitcointalk.org/index.php?topic=441074.msg8139942#msg8139942-----BEGIN SIGNATURE----- 1LVA9Z8nKM76Qx6eExAivJLQoNbDsGvxWL HCdU+q/jx3ndlWeI/jKGN3Yneph7tdYrpPfl2ZaU4eu/O2aayYXmmbKbEzmkyvoveR/wNhVsfH3IFng9PijQxOk= -----END BITCOIN SIGNED MESSAGE----- |
|
|
|
|
It's too be expected for at least a week, whilst everything calms down.
|
|
|
|
|
Spent many hours on AOE. Possibly one of the games which I've put the most of my time into.
|
|
|
|
You know it really annoys me when moderators move posts around. After three days withdrawal I am sure some of the members would like to talk about it rather than having the whole issue of the site down pushed away to some >other>meta>youcantfindme> location of the site.
I hate it when people put the bandages in the first aid kit too. It's really a bummer when people put things where they should be. Seriously, it seems that everyone is out to complain about every aspect of the forum tonight. |
|
|
|
Have you ever tried to delete posts on this forum? It takes forever for each one. If you have hundreds or thousands of posts, it would be an impossible task. You'd need to write a script to do it or something.
I believe if you delete your posts, they are still in the forum's database, are they not?
Of course. That's what I meant that theymos would likely have to restore some posts. I do believe that personal messages can be deleted permanently if both parties delete the message. Although, I might be mistaken and it could well be recovered by theymos. He's either stated in the past that they get deleted, and/or they are difficult to recover once all members have deleted it. So because _I_ don't have thousands of posts, it's irrelevant? As for "If you did you would be unlikely to want to delete all of them" you are wrong, plain and simple. There are many people with hundreds and thousands of posts that would like a simple way to delete them.
I said unlikely. People who have contibuted to discussions and have posted that amount of posts, are probably quite interested in Bitcoin and the community. Because of a few people who have decided to use their personal handle want to delete their posts, doesn't outweigh the posssible issues with allowing anyone to delete all of their content. It's been stated by multiple users that this could cause issues. For a few examples, auctions & loans. |
|
|
|
Beside our emails and passwords of course ... how bad it could be when the hackers have this "Last-used IP address and registration IP address" , im not an expert or anything but don't the IP change each time we reboot the modem ?  Probably not the IP range but well If having a IP address was that big of an issue, nobody would be safe. Just imagine the amount of websites you've connected to over the years. If you have open ports it can slightly more concerning, but it would likely require a number of things to be truley concerened. For example, vunerable software. Keep up to date with the latest patches is normally advised. If the hacker was interested in using the IP to exploit, it would more than likely be on highly ranked members with a large presensce within the Bitcoin community. An issue some users may find, is that the hacker may have your IP address, which is a place to start exploiting. Your hash of your password. So if he/she does crack it then they know of one possible password you might use or varations of it. Or have a general idea of the passwords you use. They may also have a secret question and answer. But, I always recommend not using them, or if you must make it completely random. Of course, if you are concerned. Then you should get started in cranking up your security. A lot of users will be doing this, just to keep it fresh. |
|
|
|
Thanks theymos, I have changed my password yesterday and also today... and I hope to be 'safe' (a big word) now  . XAU for his real identity, it is a lot of money.... and I do not think he is stupid (he made a soc. engir. attack... only a few people are able to do it). PS: however good luck with the search. You'd probably be suprised by how easy some people can trick others into giving them sensitive information. I've seen it done on a much smaller scale and all it took was a little bit of confidence. There's also been reports over the years of simple techniques used against big companies and much more sensitive data. |
|
|
|
It's simple. Delete all of your posts and messages. Change your password to a random one which you aren't going to remember. Effectively, deleting your account. Not that it makes much difference if we are assuming that the hacker has a full dump of the site. As he will have that information regardless if you delete your account or not.
Have you ever tried to delete posts on this forum? It takes forever for each one. If you have hundreds or thousands of posts, it would be an impossible task. You'd need to write a script to do it or something. It takes a few seconds for each post. besides, you don't have thousands of posts. If you did you would be unlikely to want to delete all of them. Allowing people to delete content with ease wouldn't benefit the forum. There would be a lot of information missing, malicious users would be abusing it and theymos would likely have to restore a lot of content deleted by malicious users. |
|
|
|
|
At least right now, peoples senses are heighted and will be more alert to anything suspicious. Im more worryied for when nothing major has happended and people forget about security protocol and send their Bitcoin without seeking the verification that they would right now.
Which happens all the time, I've escrowed a few people. And they all seem to just want to get the trade done as quick as possible. bar a few.
At least at this present moment in time, users have more than likely upgraded their passwords. There probably isn't too much to worry about for the majority. The hacker only had a few minutes, so was probably unlikely to get the whole dump. However, it should be treated as though he has obtained every bit of information.
|
|
|
|
|
There shouldn't be a problem with using escrows and the like, they can sign an address they've used previously. Or verify with PGP. To be honest, before any escrow trade goes through regardless of the suspicious the account could be hacked or not verifying they are who they say they are should always be done prior to the trade.
And, if you want to verify any other member, I'm sure sending them a message requesting a signature with a valid reason wouldn't be a problem for most users.
|
|
|
|
The thing is, how can we actually mitigate that risk? Say someone is trading with me, how can they be sure that a) I'm not hacked and b) the escrow we're using isn't hacked. Especially as the escrows will be the primary targets.
The normal. Signed message via Bitcoin address or PGP. |
|
|
|
|
It's simple. Delete all of your posts and messages. Change your password to a random one which you aren't going to remember. Effectively, deleting your account. Not that it makes much difference if we are assuming that the hacker has a full dump of the site. As he will have that information regardless if you delete your account or not.
|
|
|
|
|
Show Posts
