Bitcoin Forum
January 28, 2023, 04:06:39 AM *
News: Latest Bitcoin Core release: 24.0.1 [Torrent]
 
  Home Help Search Login Register More  
  Show Posts
Pages: [1]
1  Bitcoin / Project Development / colored coins use case poll on: November 17, 2013, 08:45:44 PM
Cheers.
2  Economy / Service Discussion / Blockchain.info My Wallet "Insecure Alias" on: October 01, 2013, 07:05:03 AM
To anyone who has run into this issue:

"Insecure Alias. Please login using your wallet identifier link."

I contacted them and they explained that they changed their policy, just a couple days ago, that aliases without an email attached will not work due to security concerns. They probably should have notified their users because I have a couple accounts which are not linked to anything and now I need the the ip with which I opened the account (?), the email with which I opened the account (HUH!?!) or my account password (yeah right). I think it's an unnecessary move, and don't really see the logic.

Well turns out deep in your browser's history, assuming you are not a security freak, are cookies with all the blockchain logins.  On chrome I entered:

chrome://settings/cookies

and then searched blockchain and there were a bunch of "Application cache" tabs and under each one was a different guid (wallet identifier) i had used in the past.

If this helps anyone out please post to this thread I'll be happy to know I'm not the only newb who doesn't backup his wallets (in my defense it was a disposable wallet which happened to have funds in it).
3  Bitcoin / Bitcoin Discussion / Need help finding video about computing power currencies issued by amazon on: August 27, 2013, 01:22:35 PM
Recently (Aug 23rd) saw a video which I assume was pretty new. Unfortunately I barely remember where or what it was about, except that it was an interview, not too long, seemingly on a news/economy channel and involved talking to a guy about bitcoin and digital currencies. He was pretty neutral about it, except that he made a note that future currencies should be created by companies like amazon and issued as guarantees of cloud processing/computing power.

I'm interested in viewing this clip again but I can't find it anywhere. Does anyone know which clip this is?

Thx.
4  Economy / Computer hardware / [WTS] Bitcoin Litecoin Complete Mining Rigs 7950 7970 on: July 09, 2013, 01:22:21 AM
http://www.ebay.com/itm/251301744029?ssPageName=STRK:MESELX:IT&_trksid=p3984.m1555.l2649

http://www.ebay.com/itm/251301754817?ssPageName=STRK:MESELX:IT&_trksid=p3984.m1555.l2649

http://www.ebay.com/itm/251301766177?ssPageName=STRK:MESELX:IT&_trksid=p3984.m1555.l2649

PM me if you are interested and if you don't use ebay we can work something out.
5  Economy / Goods / Bitcoin Litecoin Mining Rigs for Sale (7950/7970) on: May 24, 2013, 09:12:59 AM
I built and stress tested 4 rigs successfully for the entire past month. All run extremely stable. Generated over $1000 in net mining profit (after electricity costs) in less than a month. Each rig is slightly different. If you are in the Pennsylvania / New York City area I'm selling these units fully functional ready to mine with all newegg receipts and warranties. Flexible in terms of payment. Selling as a group or in singles. You need to be local because I'm not shipping these. PM me your number if interested.









6  Economy / Service Discussion / How I got robbed of 34 btc on Mt.Gox today on: April 11, 2013, 10:44:19 AM
So at 10:06pm ET on April 10th 2013 I was on btc-e reading the chat box. Then and there someone posted a link to www mtgox-chat info (do not open unless you know what you are doing) claiming a video announcement that mtgox was going to start trading litecoins.

I clicked on the link, the website opened, not much happened, and the "video"/chatbox never loaded. I then forgot about this website.



Some while later at approx 11pm, I received an email. This was an email from mtgox that a withdrawal had taken place. I thought this was a joke.

------------------------------------------------------------
Dear bitbull,
 
There has been a withdrawal from your Mt.Gox account:
 
Transaction reference: 97235bfd-9909-4020-9f06-e9d318c1ef7f
 
Date: 2013-04-11 02:06:22 GMT
 
IP: 198.203.29.120

You can access your account history for more details.

Please contact us as soon as possible by replying to this email if you did not request this withdrawal.

Thanks,

The Mt.Gox Team
------------------------------------------------------------

I immediately responded back to them, but what I discovered is that the withdrawal had been instantly processed and already confirmed in the blockchain:

https://blockchain.info/tx/bb30f2f110ba5b7bb60812bc3d7744f5086f6b4a38439566f1888a8d26e1fbec



which left less than a third of a bitcoin in my account. I then realized that this withdrawal happened at the EXACT time i accessed the mtgox-chat website based on my browser history. I then realized that I only received my notification email from them much after the fact apparently because their servers are overloaded and not functioning correctly.

Being a techie, I started researching. I found out that this site is hosted here in the USA. I also found out that the withdrawal was submitted from an IP in Los Angeles even though I have been accessing mtgox from Pennsylvania / New York. I then discovered that the site is a teleport pro rip of bitcoincharts.com branded with a mtgox logo, and was registered on namecheap (with bitcoins as it may be) not even 5 days ago! This is the IP resolve of the domain name.



I then discovered that the site is loaded with a java script which, based on an initial analysis by my java programmer friend, is a 0 day java exploit with a cross site injection attack, which automatically started. It also contains an additional keylogger payload, all customized specifically for mtgox. They even "offer" an easy to use file download link for those whose browsers are not running java. This script INSTANTANEOUSLY initiated a mtgox withdrawal of nearly all my btc (34btc) in the background (I was logged into mtgox on that browser, seemed to be using some form of proxy to access my browser cookie cache it would seem) and then changed the account password so I couldn't login anymore. This was proven to be 100% automatic as the withdrawal occurred the same exact minute I accessed that website for the first time.

It then continued to gather all my computer passwords and logged everything I was doing including my blockchain account (as I eventually located the log files) and then sent it to the hackers / script kiddies.  Luckily I have dual password protection on my blockchain wallet otherwise all my other bitcoins would be gone too. I wouldn't just call them just script kiddies because this script was very specific and well written for the mtgox website.  I had two antiviruses running and neither caught it. Only later malwarebytes picked it up as a well encoded trojan payload executable.



Mtgox has clearly not had time to respond, and I fear they will claim this is my fault as I have seen in other posts online that they say "report it to the police". They should compensate me 100%. First because their site is not secured against such rudimentary attacks as has been demonstrated today. I'm not the first and certainly not the last so long as they don't deal with this. Second because their security policy should account for such instances, and I did not even have an opportunity to warn them I did not make the withdrawal. Yet most importantly, BECAUSE THEY SHOULD HAVE KNOWN ABOUT THIS OVER 3 DAYS AGO!!!

http://www.reddit.com/r/Bitcoin/comments/1bvl4n/beware_when_clicking_any_link_from_chatboxesirc/

Yeah, I'm stupid, I should have enabled a Yubikey or other 2nd auth method when bitcoins started exploding in value ... but still, this attack is rather basic and should not be possible on a site at the level of Mt. Gox. I can only imagine how people with larger amounts would feel if clicking on a link emptied their account $10k+...

This is a serious loss for me, and unless this is handled correctly this can also badly affect the community. I know they are super busy as they are backlogged with over 10,000 account verifications - I can only hope this gets handled appropriately. Does anyone have any advice how to go about contacting mtgox, they are so busy they don't even realize someone has a specialized phishing operation running to rob their customers!

Any advice is very much appreciated.


UPDATE 4/21/13

I got my coins back Smiley

https://bitcointalk.org/index.php?topic=173227.msg1907593#msg1907593

But other's are still suffering. 

http://www.reddit.com/r/Bitcoin/comments/1cokps/java_exploit_stole_all_my_btc/

I'll be the first to buy a hardware wallet...
7  Alternate cryptocurrencies / Altcoin Discussion / Ripple XRP distribution requires immediate formalization on: February 21, 2013, 06:55:09 PM
If ripple.com doesn't proclaim loud and clear that their intent is to find a community consensus of how to fairly distribute the whole of xrp in existence, then a dark path is ahead. For as the value of xrp rises, so will the devil in the hearts of those who hold it, and soon power will corrupt and scarcity will be the key to profits and control. Even if you trust the creators, centralizing the xrp reserves will attract power hungry monsters who will find a way to take over, whether it through government/mafia coercion or economic means. Satoshi would be rolling in his grave. Ripple has amazing potential, lets make sure it is for the greater good of us all.
Pages: [1]
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!