That's a bug. The categories keep moving around, I'd guess because SMF is relying on undefined MySQL behavior that I messed up by switching to a different version of MySQL. I will fix it in the near future.

OP: That's not me.


Cøbra's account was not hacked/modified. As far as I can tell, there were no modifications to the database.

Yes. I also have a database snapshot from a little before the attack which I can use to verify people by email if necessary.

Right, you should change your password again.


Your eyes got used to looking at other websites besides this one.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

*.bitcointalk.org:
Modulus:
    00:f7:86:12:82:b8:d5:31:85:68:e9:2c:d9:a9:c7:
    39:b8:a6:36:76:eb:d5:3a:f9:57:ec:e1:06:af:20:
    72:d7:24:1d:67:2a:3f:96:fd:93:c4:99:b1:e1:5a:
    22:fb:40:c5:b7:d1:ed:7b:2c:6d:4e:1a:27:73:e4:
    44:fa:5c:78:2c:e0:fb:5d:3f:8c:f0:4b:ba:8a:07:
    e6:04:f0:7d:a8:77:e8:0e:b0:bb:3f:c0:fc:9f:fa:
    84:6c:49:f2:d0:f1:d0:a5:e6:5a:d4:40:d6:50:27:
    7e:cd:54:d4:cf:75:31:0c:6f:50:81:67:c7:a0:7a:
    f3:14:a5:76:e1:d8:8c:42:82:27:be:53:6d:4c:03:
    8e:3c:a9:d5:82:80:9b:bd:53:c8:f4:cd:4c:69:8e:
    af:64:3d:a9:8f:73:e4:61:5c:6d:8a:d1:1e:fc:56:
    2b:80:cc:47:1c:c1:93:7a:33:c5:97:2e:8e:dc:51:
    7a:8a:51:ee:17:c4:74:ff:dc:91:c1:6b:cd:85:cf:
    fd:ff:62:c4:cc:f2:43:d6:40:af:3c:23:75:04:b4:
    8d:66:71:c4:fe:ab:b2:9e:67:16:57:b7:2f:19:af:
    38:13:97:1f:eb:0e:9f:df:00:3b:69:75:d6:70:81:
    1d:0c:9d:ce:6d:80:45:ce:27:5a:1a:e1:d9:0c:a9:
    6b:dd
Exponent: 65537 (0x10001)
-----BEGIN PGP SIGNATURE-----

iF4EAREIAAYFAlVjN08ACgkQxlVWk9q1kefn/wD/QOFdZMPjVk8N3WuIPLKiEnDq
BsPW5E3Y3z3PnUefqVEA/1NqQ2SsiEyGlZM/li2Tvnt8Edf9VsTjkjZx6FRuQ3IG
=42kI
-----END PGP SIGNATURE-----

On May 22 at 00:56 UTC, an attacker gained root access to the forum's server. He then proceeded to try to acquire a dump of the forum's database before I noticed this at around 1:08 and shut down the server. In the intervening time, it seems that he was able to collect some or all of the "members" table. You should assume that the following information about your account was leaked:
- Email address
- Password hash (see below)
- Last-used IP address and registration IP address
- Secret question and a basic (not brute-force-resistant) hash of your secret answer
- Various settings

As such, you should change your password here and anywhere else you used that same password. You should disable your secret question and assume that the attacker now knows your answer to your secret question. You should prepare to receive phishing emails at your forum email address.

While nothing can ever be ruled out in these sorts of situations, I do not believe that the attacker was able to collect any personal messages or other sensitive data beyond what I listed above.

Passwords are hashed with 7500 rounds of sha256crypt. This is pretty good, but certainly not beyond attack. Note that even though SHA-256 is used here, sha256crypt is different enough from Bitcoin's SHA-256d PoW algorithm that Bitcoin mining ASICs almost certainly cannot be modified to crack forum passwords.

I will now go into detail about how well you can expect your password to fare against a determined attacker. However, regardless of how strong your password is, the only prudent course of action is for you to immediately change your password here and everywhere else you used it or a similar password.

The following table shows how long it will take on average for a rather powerful attacker to recover RANDOM passwords using current technology, depending on the password's alphabet and length. If your password is not completely random (ie. generated with the help of dice or a computer random number generator), then you should assume that your password is already broken.

It is not especially helpful to turn words into leetspeak or put stuff between words. If you have a password like "w0rd71Voc4b", then you should count that as just 2 words to be safe. In reality, your extra stuff will slow an attacker down, but the effect is probably much less than you'd think. Again, the times listed in the table only apply if the words were chosen at random from a word list. If the words are significant in any way, and especially if they form a grammatical sentence or are a quote from a book/webpage/article/etc., then you should consider your password to be broken.


Each password has its own 12-byte random salt, so it isn't possible to attack more than one password with the same work. If it takes someone 5 days to recover your password, that time will all have to be spent on your password. Therefore, it's likely that only weak passwords will be recovered en masse -- more complicated passwords will be recovered only in targeted attacks against certain people.

If your account is compromised due to this, email acctcomp15@theymos.e4ward.com from the email that was previously associated with your account.

For security reasons, I deleted all drafts. If you need a deleted draft, contact me soon and I can probably give it to you.

A few people might have broken avatars now. Just upload your avatar again to fix it.

Unproxyban fee processing isn't working right now. If you want to register and you can't, get someone to post in Meta for you and you'll be whitelisted.

Searching is temporarily disabled, though it won't be disabled for as long as last time because I improved the reindexing code.

If you changed your password in the short time when the forum was online a little over a day ago, the change didn't stick. You'll have to change it again.

How the compromise happened:

The attacker was able to acquire KVM access credentials for the server. The investigation into how this was possible is still ongoing, so I don't know everything, and I don't yet want to publish everything that I do know, but it seems almost certain that it was a problem on the ISP's end.

After he got KVM access, the attacker convinced the ISP NFOrce that he was me (using his KVM access as part of his evidence) and said that he had locked himself out of the server. So NFOrce reset the server's root password for him, giving him complete access to the server and bypassing most of our carefully-designed security measures. I originally assumed that the attacker gained access entirely via social engineering, but later investigation showed that this was probably only part of the overall attack. As far as I know, NFOrce's overall security practices are no worse than average.

To reduce downtime and avoid temporarily-broken features, I was originally going to stay in NFOrce's data center. However, some things made me suspicious and I moved everything elsewhere. That's where the extra day+ of downtime came from after a short period of uptime. No additional data was leaked.

The forum will pay up to 15 XAU (converted to BTC) for information about the attacker's real-world identity. Exact payment amounts will depend on the quality and usefulness of information as well as what information I've already acquired, but if for example you're the first person to contact me and your info allows me to successfully prosecute this person, then you will get the full 15 XAU. You need to actually convince me that your info is accurate -- just sending me someone's name is useless.

The attacker used the following IPs/email:
37.48.77.227
66.172.27.160
lopaz291@safe-mail.net

In situations like TECSHARE's, you can (if you trust TECSHARE and disagree with Vod) post an additional positive rating responding to whatever Vod said. This will counteract Vod's negative rating.


Oh, good point. I changed it so that you have dark green trust if your score is 5 and dark green if your score is 15.

Correct. Your trust network is assumed to consist of people who are basically reasonable. So if any trusted ratings are negative (which means "this person is probably a scammer, watch out!"), then this should be taken very seriously. That's why a single negative rating can easily cause a loss of 100+ trust points in this new algorithm. And if the most recent rating is negative, then this is a strong indicator that the person may have been running a long con which has turned into a full-blown scam.

If anyone is abusing this by reposting negative trust unnecessarily or giving out negative trust too easily, then you should remove them from your trust network.


You'll get used to the larger numbers. DefaultTrust doesn't get any sort of advantage as far as I can tell.

??? is a valid score in the new algorithm.


If someone has 1 positive and 1 negative, then the time doesn't matter. They'll have a score of -1.

Examples:
Old -> New
+ - : -1
- + : -1
+ + - : ???
+ - + : 0
- + + : 1
+ + + : >=3
- - + : -3
+ - - : -3
- - - : -8


There is no decay. Ratings grow in weight from 1 to 10, then stay at 10 forever. (If the rated person has no negatives.)

The trust score numbers are now slightly different:
- The first number is the trust score.
- The second number is the number of unique users who have given that person negative feedback.
- The third number is the number of unique users who have given that person positive feedback.
- The fourth number was removed.

I also completely changed the trust score algorithm to this:

This algorithm is a little slower than the previous one. Post here if you think you see extra slowness due to this change. Maybe I need to add extra caching to compensate.

Also post here if someone has a trust score that seems wrong.

I was going to change it so that everyone with 0 trust had orange trust, but I decided that this looked bad and changed it back.

I was changing something. It should be fixed now. Nothing to worry about.

People with the same trust lists can sometimes see different trust scores due to caching. Whenever your trust network (ie, the list of everyone whose ratings you trust) is calculated, this result is cached for a few hours, and the cache doesn't get invalidated even if people on your trust list update their trust lists. You can force your trust network to be recalculated by clicking "update" on the trust settings page.

Also, the trust score algorithm is pretty bad in general, so it often doesn't make much sense.

That's how stock SMF handles it, but I fixed this some time ago.

You must have been doing something to reset the limit. Searching, reporting, etc. Your IP doesn't matter for that once you're logged in.

It's useful if you want to send yourself a note.

Adding yourself to your trust list is harmless, do I didn't prevent it.

The problem is that if it gets (ab)used too much, it might push other topics off of the front page of its section and clutter up "recent posts" and "unread posts since last visit". If you prevent the bot and its users from making the thread an annoyance, then it's OK.

If people can post someone's name and your bot will posts stats, then that sounds fine in general, though I wouldn't want to see people posting a single person's name all the time to see how their stats change. If you warn people not to do this, then it seems reasonable for us to moderate the people who are making too-frequent requests and not the bot, though.

You are both in the default trust network at depth 2.

Good to see that some progress is being made on usable CoinJoin. This seems like the best CoinJoin project around currently.

Some possible ideas/improvements come to mind:
- Tor should be easier to use. Probably the default configuration should be to use Tor.
- Only Tor-friendly IRC servers should be used, and only over TLS.
- To reduce centralization, multiple IRC servers could be used. Makers would idle on all of the servers, and takers would find partners using multiple randomly-selected IRC servers. If any servers are down, Joinmarket should issue a warning, as this may be a DoS attack on the IRC server designed to funnel people to attacker-controlled servers.
- Instead of requiring NickServ registration, makers could generate an identity separately (maybe just a Bitcoin address) and communicate it on the IRC channel using public-key crypto. This is more convenient and will work across multiple IRC servers.
- In exchange for a (comparatively large) extra fee, takers could require that the unspent-outputs provided by makers be x blocks deep (I'm thinking ~1500). This reduces the Sybil risk because an attacker will only have so many bitcoins, and this requirement ties up a lot of their bitcoins for a while if a lot of takers are routinely requiring that at least some of their partners provide old bitcoins.

Here's the complete trust network if you want to make a larger graph:
https://bitcointalk.org/trust20150516.txt.xz

-> is "trusts", -/> is "distrusts".