Bitcoin Forum
July 04, 2022, 09:13:47 PM *
News: Latest Bitcoin Core release: 23.0 [Torrent]
 
  Home Help Search Login Register More  
  Show Posts
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46
1  Bitcoin / Bitcoin Discussion / Re: Worlds First Bitcoin Tattoo on: July 12, 2011, 11:30:40 PM
We haven't even seen her face.



Someone send her a btc to post her face.

Why don't you send some mr. critical?

It's because his fat wife and ugly kids took away all his money. He's broke now, hates life and blames others for being retarded.  Grin
2  Economy / Goods / Re: new real tangible physical bitcoin coin on: July 12, 2011, 05:16:50 PM
I received mine today as well. They are AWESOME! I just ordered more Smiley
Thanks a lot RSantana!
The only thing I'm wondering now is would it be possible to insert an RFID chip into these coins when manufacturing and how much more would it cost?

To those who are wondering about delivery times:
I ordered from the first batch which got sent out last Tuesday. So it took 5 business days. It usually takes 7 to get parcels from USA to UK. The rest of the Europe should be the same

3  Bitcoin / Bitcoin Discussion / Re: [ATTN] Clarification of Mt Gox Compromised Accounts and Major Bitcoin Sell-Off on: July 09, 2011, 05:05:48 PM
For fuck's sake - it's been more than three weeks and the server is still down. That's what I get for supporting someone in bitcoin business.
Stay away from Mt.gox and Kalyhost. They are scammers and incompetent beyond belief!
4  Bitcoin / Bitcoin Discussion / Re: [ATTN] Clarification of Mt Gox Compromised Accounts and Major Bitcoin Sell-Off on: July 03, 2011, 06:00:37 PM
I can tell this:
Dictionary attack would have been useless against my hash and attackers would not have had enough time for pure brute force attack even if they obtained unsalted md5. This leads me to think that this db dump is just a tip of the iceberg and that "clarification" is full of shit
5  Bitcoin / Bitcoin Discussion / Re: [ATTN] Clarification of Mt Gox Compromised Accounts and Major Bitcoin Sell-Off on: July 03, 2011, 05:24:45 PM
As one of the few users with ~1k posts on this forum, therefore a likely valuable Bicoin-rich target, I think you should envisage the possibility that you have been the victim of a targeted attack (not necessarily via an MtGox flaw). You wouldn't be the first one --you remember allinvain and his 25k BTC stolen... Even Snort + fw + browsing in a VM would not have protected you against, say, a tabnabbing phishing attempt. (I mention this example again because of how deceptively efficient it is...)

On the other hand, I have no idea how security-proficient you really are. You know Snort and firewalls, but the fact you exaggerate (few sites/apps accept "random >60characters password") makes it difficult for me to evaluate you. You say your MtGox pw was shorter than usual; would you mind sharing its exact length?

22

I am aware of most type of attacks and know how to protect myself. I keep up to date with current exploits and am Backtrack user familiar and proficient with most tools in that distro.
6  Bitcoin / Bitcoin Discussion / Re: [ATTN] Clarification of Mt Gox Compromised Accounts and Major Bitcoin Sell-Off on: July 03, 2011, 04:33:23 PM
Attackers don't need to tie identities. Previously broken passwords are added to dictionary lists and are blindly tried against all newly leaked accounts.
Previously broken passwords - yes, but I'm not talking about reusing passwords. I'm talking about patterns that help to derive passwords and remember them. And while some analyze these and add to their attacks, this is the case only in highly targeted attacks. Which this wasn't!
Adding such patterns to general password cracking is just a waste of time and resources.

This contradicts your first post which says "my password was not the most secure". So which is it?
No it doesn't. I said it wasn't the most secure because it was not a random >60characters password I normally use which would take thousands of years to crack. This was the kind of password which could be broken in several decades.

Don't be so negative with me. I am just trying to help you understand how your account was hacked. Multiple possibilities:
1) The majority of MtGox users who were hacked were knowingly using insecure passwords. Not your case.
2) A smaller but still considerable fraction of users had a misconception of what a secure password is. May be your case.
3) Finally, a minority were using perfectly secure passwords (see examples in my last post). These users either shared passwords with other sites that have been hacked, or were phished (eg. even experienced IT security professionals may fall for tabnabbing!), or were the victim of targeted attacks on their personal computers (eg. malware installing a keylogger). May be your case.

1) No
2) I know it was secure. Even if attacker got my hash the day I registered they would not had the time to crack it.
3) My home network is monitored by snort 24/7, firewalls on my router and computers are properly configured to allow just the traffic I require. There are no unnecessary services running -  I even disabled dhcp. Most of the browsing is done in VMs which are then shutdown and destroyed. So please keep your security 101 to yourself.

I am not negative - I'm just realist. If you read my previous posts, you'll find that I was advocating Mt.gox and dismissing people complaining on this board about stolen funds from Mt.gox. At the time I had blind faith in Mark, but I was wrong.

Go listen to the interview after the hack, read his statements - he was blatantly lying. And I believe he is still lying. While a move to this inferior and buggy platform and testing on production server maybe considered normal by such incompetent individual I think it indicates that Mt.gox is desperate and still has no fucking clue how attacker got in. Hiding this is irresponsible and will lead to disaster.
Time will show
7  Bitcoin / Bitcoin Discussion / Re: [ATTN] Clarification of Mt Gox Compromised Accounts and Major Bitcoin Sell-Off on: July 03, 2011, 12:44:47 PM
You must be retarded. Why would I disclose my password and my thinking pattern? So it can be added to dictionaries and future attacks? No thank you.

This statement indicates that your password was insecure.

If all it takes to risk guessing your password is to know your password generation logic, then the breach of any of the dozens of websites on which you have a password-protected account, may have helped the attacker in guessing your password. What happens when a password hash leak occur is that attackers generate candidate passwords based on bruteforcing results from previous leaks (Gawker, phpbb, MySpace, etc). They read them, try to understand how users picked them, and they adjust the mangling rules in their bruteforcers.

Also you would not be the first one to think your password was relatively secure when in fact it turned out to be complete crap (this guy claimed his password was secure, and even lied about its length, when it was in fact "rascal101").

That statement does not indicate shit.
I don't have any account with your mentioned sites or sites that have been hacked. I am extremely paranoid and use one time identities and one time passwords for different sites/forums/communities. Even if some site was hacked that we don't know about, attackers would never be able to tie them to this one. Go ahead and try to find info about mewantsbitcoins or any other identifies tied to it.
The reason why I don't post my password is because if someone really wanted to target me, this would give them advantage, however small. Anyone with half a brain and basic understanding of IT security would do the same.

Anyway, I'm not here to argue about security practices. I don't think my password was secure - I know it was. I only came back here and posted what I thought because people seem to be mislead by this "clarification" bs.

From what I've seen I can conclude with certainty that Mark is incompetent and greedy and it is just a matter of time before this will happen again. It is unfortunate that some people are too thick to realize they are going to lose their money. But I am not even very worried about them - they deserve everything they get. What I'm worried about is the image of bitcoin and articles in press. It is very difficult to bring in new, serious people, when our major exchange is a joke.
8  Bitcoin / Bitcoin Discussion / Re: [ATTN] Clarification of Mt Gox Compromised Accounts and Major Bitcoin Sell-Off on: July 01, 2011, 02:21:50 AM
Your password was probably brute forced from the user dump like mine was. Mine wasn't super simple either.
I call this BS. My hash is up there - go and try to brute force it. I guess I'll see you in several years/decades.

Then please disclose your password - if it was anything but totally random & a-z/A-Z/0-9/special & >9 chars you were definately at risk.

You must be retarded. Why would I disclose my password and my thinking pattern? So it can be added to dictionaries and future attacks? No thank you.
Like I said - hash is up there. If you think my password could have been cracked in couple of days - go ahead and try. If you're serious about it, I'll even add few of my 5870s to your hardware to prove it was good enough for this particular application
9  Bitcoin / Bitcoin Discussion / Re: [ATTN] Clarification of Mt Gox Compromised Accounts and Major Bitcoin Sell-Off on: July 01, 2011, 02:02:05 AM
Your password was probably brute forced from the user dump like mine was. Mine wasn't super simple either.
I call this BS. My hash is up there - go and try to brute force it. I guess I'll see you in several years/decades.

> If someone gained admin level user account why would they go to the lengths of SQLi to get the database?
My account still had admin access. They were able to get my account password because of the SQLi
Mt.gox says they he doesn't know:
Quote from: Mt.gox
In order to audit and verify this percentage, the previous owner retained an admin level user account. This account was compromised. So far we have not been able to determine how this account’s credentials were obtained.

Mistakes were obviously made but I don't think Mark is being greedy or incompetent here. He needs to hire more people and he knows this. But which if you have ever tried to do you know takes time which he doesn't have much of these days.
No, it doesn't if you offer adequate reward, hence greedy.

Quote from: mewantsbitcoins
The server has been down for more than two weeks now and I can't get a response from him despite sending several emails
Hence, incompetent.
A monkey can restart server and fire away an email.

And for the conspiracy theorists: could it just be that mt.gox's and your bots
Code:
413,Gox Bot,,$1$my2/Mvxi$kC7BKl1xKgYlbadc/GHSN1
6177,BotBot,jed@mtgox.com,$1$Xqluv5Eq$nkN99S/5DRqbNqUii3oEF1
were "assigning these simply numbers"
Quote from: Mt.gox
We would like to note that the Bitcoins sold were not taken from other users’ accounts—they were simply numbers with no wallet backing. For a brief period, the number of Bitcoins in the Mt. Gox exchange vastly outnumbered the Bitcoins in our wallet.
to themselves for us to enjoy this remarkable growth period? It is fairly easy to make profit when you have access to all the data, isn't it?
Just sayin
10  Bitcoin / Bitcoin Discussion / Re: [ATTN] Clarification of Mt Gox Compromised Accounts and Major Bitcoin Sell-Off on: July 01, 2011, 12:41:46 AM
All this "Clarification" BS is fine and dandy, but my account was compromised(or atleast Mt.gox would like me think so) and I can't figure out how. This I know from the logs provided by Mt.gox:

That is not my IP.

While my password was not the most secure, I don't believe it could have been cracked in the short amount of time attackers had. You are welcome to try to crack it:
Code:
5987,mewantsbitcoins,mewantsbitcoins@gmail.com,$1$atDbQTre$lG10yR6hXfmGcdZAZTL.Z1
Out of curiosity I put JTR to work but after 12 hours no luck yet.

You may say that my computer might have been compromised and someone got my password from a keylogger. While I can't be 100% certain, I am fairly confident it wasn't. I work in IT and know few things about IT security. Plus, if that were true and my computer indeed got compromised, my other accounts would have been accessed too, which is not the case.
Note: I don't reuse passwords, so it could not have been a password from another account. This is a one time password and I used it only on one computer. My OS is not Windows.

In general, I have to say - things don't add up from where I stand. If someone gained admin level user account why would they go to the lengths of SQLi to get the database?

I can think of two scenarios where such things would be possible and none of them are compatible with this "Clarification" story.

On an unrelated note, I bought hosting from https://www.kalyhost.com/ which belongs to Mark Karpeles. The server has been down for more than two weeks now and I can't get a response from him despite sending several emails.

To sum up, I've drawn my conclusions, but was highly surprised to see people going back to Mt.gox and trading like nothing has happened. This is EXTREMELY greedy and incompetent individual trying to manage huge amounts of money. It will end up in tears eventually and you'll have no one to blame but yourself.


And before you ask for my tradehill reference code, I don't have one - I think they are shit too. My advice is to stay away from people who can't afford a dedicated server.
11  Other / Meta / Re: What happened to the Silk Road thread? on: June 16, 2011, 02:52:40 PM
This community seriously needs to rethink what it stands for.
Good luck
12  Other / Meta / What happened to the Silk Road thread? on: June 16, 2011, 01:25:14 PM
Huh
13  Bitcoin / Bitcoin Technical Support / Re: Problems with Bitcoin related sites on: June 15, 2011, 03:52:13 PM
Same in UK
14  Bitcoin / Bitcoin Discussion / Re: LulzSec appreciation thread on: June 15, 2011, 11:22:58 AM
Bumping for the lulz  Grin
15  Economy / Trading Discussion / Re: [Fun] Songs fitting to BTC exchanges on: June 15, 2011, 11:13:30 AM
I am still waiting somebody to produce a cover of this - after remixing it would be called Madcoin - Grow

 Shocked Screw the Caribbean... I'm off to Lithuania once I cash out!

What's in Lithuania?
16  Bitcoin / Bitcoin Discussion / Re: Hacker got to my MTGOX account, he converted the USD I had...... on: June 15, 2011, 10:49:09 AM
This exact same thing happened to me earlier.
I think my password was brute-forced.

Lesson learned is, use complex alphanumeric+symbols passwords, and change them frequently.

Mt. Gox also really needs to add some sort of secondary verification.

This is impossible unless you consider 5 tries a bruteforce attack
Mt.Gox has all the security it needs.

What REALLY needs to happen is stupid people starting to use adequate passwords.
17  Bitcoin / Bitcoin Discussion / Re: Bitcoins as Currency: A Serious Logical Analysis. on: June 15, 2011, 09:36:55 AM
I would rename this thread "Seriously retarded and emotional nonsense"
18  Bitcoin / Bitcoin Discussion / Re: mybitcoin.com problem on: June 15, 2011, 09:24:54 AM
I've been trying to access it with no avail for couple of hours
19  Bitcoin / Development & Technical Discussion / Re: Portable Truecrypt Install on: June 15, 2011, 09:23:11 AM
Step 12
http://www.uniyatra.com/docs/truecrypt/
20  Bitcoin / Bitcoin Discussion / Re: Bitcoins as Currency: A Serious Logical Analysis. on: June 15, 2011, 08:46:38 AM
It is difficult to engage in discussion with someone who's calling everybody fools and has his mind already made up.
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!