We haven't even seen her face.
Someone send her a btc to post her face.
Why don't you send some mr. critical? It's because his fat wife and ugly kids took away all his money. He's broke now, hates life and blames others for being retarded.  |
|
|
|
I received mine today as well. They are AWESOME! I just ordered more  Thanks a lot RSantana! The only thing I'm wondering now is would it be possible to insert an RFID chip into these coins when manufacturing and how much more would it cost? To those who are wondering about delivery times: I ordered from the first batch which got sent out last Tuesday. So it took 5 business days. It usually takes 7 to get parcels from USA to UK. The rest of the Europe should be the same |
|
|
|
|
For fuck's sake - it's been more than three weeks and the server is still down. That's what I get for supporting someone in bitcoin business.
Stay away from Mt.gox and Kalyhost. They are scammers and incompetent beyond belief!
|
|
|
|
|
I can tell this:
Dictionary attack would have been useless against my hash and attackers would not have had enough time for pure brute force attack even if they obtained unsalted md5. This leads me to think that this db dump is just a tip of the iceberg and that "clarification" is full of shit
|
|
|
|
As one of the few users with ~1k posts on this forum, therefore a likely valuable Bicoin-rich target, I think you should envisage the possibility that you have been the victim of a targeted attack (not necessarily via an MtGox flaw). You wouldn't be the first one --you remember allinvain and his 25k BTC stolen... Even Snort + fw + browsing in a VM would not have protected you against, say, a tabnabbing phishing attempt. (I mention this example again because of how deceptively efficient it is...)
On the other hand, I have no idea how security-proficient you really are. You know Snort and firewalls, but the fact you exaggerate (few sites/apps accept "random >60characters password") makes it difficult for me to evaluate you. You say your MtGox pw was shorter than usual; would you mind sharing its exact length?
22 I am aware of most type of attacks and know how to protect myself. I keep up to date with current exploits and am Backtrack user familiar and proficient with most tools in that distro. |
|
|
|
Attackers don't need to tie identities. Previously broken passwords are added to dictionary lists and are blindly tried against all newly leaked accounts.
Previously broken passwords - yes, but I'm not talking about reusing passwords. I'm talking about patterns that help to derive passwords and remember them. And while some analyze these and add to their attacks, this is the case only in highly targeted attacks. Which this wasn't! Adding such patterns to general password cracking is just a waste of time and resources. This contradicts your first post which says "my password was not the most secure". So which is it?
No it doesn't. I said it wasn't the most secure because it was not a random >60characters password I normally use which would take thousands of years to crack. This was the kind of password which could be broken in several decades. Don't be so negative with me. I am just trying to help you understand how your account was hacked. Multiple possibilities: 1) The majority of MtGox users who were hacked were knowingly using insecure passwords. Not your case. 2) A smaller but still considerable fraction of users had a misconception of what a secure password is. May be your case. 3) Finally, a minority were using perfectly secure passwords (see examples in my last post). These users either shared passwords with other sites that have been hacked, or were phished (eg. even experienced IT security professionals may fall for tabnabbing!), or were the victim of targeted attacks on their personal computers (eg. malware installing a keylogger). May be your case. 1) No 2) I know it was secure. Even if attacker got my hash the day I registered they would not had the time to crack it. 3) My home network is monitored by snort 24/7, firewalls on my router and computers are properly configured to allow just the traffic I require. There are no unnecessary services running - I even disabled dhcp. Most of the browsing is done in VMs which are then shutdown and destroyed. So please keep your security 101 to yourself. I am not negative - I'm just realist. If you read my previous posts, you'll find that I was advocating Mt.gox and dismissing people complaining on this board about stolen funds from Mt.gox. At the time I had blind faith in Mark, but I was wrong. Go listen to the interview after the hack, read his statements - he was blatantly lying. And I believe he is still lying. While a move to this inferior and buggy platform and testing on production server maybe considered normal by such incompetent individual I think it indicates that Mt.gox is desperate and still has no fucking clue how attacker got in. Hiding this is irresponsible and will lead to disaster. Time will show |
|
|
|
You must be retarded. Why would I disclose my password and my thinking pattern? So it can be added to dictionaries and future attacks? No thank you.
This statement indicates that your password was insecure. If all it takes to risk guessing your password is to know your password generation logic, then the breach of any of the dozens of websites on which you have a password-protected account, may have helped the attacker in guessing your password. What happens when a password hash leak occur is that attackers generate candidate passwords based on bruteforcing results from previous leaks (Gawker, phpbb, MySpace, etc). They read them, try to understand how users picked them, and they adjust the mangling rules in their bruteforcers. Also you would not be the first one to think your password was relatively secure when in fact it turned out to be complete crap ( this guy claimed his password was secure, and even lied about its length, when it was in fact "rascal101"). That statement does not indicate shit. I don't have any account with your mentioned sites or sites that have been hacked. I am extremely paranoid and use one time identities and one time passwords for different sites/forums/communities. Even if some site was hacked that we don't know about, attackers would never be able to tie them to this one. Go ahead and try to find info about mewantsbitcoins or any other identifies tied to it. The reason why I don't post my password is because if someone really wanted to target me, this would give them advantage, however small. Anyone with half a brain and basic understanding of IT security would do the same. Anyway, I'm not here to argue about security practices. I don't think my password was secure - I know it was. I only came back here and posted what I thought because people seem to be mislead by this "clarification" bs. From what I've seen I can conclude with certainty that Mark is incompetent and greedy and it is just a matter of time before this will happen again. It is unfortunate that some people are too thick to realize they are going to lose their money. But I am not even very worried about them - they deserve everything they get. What I'm worried about is the image of bitcoin and articles in press. It is very difficult to bring in new, serious people, when our major exchange is a joke. |
|
|
|
Your password was probably brute forced from the user dump like mine was. Mine wasn't super simple either.
I call this BS. My hash is up there - go and try to brute force it. I guess I'll see you in several years/decades. Then please disclose your password - if it was anything but totally random & a-z/A-Z/0-9/special & >9 chars you were definately at risk. You must be retarded. Why would I disclose my password and my thinking pattern? So it can be added to dictionaries and future attacks? No thank you. Like I said - hash is up there. If you think my password could have been cracked in couple of days - go ahead and try. If you're serious about it, I'll even add few of my 5870s to your hardware to prove it was good enough for this particular application |
|
|
|
Your password was probably brute forced from the user dump like mine was. Mine wasn't super simple either.
I call this BS. My hash is up there - go and try to brute force it. I guess I'll see you in several years/decades. > If someone gained admin level user account why would they go to the lengths of SQLi to get the database?
My account still had admin access. They were able to get my account password because of the SQLi
Mt.gox says they he doesn't know: In order to audit and verify this percentage, the previous owner retained an admin level user account. This account was compromised. So far we have not been able to determine how this account’s credentials were obtained. Mistakes were obviously made but I don't think Mark is being greedy or incompetent here. He needs to hire more people and he knows this. But which if you have ever tried to do you know takes time which he doesn't have much of these days.
No, it doesn't if you offer adequate reward, hence greedy. The server has been down for more than two weeks now and I can't get a response from him despite sending several emails Hence, incompetent. A monkey can restart server and fire away an email. And for the conspiracy theorists: could it just be that mt.gox's and your bots 413,Gox Bot,,$1$my2/Mvxi$kC7BKl1xKgYlbadc/GHSN1
6177,BotBot,jed@mtgox.com,$1$Xqluv5Eq$nkN99S/5DRqbNqUii3oEF1 were "assigning these simply numbers" We would like to note that the Bitcoins sold were not taken from other users’ accounts—they were simply numbers with no wallet backing. For a brief period, the number of Bitcoins in the Mt. Gox exchange vastly outnumbered the Bitcoins in our wallet. to themselves for us to enjoy this remarkable growth period? It is fairly easy to make profit when you have access to all the data, isn't it? Just sayin |
|
|
|
All this "Clarification" BS is fine and dandy, but my account was compromised(or atleast Mt.gox would like me think so) and I can't figure out how. This I know from the logs provided by Mt.gox:  That is not my IP. While my password was not the most secure, I don't believe it could have been cracked in the short amount of time attackers had. You are welcome to try to crack it: 5987,mewantsbitcoins,mewantsbitcoins@gmail.com,$1$atDbQTre$lG10yR6hXfmGcdZAZTL.Z1 Out of curiosity I put JTR to work but after 12 hours no luck yet. You may say that my computer might have been compromised and someone got my password from a keylogger. While I can't be 100% certain, I am fairly confident it wasn't. I work in IT and know few things about IT security. Plus, if that were true and my computer indeed got compromised, my other accounts would have been accessed too, which is not the case. Note: I don't reuse passwords, so it could not have been a password from another account. This is a one time password and I used it only on one computer. My OS is not Windows. In general, I have to say - things don't add up from where I stand. If someone gained admin level user account why would they go to the lengths of SQLi to get the database? I can think of two scenarios where such things would be possible and none of them are compatible with this "Clarification" story. On an unrelated note, I bought hosting from https://www.kalyhost.com/ which belongs to Mark Karpeles. The server has been down for more than two weeks now and I can't get a response from him despite sending several emails. To sum up, I've drawn my conclusions, but was highly surprised to see people going back to Mt.gox and trading like nothing has happened. This is EXTREMELY greedy and incompetent individual trying to manage huge amounts of money. It will end up in tears eventually and you'll have no one to blame but yourself. And before you ask for my tradehill reference code, I don't have one - I think they are shit too. My advice is to stay away from people who can't afford a dedicated server. |
|
|
|
|
This community seriously needs to rethink what it stands for.
Good luck
|
|
|
|
Bumping for the lulz |
|
|
|
I am still waiting somebody to produce a cover of this - after remixing it would be called Madcoin - Grow Screw the Caribbean... I'm off to Lithuania once I cash out! What's in Lithuania? |
|
|
|
This exact same thing happened to me earlier.
I think my password was brute-forced.
Lesson learned is, use complex alphanumeric+symbols passwords, and change them frequently.
Mt. Gox also really needs to add some sort of secondary verification.
This is impossible unless you consider 5 tries a bruteforce attack Mt.Gox has all the security it needs. What REALLY needs to happen is stupid people starting to use adequate passwords. |
|
|
|
|
I would rename this thread "Seriously retarded and emotional nonsense"
|
|
|
|
|
I've been trying to access it with no avail for couple of hours
|
|
|
|
|
It is difficult to engage in discussion with someone who's calling everybody fools and has his mind already made up.
|
|
|
|
|
Show Posts
