Bitcoin Forum
September 16, 2019, 07:50:53 AM *
News: Latest Bitcoin Core release: 0.18.1 [Torrent]
 
   Home   Help Search Login Register More  

Warning: Moderators do not remove likely scams. You must use your own brain: caveat emptor. Watch out for Ponzi schemes. Do not invest more than you can afford to lose.

Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 [23] 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 ... 140 »
  Print  
Author Topic: [BTC-TC] Virtual Community Exchange [CLOSED]  (Read 315988 times)
usagi
VIP
Hero Member
*
Offline Offline

Activity: 812
Merit: 1000


13


View Profile
March 07, 2013, 03:27:05 AM
 #441

Just a heads up looks like Mpex was hacked as it's redirecting too.

http://www.whitehouse.gov/

Hope you are secure.

This is a good opportunity for a little education I suspect.

If our DNS is compromised, which is entirely possible, we do not operate it:  (The registrar does.)

    - A potential hacker could put up a clone of our login page and collect your logins and passwords.
    - Then the hacker could set his own /etc/hosts file and log into the real site with those logins and passwords.
    - Then the hacker trades all your stuff off for pennies on the dollar and withdraws all the coins and walks away.

The only protection from this is to use 2-Factor authentication.  If you don't already have a Yubikey or a mobile phone with Google Authenticator, NOW is the time to set it up.  Do not put it off.  Do it now.

Actually no, 2-factor authentication is not a protection against someone getting your DNS or getting root or anything like that. It's protection against most forms of keyloggers, and that's about it. Just sayin'
1568620253
Hero Member
*
Offline Offline

Posts: 1568620253

View Profile Personal Message (Offline)

Ignore
1568620253
Reply with quote  #2

1568620253
Report to moderator
PLAY NOW
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
burnside
Legendary
*
Offline Offline

Activity: 1092
Merit: 1004


Lead Blockchain Developer


View Profile WWW
March 07, 2013, 03:28:51 AM
 #442

Just a heads up looks like Mpex was hacked as it's redirecting too.

http://www.whitehouse.gov/

Hope you are secure.

This is a good opportunity for a little education I suspect.

If our DNS is compromised, which is entirely possible, we do not operate it:  (The registrar does.)

    - A potential hacker could put up a clone of our login page and collect your logins and passwords.
    - Then the hacker could set his own /etc/hosts file and log into the real site with those logins and passwords.
    - Then the hacker trades all your stuff off for pennies on the dollar and withdraws all the coins and walks away.

The only protection from this is to use 2-Factor authentication.  If you don't already have a Yubikey or a mobile phone with Google Authenticator, NOW is the time to set it up.  Do not put it off.  Do it now.

OK I have gone ahead and setup Google Authenticator on my google account, and on your site.  I know that I could print off some one time use codes for my google account in case I ever lose my phone, don't have it on me etc...

Will these same codes work on your site?  What do I do if my phone gets stolen?

Best bet is to write down the key it displays with your barcode, or print the barcode so you can re-scan it again.

If your phone is stolen, you would re-scan the barcode or enter the key on your new phone, log into the site, and setup a new code.  (just to be on the safe side.)

burnside
Legendary
*
Offline Offline

Activity: 1092
Merit: 1004


Lead Blockchain Developer


View Profile WWW
March 07, 2013, 03:37:11 AM
 #443

Just a heads up looks like Mpex was hacked as it's redirecting too.

http://www.whitehouse.gov/

Hope you are secure.

This is a good opportunity for a little education I suspect.

If our DNS is compromised, which is entirely possible, we do not operate it:  (The registrar does.)

    - A potential hacker could put up a clone of our login page and collect your logins and passwords.
    - Then the hacker could set his own /etc/hosts file and log into the real site with those logins and passwords.
    - Then the hacker trades all your stuff off for pennies on the dollar and withdraws all the coins and walks away.

The only protection from this is to use 2-Factor authentication.  If you don't already have a Yubikey or a mobile phone with Google Authenticator, NOW is the time to set it up.  Do not put it off.  Do it now.

Actually no, 2-factor authentication is not a protection against someone getting your DNS or getting root or anything like that. It's protection against most forms of keyloggers, and that's about it. Just sayin'

Actually, yes, it is protection against any form of man in the middle attack.  Both use a time-based nonce with protection against replay.  (no key can be used twice within it's valid time window... try it, I spent a lot of time on it.)

No, it is not protection if BTC-TC is rooted.  That comes in the form of backups, firewalls, layers of servers (backend/frontend), and hot/cold wallets.

Cheers.
superbit
Hero Member
*****
Offline Offline

Activity: 763
Merit: 500



View Profile
March 07, 2013, 04:16:42 AM
 #444

Just a heads up looks like Mpex was hacked as it's redirecting too.

http://www.whitehouse.gov/

Hope you are secure.

This is a good opportunity for a little education I suspect.

If our DNS is compromised, which is entirely possible, we do not operate it:  (The registrar does.)

    - A potential hacker could put up a clone of our login page and collect your logins and passwords.
    - Then the hacker could set his own /etc/hosts file and log into the real site with those logins and passwords.
    - Then the hacker trades all your stuff off for pennies on the dollar and withdraws all the coins and walks away.

The only protection from this is to use 2-Factor authentication.  If you don't already have a Yubikey or a mobile phone with Google Authenticator, NOW is the time to set it up.  Do not put it off.  Do it now.

OK I have gone ahead and setup Google Authenticator on my google account, and on your site.  I know that I could print off some one time use codes for my google account in case I ever lose my phone, don't have it on me etc...

Will these same codes work on your site?  What do I do if my phone gets stolen?

Best bet is to write down the key it displays with your barcode, or print the barcode so you can re-scan it again.

If your phone is stolen, you would re-scan the barcode or enter the key on your new phone, log into the site, and setup a new code.  (just to be on the safe side.)



If anyone can just scan the barcode how does this help if your site is hacked?  They could see the QR code and install google auth on their own phone.

https://bitfinex.com/?refcode=UInJLQ5KpA <-- leveraged trading of BTCUSD, LTCUSD and LTCBTC (long and short) - 10% discount on fees for the first 30 days with the refcode
My feedback thread: Forum thread
burnside
Legendary
*
Offline Offline

Activity: 1092
Merit: 1004


Lead Blockchain Developer


View Profile WWW
March 07, 2013, 04:26:40 AM
 #445

Just a heads up looks like Mpex was hacked as it's redirecting too.

http://www.whitehouse.gov/

Hope you are secure.

This is a good opportunity for a little education I suspect.

If our DNS is compromised, which is entirely possible, we do not operate it:  (The registrar does.)

    - A potential hacker could put up a clone of our login page and collect your logins and passwords.
    - Then the hacker could set his own /etc/hosts file and log into the real site with those logins and passwords.
    - Then the hacker trades all your stuff off for pennies on the dollar and withdraws all the coins and walks away.

The only protection from this is to use 2-Factor authentication.  If you don't already have a Yubikey or a mobile phone with Google Authenticator, NOW is the time to set it up.  Do not put it off.  Do it now.

OK I have gone ahead and setup Google Authenticator on my google account, and on your site.  I know that I could print off some one time use codes for my google account in case I ever lose my phone, don't have it on me etc...

Will these same codes work on your site?  What do I do if my phone gets stolen?

Best bet is to write down the key it displays with your barcode, or print the barcode so you can re-scan it again.

If your phone is stolen, you would re-scan the barcode or enter the key on your new phone, log into the site, and setup a new code.  (just to be on the safe side.)



If anyone can just scan the barcode how does this help if your site is hacked?  They could see the QR code and install google auth on their own phone.

"print the barcode so you can re-scan it again"  Smiley

The account page won't re-display it unless you have the PIN, and as I am just now realizing, that PIN dialog should be asking for the gAuth code if gAuth is turned on...  Will put that on the todo.

Cheers.


 
iCEBREAKER
Legendary
*
Offline Offline

Activity: 2156
Merit: 1068


Crypto is the separation of Power and State.


View Profile WWW
March 07, 2013, 06:20:51 AM
 #446

Just a heads up looks like Mpex was hacked as it's redirecting too.

http://www.whitehouse.gov/

Hope you are secure.

Gee, if only there was some kind of bitcoin-like, proof-of-work based DNS that was impervious to these kind of redirect shenanigans.

Oh wait, .bit and namecoin are well known technologies, but too many sheeple ignored them and not it's almost too late.

 Undecided

/THEY DIDN'T LISTEN!!!!1


██████████
█████████████████
██████████████████████
█████████████████████████
████████████████████████████
████
████████████████████████
█████
███████████████████████████
█████
███████████████████████████
██████
████████████████████████████
██████
████████████████████████████
██████
████████████████████████████
██████
███████████████████████████
██████
██████████████████████████
█████
███████████████████████████
█████████████
██████████████
████████████████████████████
█████████████████████████
██████████████████████
█████████████████
██████████

Monero
"The difference between bad and well-developed digital cash will determine
whether we have a dictatorship or a real democracy." 
David Chaum 1996
"Fungibility provides privacy as a side effect."  Adam Back 2014
Buy and sell XMR near you
P2P Exchange Network
Buy XMR with fiat
Is Dash a scam?
poly
Member
**
Offline Offline

Activity: 84
Merit: 10


Weighted companion cube


View Profile
March 07, 2013, 07:10:51 AM
 #447

Just a heads up looks like Mpex was hacked as it's redirecting too.

http://www.whitehouse.gov/

Hope you are secure.

Gee, if only there was some kind of bitcoin-like, proof-of-work based DNS that was impervious to these kind of redirect shenanigans.

Oh wait, .bit and namecoin are well known technologies, but too many sheeple ignored them and not it's almost too late.

 Undecided

/THEY DIDN'T LISTEN!!!!1
Mircea Popescu redirected it to the whitehouse.gov for lols.

poly | My Tip Jar
superbit
Hero Member
*****
Offline Offline

Activity: 763
Merit: 500



View Profile
March 07, 2013, 06:02:45 PM
 #448

So if the Google Authenticator should only show 1 time why does it show again if I change the settings?  Or is that a different key then the original time is showed in case I wanted to reset it to a new one?

https://bitfinex.com/?refcode=UInJLQ5KpA <-- leveraged trading of BTCUSD, LTCUSD and LTCBTC (long and short) - 10% discount on fees for the first 30 days with the refcode
My feedback thread: Forum thread
burnside
Legendary
*
Offline Offline

Activity: 1092
Merit: 1004


Lead Blockchain Developer


View Profile WWW
March 07, 2013, 08:51:13 PM
 #449

So if the Google Authenticator should only show 1 time why does it show again if I change the settings?  Or is that a different key then the original time is showed in case I wanted to reset it to a new one?

It does show when changing the settings as well, but changing the settings requires the same PIN.  Both those PIN requirements need to be swapped out for gAuth requirements.  Will try to get that patched today.

Cheers.
burnside
Legendary
*
Offline Offline

Activity: 1092
Merit: 1004


Lead Blockchain Developer


View Profile WWW
March 09, 2013, 01:31:04 AM
 #450

Details regarding the dead mans switch and what to do if anything happens to me are now in the FAQ when logged in.

Bottom line, life will go on without me.  Wink



ThickAsThieves
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500



View Profile
March 10, 2013, 06:23:24 PM
 #451

Could you push through my withdrawal on ltcglobal?

Also, is it possible to get the manual limit raised and/or removed?  I do a lot of day trading, and I need better liquidity.
burnside
Legendary
*
Offline Offline

Activity: 1092
Merit: 1004


Lead Blockchain Developer


View Profile WWW
March 11, 2013, 03:21:01 AM
 #452

Could you push through my withdrawal on ltcglobal?

Also, is it possible to get the manual limit raised and/or removed?  I do a lot of day trading, and I need better liquidity.

I have a way to flag users to allow a 2x higher withdrawal limit.  Please PM me your username (and which exchange) if you would like this turned on for your account.

Cheers.
btcash
Hero Member
*****
Offline Offline

Activity: 970
Merit: 500



View Profile
March 11, 2013, 03:52:21 PM
 #453

The status for incoming deposits is still not working.
I think it is because I have multiple addresses. Used to work fine a few weeks ago when I had only one address.
burnside
Legendary
*
Offline Offline

Activity: 1092
Merit: 1004


Lead Blockchain Developer


View Profile WWW
March 11, 2013, 04:20:59 PM
 #454

The status for incoming deposits is still not working.
I think it is because I have multiple addresses. Used to work fine a few weeks ago when I had only one address.

Something happened when I increased the keypoolsize on our bitcoind.  A listtransactions no longer displays in chronological order.  I used to "listtransactions [account] 50" and now that brings up transactions weeks old on my account and another account I was looking at.  This has broken the deposit display, and the creation of the deposit entries in the db.  I'm trying to figure out if there's any way to fix it.  Will keep you posted.

Cheers.
DutchBrat
Hero Member
*****
Offline Offline

Activity: 868
Merit: 1000


View Profile
March 11, 2013, 04:52:38 PM
 #455

Hi Burnside,

How long does the manual withdrawal take on average? Does it depend on moving Btc to a hot wallet?

Thanks
burnside
Legendary
*
Offline Offline

Activity: 1092
Merit: 1004


Lead Blockchain Developer


View Profile WWW
March 11, 2013, 05:30:13 PM
 #456

Hi Burnside,

How long does the manual withdrawal take on average? Does it depend on moving Btc to a hot wallet?

Thanks

Depends on time of day and what the balance is in the hot wallet.  I try to process them a minimum of twice a day, even on the weekends, and it does occasionally get hung up if there's not enough in the hot wallet and I have to spin up the cold wallet.

Cheers.
DutchBrat
Hero Member
*****
Offline Offline

Activity: 868
Merit: 1000


View Profile
March 11, 2013, 05:34:41 PM
 #457

Hi Burnside,

How long does the manual withdrawal take on average? Does it depend on moving Btc to a hot wallet?

Thanks

Depends on time of day and what the balance is in the hot wallet.  I try to process them a minimum of twice a day, even on the weekends, and it does occasionally get hung up if there's not enough in the hot wallet and I have to spin up the cold wallet.

Cheers.


And you just processed Smiley

Thanks !!!
burnside
Legendary
*
Offline Offline

Activity: 1092
Merit: 1004


Lead Blockchain Developer


View Profile WWW
March 12, 2013, 02:34:52 AM
 #458

Trading has been halted until I can figure out with certainty there are no implications with the blockchain fork.  Impact should be minimal, we're on a customized version of 0.7.2.

Sorry about the inconvenience, but better safe than sorry.

TradeFortress 🏕
VIP
Legendary
*
Offline Offline

Activity: 1176
Merit: 1023


View Profile
March 12, 2013, 02:38:46 AM
Last edit: March 12, 2013, 05:11:22 AM by TradeFortress
 #459

Sounds like all the trading stops are causing the price drop (more than what would have happened if everything was calm). This isn't the end of bitcoin.
btharper
Sr. Member
****
Offline Offline

Activity: 389
Merit: 250



View Profile
March 12, 2013, 05:09:16 AM
 #460

Sounds like all the trading forks are causing the price drop. This isn't the end of bitcoin.
Nope, nothing is ending. The only problem is that there's a fork and someone trying to be malicious could attempt to spend on both networks and wait for the chain to resolve in their favor. Anyone behaving in good faith (most people) will end up on the right blockchain no matter which one they are currently on (as all valid tx's get pushed to each chain). Only malicious parties tx's will be a problem.

On the technical side this is caused by the database in 0.7 only accepting so many tx's in one block. The offending block had ~1700 tx's. The current Dev recommendation is that anyone depending on being on the "right" chain (merchants, miners, pools, etc). Anyone else can keep their version and will eventually end up on the right side of everything. The fork was not caused by an attack. The offending block is not invalid on either chain (except by an implicit database commit restriction). It will get over reported the wrong way and people will freak out and then everything will return to normal.
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 [23] 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 ... 140 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!