-account compromised-

[Ascension]

Mac has logged on since and not written to me or posted anything, Something is not right, If a hacker then why return to the scene of the crime, If not, Why is mac quiet? I shall warn everyone away untill this is sorted.


Also, Why use a vanity address? and the coins have not moved since?

Squall, MAC's account should be locked/banned by the MOD's until he can prove ownership of the account. The hacked posted another thread in the long term loans and maybe logged in to see if he had any responses to that thread to steal even more? If you would like MAC to call your IRL send me a PM with your phone number and he will give you a call. I am posting on his behalf because his account is currently locked out.

Thanks,
Ascension

[1715492836]

1715492836

[1715492836]

1715492836

[1715492836]

1715492836

[LoweryCBS]

I've been on a conference call with MAC (Mike) and Ascension (Jerrod)

They will be covering the 24 BTC lost in this incident - Squall1066 will be made whole.

[Projects]

I've been on a conference call with MAC (Mike) and Ascension (Jerrod)

They will be covering the 24 BTC lost in this incident - Squall1066 will be made whole.

I am glad to hear that, Squall doesnt deserve this.

[OMGBobMarley]

Does this site not check IPs? Hence a mod can't check the IP of the poster and compare it to the previous IP's?

[LoweryCBS]

In my conversations with them, I referred to you as an example of a stand-up guy who's benefiting long-term from stepping up and taking responsibility for a circumstance that was beyond your control (the stolen money in the UK post incident)

In the long-run, we'll know and evaluate our peers by the manner in which they handle unfortunate occurrences such as this.

I've been on a conference call with MAC (Mike) and Ascension (Jerrod)

They will be covering the 24 BTC lost in this incident - Squall1066 will be made whole.

I am glad to hear that, Squall doesnt deserve this.

[John (John K.)]

Does this site not check IPs? Hence a mod can't check the IP of the poster and compare it to the previous IP's?

I can't see IP's; only theymos can. It would be good to have that feature though for a quick deductions in cases like this.

[OMGBobMarley]

Wow. I can't believe that a forum dealing with lending wouldn't check IP's. So any random can come in here with multiple account pretending to loan to himself to build rep? Doesn't seem very safe for lenders.

[Eisenhower34]

So any random can come in here with multiple account pretending to loan to himself to build rep? Doesn't seem very safe for lenders.

You arent here for long right? Otherwise you would know that they try that every week and no lender consider loans from one "no reputation account" to another "no reputation account" as reputation.

[OMGBobMarley]

So any random can come in here with multiple account pretending to loan to himself to build rep? Doesn't seem very safe for lenders.

You arent here for long right? Otherwise you would know that they try that every week and no lender consider loans from one "no reputation account" to another "no reputation account" as reputation.

Have only been here a couple week, have only known about btc for a month or so. Just learning the ropes in a sense.

[Jenger]

lol if you can think of it, its already been done.

[squall1066]

Not much point in I.P's mose scammers use TOR anyway, We need something else.

[greyhawk]

Not much point in I.P's mose scammers use TOR anyway, We need something else.

If we're dealing with identity theft do we not already have a solution for that with the signature function in the client?

[squall1066]

Not much point in I.P's mose scammers use TOR anyway, We need something else.

If we're dealing with identity theft do we not already have a solution for that with the signature function in the client?

I thought that just ties up the client with a address, If an account is hacked, Could it not come from any client?

[greyhawk]

Not much point in I.P's mose scammers use TOR anyway, We need something else.

If we're dealing with identity theft do we not already have a solution for that with the signature function in the client?

I thought that just ties up the client with a address, If an account is hacked, Could it not come from any client?

Now I don't claim to understand the signature thingy completely, but the way I understand it it is possible to sign a message with the client. This signature depends on the context of the message and the wallet keys and can be checked for authenticity in another client. The following should then be possible:
- Build a central repository of signatures for users (yeah, yeah, I know, centralization bad, but bear with me)
- When a user requests a loan, have him sign that message with the client.
- Now you should be able to check that signature against the signature in the repository via your own client and determine if the person is indeed who they claim to be.

Someone correct me if I'm wrong here. I'm not good with the signature stuff, it breaks my brain, but this is how I would assume it works.

[squall1066]

Not much point in I.P's mose scammers use TOR anyway, We need something else.

If we're dealing with identity theft do we not already have a solution for that with the signature function in the client?

I thought that just ties up the client with a address, If an account is hacked, Could it not come from any client?

Now I don't claim to understand the signature thingy completely, but the way I understand it it is possible to sign a message with the client. This signature depends on the context of the message and the wallet keys and can be checked for authenticity in another client. The following should then be possible:
- Build a central repository of signatures for users (yeah, yeah, I know, centralization bad, but bear with me)
- When a user requests a loan, have him sign that message with the client.
- Now you should be able to check that signature against the signature in the repository via your own client and determine if the person is indeed who they claim to be.

Someone correct me if I'm wrong here. I'm not good with the signature stuff, it breaks my brain, but this is how I would assume it works.

Well I know less than you on this (and it shows how well used a feture it must be) But if I understand correctly, There is no way to varify a new user, As there is no "history" of the signature? So at some point someone has to take a first gamble? Which instantly make me think of shill acounts and fake build up, We have to keep using coins to keep the system alive, But the way things are going, Everyone will be to scared to spend them for feer of it not arriving to the person they wanted it to. 

[greyhawk]

Well I know less than you on this (and it shows how well used a feture it must be) But if I understand correctly, There is no way to varify a new user, As there is no "history" of the signature? So at some point someone has to take a first gamble? Which instantly make me think of shill acounts and fake build up, We have to keep using coins to keep the system alive, But the way things are going, Everyone will be to scared to spend them for feer of it not arriving to the person they wanted it to. 

Yes, the repository would only work reliably for established users. The idea is specifically preventing things like your situation where an established users forum account is taken over. I think you are very right in assuming that these things will be happening more often now.

[🏰 TradeFortress 🏰]

Not much point in I.P's mose scammers use TOR anyway, We need something else.

If we're dealing with identity theft do we not already have a solution for that with the signature function in the client?

I thought that just ties up the client with a address, If an account is hacked, Could it not come from any client?

Now I don't claim to understand the signature thingy completely, but the way I understand it it is possible to sign a message with the client. This signature depends on the context of the message and the wallet keys and can be checked for authenticity in another client. The following should then be possible:
- Build a central repository of signatures for users (yeah, yeah, I know, centralization bad, but bear with me)
- When a user requests a loan, have him sign that message with the client.
- Now you should be able to check that signature against the signature in the repository via your own client and determine if the person is indeed who they claim to be.

Someone correct me if I'm wrong here. I'm not good with the signature stuff, it breaks my brain, but this is how I would assume it works.

Well I know less than you on this (and it shows how well used a feture it must be) But if I understand correctly, There is no way to varify a new user, As there is no "history" of the signature? So at some point someone has to take a first gamble? Which instantly make me think of shill acounts and fake build up, We have to keep using coins to keep the system alive, But the way things are going, Everyone will be to scared to spend them for feer of it not arriving to the person they wanted it to. 

It's based on address - you know I have the address firstbits 1GLados (because I've traded substantially with it, eg buying asicminer shares, bitfunder public asset listings), and then you know whoever can sign a message from 1GLados has access to my private keys. There's still the risk of compromise, but less than just someone logging into a forum account without 2fa.

[Eisenhower34]

Hm... maybe it would be a good feature if there is a fix bitcoin address bound to every user account (set during registration) and only admins/mods can change those. Maybe thats too much trouble for mods, so second possibility there is a bitcoin address bound to every user account with the timestamp when it has been set and a public log of the old bitcoin addresses with the old timestamps.

When you use those addresses for transactions (at least for the bigger ones) the right owner would get the funds and could send them back later in case he didnt request that transaction.
If an address had changed in the last couple of days you can still decide if you trust that new address and/or ask the "owner" if its not possible to use an "older" address from the logs.

[Raoul Duke]

Message:

Code:

I'm psy. Squall1066 has been scammed by MAC in 24 BTC. This is just a test message intended for Bitcointalk and not to be taken seriously by anyone. Mon, March 18 2013 10:40 AM

Signature:

Code:

G+tumBo0kYxAttLfFXfbiCTYICQjHd0zy98d7K79UTA9nXxN280XB8sKLYcR//Jr1MoUDLnyXRG0XPGoa+6qprQ=

Now anyone can check my OTC page(linked in my signature), get my public Bitcoin address from there and verify I was the one who signed a message.

To verify, open Bitcoin-qt, File > Verify Message, enter my bitcoin address in the 1st field, the message in the 2nd field and the signature in the 3rd field and press the Verify Message button.

FFS, this is in Bitcoin-qt, with a graphical interface. Any donkey can do it.

[greyhawk]

Even better. So that system is already in place.