Bitcoin Forum
November 13, 2024, 01:53:09 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 »  All
  Print  
Author Topic: -account compromised-  (Read 3390 times)
Ascension
Sr. Member
****
Offline Offline

Activity: 457
Merit: 250



View Profile
March 17, 2013, 01:54:52 PM
 #21

Mac has logged on since and not written to me or posted anything, Something is not right, If a hacker then why return to the scene of the crime, If not, Why is mac quiet? I shall warn everyone away untill this is sorted.


Also, Why use a vanity address? and the coins have not moved since?

Squall, MAC's account should be locked/banned by the MOD's until he can prove ownership of the account. The hacked posted another thread in the long term loans and maybe logged in to see if he had any responses to that thread to steal even more? If you would like MAC to call your IRL send me a PM with your phone number and he will give you a call. I am posting on his behalf because his account is currently locked out.

Thanks,
Ascension
LoweryCBS
Sr. Member
****
Offline Offline

Activity: 364
Merit: 250


firstbits 1LoCBS


View Profile
March 17, 2013, 03:29:38 PM
 #22

I've been on a conference call with MAC (Mike) and Ascension (Jerrod)

They will be covering the 24 BTC lost in this incident - Squall1066 will be made whole.
Projects
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500


View Profile
March 17, 2013, 04:00:14 PM
 #23

I've been on a conference call with MAC (Mike) and Ascension (Jerrod)

They will be covering the 24 BTC lost in this incident - Squall1066 will be made whole.


I am glad to hear that, Squall doesnt deserve this.

Buying Bitcoins for cash or gold/silver bullion many methods to pay you - pm me for more information
Bank transfer, Cash, Postal Order, Western Union, MoneyGram, SEPA, Amazon & More  - Worldwide Transfers Available
*NEW* BTC for Citibank P2P transfers - USD/EUR please pm me for more information
OMGBobMarley
Newbie
*
Offline Offline

Activity: 50
Merit: 0


View Profile
March 17, 2013, 04:46:41 PM
 #24

Does this site not check IPs? Hence a mod can't check the IP of the poster and compare it to the previous IP's?
LoweryCBS
Sr. Member
****
Offline Offline

Activity: 364
Merit: 250


firstbits 1LoCBS


View Profile
March 17, 2013, 05:11:43 PM
 #25

In my conversations with them, I referred to you as an example of a stand-up guy who's benefiting long-term from stepping up and taking responsibility for a circumstance that was beyond your control (the stolen money in the UK post incident)

In the long-run, we'll know and evaluate our peers by the manner in which they handle unfortunate occurrences such as this.

I've been on a conference call with MAC (Mike) and Ascension (Jerrod)

They will be covering the 24 BTC lost in this incident - Squall1066 will be made whole.


I am glad to hear that, Squall doesnt deserve this.

John (John K.)
Global Troll-buster and
Legendary
*
Offline Offline

Activity: 1288
Merit: 1227


Away on an extended break


View Profile
March 17, 2013, 05:13:35 PM
 #26

Does this site not check IPs? Hence a mod can't check the IP of the poster and compare it to the previous IP's?


I can't see IP's; only theymos can. It would be good to have that feature though for a quick deductions in cases like this.
OMGBobMarley
Newbie
*
Offline Offline

Activity: 50
Merit: 0


View Profile
March 17, 2013, 05:17:49 PM
 #27

Wow. I can't believe that a forum dealing with lending wouldn't check IP's. So any random can come in here with multiple account pretending to loan to himself to build rep? Doesn't seem very safe for lenders.
Eisenhower34
Legendary
*
Offline Offline

Activity: 906
Merit: 1002



View Profile
March 17, 2013, 05:32:12 PM
 #28

So any random can come in here with multiple account pretending to loan to himself to build rep? Doesn't seem very safe for lenders.

You arent here for long right? Otherwise you would know that they try that every week and no lender consider loans from one "no reputation account" to another "no reputation account" as reputation.
OMGBobMarley
Newbie
*
Offline Offline

Activity: 50
Merit: 0


View Profile
March 17, 2013, 06:03:13 PM
 #29

So any random can come in here with multiple account pretending to loan to himself to build rep? Doesn't seem very safe for lenders.

You arent here for long right? Otherwise you would know that they try that every week and no lender consider loans from one "no reputation account" to another "no reputation account" as reputation.

Have only been here a couple week, have only known about btc for a month or so. Just learning the ropes in a sense.
Jenger
Sr. Member
****
Offline Offline

Activity: 280
Merit: 250



View Profile
March 18, 2013, 12:46:03 AM
 #30

lol if you can think of it, its already been done.

squall1066
Copper Member
Legendary
*
Offline Offline

Activity: 2310
Merit: 1032


View Profile
March 18, 2013, 09:05:47 AM
 #31

Not much point in I.P's mose scammers use TOR anyway, We need something else.
greyhawk
Hero Member
*****
Offline Offline

Activity: 952
Merit: 1009


View Profile
March 18, 2013, 09:14:32 AM
 #32

Not much point in I.P's mose scammers use TOR anyway, We need something else.

If we're dealing with identity theft do we not already have a solution for that with the signature function in the client?
squall1066
Copper Member
Legendary
*
Offline Offline

Activity: 2310
Merit: 1032


View Profile
March 18, 2013, 09:17:40 AM
 #33

Not much point in I.P's mose scammers use TOR anyway, We need something else.

If we're dealing with identity theft do we not already have a solution for that with the signature function in the client?

I thought that just ties up the client with a address, If an account is hacked, Could it not come from any client?
greyhawk
Hero Member
*****
Offline Offline

Activity: 952
Merit: 1009


View Profile
March 18, 2013, 09:24:11 AM
 #34

Not much point in I.P's mose scammers use TOR anyway, We need something else.

If we're dealing with identity theft do we not already have a solution for that with the signature function in the client?

I thought that just ties up the client with a address, If an account is hacked, Could it not come from any client?

Now I don't claim to understand the signature thingy completely, but the way I understand it it is possible to sign a message with the client. This signature depends on the context of the message and the wallet keys and can be checked for authenticity in another client. The following should then be possible:
- Build a central repository of signatures for users (yeah, yeah, I know, centralization bad, but bear with me)
- When a user requests a loan, have him sign that message with the client.
- Now you should be able to check that signature against the signature in the repository via your own client and determine if the person is indeed who they claim to be.

Someone correct me if I'm wrong here. I'm not good with the signature stuff, it breaks my brain, but this is how I would assume it works.
squall1066
Copper Member
Legendary
*
Offline Offline

Activity: 2310
Merit: 1032


View Profile
March 18, 2013, 09:37:54 AM
 #35

Not much point in I.P's mose scammers use TOR anyway, We need something else.

If we're dealing with identity theft do we not already have a solution for that with the signature function in the client?

I thought that just ties up the client with a address, If an account is hacked, Could it not come from any client?

Now I don't claim to understand the signature thingy completely, but the way I understand it it is possible to sign a message with the client. This signature depends on the context of the message and the wallet keys and can be checked for authenticity in another client. The following should then be possible:
- Build a central repository of signatures for users (yeah, yeah, I know, centralization bad, but bear with me)
- When a user requests a loan, have him sign that message with the client.
- Now you should be able to check that signature against the signature in the repository via your own client and determine if the person is indeed who they claim to be.

Someone correct me if I'm wrong here. I'm not good with the signature stuff, it breaks my brain, but this is how I would assume it works.

Well I know less than you on this (and it shows how well used a feture it must be) But if I understand correctly, There is no way to varify a new user, As there is no "history" of the signature? So at some point someone has to take a first gamble? Which instantly make me think of shill acounts and fake build up, We have to keep using coins to keep the system alive, But the way things are going, Everyone will be to scared to spend them for feer of it not arriving to the person they wanted it to.  Shocked
greyhawk
Hero Member
*****
Offline Offline

Activity: 952
Merit: 1009


View Profile
March 18, 2013, 09:41:27 AM
 #36


Well I know less than you on this (and it shows how well used a feture it must be) But if I understand correctly, There is no way to varify a new user, As there is no "history" of the signature? So at some point someone has to take a first gamble? Which instantly make me think of shill acounts and fake build up, We have to keep using coins to keep the system alive, But the way things are going, Everyone will be to scared to spend them for feer of it not arriving to the person they wanted it to.  Shocked

Yes, the repository would only work reliably for established users. The idea is specifically preventing things like your situation where an established users forum account is taken over. I think you are very right in assuming that these things will be happening more often now.
🏰 TradeFortress 🏰
Bitcoin Veteran
VIP
Legendary
*
Offline Offline

Activity: 1316
Merit: 1043

👻


View Profile
March 18, 2013, 09:41:47 AM
 #37

Not much point in I.P's mose scammers use TOR anyway, We need something else.

If we're dealing with identity theft do we not already have a solution for that with the signature function in the client?

I thought that just ties up the client with a address, If an account is hacked, Could it not come from any client?

Now I don't claim to understand the signature thingy completely, but the way I understand it it is possible to sign a message with the client. This signature depends on the context of the message and the wallet keys and can be checked for authenticity in another client. The following should then be possible:
- Build a central repository of signatures for users (yeah, yeah, I know, centralization bad, but bear with me)
- When a user requests a loan, have him sign that message with the client.
- Now you should be able to check that signature against the signature in the repository via your own client and determine if the person is indeed who they claim to be.

Someone correct me if I'm wrong here. I'm not good with the signature stuff, it breaks my brain, but this is how I would assume it works.

Well I know less than you on this (and it shows how well used a feture it must be) But if I understand correctly, There is no way to varify a new user, As there is no "history" of the signature? So at some point someone has to take a first gamble? Which instantly make me think of shill acounts and fake build up, We have to keep using coins to keep the system alive, But the way things are going, Everyone will be to scared to spend them for feer of it not arriving to the person they wanted it to.  Shocked
It's based on address - you know I have the address firstbits 1GLados (because I've traded substantially with it, eg buying asicminer shares, bitfunder public asset listings), and then you know whoever can sign a message from 1GLados has access to my private keys. There's still the risk of compromise, but less than just someone logging into a forum account without 2fa.
Eisenhower34
Legendary
*
Offline Offline

Activity: 906
Merit: 1002



View Profile
March 18, 2013, 10:06:04 AM
 #38

Hm... maybe it would be a good feature if there is a fix bitcoin address bound to every user account (set during registration) and only admins/mods can change those. Maybe thats too much trouble for mods, so second possibility there is a bitcoin address bound to every user account with the timestamp when it has been set and a public log of the old bitcoin addresses with the old timestamps.

When you use those addresses for transactions (at least for the bigger ones) the right owner would get the funds and could send them back later in case he didnt request that transaction.
If an address had changed in the last couple of days you can still decide if you trust that new address and/or ask the "owner" if its not possible to use an "older" address from the logs.
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1358
Merit: 1002



View Profile
March 18, 2013, 10:42:45 AM
 #39

Message:
Code:
I'm psy. Squall1066 has been scammed by MAC in 24 BTC. This is just a test message intended for Bitcointalk and not to be taken seriously by anyone. Mon, March 18 2013 10:40 AM

Signature:
Code:
G+tumBo0kYxAttLfFXfbiCTYICQjHd0zy98d7K79UTA9nXxN280XB8sKLYcR//Jr1MoUDLnyXRG0XPGoa+6qprQ=

Now anyone can check my OTC page(linked in my signature), get my public Bitcoin address from there and verify I was the one who signed a message.

To verify, open Bitcoin-qt, File > Verify Message, enter my bitcoin address in the 1st field, the message in the 2nd field and the signature in the 3rd field and press the Verify Message button.

FFS, this is in Bitcoin-qt, with a graphical interface. Any donkey can do it.
greyhawk
Hero Member
*****
Offline Offline

Activity: 952
Merit: 1009


View Profile
March 18, 2013, 11:11:04 AM
 #40

Even better. So that system is already in place.
Pages: « 1 [2] 3 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!