BitPorium (OP)
|
|
June 13, 2011, 06:44:09 PM |
|
So, is MtGoX really secure? My account was kindly hijacked and emptied of $500, thankfully I pulled the bulk out earlier. But how could this happen? I have no malware of any kind on my system, and my password is 12 characters long, Whats up with that? This totally sucks.
|
|
|
|
|
|
|
If you see garbage posts (off-topic, trolling, spam, no point, etc.), use the "report to moderator" links. All reports are investigated, though you will rarely be contacted about your reports.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
TheMoneyStorm
Newbie
Offline
Activity: 54
Merit: 0
|
|
June 13, 2011, 08:30:47 PM |
|
Here's a bump
|
|
|
|
Ricochet
|
|
June 13, 2011, 10:21:07 PM |
|
All the recent hijackings are making me nervous.
|
|
|
|
BitPorium (OP)
|
|
June 14, 2011, 04:50:38 AM |
|
so, its not isolated? this is very interesing
|
|
|
|
TheMoneyStorm
Newbie
Offline
Activity: 54
Merit: 0
|
|
June 14, 2011, 10:00:12 AM |
|
So, is MtGoX really secure? My account was kindly hijacked and emptied of $500, thankfully I pulled the bulk out earlier. But how could this happen? I have no malware of any kind on my system, and my password is 12 characters long, Whats up with that? This totally sucks.
Did you find out what happened yet?
|
|
|
|
BitPorium (OP)
|
|
June 14, 2011, 10:25:42 AM |
|
So, is MtGoX really secure? My account was kindly hijacked and emptied of $500, thankfully I pulled the bulk out earlier. But how could this happen? I have no malware of any kind on my system, and my password is 12 characters long, Whats up with that? This totally sucks.
Did you find out what happened yet? I emailed them but I am still waiting on a response. its a little ridiculous.
|
|
|
|
TheMoneyStorm
Newbie
Offline
Activity: 54
Merit: 0
|
|
June 14, 2011, 10:43:18 AM |
|
I emailed them but I am still waiting on a response. its a little ridiculous.
I was gonna transfer some coins to MtGox yesterday, until I read this. Now I'm not real sure I want to use them. I hope you hear back soon.
|
|
|
|
BitPorium (OP)
|
|
June 14, 2011, 11:29:15 AM |
|
I emailed them but I am still waiting on a response. its a little ridiculous.
I was gonna transfer some coins to MtGox yesterday, until I read this. Now I'm not real sure I want to use them. I hope you hear back soon. What I have done is when I send coins I put them to sell ASAP and then pull all the money out right away. I think that is the best way for me.
|
|
|
|
bitcoinTrader
|
|
June 14, 2011, 11:59:06 AM |
|
Do you see anything in account history?
|
|
|
|
smackdaddy
Newbie
Offline
Activity: 45
Merit: 0
|
|
June 14, 2011, 04:12:21 PM |
|
I just noticed the Mt. Gox's login works by submitting the username and password, unencrypted (well, it posted to an SSL site, but the password is in clear text in the URL).
That makes me very uncomfortable. It makes me suspect the site has not been well coded. I feel like there is a high probability that mtgox is compromised to some degree.
|
|
|
|
anatolikostis
Legendary
Offline
Activity: 2026
Merit: 1005
|
|
June 14, 2011, 05:24:26 PM |
|
|
|
|
|
BitPorium (OP)
|
|
June 14, 2011, 05:26:50 PM |
|
Here is my significant other: 1JHqaJ2xhj18zFgYtgSf7VYx1G4QJ8u92P
|
|
|
|
chungenhung
Legendary
Offline
Activity: 1134
Merit: 1005
|
|
June 14, 2011, 06:48:01 PM |
|
no its not. It says that my IP has been blocked due to multiple login attemps from the same IP address, when I tried to login for the first time for the day. Tried this on multiple locations, got the same result.
|
|
|
|
rx5yt
Guest
|
|
June 15, 2011, 12:11:59 AM |
|
how many bitcoins if you dont mind me asking. just curious as to how this may effect the market if anything
|
|
|
|
haydent
|
|
June 15, 2011, 12:39:05 AM |
|
yes this isnt the first time ive read about it here.
everyone should be using a secure password,
for the really paranoid, or if you're dealing in large figures consider:
as mentioned shifting btc in and out as need be is a way to protect them and its 'free' and 'fast'
as for usd i would consider withdrawing them in and out as need via liberty reserve (its fast but there are fees 2% to withdraw) or dwolla, a bit slower but only 25c to withdraw
ultimately this is an issue that could make or brake an exchange, and core to its survival.
as i mentioned in another thread, it seems ironic that many of us would have more money in mtgox than in our bank accounts yet with less security login checks.
|
2x Gigabyte 6950 OC @ 920/450 w/ ati tray tools (1 shader modded) - 760Mhs on ozco.in 0% fee aus pool btc: 1HS5Brzcsh7XkJn566XYbvfpa2JuBRBdss
|
|
|
MagicalTux
VIP
Hero Member
Offline
Activity: 608
Merit: 501
-
|
|
June 15, 2011, 03:23:36 AM |
|
Hi, Please direct issues regarding security (such as those) to admin@mtgox.comWe will enforce more secure passwords on Mt.Gox (refuse simple ones) and add the ability to set a withdraw password. Mark
|
|
|
|
haydent
|
|
June 15, 2011, 03:53:38 AM |
|
sounds good.
|
2x Gigabyte 6950 OC @ 920/450 w/ ati tray tools (1 shader modded) - 760Mhs on ozco.in 0% fee aus pool btc: 1HS5Brzcsh7XkJn566XYbvfpa2JuBRBdss
|
|
|
anatolikostis
Legendary
Offline
Activity: 2026
Merit: 1005
|
|
June 16, 2011, 06:53:36 PM Last edit: June 16, 2011, 11:05:18 PM by anatolikostis |
|
Hi, Please direct issues regarding security (such as those) to admin@mtgox.comWe will enforce more secure passwords on Mt.Gox (refuse simple ones) and add the ability to set a withdraw password. Mark Well, Mark... Just tell us first what kind of "marked bitcoins" you mentioned (this is the part of your answer to my postbox at anatoliy-pravo@net.lg.ua about my stolen 13.4 btc during DDoS at 06/14/11 16:20): We have however marked your 13.4 bitcoins and will be tracking those over the network. If someone deposits those funds on Mt.Gox, we will know immediatly. Thanks, Mark
Satoshi will be suprised Do you cherish your reputation? It seems to be not...I`ll tell my friends, they`ll tell other...Lets see how long mtgox.com will go on... I`m going to make a new more interesting topic about this nice exchange...
|
|
|
|
aceman1011
|
|
June 16, 2011, 10:35:21 PM |
|
Not secure! My friend lost over $1000 after someone hacked his account using multithreaded brute force. Blame lulzsec. Use tradehill instead, it is much more secure. MtGox has multiple SQLi vulnerabilities...
|
Rent my 800 + mh/s rig. PM me!
|
|
|
haydent
|
|
June 16, 2011, 11:08:54 PM |
|
there's no way they woudn't be hashing, its a entusiast built site, not a corporation one...
|
2x Gigabyte 6950 OC @ 920/450 w/ ati tray tools (1 shader modded) - 760Mhs on ozco.in 0% fee aus pool btc: 1HS5Brzcsh7XkJn566XYbvfpa2JuBRBdss
|
|
|
comboy
|
|
June 16, 2011, 11:09:28 PM |
|
With all respect, if somebody uses your password to steal your money, it's not about service security but about user stupidity.
I'm absolutely not saying that it is not a crime or that people like that should not be tracked and so on. I just don't think it's anyhow related to how secure exchange is.
|
Variance is a bitch!
|
|
|
aceman1011
|
|
June 16, 2011, 11:53:18 PM |
|
They can fix database vulns for one, and they could make password cracking a little harder.... Even dictionary attacks are easy on this site. If Someone had the balls to do it, they could steal almost a million dollars from this site easy.
|
Rent my 800 + mh/s rig. PM me!
|
|
|
anatolikostis
Legendary
Offline
Activity: 2026
Merit: 1005
|
|
June 17, 2011, 09:30:26 AM |
|
there's no way they woudn't be hashing, its a entusiast built site, not a corporation one...
well, lets think about for what mtgox.com does get a small fee (0.65%)? for a nice blue sky? or may be something else?
|
|
|
|
BitPorium (OP)
|
|
June 17, 2011, 12:34:06 PM |
|
With all respect, if somebody uses your password to steal your money, it's not about service security but about user stupidity.
I'm absolutely not saying that it is not a crime or that people like that should not be tracked and so on. I just don't think it's anyhow related to how secure exchange is.
I'd like to know how someone could get my password. My system is clean! No viruses, Malware or anything. I even ran a packet sniffer to see, there was nothing odd at all. I agree with you, a weak password is almost an invitation in the same way a mini skirt is an invitation to rape! I have found a way around this. I no longer have any funds in MTGox.
|
|
|
|
sc8nt4u
|
|
June 17, 2011, 01:28:01 PM |
|
With all respect, if somebody uses your password to steal your money, it's not about service security but about user stupidity.
I'm absolutely not saying that it is not a crime or that people like that should not be tracked and so on. I just don't think it's anyhow related to how secure exchange is.
I'd like to know how someone could get my password. My system is clean! No viruses, Malware or anything. I even ran a packet sniffer to see, there was nothing odd at all. I agree with you, a weak password is almost an invitation in the same way a mini skirt is an invitation to rape! I have found a way around this. I no longer have any funds in MTGox. http://en.wikipedia.org/wiki/SlutWalk
|
|
|
|
MagicalTux
VIP
Hero Member
Offline
Activity: 608
Merit: 501
-
|
|
June 17, 2011, 01:41:30 PM |
|
They can fix database vulns for one, and they could make password cracking a little harder.... Even dictionary attacks are easy on this site. If Someone had the balls to do it, they could steal almost a million dollars from this site easy.
If you fail at entering your password more than 10 times, your IP is blocked. Even using proxies you'd probably run out of proxies before running a basic dictionary. I believe this makes this kind of attacks non practical. (as for hashing, we use standard unix md5+salt, will switch to $2a$ or $5$ eventually)
|
|
|
|
aceman1011
|
|
June 17, 2011, 02:59:46 PM |
|
They can fix database vulns for one, and they could make password cracking a little harder.... Even dictionary attacks are easy on this site. If Someone had the balls to do it, they could steal almost a million dollars from this site easy.
If you fail at entering your password more than 10 times, your IP is blocked. Even using proxies you'd probably run out of proxies before running a basic dictionary. I believe this makes this kind of attacks non practical. (as for hashing, we use standard unix md5+salt, will switch to $2a$ or $5$ eventually) You forgot multithreaded attacks, dyn DNS, round robin shell cracking, and a whole lot of other ways to crack passwords.
|
Rent my 800 + mh/s rig. PM me!
|
|
|
F104
Newbie
Offline
Activity: 26
Merit: 0
|
|
June 17, 2011, 03:01:43 PM |
|
Mt Gox security seems to be nil but the owner speaks only about user passwords as if suddenly in the last few days a huge number of Mt Gox users turned to schmucks and allowed their passwords be lost.
What is the common factor in all the thefts? Mt Gox, but I see nothing from the owner about his security. I see a number of posts by users who lost BTC but have gotten no response from the Mt Gox owner. Who says user password security is the problem? Mt Gox. There seems to be no accountability and the users are presumed to be at fault even though they are crime victims.
|
|
|
|
AtlasONo
|
|
June 17, 2011, 11:53:28 PM |
|
Yea lets stop victim blaming
|
|
|
|
bitminer
Newbie
Offline
Activity: 39
Merit: 0
|
|
June 18, 2011, 01:15:16 AM |
|
I've withdrawn 1000 USD (Euro Bank Transfers) from my Mt Gox account 20 days ago and my money still hasn't arrived. I wrote them but I got only the following message: "Another trade is still in progress..."-- A known issue we're working to resolve Hello, We've been hearing reports of this and believe it is because our servers have been under heavy load. We are aware of the issue and are doing our best to resolve the problem as soon as possible. We apologize for any inconvenience or frustrations this may have caused you.
|
|
|
|
|