Bitcoin Forum
December 09, 2016, 01:53:20 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2]  All
  Print  
Author Topic: MtGox, Secure?  (Read 3169 times)
comboy
Sr. Member
****
Offline Offline

Activity: 247



View Profile
June 16, 2011, 11:09:28 PM
 #21

With all respect, if somebody uses your password to steal your money, it's not about service security but about user stupidity.

I'm absolutely not saying that it is not a crime or that people like that should not be tracked and so on. I just don't think it's anyhow related to how secure exchange is.

Variance is a bitch!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
aceman1011
Full Member
***
Offline Offline

Activity: 142


View Profile
June 16, 2011, 11:53:18 PM
 #22

They can fix database vulns for one, and they could make password cracking a little harder.... Even dictionary attacks are easy on this site. If Someone had the balls to do it, they could steal almost a million dollars from this site easy.

Rent my 800 + mh/s rig. PM me!
anatolikostis
Legendary
*
Offline Offline

Activity: 1736



View Profile
June 17, 2011, 09:30:26 AM
 #23

there's no way they woudn't be hashing, its a entusiast built site, not a corporation one...

well, lets think about for what mtgox.com does get a small fee (0.65%)?
for a nice blue sky? or may be something else?  Grin
BitPorium
Hero Member
*****
Offline Offline

Activity: 501


View Profile
June 17, 2011, 12:34:06 PM
 #24

With all respect, if somebody uses your password to steal your money, it's not about service security but about user stupidity.

I'm absolutely not saying that it is not a crime or that people like that should not be tracked and so on. I just don't think it's anyhow related to how secure exchange is.
I'd like to know how someone could get my password. My system is clean! No viruses, Malware or anything. I even ran a packet sniffer to see, there was nothing odd at all. I agree with you, a weak password is almost an invitation in the same way a mini skirt is an invitation to rape! I have found a way around this. I no longer have any funds in MTGox.
sc8nt4u
Sr. Member
****
Offline Offline

Activity: 278


View Profile
June 17, 2011, 01:28:01 PM
 #25

With all respect, if somebody uses your password to steal your money, it's not about service security but about user stupidity.

I'm absolutely not saying that it is not a crime or that people like that should not be tracked and so on. I just don't think it's anyhow related to how secure exchange is.
I'd like to know how someone could get my password. My system is clean! No viruses, Malware or anything. I even ran a packet sniffer to see, there was nothing odd at all. I agree with you, a weak password is almost an invitation in the same way a mini skirt is an invitation to rape! I have found a way around this. I no longer have any funds in MTGox.

http://en.wikipedia.org/wiki/SlutWalk

[Selling] Delta 120mm Fans 130CFM 3 Pin w/ 3 pin to 4 pin molex + fan screws
http://forum.bitcoin.org/index.php?topic=22366.0
MagicalTux
VIP
Hero Member
*
Offline Offline

Activity: 617


Working on new MtGox features


View Profile WWW
June 17, 2011, 01:41:30 PM
 #26

They can fix database vulns for one, and they could make password cracking a little harder.... Even dictionary attacks are easy on this site. If Someone had the balls to do it, they could steal almost a million dollars from this site easy.

If you fail at entering your password more than 10 times, your IP is blocked. Even using proxies you'd probably run out of proxies before running a basic dictionary.

I believe this makes this kind of attacks non practical.

(as for hashing, we use standard unix md5+salt, will switch to $2a$ or $5$ eventually)

aceman1011
Full Member
***
Offline Offline

Activity: 142


View Profile
June 17, 2011, 02:59:46 PM
 #27

They can fix database vulns for one, and they could make password cracking a little harder.... Even dictionary attacks are easy on this site. If Someone had the balls to do it, they could steal almost a million dollars from this site easy.

If you fail at entering your password more than 10 times, your IP is blocked. Even using proxies you'd probably run out of proxies before running a basic dictionary.

I believe this makes this kind of attacks non practical.

(as for hashing, we use standard unix md5+salt, will switch to $2a$ or $5$ eventually)
You forgot multithreaded attacks, dyn DNS, round robin shell cracking, and a whole lot of other ways to crack passwords.

Rent my 800 + mh/s rig. PM me!
F104
Newbie
*
Offline Offline

Activity: 26



View Profile
June 17, 2011, 03:01:43 PM
 #28

Mt Gox security seems to be nil but the owner speaks only about user passwords as if suddenly in the last few days a huge number of Mt Gox users turned to schmucks and allowed their passwords be lost.

What is the common factor in all the thefts? Mt Gox, but I see nothing from the owner about his security. I see a number of posts by users who lost BTC but have gotten no response from the Mt Gox owner. Who says user password security is the problem? Mt Gox. There seems to be no accountability and the users are presumed to be at fault even though they are crime victims.
AtlasONo
Hero Member
*****
Offline Offline

Activity: 551



View Profile
June 17, 2011, 11:53:28 PM
 #29

Yea lets stop victim blaming
bitminer
Jr. Member
*
Offline Offline

Activity: 39


View Profile
June 18, 2011, 01:15:16 AM
 #30

I've withdrawn 1000 USD (Euro Bank Transfers) from my Mt Gox account 20 days ago and my money still hasn't arrived. I wrote them but I got only the following message:

Quote
"Another trade is still in progress..."-- A known issue we're working to resolve
Hello,
We've been hearing reports of this and believe it is because our servers have been under heavy load. We are aware of the issue and are doing our best to resolve the problem as soon as possible.
We apologize for any inconvenience or frustrations this may have caused you.
Sad Angry Sad
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!