|
joepie91
|
 |
June 17, 2011, 10:43:21 AM |
|
I bet this is related to lulzsec's recent dump of 62,000 passwords. Password reuse anyone?
I am not in the dump, nor do I reuse passwords. So *if* the Lulzsec DB is in some way related (which I doubt as that dump was released after accounts started getting broken into) it is at least not the only attack vector. |
Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu  I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
|
|
|
|
|
|
|
|
|
|
There are several different types of Bitcoin clients. The most secure are full nodes like Bitcoin Core, but full nodes are more resource-heavy, and they must do a lengthy initial syncing process. As a result, lightweight clients with somewhat less security are commonly used.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
|
error
|
|
June 17, 2011, 11:47:25 AM |
|
I bet this is related to lulzsec's recent dump of 62,000 passwords. Password reuse anyone?
What is this? |
3KzNGwzRZ6SimWuFAgh4TnXzHpruHMZmV8
|
|
|
|
Nefario
|
|
June 17, 2011, 12:05:57 PM |
|
I bet this is related to lulzsec's recent dump of 62,000 passwords. Password reuse anyone?
What is this? Lulzsec is a group that have been hacking quite a number of well know networks and systems in the last week or so. They've exposed many security flaws, and gottn hold of many many username password combinations. A lot of fairly new forum users have supposedly had their MT.Gox account hacked, and had their bitcoin taken, or if USD it's exchanged for bitcoin and taken. There's nothing wrong with MT.Gox's security, only that a great number of users have been using the same username:password combination as another website that's been hacked. EDIT Another possibility is that the user with the hacked system had a password stealing trojan on their system. The only options for what is happening are: 1)MTGox are themselves stealing users money 2)Users are reusing password/username combinations from other sites that have been hacked 3)Users have a compromised system that has resulted in their username/password being lifted. 4)MTGox has some major security holes 1 is not likely as MTGox make enough money as it is, also why then wouldn't they steal everyonese instead of just a few accounts worth? 4 is more likely but still not probable. MTGox have a simple but robust system that has been strengthened through attacks almost since it's inception. They use username:password authentication over https, so that's not leaked. Again because it's over https there is little to no chance of having your session hijacked. They limit the number of password attempts so accounts cannot be brute forced. The system itself isn't likely easily hacked, otherwise everyones bitcoin in MTGox would be gone. Options 2 & 3 are the most likely and most common in these situations. |
PGP key id at pgp.mit.edu 0xA68F4B7C To get help and support for GLBSE please email support@glbse.com |
|
|
|
error
|
|
June 17, 2011, 12:18:06 PM |
|
I know what LulzSec is. Again, what is this about a dump of 62,000 passwords?
|
3KzNGwzRZ6SimWuFAgh4TnXzHpruHMZmV8
|
|
|
diven
Newbie
 Offline
Activity: 14
Merit: 0
|
|
June 17, 2011, 12:18:58 PM |
|
Options 2 & 3 are the most likely and most common in these situations.
Fair enough, but what about the daily (monthly) withdraw limits being circumvented? |
|
|
|
|
|
joepie91
|
|
June 17, 2011, 12:25:25 PM |
|
I bet this is related to lulzsec's recent dump of 62,000 passwords. Password reuse anyone?
What is this? Lulzsec is a group that have been hacking quite a number of well know networks and systems in the last week or so. They've exposed many security flaws, and gottn hold of many many username password combinations. A lot of fairly new forum users have supposedly had their MT.Gox account hacked, and had their bitcoin taken, or if USD it's exchanged for bitcoin and taken. There's nothing wrong with MT.Gox's security, only that a great number of users have been using the same username:password combination as another website that's been hacked. If you look at the stickied thread in Newbies you can see that most people don't seem to reuse both their username and password on Mt. Gox. EDIT
Another possibility is that the user with the hacked system had a password stealing trojan on their system.
I know that at least for me that is not the case. The only options for what is happening are:
1)MTGox are themselves stealing users money
2)Users are reusing password/username combinations from other sites that have been hacked
3)Users have a compromised system that has resulted in their username/password being lifted.
4)MTGox has some major security holes
1 is not likely as MTGox make enough money as it is, also why then wouldn't they steal everyonese instead of just a few accounts worth?
I don't think Mt. Gox stole it themselves. Besides them indeed getting more gain from running a business, there are a lot more "invisible" ways to make money disappear from accounts if you have access to the system. So that's extremely unlikely. 4 is more likely but still not probable. MTGox have a simple but robust system that has been strengthened through attacks almost since it's inception.
They use username:password authentication over https, so that's not leaked.
They are vulnerable to a CSS history sniffing attack because they use GET requests for their forms, to just name a vulnerability I found (which can be thwarted by having a long non-dictionary password, by the way). So no, it's not as robust as you seem to imply. Again because it's over https there is little to no chance of having your session hijacked.
They limit the number of password attempts so accounts cannot be brute forced.
I believe that that only works per IP, and that you have a practically infinite amount of attempts per account if you do distributed bruteforce (aka, let every bot in your botnet do 5 tries). The system itself isn't likely easily hacked, otherwise everyones bitcoin in MTGox would be gone.
It would be a much better to stay relatively low-profile, and not give the impression that Mt. Gox were compromised, if it's indeed unsafe. That way you can slowly keep stealing more and more funds, while other people just attribute it to user error. Options 2 & 3 are the most likely and most common in these situations.
I know that at least for me both 2 and 3 are not applicable. I don't reuse passwords, and I've turned my entire system pretty much upside down to see if there was anything suspicious - which there wasn't. |
Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
|
|
|
|
Nefario
|
|
June 17, 2011, 12:30:16 PM |
|
|
PGP key id at pgp.mit.edu 0xA68F4B7C To get help and support for GLBSE please email support@glbse.com |
|
|
|
jondecker76
|
|
June 17, 2011, 12:59:32 PM |
|
Add me to the mtgox hacked list. I just found out someone hacked in and stole my full balance there of 20 BTC on the 14th(about 1/4 of what I own  ) I'm running Linux behind 2 firewalls, so I highly doubt i was compromised at home. Though I do a pretty good job of using different passwords, I can think of one thing i signed for lately where I was stupid enough to use the login combo. I'm NOT pointing any fingers here, but that site was www.btcprizes.comCan anyone else that has been hacked through MtGox recall if they registered there? |
|
|
|
|
randomguy7
|
|
June 17, 2011, 05:27:33 PM |
|
I'd bet that the hacker(s) hacked a lot of btc related sites and stole the username/password combos to try them at more valuable sites like mtgox. No offence to all the site admins but most sites look like total noob stuff from a security point of view. That's simply because web site security isn't as trivial as many may think because of various possible attack vectors (think of session hijacking/fixation/riding, invalid input sanitazion, incorrect output encoding, multiple encodings to bypass filters, buggy php functions which stop at a 0-byte, ....).
|
|
|
|
|
|
jondecker76
|
|
June 17, 2011, 07:08:08 PM |
|
Just sharing a PM i got, also with the same theme. I can't post yet, seeing as how I havent made the 5 minimum, I am sure I must be close to the 4 hours but I digress... last night I bought, only 6 BTC in mtgox, basically as a learning tool to see how things work. and immediately, I mean immediately after the purchase went through, 5.55 BC were "withdrawn" to 1H2RBCBBTEGtWs4rDEGEqJLzKgcKrN8VdpI have since changed al my passwords, emails, and everything to all my accounts, but the only thing I can think of was the fact that I too used the same username and password combo, that at the time I used for mtgox on the btcprizes registration...
Again, no accusations but it would be interesting to hear from others if this is a common theme going on... |
|
|
|
NO_SLAVE (OP)
Newbie
Offline
Activity: 56
Merit: 0
|
|
June 17, 2011, 07:13:44 PM |
|
Just sharing a PM i got, also with the same theme. I can't post yet, seeing as how I havent made the 5 minimum, I am sure I must be close to the 4 hours but I digress... last night I bought, only 6 BTC in mtgox, basically as a learning tool to see how things work. and immediately, I mean immediately after the purchase went through, 5.55 BC were "withdrawn" to 1H2RBCBBTEGtWs4rDEGEqJLzKgcKrN8VdpI have since changed al my passwords, emails, and everything to all my accounts, but the only thing I can think of was the fact that I too used the same username and password combo, that at the time I used for mtgox on the btcprizes registration...
Again, no accusations but it would be interesting to hear from others if this is a common theme going on... |
|
|
|
|
|
AtlasONo
|
|
June 17, 2011, 11:47:39 PM |
|
Sooo any real word from mtgox yet?
|
|
|
|
|
|
randomguy7
|
|
June 18, 2011, 12:24:55 AM |
|
.... To the guys that got hacked, how secure did you think your password was? Did it use names, numbers, words, etc etc, how long was it, did you ever reuse it, are all your passwords stored somewhere presumed safe?
Maybe you simply tell us the passwords you used, I mean, if you still use that password ANYWHERE, you desire to be hacked. |
|
|
|
|
BTCPrizes
Newbie
Offline
Activity: 28
Merit: 0
|
|
June 18, 2011, 12:31:28 AM |
|
Hello,
I highly doubt our site has been compromised in any way. Although, we have been DDoS'ed 3 times already since we have been up. We used very strong hashed passwords for all of all users. Not to mention the attacks started weeks before we launched the site.
The moment we learned that a lot of people have been compromised on MTGOX we began working on increasing the security on the site and have reset the passwords of all users.
I don't doubt that Bitcoin has attracted a few talented hackers that are behind the recent attacks on our site, mtgox, bitcoin, and others.
- Avoid all downloads
- Avoid all of the smaller mining pools
- Avoid every other poorly created Bitcoin websites being spammed on the forums
If anyone has any questions feel free to send us a private message.
|
|
|
|
|
ibisy70
Member
Offline
Activity: 88
Merit: 10
|
|
June 18, 2011, 02:01:24 AM |
|
I got hacked 2 days ago but luckily I only had 4 BTC in mtgox at the time.
I used the same password for MtGox, Tradehill, and Deepbit. The password was randomly generated and wrote down on a sticky note next to my PC.
What is even more strange is that I ONLY access these three sites from one of my mining rigs for the specific reason of security. The only programs I have installed is a browser and the basic mining essentials. I believe there is a hacker targeting one of those three sites, there is no way I had a virus.
|
|
|
|
|
allinvain
Legendary
Offline
Activity: 3080
Merit: 1080
|
|
June 18, 2011, 02:09:18 AM |
|
has anyone suspected the mining programs..anyone audited them yet?
|
|
|
|
ibisy70
Member
Offline
Activity: 88
Merit: 10
|
|
June 18, 2011, 02:20:00 AM |
|
|
|
|
|
|
|
|
|
Nefario
|
|
June 18, 2011, 10:38:13 AM |
|
Egg on my face  |
PGP key id at pgp.mit.edu 0xA68F4B7C To get help and support for GLBSE please email support@glbse.com |
|
|
|
joepie91
|
|
June 18, 2011, 10:42:46 AM |
|
Again, to everyone who had his account compromised, please post in http://forum.bitcoin.org/index.php?topic=18050.0 . As that topic is posted in Newbies (on purpose), anyone should be able to post in it regardless of post count. |
Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
|
|
|
|
