myrkul
|
|
June 20, 2011, 12:12:18 AM |
|
It's clean data. Just a CSV file. Open in Google docs if you're paranoid.
Edit: Too much Starcraft.
|
|
|
|
|
|
|
"If you don't want people to know you're a scumbag then don't be a scumbag." -- margaritahuyan
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
TheBitMan
|
|
June 20, 2011, 12:13:49 AM |
|
Anybody check that csv file for viruses? Or did we just get compromised again?
I don't have excel so opened it in notepad it's clean
|
|
|
|
optionstalker
Newbie
Offline
Activity: 23
Merit: 0
|
|
June 20, 2011, 12:31:22 AM |
|
My Gmail account reported suspicious activity and I had to reset my password there. I'm using http://howsecureismypassword.net/ to determine the strength. >600yrs to crack on a normal PC it says. So maybe 60 yrs on a mining rig, good enough for now!
|
|
|
|
hoo2jalu
Member
Offline
Activity: 70
Merit: 10
|
|
June 20, 2011, 12:31:52 AM |
|
MTGOX BREAKING NEWS
We will do one hour with the TradeHill guys LIVE via Skype.... ... BLAH BLAH BLAH
I'm trying to figure out why you think it is acceptable to keep posting this in every thread. Did you get dropped on your head a lot as a child? Media whore'ing opportunities like this happen once a lifetim^H^H^Hmonth in bitcoin land! Gotta make every second and eyeball count!
|
|
|
|
scooter
Member
Offline
Activity: 100
Merit: 10
|
|
June 20, 2011, 12:37:16 AM |
|
My Gmail account reported suspicious activity and I had to reset my password there. I'm using http://howsecureismypassword.net/ to determine the strength. >600yrs to crack on a normal PC it says. So maybe 60 yrs on a mining rig, good enough for now! Mine says 7 decillion years
|
|
|
|
Chick (OP)
Member
Offline
Activity: 70
Merit: 10
|
|
June 20, 2011, 12:41:11 AM |
|
My Gmail account reported suspicious activity and I had to reset my password there. I'm using http://howsecureismypassword.net/ to determine the strength. >600yrs to crack on a normal PC it says. So maybe 60 yrs on a mining rig, good enough for now! Mine says 7 decillion years Repeated asdf over & over! About 7 septendecillion years.
|
|
|
|
Batouzo
Member
Offline
Activity: 70
Merit: 10
|
|
June 20, 2011, 12:53:53 AM |
|
My Gmail account reported suspicious activity and I had to reset my password there. I'm using http://howsecureismypassword.net/ to determine the strength. >600yrs to crack on a normal PC it says. So maybe 60 yrs on a mining rig, good enough for now! You are using http://howsecureismypassword.net/ and entering your password there? Let's keep finger crossed the admin of that site is not logging the requests anywhere! Or his hosting, or possible his and your ISP and all ISP in between if this checker is in http instead https. And people able to buy forged SSL certs for MITM attacks even if it is https.
|
|
|
|
Chick (OP)
Member
Offline
Activity: 70
Merit: 10
|
|
June 20, 2011, 01:00:54 AM |
|
My Gmail account reported suspicious activity and I had to reset my password there. I'm using http://howsecureismypassword.net/ to determine the strength. >600yrs to crack on a normal PC it says. So maybe 60 yrs on a mining rig, good enough for now! You are using http://howsecureismypassword.net/ and entering your password there? Let's keep finger crossed the admin of that site is not logging the requests anywhere! Or his hosting, or possible his and your ISP and all ISP in between if this checker is in http instead https. And people able to buy forged SSL certs for MITM attacks even if it is https. Chill, its all server-side. Look at the js.
|
|
|
|
martinw79
Member
Offline
Activity: 94
Merit: 10
|
|
June 20, 2011, 01:03:34 AM |
|
It would take About 14 sextillion years for a desktop PC to crack your password
lol, sexy...
|
___________________ MW79
|
|
|
TurboK
|
|
June 20, 2011, 01:15:54 AM |
|
Does anyone with perhaps a hair more experience than myself recognize the format of these hashes? I can recognize base 64 encoded fields with "$" as a delimiter easily enough, but I haven't taken the time to explicitly generate various hashes from my known password, b64 encode them and compare the results. I can do this later today if I've got the time but I'm kind of hoping that someone else already has The above exercise, if nothing matches, could also prove whether Mt. Gox was actually salting their hashes, which seems doubtful looking at the CSV. Really though I'm with speeder, let's at least identify enough people and their signup dates in this list to imply some good network growth numbers that we might otherwise not have access to. Input the salt and the password here and check under md5(unix). http://www.insidepro.com/hashes.php?lang=engthe format in the csv is $1$salt$password.
|
12zJNWtM2HknS2EPLkT9QPSuSq1576aKx7 Tradehill viral bullshit code: TH-R114411
|
|
|
Nescio
Jr. Member
Offline
Activity: 56
Merit: 1
|
|
June 20, 2011, 01:20:32 AM |
|
Yeah that's smart, going to some website to check your password LOL. You can bet your ass some people will have referrers pointing back to here and the site will connect the dots, find the password file, tie hash to entered pass, look up email address in file, hack mail and fish for balance when Mt.Gox comes back.
|
|
|
|
saqwe
|
|
June 20, 2011, 01:29:16 AM |
|
Incorrect. The amount of time it takes is related to the complexity of the password. "monkey" will be found in seconds, but something like "efweug#%_#Tsafwef24g" will take years.
Wow, glad I changed my password to "efweug#%_#Tsafwef24g" just 2 days ago! hehe 12390ßqweuio789456 was mine
|
|
|
|
Samantha2011
Newbie
Offline
Activity: 14
Merit: 0
|
|
June 20, 2011, 01:37:55 AM |
|
My Gmail account reported suspicious activity and I had to reset my password there. I'm using http://howsecureismypassword.net/ to determine the strength. >600yrs to crack on a normal PC it says. So maybe 60 yrs on a mining rig, good enough for now! You are using http://howsecureismypassword.net/ and entering your password there? Let's keep finger crossed the admin of that site is not logging the requests anywhere! Or his hosting, or possible his and your ISP and all ISP in between if this checker is in http instead https. And people able to buy forged SSL certs for MITM attacks even if it is https. Why would you enter your actual passwords into it anyway? At least use a substitution cipher on your password. And if that enhances the security of your password because it contains dictionary words, you're just an idiot.
|
|
|
|
semarjt
Newbie
Offline
Activity: 27
Merit: 0
|
|
June 20, 2011, 01:57:15 AM |
|
Isn't it ironic that bitcoin mining is essentially also cracking a hash?
No, because that is not at all what bitcoin mining is.
|
|
|
|
haydent
|
|
June 20, 2011, 02:16:59 AM |
|
[Update - 2:06 GMT] What we know and what is being done.
It appears that someone who performs audits on our system and had read-only access to our database had their computer compromised. This allowed for someone to pull our database. The site was not compromised with a SQL injection as many are reporting, so in effect the site was not hacked. Two months ago we migrated from MD5 hashing to freeBSD MD5 salted hashing. The unsalted user accounts in the wild are ones that haven't been accessed in over 2 months and are considered idle. Once we are back up we will have implemented SHA-512 multi-iteration salted hashing and all users will be required to update to a new strong password. We have been working with Google to ensure any gmail accounts associated with Mt.Gox user accounts have been locked and need to be reverified. Mt.Gox will continue to be offline as we continue our investigation, at this time we are pushing it to 8:00am GMT. When Mt.Gox comes back online, we will be putting all users through a new security measure to authenticate the users. This will be a mix of matching the last IP address that accessed the account, verifying their email address, account name and old password. Users will then be prompted to enter in a new strong password.
https://support.mtgox.com/entries/20208066-huge-bitcoin-sell-off-due-to-a-compromised-account-rollback
|
2x Gigabyte 6950 OC @ 920/450 w/ ati tray tools (1 shader modded) - 760Mhs on ozco.in 0% fee aus pool btc: 1HS5Brzcsh7XkJn566XYbvfpa2JuBRBdss
|
|
|
JonathanHiggins
Member
Offline
Activity: 76
Merit: 10
|
|
June 20, 2011, 02:36:02 AM |
|
Is it possible to get the list of names etc in alphabetical order?
|
|
|
|
Quantumplation
|
|
June 20, 2011, 02:57:14 AM |
|
If they cant get the passwords because they're hashed, then... ummm, how did they do it?
What do you think Bitcoin miners are doing? Cracking hashes. What do you think the passwords are protected with? Hashes. So it's easy to crack hashes passwords, takes a few minutes per password, as long as it takes to crack a new Bitcoin block (about 10 minutes) is how long it takes to crack a hashed password. That's not quite accurate. Miners are tweaking one value in a block of data in order to find any password WITHIN THE DIFFICULTY. Finding a hash that is lower than a set value is far easier than finding a very specific existing password. Essentially, cracking the password would be solving the highest difficulty block possible. (Also, Miners are working on SHA256, much harder to crack than simple MD5...)
|
NOTE: This account was compromised from 2017 to 2021. I'm in the process of deleting posts not made by me.
|
|
|
haydent
|
|
June 20, 2011, 02:57:43 AM |
|
Is it possible to get the list of names etc in alphabetical order? just import said csv into spreadsheet program and sort that column
|
2x Gigabyte 6950 OC @ 920/450 w/ ati tray tools (1 shader modded) - 760Mhs on ozco.in 0% fee aus pool btc: 1HS5Brzcsh7XkJn566XYbvfpa2JuBRBdss
|
|
|
Chick (OP)
Member
Offline
Activity: 70
Merit: 10
|
|
June 20, 2011, 03:42:53 AM |
|
LOL @ someone messaging me and wanting this removed. Even if this thread was removed, the file has already been leaked.
If it's out there, you might as well let it be.
|
|
|
|
finnthecelt
|
|
June 20, 2011, 03:54:25 AM |
|
I hope you guys are interested in buying Viagra and increasing the size of your penis.
Now that's funny shit. I don't care who you are!!!! Already spammed from a Tradehill promoter. Thrice!!!
|
|
|
|
|