Bitcoin Forum
November 10, 2024, 07:29:11 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 [7]  All
  Print  
Author Topic: DIRECT DOWNLOAD LINK FOR LEAKED MT. GOX ACCOUNT DATABASE (CSV FILE)  (Read 36692 times)
kjj
Legendary
*
Offline Offline

Activity: 1302
Merit: 1026



View Profile
June 20, 2011, 01:34:28 PM
 #121

If you take the time to read my post carefully you will see I've acknowledged that the static part does not improve protection against brute force. It ensures that to even attempt brute force, the attacker must have read access to the source, not just the database. That's a different class of attack, a significant speed-bump for the attacker from a layered security perspective.

No, the attacker does not need the static extra secret.  The brute force attack will reveal it right along with the password.  All it does is make the first two attempts harder, possibly a lot harder.  After that, it has no value.

17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8
I routinely ignore posters with paid advertising in their sigs.  You should too.
Karmicads
Full Member
***
Offline Offline

Activity: 185
Merit: 121



View Profile
June 20, 2011, 01:57:44 PM
Merited by vapourminer (1)
 #122

It's amazing how small the market is really, just 60k people. wtf.

You ain't seen nothin' yet brotha. Wait till you see how small it is in a couple of days.  Wink
finnthecelt
Full Member
***
Offline Offline

Activity: 140
Merit: 101


View Profile
June 20, 2011, 02:07:22 PM
 #123

So has anyone discussed who in the HELL is this auditing company? How did they access Mt. Gox records? Do they have a database of these records off site? WTF?!?!
BubbleBoy
Sr. Member
****
Offline Offline

Activity: 504
Merit: 250



View Profile
June 20, 2011, 02:16:00 PM
 #124

If you take the time to read my post carefully you will see I've acknowledged that the static part does not improve protection against brute force. It ensures that to even attempt brute force, the attacker must have read access to the source, not just the database. That's a different class of attack, a significant speed-bump for the attacker from a layered security perspective.

No, the attacker does not need the static extra secret.  The brute force attack will reveal it right along with the password.  All it does is make the first two attempts harder, possibly a lot harder.  After that, it has no value.

Maybe 2^128 harder, for a 128 bit static salt ? Therefore making the first two brutefoce attempts practically impossible ? Therefore requiring knowledge of the static salt stored in a source configuration file, in order to crack the hashes in the database ? Yes, that's precisely my point.

                ████
              ▄▄████▄▄
          ▄▄████████████▄▄
       ▄██████▀▀▀▀▀▀▀▀██████▄
     ▄████▀▀            ▀▀████▄
   ▄████▀                  ▀████▄
  ▐███▀                      ▀███▌
 ▐███▀   ████▄  ████  ▄████   ▀███▌
 ████    █████▄ ████ ▄█████    ████
▐███▌    ██████▄████▄██████    ▐███▌
████     ██████████████████     ████
████     ████ ████████ ████     ████
████     ████  ██████  ████     ████
▐███▌    ████   ████   ████    ▐███▌
 ████    ████   ████   ████    ████
 ▐███▄   ████   ████   ████   ▄███▌
  ▐███▄                      ▄███▌
   ▀████▄                  ▄████▀
     ▀████▄▄            ▄▄████▀
       ▀██████▄▄▄▄▄▄▄▄██████▀
          ▀▀████████████▀▀
              ▀▀████▀▀
                ████
MIDEX
▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂ GET TOKENS ▂▂▂▂
▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂
BLOCKCHAIN BASED FINANCIAL PLATFORM                                # WEB ANN + Bounty <
with Licensed Exchange approved by Swiss Bankers and Lawyers           > Telegram Facebook Twitter Blog #
manifold
Newbie
*
Offline Offline

Activity: 62
Merit: 0


View Profile
June 20, 2011, 03:26:18 PM
 #125

Well, I'm lucky... I never traded on mtgox AND I used a random password (only for mtgox...)... puh...

Does anyone know how fast such a passoword hash can be broken?
manifold
Newbie
*
Offline Offline

Activity: 62
Merit: 0


View Profile
June 20, 2011, 03:34:46 PM
 #126

I do not know if this is real or fake. However, this is an direct download link that I hosted. Please comment...

http://bit.ly/kE3Q4D

[Edit: Holy shit, this is real. I found my email & password in the CSV. Shit just got real...]

I cant believe that.

This is completely against every privacy consideration that this file is openly distributed.

Honestly, I think it wasn't bad. Now everyone know's exactly how much info the attacter had. And if that database would be any use (except for the emails) any more, then mtgox hasn't doen a complete reset of the passwords.
And if someone used the password on multiple accounts, they get a really good kick in the ass to change them. Before that, you could make yourself believe, that your password doesn't need to be changed.
Chick (OP)
Member
**
Offline Offline

Activity: 70
Merit: 10


View Profile
June 20, 2011, 05:48:57 PM
 #127

Why do you keep the file up? So more hackers can try to crack the password and steal everything? To make our emails more public then they are now?

If hackers want this list, they will find their way to it elsewhere. There's no stopping them with removing the link.

I believe that this shouldn't be kept secret, it is a P2P currency. Tongue

myrkul
Hero Member
*****
Offline Offline

Activity: 532
Merit: 500


FIAT LIBERTAS RVAT CAELVM


View Profile WWW
June 20, 2011, 05:54:12 PM
 #128

Why do you keep the file up? So more hackers can try to crack the password and steal everything? To make our emails more public then they are now?

If hackers want this list, they will find their way to it elsewhere. There's no stopping them with removing the link.

I believe that this shouldn't be kept secret, it is a P2P currency. Tongue

Srsly. Here, let me illustrate:

OMG! All my horses have escaped! Why is the barn door still open?!?

BTC1MYRkuLv4XPBa6bGnYAronz55grPAGcxja
Need Dispute resolution? Public Key ID: 0x11D341CF
No person has the right to initiate force, threat of force, or fraud against another person or their property. VIM VI REPELLERE LICET
Chick (OP)
Member
**
Offline Offline

Activity: 70
Merit: 10


View Profile
June 20, 2011, 05:55:54 PM
 #129

Why do you keep the file up? So more hackers can try to crack the password and steal everything? To make our emails more public then they are now?

If hackers want this list, they will find their way to it elsewhere. There's no stopping them with removing the link.

I believe that this shouldn't be kept secret, it is a P2P currency. Tongue

Srsly. Here, let me illustrate:

OMG! All my horses have escaped! Why is the barn door still open?!?

To freshen the air, of course.

Montpelerin
Newbie
*
Offline Offline

Activity: 16
Merit: 0


View Profile
June 20, 2011, 06:05:38 PM
 #130

Well, went to login to my google account this morning and had to make a new password because of "suspicious activity" trying to access the account I guess...
Chick (OP)
Member
**
Offline Offline

Activity: 70
Merit: 10


View Profile
June 20, 2011, 06:07:09 PM
 #131

Well, went to login to my google account this morning and had to make a new password because of "suspicious activity" trying to access the account I guess...

Google got the list and got all gmail accounts to reset their password.

myrkul
Hero Member
*****
Offline Offline

Activity: 532
Merit: 500


FIAT LIBERTAS RVAT CAELVM


View Profile WWW
June 20, 2011, 06:14:52 PM
 #132

Well, went to login to my google account this morning and had to make a new password because of "suspicious activity" trying to access the account I guess...

Google got the list and got all gmail accounts to reset their password.

Is that confirmed? I had to reset mine, but I just figured my MtGox password was cracked.

BTC1MYRkuLv4XPBa6bGnYAronz55grPAGcxja
Need Dispute resolution? Public Key ID: 0x11D341CF
No person has the right to initiate force, threat of force, or fraud against another person or their property. VIM VI REPELLERE LICET
Chick (OP)
Member
**
Offline Offline

Activity: 70
Merit: 10


View Profile
June 20, 2011, 06:15:47 PM
 #133

Well, went to login to my google account this morning and had to make a new password because of "suspicious activity" trying to access the account I guess...

Google got the list and got all gmail accounts to reset their password.

Is that confirmed? I had to reset mine, but I just figured my MtGox password was cracked.

http://forum.bitcoin.org/index.php?topic=19641.msg245983#msg245983

phelix
Legendary
*
Offline Offline

Activity: 1708
Merit: 1020



View Profile
June 20, 2011, 06:33:04 PM
 #134

This information is important.  
I'm just trying to get it out to everyone as quickly as possible.  
Sorry if I'm repeating myself, but there are so many threads on this same topic..  I don't want anyone to miss it.
 
Today at 2pm ET we'll be interviewing LIVE.... the man behind the $5,000,000 trade....
...  The man who bought the Bitcoin at $0.01 each....

Then later this evening, at 10pm ET, we will have Mark Karpeles,  the owner of MtGox...  personally ...  LIVE ... to answer all of your questions in the Chatroom.  

first I thought this was spam. but now that I watch the show... the show is OK but what really is hilarious is the chatroom  Grin
myrkul
Hero Member
*****
Offline Offline

Activity: 532
Merit: 500


FIAT LIBERTAS RVAT CAELVM


View Profile WWW
June 20, 2011, 06:35:46 PM
 #135

Well, went to login to my google account this morning and had to make a new password because of "suspicious activity" trying to access the account I guess...

Google got the list and got all gmail accounts to reset their password.

Is that confirmed? I had to reset mine, but I just figured my MtGox password was cracked.

http://forum.bitcoin.org/index.php?topic=19641.msg245983#msg245983

Awesome. Google living up to their motto. On a related note, My spam has not increased significantly. I did get the tradehill spam twice, though the second one was filtered. I think I have gotten one that can be directly attributed to the list leak: A financial services offer (Really? Loans by email? who is that dumb?)

BTC1MYRkuLv4XPBa6bGnYAronz55grPAGcxja
Need Dispute resolution? Public Key ID: 0x11D341CF
No person has the right to initiate force, threat of force, or fraud against another person or their property. VIM VI REPELLERE LICET
Nescio
Jr. Member
*
Offline Offline

Activity: 56
Merit: 1


View Profile
June 21, 2011, 03:30:35 AM
 #136

Srsly. Here, let me illustrate:

OMG! All my horses have escaped! Why is the barn door still open?!?

Bad analogy. Correct analogy: OMG, all my horses have escaped and they had the combination to the safe tattooed on their back. Someone copied those numbers and it's in a few newspapers now. But thank god the barn door is closed and my horses are back inside, now I can sleep well again.

Seriously? Smiley
Pages: « 1 2 3 4 5 6 [7]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!