Bitcoin Forum
September 30, 2016, 01:29:01 PM *
News: Due to DDoS attacks, there may be periodic downtime.
 
   Home   Help Search Donate Login Register  
Poll
Question: What type of pool payouts do you prefer?
Bitcoins - 3152 (80.4%)
Bank transfer / USD - 407 (10.4%)
Gold/silver coins and bars - 359 (9.2%)
Total Voters: 3916

Pages: « 1 ... 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 [334] 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 ... 1104 »
  Print  
Author Topic: [40+ PH] SlushPool (slushpool.com); World's First Mining Pool  (Read 3858350 times)
TiborB
Member
**
Offline Offline

Activity: 83


View Profile
April 24, 2013, 12:32:56 AM
 #6661

Also, just as an FYI, i do network security in a completely different sector, but the attacks are usually the same.  The "sneak forwarding" is a common targeted attack.

I cross-checked my mailbox setup and no forwarding is configured here. For now I fully blame OVH for this issue.

Interesting analysis.  Is it possible that the algo for the OTP is "known" ?  So the attacker would simply have to know what the next OTP password is once it's been submitted?

I'd guess he is using a vasco or rsa token with appropriate key size...

Nothing so elaborate.  You'd be amazed at the power that an administrator can wield.  Your server security is only as strong as those that have physical access to them honoring their word.  Occam's razor applies greatly when it comes to hacking.

You are absolutely right. The point was merely there is no need to predict the next OTP. Especially with Trudy having physical access.
1475242141
Hero Member
*
Offline Offline

Posts: 1475242141

View Profile Personal Message (Offline)

Ignore
1475242141
Reply with quote  #2

1475242141
Report to moderator
1475242141
Hero Member
*
Offline Offline

Posts: 1475242141

View Profile Personal Message (Offline)

Ignore
1475242141
Reply with quote  #2

1475242141
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1475242141
Hero Member
*
Offline Offline

Posts: 1475242141

View Profile Personal Message (Offline)

Ignore
1475242141
Reply with quote  #2

1475242141
Report to moderator
slush
Legendary
*
Offline Offline

Activity: 1358



View Profile WWW
April 24, 2013, 12:37:14 AM
 #6662

You are absolutely right. The point was merely there is no need to predict the next OTP. Especially with Trudy having physical access.

Not only that I take physical security seriously, but there're no indicator that the attacker has a real access to the mailbox. Password to OVH has been changed for second time after I changed the password to the email and after I cross-checked that I keep the only active session to the mailserver. After this, even the knowledge of OTP private key won't give an access to the mailbox to attacker.

phazedoubt
Newbie
*
Offline Offline

Activity: 18


People are my business


View Profile
April 24, 2013, 12:41:14 AM
 #6663

Also, just as an FYI, i do network security in a completely different sector, but the attacks are usually the same.  The "sneak forwarding" is a common targeted attack.

I cross-checked my mailbox setup and no forwarding is configured here. For now I fully blame OVH for this issue.

Interesting analysis.  Is it possible that the algo for the OTP is "known" ?  So the attacker would simply have to know what the next OTP password is once it's been submitted?

I'd guess he is using a vasco or rsa token with appropriate key size...

Nothing so elaborate.  You'd be amazed at the power that an administrator can wield.  Your server security is only as strong as those that have physical access to them honoring their word.  Occam's razor applies greatly when it comes to hacking.

You are absolutely right. The point was merely there is no need to predict the next OTP. Especially with Trudy having physical access.

Exactly.  Not to get to far off topic, but just today i was asked to "hack" into a windows 2003 exchange server for a mew customer that was wanting to get rid of his now previous third party IT provider without asking for the admin passwords.  I was able to gain access within an hour with physical access.  Hopefully when you move Slush, it will be to a much more neutral site with stricter internal protocols...  working on the assumption that this was an internal job and that the move should solve the problem.

It ALL comes back around...
dtown
Jr. Member
*
Offline Offline

Activity: 38


View Profile
April 24, 2013, 12:46:38 AM
 #6664

Let us know when you have a new IP even if DNS isn't ready.

Thanks for doing all of this Slush.  I know it's supposed to be sleepy time for you
patnor1011
Full Member
***
Offline Offline

Activity: 120


View Profile
April 24, 2013, 12:47:07 AM
 #6665

If I can only find out if my workers are up and running, left everything on and went to work. Wife is sound asleep and without site up I cant check but I presume that since they were up and on stratum before everything happened then I should be still mining.  Wink
slush
Legendary
*
Offline Offline

Activity: 1358



View Profile WWW
April 24, 2013, 01:00:00 AM
 #6666

If I can only find out if my workers are up and running, left everything on and went to work. Wife is sound asleep and without site up I cant check but I presume that since they were up and on stratum before everything happened then I should be still mining.  Wink

If you see workers hashing on Stratum, they should be fine. I'll keep site offline because with database down it won't display anything useful.

mikegogulski
Sr. Member
****
Offline Offline

Activity: 360



View Profile WWW
April 24, 2013, 01:03:18 AM
 #6667

The pool has been hacked.

Very sorry to hear it. What a pain in the ass!

FREE ROSS ULBRICHT, allegedly one of the Dread Pirates Roberts of the Silk Road
nybbler905
Full Member
***
Offline Offline

Activity: 213



View Profile
April 24, 2013, 01:10:58 AM
 #6668

Nice work getting control back ( took me a while to read all that happened in the last 2 hours since i was on getwork and my pc had to restart due to a breaker blowing... Darn you pressure washers on the same circuit!!!! )

Would not hurt to open the confirm mail and check to see if, in the full headder, there is any Blind Carbon Copy sends which would mean that the whole server system may have been compromised and Slush's server was the most tasty treat to get at first.

Didn't do a reverse DNS to see who/where the host is but.... have a friend that was IT for schools in Alberta and he showed me how easy it was to monitor ANY mail in the schools from one of the IT desktops and ' force ' it to do blind carbon copies.  Technically not in the server room, but in the base domain addresses ( for those at home, same side of the router ).

My personal experience in this kind of attack is usually reading about it in forums....

Hope this is the last of it and I'm 1/10th of the way to a half decent GPU mining card and hope to get decent hash/shares soon.

Always looking for donations even as low as 1uBTC
14XfpYPdtYiGoEiDcKrSzuvBM3ukhwANUh - BTC
LS7FEfu9ajp3NQcDjui9TSKscwQesj9i8k - LTC
LHe9g5ixMyfdtqAEHU5vErG1eQrDshBFRW -Luckycoin
apetersson
Hero Member
*****
Offline Offline

Activity: 666


mycelium.com


View Profile WWW
April 24, 2013, 01:11:11 AM
 #6669

apparently, if you don't hold it you don't own it is true for servers as well Sad
hugheser
Newbie
*
Offline Offline

Activity: 8


View Profile
April 24, 2013, 01:16:21 AM
 #6670

Its just nice to see the guy in charge actively posting with users. Ive only been mining for a few weeks but other pools don't know what they are missing.

Keep the luck coming. I need to fund a serious BeerBQ at the end of may solely on BTC.
slush
Legendary
*
Offline Offline

Activity: 1358



View Profile WWW
April 24, 2013, 01:17:02 AM
 #6671

apparently, if you don't hold it you don't own it is true for servers as well Sad

That's the point. Next time I'll be the only person who'll have a physical access to the machine. No f***ing web consoles, email recovery features and no 3rd party administrators next time. I'm really tired by these situations and incompetent people who are harming my own reputation.

zif33rs
Full Member
***
Offline Offline

Activity: 196



View Profile
April 24, 2013, 01:21:52 AM
 #6672

Uhhh..hate to be that tinfoil hat guy..but..Slush..anyway to confirm this is...uh..you?  With a hacking involved all sorts of rumors are going to pop up. I would instigate damage control asap.



New to bitcoin? Want to mine? Not sure where to start out?
Check out www.hostedmining.com
Donations and Tips  btc - 1MkjKHpZbSaRepeYaAcmRMcqt8o3HKQCF   ltc  - LNz48TP8MZmke38qbZD5gXi53KrktbJG7V  ftc  - 6iDt92cyDvxXkrDhCzMh4zEmK1b9PqShs4
gbx
Full Member
***
Offline Offline

Activity: 219


View Profile
April 24, 2013, 01:24:28 AM
 #6673

What about the user database?  Was it compromised?  I'd hate to see bitcoins sent to the wrong address.
Lucko
Hero Member
*****
Offline Offline

Activity: 714



View Profile
April 24, 2013, 01:27:28 AM
 #6674

What about the user database?  Was it compromised?  I'd hate to see bitcoins sent to the wrong address.
Good point but I'm afraid about password. But I guess that even if it was stolen it is irreversibly coded right?
jerethdaminer
Member
**
Offline Offline

Activity: 84


View Profile
April 24, 2013, 01:30:54 AM
 #6675

so pool got hacked? what was comprimised
slush
Legendary
*
Offline Offline

Activity: 1358



View Profile WWW
April 24, 2013, 01:33:55 AM
 #6676

What about the user database?  Was it compromised?  I'd hate to see bitcoins sent to the wrong address.

I have a database snapshot taken before bad guys overtook the database. So there's no reason to think payout addresses have been modified. Any change of wallet on pool profile requires email confirmation by account owner so I think we're on safe side here.

Unfortunately the user database can be considered as compromised, so the attacker knows user's emails :-(.

slush
Legendary
*
Offline Offline

Activity: 1358



View Profile WWW
April 24, 2013, 01:35:29 AM
 #6677

Stratum servers have been migrated to (not-compromised) EC2 backends, I just see few first connections. So mining continues and no action is required by you.

I'll set up database and website in few hours on trusted machines, so the pool will be in normal operation soon.

VacantPaper
Newbie
*
Offline Offline

Activity: 28


Syrup was invented for frozen pastries.


View Profile
April 24, 2013, 01:41:20 AM
 #6678

I lost some amount of bitcoins, but I'll be able to recover it from my pocket.

I want to say thank you Slush, you really put a lot of effort in to this and we all appreciate it so much. If there is anything we can do please let us know Smiley

Wanna buy me a cup of coffee?
13e3ib7uvfGbE1tPKSpehrNAjQk2897eDa
PuertoLibre
Legendary
*
Offline Offline

Activity: 1064


Master BFL Shill


View Profile
April 24, 2013, 01:44:18 AM
 #6679

What about the user database?  Was it compromised?  I'd hate to see bitcoins sent to the wrong address.

I have a database snapshot taken before bad guys overtook the database. So there's no reason to think payout addresses have been modified. Any change of wallet on pool profile requires email confirmation by account owner so I think we're on safe side here.

Unfortunately the user database can be considered as compromised, so the attacker knows user's emails :-(.

Should we consider our passwords compromised?
Miz4r
Legendary
*
Offline Offline

Activity: 952


View Profile
April 24, 2013, 01:46:06 AM
 #6680

So is it safe to keep mining on Stratum now? I don't want my mining power working for the profit of some hacker..

Bitcoin = Gold on steroids
Pages: « 1 ... 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 [334] 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 ... 1104 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!