Bitcoin Forum
December 05, 2016, 10:43:53 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: No MTGOX user hacked!!  (Read 1818 times)
darre
Newbie
*
Offline Offline

Activity: 18


View Profile
June 20, 2011, 10:14:42 AM
 #1

The only one losing BTC is the same admin that got stuck in a botnet and lost the FTP password.

thats why the botnet spreader(not hacker.....) released the Datepase Smiley becouse its useless without the salt


K STOP WORRYING
1480934633
Hero Member
*
Offline Offline

Posts: 1480934633

View Profile Personal Message (Offline)

Ignore
1480934633
Reply with quote  #2

1480934633
Report to moderator
1480934633
Hero Member
*
Offline Offline

Posts: 1480934633

View Profile Personal Message (Offline)

Ignore
1480934633
Reply with quote  #2

1480934633
Report to moderator
1480934633
Hero Member
*
Offline Offline

Posts: 1480934633

View Profile Personal Message (Offline)

Ignore
1480934633
Reply with quote  #2

1480934633
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480934633
Hero Member
*
Offline Offline

Posts: 1480934633

View Profile Personal Message (Offline)

Ignore
1480934633
Reply with quote  #2

1480934633
Report to moderator
1480934633
Hero Member
*
Offline Offline

Posts: 1480934633

View Profile Personal Message (Offline)

Ignore
1480934633
Reply with quote  #2

1480934633
Report to moderator
Dhomochevsky
Sr. Member
****
Offline Offline

Activity: 240



View Profile
June 20, 2011, 11:41:11 AM
 #2

A good chunk of the passwords use MD5 hashing, I think it's the early ones. Those have already been cracked and posted online. The later ones, those past 3000 or so are indeed salted as far as I know. But either way, it's much safer to change passwords once mtgox is back up. Also, mtgox should go to great lenghts to assure people this will never happen again.
Edward50
Hero Member
*****
Offline Offline

Activity: 546



View Profile
June 20, 2011, 12:22:40 PM
 #3

Why would someone release the passwords? How would that help anyone?

Empty your mind, be formless, shapeless — like water. Now you put water in a cup, it becomes the cup; You put water into a bottle it becomes the bottle; You put it in a teapot it becomes the teapot. Now water can flow or it can crash. Be water, my friend.
Bruce Wagner
Sr. Member
****
Offline Offline

Activity: 336


View Profile
June 20, 2011, 12:30:51 PM
 #4

Wait till you hear today's show...
Epinnoia
Full Member
***
Offline Offline

Activity: 207


View Profile
June 20, 2011, 12:39:51 PM
 #5

A good chunk of the passwords use MD5 hashing, I think it's the early ones. Those have already been cracked and posted online. The later ones, those past 3000 or so are indeed salted as far as I know. But either way, it's much safer to change passwords once mtgox is back up. Also, mtgox should go to great lenghts to assure people this will never happen again.

Looking at the csv file, it seems that all accounts beyond the 3040 mark have "$1$" in the beginning of them.  And many of the ones prior have it as well -- probably those who changed their password after the salting feature was added.

Quote
The benefit provided by using a salted password is rendering a simple dictionary attack against the stored values rather impractical provided the salt is large enough. That is, an attacker would not be able to create a precomputed lookup table (i.e. a rainbow table) of hashed values (password + salt), because it would take too much space.

http://en.wikipedia.org/wiki/Salt_%28cryptography%29

My first miner -> ATI 4550 (7.2 Mh/sec): 
https://www.facebook.com/groups/cryptospeculators/
Jeffpod
Jr. Member
*
Offline Offline

Activity: 48


View Profile
June 20, 2011, 01:20:22 PM
 #6

BullS***!!!

 My account was hacked and they stole my money from my mybitcoin.com account this morning.

Transaction ID:   143029
Date/Time:   2011-06-20 10:08:57
Payer:   jeffpod
Payee:   The People Who Stole My Money 1MAazCWMydsQB5ynYXqSGQDjNQMN3HFmEu
Amount (BTC):   -0.7642
Tril
Full Member
***
Offline Offline

Activity: 212


View Profile
June 20, 2011, 01:21:05 PM
 #7

Why would someone release the passwords? How would that help anyone?

It's proof they accessed the database. The real treasure is the rest of the database, which we should assume an auditor also had access to:  balances, account history, bitcoin addresses, and possibly: Dwolla account numbers and IP addresses used to access mtgox, none of which were included publically. The thief still intends to sell this information, and probably already has.
ploum
Sr. Member
****
Offline Offline

Activity: 378



View Profile WWW
June 20, 2011, 01:24:54 PM
 #8

Wait till you hear today's show...

Do you mean episode 005 or an upcoming 006? Is there a way to have the information written somewhere? (I'm a really quick reader but I miss a lot of stuffs during a 48min show, especially because English is not my native language)

Blog posts about Bitcoin - 1KdRBbhjo72CqKTrFsQed6s9NMrvwvrUkq
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!