Bitcoin Forum
December 18, 2017, 05:43:32 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: MTGox security was flawed  (Read 1136 times)
harmen
Newbie
*
Offline Offline

Activity: 1


View Profile
June 20, 2011, 11:37:11 AM
 #1

MTGox security was flawed: the API instructions where send using cleartext passwords in the URL.

With such security sense it was a matter of time.

Some unusual tips for creating very strong and very easily to remember passwords from grc.com:

https://www.grc.com/%5Chaystack.htm

It is not about randomness, it is about length and potential complexity.

Cheers!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
adamncsu
Newbie
*
Offline Offline

Activity: 6


View Profile
June 20, 2011, 01:48:43 PM
 #2

thanks. there can never be too many posts about password security. so many people are under-educated in the subject.
ribuck
Donator
Legendary
*
Offline Offline

Activity: 826


View Profile
June 20, 2011, 03:26:18 PM
 #3

...the API instructions where send using cleartext passwords in the URL...
Over https.
SomeoneWeird
Hero Member
*****
Offline Offline

Activity: 700


View Profile
June 20, 2011, 03:28:32 PM
 #4

...the API instructions where send using cleartext passwords in the URL...
Over https.

HTTPS Doesn't mean squat.
dan_a
Jr. Member
*
Offline Offline

Activity: 48


View Profile
June 20, 2011, 03:39:22 PM
 #5

...the API instructions where send using cleartext passwords in the URL...
Over https.

HTTPS Doesn't mean squat.

That attack will only work if you have control of a network between MTGOX and their customers.
zzyyxx
Newbie
*
Offline Offline

Activity: 12


View Profile
June 20, 2011, 04:03:28 PM
 #6

http://forum.bitcoin.org/index.php?topic=15364.msg231115#msg231115

am I the only one who finds the Mt Gox hack, and this site going up/coming down... on top of that the whole process in general, to be suspect?
vampire
Hero Member
*****
Offline Offline

Activity: 574



View Profile
June 20, 2011, 04:07:03 PM
 #7

Mt. Gox looked like an amateur site, for some reason I question why should an auditor get a copy of their database?
EyeRis
Member
**
Offline Offline

Activity: 70



View Profile
June 20, 2011, 04:14:36 PM
 #8

...the API instructions where send using cleartext passwords in the URL...
Over https.

So that means the data is encrypted the URL is not.
dan_a
Jr. Member
*
Offline Offline

Activity: 48


View Profile
June 20, 2011, 04:20:36 PM
 #9

http://forum.bitcoin.org/index.php?topic=15364.msg231115#msg231115

am I the only one who finds the Mt Gox hack, and this site going up/coming down... on top of that the whole process in general, to be suspect?

There's been a big jump in interest in bitcoin in a very short time - it's not surprising that some sites would go up and down as they sort out an appropriate level of hosting.
Xenland
Legendary
*
Offline Offline

Activity: 980


I'm not just any shaman, I'm a Sha256man


View Profile
June 20, 2011, 05:41:57 PM
 #10

This attack does not apply as long as you browse completely over HTTPS. So just bookmark the https://www.mtgox.com/ url, use only that bookmark, and you'll be fine.

Quote
So that means the data is encrypted the URL is not.
HTTPS encrypts also the URL and other request details.
I agree, to my understanding HTTPS sends a signal that we are doing a secure connection(with no data besides IP) and then after the key's have been exchanged it will then proceed to send necessary data after a secure connection has been established.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!