Bitcoin Forum
December 05, 2016, 02:37:24 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 »  All
  Print  
Author Topic: Connecting a few dots  (Read 4036 times)
BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
June 20, 2011, 02:54:58 PM
 #1

Let's start by this topic:

http://forum.bitcoin.org/index.php?topic=18858.0

Then this:

http://securityforthemasses.blogspot.com/2011/06/mt-gox-db-purportedly-for-sale.html

then we've this:

Quote
Password are encrypted one way (+salt). Someone cannot be selling "user + pass" unless he has some way to revert this.
Here's a lie of M'Tux, the pwds aren't salted as we now know.

by 14th someone was already attacking:

Quote
06/14/11 15:45   Withdraw BTC   17RT6Ne994VjC762wh7TpXRdrZRMbhJSUC    -20.19   0   0.009   0.059

Strangely M'Tux refers "two months ago", "two months ago" was exactly when BTC started to spike there. This may mean the value of BTC went up not by real trade but because the hacker by finding USD on someone's wallet he would need to convert them to BTC in order to cash out.

The whole story stinks a bit...  Angry
1480905444
Hero Member
*
Offline Offline

Posts: 1480905444

View Profile Personal Message (Offline)

Ignore
1480905444
Reply with quote  #2

1480905444
Report to moderator
1480905444
Hero Member
*
Offline Offline

Posts: 1480905444

View Profile Personal Message (Offline)

Ignore
1480905444
Reply with quote  #2

1480905444
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
grue
Global Moderator
Legendary
*
Offline Offline

Activity: 1932



View Profile
June 20, 2011, 02:57:02 PM
 #2

got proof that it's not salted?

It is pitch black. You are likely to be eaten by a grue.

Tired of annoying signature ads? Ad block for signatures
BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
June 20, 2011, 02:58:16 PM
 #3

got proof that it's not salted?

You've the db there...
Clipse
Hero Member
*****
Offline Offline

Activity: 504


View Profile
June 20, 2011, 03:01:23 PM
 #4

Yes you solved the mystery, the only reason btc went up or is valued anything is because of this sundays trading gone wrong.

No seriously these conspiracies are turning out to be more spastic than usefull by the minute.

...In the land of the stale, the man with one share is king... >> Clipse

We pay miners at 130% PPS | Signup here : Bonus PPS Pool (Please read OP to understand the current process)
grue
Global Moderator
Legendary
*
Offline Offline

Activity: 1932



View Profile
June 20, 2011, 03:02:57 PM
 #5

got proof that it's not salted?

You've the db there...
ok
4856,gruez,free.133ch@gmail.com,$1$ZyEFTEke$cWSfcMkc7pjPmHLzMt7dv0

prove or disprove: password is salted.

It is pitch black. You are likely to be eaten by a grue.

Tired of annoying signature ads? Ad block for signatures
BubbleBoy
Sr. Member
****
Offline Offline

Activity: 322



View Profile
June 20, 2011, 03:03:07 PM
 #6

Yes they were salted, no that's not gonna protect you if using a ridiculous insecure "pa$$w0rd". I fail to see how a hacker with access to the DB could have created the price bubble.
coel
Jr. Member
*
Offline Offline

Activity: 31


View Profile
June 20, 2011, 03:03:18 PM
 #7

AFAIR most are salted, some are not, which is those that were not accessed for some months and thus were deemed inactive. See current mtgox front page. Didn't check myself, though.

1HaKu82BjWfbVepY38ijnKJcEQ627gotwg
BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
June 20, 2011, 03:08:00 PM
 #8

Yes they were salted, no that's not gonna protect you if using a ridiculous insecure "pa$$w0rd". I fail to see how a hacker with access to the DB could have created the price bubble.

Well, after got access to an account with USD in it and to cash out he had to buy BTC, that would bring the prices up, then the market does the rest, by seeing it trending up they follow.
Clipse
Hero Member
*****
Offline Offline

Activity: 504


View Profile
June 20, 2011, 03:11:53 PM
 #9

Yes they were salted, no that's not gonna protect you if using a ridiculous insecure "pa$$w0rd". I fail to see how a hacker with access to the DB could have created the price bubble.

Well, after got access to an account with USD in it and to cash out he had to buy BTC, that would bring the prices up, then the market does the rest, by seeing it trending up they follow.

You my friend are oblivious to reason.

...In the land of the stale, the man with one share is king... >> Clipse

We pay miners at 130% PPS | Signup here : Bonus PPS Pool (Please read OP to understand the current process)
BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
June 20, 2011, 03:15:29 PM
 #10

got proof that it's not salted?

You've the db there...
ok
4856,gruez,free.133ch@gmail.com,$1$ZyEFTEke$cWSfcMkc7pjPmHLzMt7dv0

prove or disprove: password is salted.

Salt there is: $1$ZyEFTEke$ (MD5)
PHP Function used: crypt("yourpassword",'$1$ZyEFTEke$');
BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
June 20, 2011, 03:18:47 PM
 #11

You my friend are oblivious to reason.

When people want to believe on something or someone, then no matter what others may tell them, they will stick to the ones their trust. You trust MtGox... nothing I can do about it.
Now, where do you see lack of reasoning there btw?
Clipse
Hero Member
*****
Offline Offline

Activity: 504


View Profile
June 20, 2011, 03:54:16 PM
 #12

You my friend are oblivious to reason.

When people want to believe on something or someone, then no matter what others may tell them, they will stick to the ones their trust. You trust MtGox... nothing I can do about it.
Now, where do you see lack of reasoning there btw?

Where did I say I explicitly trust mtgox? I am simply pointing out how braindead the argument is that you are making this thread to be.

Lets look again, you state that because an account got hacked the value of bitcoin could have been bumped up to where it was by sunday? You honestly think that the trading with stolen coins that occured on sunday have anything to do with the rise of BTC value?

That is why I say, you my friend are oblivious to reason.

...In the land of the stale, the man with one share is king... >> Clipse

We pay miners at 130% PPS | Signup here : Bonus PPS Pool (Please read OP to understand the current process)
BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
June 20, 2011, 04:06:23 PM
 #13

No, my friend, if you think like that then I guess you totally lost my point.

MagicalTux, who runs MtGox, said "2 months ago there were far less complaints about stolen accounts".
This wasn't "one compromised account", this were hundreds or thousands of them for "God knows how long". We can say now that at least by 14th they were already accessing accounts, if the complaints started to raise at MtGox 2 months ago, this could mean the breach is 2 month old and had resulting in this price bubble.

This last attack was just "the finale" or "the heist".
DamienBlack
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 20, 2011, 04:11:28 PM
 #14

They are salted. Except for a few that have been "inactive" for two months.

I trade bitcoin options at https://bitoption.org/ ... Join me.
I play poker at https://betco.in/ ... Join me.
Support the bitcoin economy, what do you do?
Tips: 1NfXhiTFEdKQTdLy49s6DYAP1K7MeFWyao
wumpus
Hero Member
*****
Offline Offline

Activity: 798

No Maps for These Territories


View Profile
June 20, 2011, 04:14:19 PM
 #15

They are salted. Except for a few that have been "inactive" for two months.
+1
It's hard to find people on this forum that are stating facts instead of randomly blabbering, these days.

Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through FileBackup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
mmdough
Member
**
Offline Offline

Activity: 70


WAAAAAHK waahk waahk waahk.


View Profile
June 20, 2011, 04:16:49 PM
 #16

No, my friend, if you think like that then I guess you totally lost my point.

MagicalTux, who runs MtGox, said "2 months ago there were far less complaints about stolen accounts".
This wasn't "one compromised account", this were hundreds or thousands of them for "God knows how long". We can say now that at least by 14th they were already accessing accounts, if the complaints started to raise at MtGox 2 months ago, this could mean the breach is 2 month old and had resulting in this price bubble.

This last attack was just "the finale" or "the heist".

Are you referring to this?

Quote
So far I have 10 known cases of people whose coins were stolen (someone logged in on the account using their password, traded USD for BTC, withdrew all the BTC). Considering we have now over 60000 accounts (2 months ago we had 10 times less), this seems to be a problem coming mainly from users.

Because that's not the same thing.

Maybe he said this elsewhere and I didn't see it.

Alms for apostles: Ds9yPrqaHhRKvN8jcWmam6NN7EiTqAGsk
hawks5999
Full Member
***
Offline Offline

Activity: 168



View Profile WWW
June 20, 2011, 04:19:41 PM
 #17

They are salted. Except for a few that have been "inactive" for two months.
+1
It's hard to find people on this forum that are stating facts instead of randomly blabbering, these days.


Only if you accept the following rule:

"what mtgox says = fact"

I'm not sure I'm willing to give them that at this point...

■ ▄▄▄
■ ███
■ ■  ■               
LEDGER  WALLET    ████
■■■ ORDER NOW! ■■■
              LEDGER WALLET
Smartcard security for your BTCitcoins
■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■
Decentralized. Open. Secure.
BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
June 20, 2011, 04:22:28 PM
 #18

Ok, the new ones are crypt MD5 salted hashes. But 2 months ago they were all plain MD5 unsalted.

Let me try to go more descriptive here, to see if you understand my line of deduction:

Notice there the evolution in the prices 2 months ago:



My theory goes around that by such time MtGox's db was already compromised.
At this point the hacker would start to get pwds and entering some accounts to check its users' activity. Allowing him to sort some dormant accounts with credit. Those with BTC on it were probably just wiped out, those with USD the hacker used it to buy BTC (bringing the price up this way) and later cashed out the BTC resulting from those trades.
Some of those users started to complaint to M'Tux who decided to implement his crypt(pass,salt) function. Up to this point, and up to yesterday M'Tux was most likely believing it was about users' giving away their passwords not his site fault.

Lately the thief tripped some wires or the legit owners checked their accounts making a load of requests to MtGox who came forward and put that thread on the forum. Seeing this, the robber decides to go on his final blow... and here we are.
Clipse
Hero Member
*****
Offline Offline

Activity: 504


View Profile
June 20, 2011, 04:23:32 PM
 #19

What I find amusing tho regarding hacked accounts/exploits etc.

I have been pretty much 24/7 logged in during the whole fiasco, from the first reports of hacked(?) accounts, CSRF exploits and now the database release that all occured during a 7days period and I havnt lost a single dime of my BTC or $ in my mtgox wallet.

I would have been prime candidate if it were all up to the site integrity but I wasnt because it seems to have hit only the absolute dumbstruck retards with passwords such as PAssWORd or a password similar to their username.

...In the land of the stale, the man with one share is king... >> Clipse

We pay miners at 130% PPS | Signup here : Bonus PPS Pool (Please read OP to understand the current process)
DamienBlack
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 20, 2011, 04:26:05 PM
 #20

They are salted. Except for a few that have been "inactive" for two months.
+1
It's hard to find people on this forum that are stating facts instead of randomly blabbering, these days.


Only if you accept the following rule:

"what mtgox says = fact"

I'm not sure I'm willing to give them that at this point...

I'm not trusting mt gox, I have the database. My password is salted. The salt is included in the file. I can use the salt, and my password to get the hash. No trust needed. MD5 is a certain length. All the password are not that length, because they include a salt. All except for about 300 of them, which are unsalted. A rainbow attack on those passwords shows that some of them were insecure. Almost all of them are salted, except for a few. I think this corroborates mt gox's story.

I'm not _sure_ that the handful of unsalted ones are "inactive". But it sounds believable to me. The rest I am sure of. A majority of the passwords are salted. If you have your password on there you can check yourself.

I trade bitcoin options at https://bitoption.org/ ... Join me.
I play poker at https://betco.in/ ... Join me.
Support the bitcoin economy, what do you do?
Tips: 1NfXhiTFEdKQTdLy49s6DYAP1K7MeFWyao
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!