Connecting a few dots

[BCEmporium]

Let's start by this topic:

http://forum.bitcoin.org/index.php?topic=18858.0

Then this:

http://securityforthemasses.blogspot.com/2011/06/mt-gox-db-purportedly-for-sale.html

then we've this:

Password are encrypted one way (+salt). Someone cannot be selling "user + pass" unless he has some way to revert this.

Here's a lie of M'Tux, the pwds aren't salted as we now know.

by 14th someone was already attacking:

06/14/11 15:45   Withdraw BTC   17RT6Ne994VjC762wh7TpXRdrZRMbhJSUC    -20.19   0   0.009   0.059

Strangely M'Tux refers "two months ago", "two months ago" was exactly when BTC started to spike there. This may mean the value of BTC went up not by real trade but because the hacker by finding USD on someone's wallet he would need to convert them to BTC in order to cash out.

The whole story stinks a bit... 

[grue]

got proof that it's not salted?

[BCEmporium]

got proof that it's not salted?

You've the db there...

[Clipse]

Yes you solved the mystery, the only reason btc went up or is valued anything is because of this sundays trading gone wrong.

No seriously these conspiracies are turning out to be more spastic than usefull by the minute.

[grue]

got proof that it's not salted?

You've the db there...

ok
4856,gruez,free.133ch@gmail.com,$1$ZyEFTEke$cWSfcMkc7pjPmHLzMt7dv0

prove or disprove: password is salted.

[BubbleBoy]

Yes they were salted, no that's not gonna protect you if using a ridiculous insecure "pa$$w0rd". I fail to see how a hacker with access to the DB could have created the price bubble.

[coel]

AFAIR most are salted, some are not, which is those that were not accessed for some months and thus were deemed inactive. See current mtgox front page. Didn't check myself, though.

[BCEmporium]

Yes they were salted, no that's not gonna protect you if using a ridiculous insecure "pa$$w0rd". I fail to see how a hacker with access to the DB could have created the price bubble.

Well, after got access to an account with USD in it and to cash out he had to buy BTC, that would bring the prices up, then the market does the rest, by seeing it trending up they follow.

[Clipse]

Yes they were salted, no that's not gonna protect you if using a ridiculous insecure "pa$$w0rd". I fail to see how a hacker with access to the DB could have created the price bubble.

Well, after got access to an account with USD in it and to cash out he had to buy BTC, that would bring the prices up, then the market does the rest, by seeing it trending up they follow.

You my friend are oblivious to reason.

[BCEmporium]

got proof that it's not salted?

You've the db there...

ok
4856,gruez,free.133ch@gmail.com,$1$ZyEFTEke$cWSfcMkc7pjPmHLzMt7dv0

prove or disprove: password is salted.

Salt there is: $1$ZyEFTEke$ (MD5)
PHP Function used: crypt("yourpassword",'$1$ZyEFTEke$');

[BCEmporium]

You my friend are oblivious to reason.

When people want to believe on something or someone, then no matter what others may tell them, they will stick to the ones their trust. You trust MtGox... nothing I can do about it.
Now, where do you see lack of reasoning there btw?

[Clipse]

You my friend are oblivious to reason.

When people want to believe on something or someone, then no matter what others may tell them, they will stick to the ones their trust. You trust MtGox... nothing I can do about it.
Now, where do you see lack of reasoning there btw?

Where did I say I explicitly trust mtgox? I am simply pointing out how braindead the argument is that you are making this thread to be.

Lets look again, you state that because an account got hacked the value of bitcoin could have been bumped up to where it was by sunday? You honestly think that the trading with stolen coins that occured on sunday have anything to do with the rise of BTC value?

That is why I say, you my friend are oblivious to reason.

[BCEmporium]

No, my friend, if you think like that then I guess you totally lost my point.

MagicalTux, who runs MtGox, said "2 months ago there were far less complaints about stolen accounts".
This wasn't "one compromised account", this were hundreds or thousands of them for "God knows how long". We can say now that at least by 14th they were already accessing accounts, if the complaints started to raise at MtGox 2 months ago, this could mean the breach is 2 month old and had resulting in this price bubble.

This last attack was just "the finale" or "the heist".

[DamienBlack]

They are salted. Except for a few that have been "inactive" for two months.

[wumpus]

They are salted. Except for a few that have been "inactive" for two months.

+1
It's hard to find people on this forum that are stating facts instead of randomly blabbering, these days.

[mmdough]

No, my friend, if you think like that then I guess you totally lost my point.

MagicalTux, who runs MtGox, said "2 months ago there were far less complaints about stolen accounts".
This wasn't "one compromised account", this were hundreds or thousands of them for "God knows how long". We can say now that at least by 14th they were already accessing accounts, if the complaints started to raise at MtGox 2 months ago, this could mean the breach is 2 month old and had resulting in this price bubble.

This last attack was just "the finale" or "the heist".

Are you referring to this?

So far I have 10 known cases of people whose coins were stolen (someone logged in on the account using their password, traded USD for BTC, withdrew all the BTC). Considering we have now over 60000 accounts (2 months ago we had 10 times less), this seems to be a problem coming mainly from users.

Because that's not the same thing.

Maybe he said this elsewhere and I didn't see it.

[hawks5999]

They are salted. Except for a few that have been "inactive" for two months.

+1
It's hard to find people on this forum that are stating facts instead of randomly blabbering, these days.

Only if you accept the following rule:

"what mtgox says = fact"

I'm not sure I'm willing to give them that at this point...

[BCEmporium]

Ok, the new ones are crypt MD5 salted hashes. But 2 months ago they were all plain MD5 unsalted.

Let me try to go more descriptive here, to see if you understand my line of deduction:

Notice there the evolution in the prices 2 months ago:



My theory goes around that by such time MtGox's db was already compromised.
At this point the hacker would start to get pwds and entering some accounts to check its users' activity. Allowing him to sort some dormant accounts with credit. Those with BTC on it were probably just wiped out, those with USD the hacker used it to buy BTC (bringing the price up this way) and later cashed out the BTC resulting from those trades.
Some of those users started to complaint to M'Tux who decided to implement his crypt(pass,salt) function. Up to this point, and up to yesterday M'Tux was most likely believing it was about users' giving away their passwords not his site fault.

Lately the thief tripped some wires or the legit owners checked their accounts making a load of requests to MtGox who came forward and put that thread on the forum. Seeing this, the robber decides to go on his final blow... and here we are.

[Clipse]

What I find amusing tho regarding hacked accounts/exploits etc.

I have been pretty much 24/7 logged in during the whole fiasco, from the first reports of hacked(?) accounts, CSRF exploits and now the database release that all occured during a 7days period and I havnt lost a single dime of my BTC or $ in my mtgox wallet.

I would have been prime candidate if it were all up to the site integrity but I wasnt because it seems to have hit only the absolute dumbstruck retards with passwords such as PAssWORd or a password similar to their username.

[DamienBlack]

They are salted. Except for a few that have been "inactive" for two months.

+1
It's hard to find people on this forum that are stating facts instead of randomly blabbering, these days.

Only if you accept the following rule:

"what mtgox says = fact"

I'm not sure I'm willing to give them that at this point...

I'm not trusting mt gox, I have the database. My password is salted. The salt is included in the file. I can use the salt, and my password to get the hash. No trust needed. MD5 is a certain length. All the password are not that length, because they include a salt. All except for about 300 of them, which are unsalted. A rainbow attack on those passwords shows that some of them were insecure. Almost all of them are salted, except for a few. I think this corroborates mt gox's story.

I'm not _sure_ that the handful of unsalted ones are "inactive". But it sounds believable to me. The rest I am sure of. A majority of the passwords are salted. If you have your password on there you can check yourself.