QuantPlus
|
|
September 16, 2013, 08:11:18 PM |
|
It's hard to trust a site that can go into your account and look at your password. This is irresponsible coding. He needs to answer for this. Why are you stealing Account info Real solid??
You made me laugh!!! Thanks for that! You think you are safe on BTC-E?! Think again... My friend had about 800 ltc stolen from BTC-E, and he had unique pass & 2FA enabled! MCX is by far best and safest exchange out there... Is it perfect?! Maybe not, but it is far superior than others... MCX did 1500 BTC in volume last 24 hours = $200,000... that is just the beginning... That's maybe 5 times what Ripple is doing after 6 freaking months. Nobody is gonna fuck with passwords with a $10,000,000+ business on the line, baby.
|
|
|
|
Zyl
Newbie
Offline
Activity: 33
Merit: 0
|
|
September 16, 2013, 11:51:05 PM |
|
The lack of hashed passwords is the end of mcxNow, 100% of all trust permanently gone. Total stupidity and irresponsibility on Realsolid's part. This guy is an amateur. I have withdrawn all funds and I will never use the exchange again.
He was even posting user's passwords into public chat, asking where have you used this password before?
|
|
|
|
smoothie
Legendary
Offline
Activity: 2492
Merit: 1473
LEALANA Bitcoin Grim Reaper
|
|
September 17, 2013, 12:04:32 AM |
|
The lack of hashed passwords is the end of mcxNow, 100% of all trust permanently gone. Total stupidity and irresponsibility on Realsolid's part. This guy is an amateur. I have withdrawn all funds and I will never use the exchange again.
He was even posting user's passwords into public chat, asking where have you used this password before?
Have any screenshots of that?
|
███████████████████████████████████████
,╓p@@███████@╗╖, ,p████████████████████N, d█████████████████████████b d██████████████████████████████æ ,████²█████████████████████████████, ,█████ ╙████████████████████╨ █████y ██████ `████████████████` ██████ ║██████ Ñ███████████` ███████ ███████ ╩██████Ñ ███████ ███████ ▐▄ ²██╩ a▌ ███████ ╢██████ ▐▓█▄ ▄█▓▌ ███████ ██████ ▐▓▓▓▓▌, ▄█▓▓▓▌ ██████─ ▐▓▓▓▓▓▓█,,▄▓▓▓▓▓▓▌ ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▌ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓─ ²▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓╩ ▀▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀ ²▀▀▓▓▓▓▓▓▓▓▓▓▓▓▀▀` ²²² ███████████████████████████████████████
| . ★☆ WWW.LEALANA.COM My PGP fingerprint is A764D833. History of Monero development Visualization ★☆ . LEALANA BITCOIN GRIM REAPER SILVER COINS. |
|
|
|
flound1129
|
|
September 17, 2013, 12:06:50 AM |
|
If you are using MCXnow, be very careful! RealSolid and his cronies has access to all your password. This came directly from his mouth in chat.
So If you have an account there make sure you withdraw those coins soon. RealSolid has access to every single account's password.
Change your BTCE and other passwords to protect yourself against RealSolid and his crew.
Ask him yourself, this is from his own mouth. He's not to be trusted.
Why in the fuck would you use a non-unique password on any bitcoin site?
|
Multipool - Always mine the most profitable coin - Scrypt, X11 or SHA-256!
|
|
|
TheFuneral
|
|
September 17, 2013, 12:12:42 AM |
|
If you are using MCXnow, be very careful! RealSolid and his cronies has access to all your password. This came directly from his mouth in chat.
So If you have an account there make sure you withdraw those coins soon. RealSolid has access to every single account's password.
Change your BTCE and other passwords to protect yourself against RealSolid and his crew.
Ask him yourself, this is from his own mouth. He's not to be trusted.
do you know how computers work?
|
|
|
|
mechs
|
|
September 17, 2013, 12:14:43 AM |
|
If you are using MCXnow, be very careful! RealSolid and his cronies has access to all your password. This came directly from his mouth in chat.
So If you have an account there make sure you withdraw those coins soon. RealSolid has access to every single account's password.
Change your BTCE and other passwords to protect yourself against RealSolid and his crew.
Ask him yourself, this is from his own mouth. He's not to be trusted.
Why in the fuck would you use a non-unique password on any bitcoin site? Exactly!
|
|
|
|
Zyl
Newbie
Offline
Activity: 33
Merit: 0
|
|
September 17, 2013, 12:16:10 AM |
|
Have any screenshots of that?
I didn't think of it at the time. Go on chat and ask other users, they will remember. Or request a chat log from RS for security reasons. "Realsolid: Soandso, what other sites have you used password garbanzobunk on?" Almost identical words to that, I don't remember their exact password though.
|
|
|
|
shakezula
|
|
September 17, 2013, 12:22:21 AM |
|
Have any screenshots of that?
I didn't think of it at the time. Go on chat and ask other users, they will remember. "Realsolid: Soandso, what other sites have you used password garbanzobunk on?" Almost identical words to that, I don't remember their exact password though. As someone who was there lurking when this happened, I'd like to offer a bit of context (though I have no screenshots). The question was posed, "What site did the leaked passswords come from?" The answer from RS was something to the effect of, "We're not sure, so check your security log and it will say something like 'Failed attempt to login using Garb******' " (using your example as I don't recall it verbatim either) The conversation then went back and forth and it was mentioned multiple times that the passwords being attempted could be seen by the admin and consequently by users logging in (but only the first 4 letters and ****s). The group was making an effort using the passwords to try and determine which site the leaked database may have come from. These were NOT mcxNOW passwords, rather they were the passwords which were tried against mcxNOW. I agree 110% that having unsalted plain text passwords on ANY site with $$ involved is MORONIC. However, I also agree that if you're dim enough to use a password that's not unique on ANY site with $$ involved you're asking for trouble. I'm not condoning nor defending RS or mcxNOW's site, I just thought for vitriol's sake I'd share. I don't see how its anyone but the user's fault if their passwords are the same; then again the troll box isn't really the best place to ctrl+v any passwords whatsoever.
|
|
|
|
Zyl
Newbie
Offline
Activity: 33
Merit: 0
|
|
September 17, 2013, 12:27:39 AM |
|
The answer from RS was something to the effect of, "We're not sure, so check your security log and it will say something like 'Failed attempt to login using Garb******' " (using your example as I don't recall it verbatim either)
He posted their full password, with no ******'s. The ***'s is a recent thing he switched over to today only. You may have been lurking for a different conversation than the one I refer to. Other people who were there will remember. One password was like monkeynuts or something. But I can't remember exactly.
|
|
|
|
drummerjdb666
|
|
September 17, 2013, 12:35:55 AM |
|
The answer from RS was something to the effect of, "We're not sure, so check your security log and it will say something like 'Failed attempt to login using Garb******' " (using your example as I don't recall it verbatim either)
He posted their full password, with no ******'s. The ***'s is a recent thing he switched over to today only. You may have been lurking for a different conversation than the one I refer to. Other people who were there will remember. One password was like monkeynuts or something. But I can't remember exactly. This thread is getting out of hand with the goddamn FUD omg! And I remember that he said WTF!!! "Somebody's password was their username" he never posted the password. You guys are just upset because volume at btce is lacking because of the mcx update! get the fuck over it!!!
|
|
|
|
Zyl
Newbie
Offline
Activity: 33
Merit: 0
|
|
September 17, 2013, 12:37:46 AM |
|
This thread is getting out of hand with the goddamn FUD omg! And I remember that he said WTF!!! "Somebody's password was their username" he never posted the password.
You guys are just upset because volume at btce is lacking because of the mcx update! get the fuck over it!!!
Absolutely false. You are not being truthful. For example, he asked a user whose password was COMPLETELY UNRELATED to their chat username, about their full plaintext password. Somebody else will verify this.
|
|
|
|
FrigidWinter
Newbie
Offline
Activity: 53
Merit: 0
|
|
September 17, 2013, 12:46:49 AM |
|
This thread is getting out of hand with the goddamn FUD omg! And I remember that he said WTF!!! "Somebody's password was their username" he never posted the password.
You guys are just upset because volume at btce is lacking because of the mcx update! get the fuck over it!!!
Absolutely false. You are not being truthful. For example, he asked a user whose password was COMPLETELY UNRELATED to their chat username, about their full plaintext password. Somebody else will verify this. Cant 100% Verify that But he admitted to entering the usernames/passwords of users at other sites to attempt to gain access. Whether or not it was to find the leak its a questionable practice
|
|
|
|
Zyl
Newbie
Offline
Activity: 33
Merit: 0
|
|
September 17, 2013, 12:47:52 AM |
|
I was there. You were not.
Ask realsolid for a chat log of yesterday. Or ask somebody who is using the API and possibly has a local log.
|
|
|
|
yyshowku
Newbie
Offline
Activity: 20
Merit: 0
|
|
September 17, 2013, 01:20:19 AM |
|
oh mg. thank your message.
|
|
|
|
JCaferJr
Member
Offline
Activity: 67
Merit: 10
|
|
September 17, 2013, 01:21:16 AM |
|
Zyl - Since your leaving mcxNOW, I'll take your mcxFEE shares! ;o)
|
|
|
|
sega01
|
|
September 17, 2013, 01:34:09 AM |
|
I thought I'd chime in here.
#7 rule of the internet: Use unique passwords for anything remotely important. Especially places where you hold money. If you follow this rule, these claims are irrelevant to you.
Secondly, I'm not even sure if this is correct. As a developer, I have a bit of a conundrum over whether I would do this or not. Generally, I prefer simpler code, and plaintext is as simple as you can get for passwords. While it may put the users at risk if something is compromised, I would rather tell my users that they *must* use a unique password and let them deal with the consequences if they do not.
And off topic, MCXNow is an awesome exchange in my opinion.
|
|
|
|
Duffer1
|
|
September 17, 2013, 01:50:08 AM |
|
Pure lies. All of it except for the unsalted passwords. Alex has created several of these threads for some reason. He uses several socks to bump them. All of it is complete bullshit.
Last night an unknown site was compromised. Someone was trying the DB of username/passwords against mcxNOW accounts. After 1 theft of B was verified the site immediately went into lockdown to prevent other nubs who didn't use unique passwords from losing their money as well.
|
|
|
|
Etlase2
|
|
September 17, 2013, 01:52:15 AM |
|
Which is why the web is not a good platform for important applications like financial apps.
Better would be client-side encryption where the server does not ever see your keys, like Open Transactions uses for example.
-MarkM-
I remember someone working on something like this for BTC. Something that ran locally in your browser, but interfaced with a remote site. Maybe I'm misremembering about exactly what it did, but I remember thinking it was pretty cool. dunno what became of it though.
|
|
|
|
Alex P (OP)
Member
Offline
Activity: 97
Merit: 10
|
|
September 17, 2013, 02:16:18 AM |
|
Don't blame me for reporting the truth. All the information I post is true. And I am pointing these things out because I am a reporter in my normal job and this type of thing is something people want to know! So if it's false then prove it. But out of his own mouth, Realsolid can see each and every one of our passwords. Stick to the facts. Pure lies. All of it except for the unsalted passwords. Alex has created several of these threads for some reason. He uses several socks to bump them. All of it is complete bullshit.
Last night an unknown site was compromised. Someone was trying the DB of username/passwords against mcxNOW accounts. After 1 theft of B was verified the site immediately went into lockdown to prevent other nubs who didn't use unique passwords from losing their money as well.
|
|
|
|
MarpleTrading
|
|
September 17, 2013, 05:52:37 AM |
|
Don't blame me for reporting the truth. All the information I post is true. And I am pointing these things out because I am a reporter in my normal job and this type of thing is something people want to know! So if it's false then prove it. But out of his own mouth, Realsolid can see each and every one of our passwords. Stick to the facts. Pure lies. All of it except for the unsalted passwords. Alex has created several of these threads for some reason. He uses several socks to bump them. All of it is complete bullshit.
Last night an unknown site was compromised. Someone was trying the DB of username/passwords against mcxNOW accounts. After 1 theft of B was verified the site immediately went into lockdown to prevent other nubs who didn't use unique passwords from losing their money as well.
Then you are a reporter the world does not need. Go find scandals that really are abuses, not things every site admin can do if he chooses so. You are only reporting this with the sole purpose of discrediting RealSolid. Why are you sol jealous>
|
|
|
|
|