Bitcoin Forum
January 21, 2019, 04:32:24 AM *
News: Latest Bitcoin Core release: 0.17.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Clarification as to the Reason why the Forum was down for ~5 Days  (Read 991 times)
ForceField
aka Vitaliy
Sr. Member
****
Offline Offline

Activity: 388
Merit: 250



View Profile
October 07, 2013, 04:36:51 AM
Last edit: October 07, 2013, 04:48:45 AM by ForceField
 #1

Theymos, it would be nice to hear an update as to:

1) Why it took this long of downtime to identify and fix the problem and what steps were needed to address all of the issues?

2) What protection have you implemented (or plan to implement) to prevent further such attacks in the future?

3) If, as you mentioned in the Reddit thread, the hack was caused by a vulnerability in the news section of this website, then maybe it would be better to remove the news section entirely?

I am glad that the BitcoinTalk forum is back up and I am sure that I was not the only one suffering while it was unavailable.


Also this was the email I received on 10/3/2013 after the forum was offline:
Subject: Bitcoin Forum Compromised
Quote
-----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA256

 Unfortunately, it was recently discovered that the Bitcoin Forum's server
 was compromised. It is currently believed that the attacker(s) *could* have
 accessed the database, but at this time it is unknown whether they actually did
 so. If they accessed the database, they would have had access to all
 personal messages, emails, and password hashes. To be safe, it is
 recommended that all Bitcoin Forum users consider any password used
 on the Bitcoin Forum in 2013 to be insecure: if you used this
 password on a different site, change it. When the Bitcoin Forum
 returns, change your password.

 Passwords on the Bitcoin Forum are hashed with 7500 rounds of
 sha256crypt. This is very strong. It may take years for
 reasonably-strong passwords to be cracked. Even so, it is best to
 assume that the attacker will be able to crack your passwords.

 The Bitcoin Forum will return within the next several days after a
 full investigation has been conducted and we are sure that this
 problem cannot recur.

 Check http://www.reddit.com/r/Bitcoin/ and #bitcoin on Freenode for
 more info as it develops.

 We apologize for the inconvenience.

 -----BEGIN PGP SIGNATURE-----

 iF4EAREIAAYFAlJNCE8ACgkQxlVWk9q1kecABgD9H5sbb0DopdLsODAmv6LWmIaW
 kgfyYTlh8GezYbYx7c8A/iTh0/DCwaXuNKK/qUWpewR/L6HEOuAqa/ML1D+K9mZc
 =1NYs
 -----END PGP SIGNATURE-----

PC Hardware & Electronics For BTC     Traded w/: Kansattica | jduck1987 | shakaru | newdude | nitetrader | midievil | blo8i | mb300sd | juggalodarkclow | Garr255 | Tril | Ringmasta | SysRun | CrazyBlane | sokay | BCB | str4wm4n | PinkBatman | Bitobsessed | matauc12 | antimattercrusader | BryanK
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1548045144
Hero Member
*
Offline Offline

Posts: 1548045144

View Profile Personal Message (Offline)

Ignore
1548045144
Reply with quote  #2

1548045144
Report to moderator
DPoS
Sr. Member
****
Offline Offline

Activity: 462
Merit: 250



View Profile
October 07, 2013, 04:51:22 AM
 #2

I am sure that I was not the only one suffering while it was unavailable.


lulz troll withdrawal is a terrible thing!!

~~BTC~~GAMBIT~~BTC~~Play Boardgames for Bitcoins!!~~BTC~~GAMBIT~~BTC~~ Something I say help? Donate BTC! 1KN1K1xStzsgfYxdArSX4PEjFfcLEuYhid
gweedo
Legendary
*
Offline Offline

Activity: 1246
Merit: 1000


Java, PHP, HTML/CSS Programmer for Hire!


View Profile WWW
October 07, 2013, 05:03:36 AM
 #3

From the information this is what I am pretty certain the answers are...

1) Why it took this long of downtime to identify and fix the problem and what steps were needed to address all of the issues?

Cause theymos wanted to be 100% sure he had the right bug that allowed the hack. I personal rather have a long downtime than get a virius or malware from this board or even have my login stolen.

2) What protection have you implemented (or plan to implement) to prevent further such attacks in the future?

Can't really plan for future hacks if you don't know the vulnerables yet, some people pen test the boards and report the bugs so he can fix them.

3) If, as you mentioned in the Reddit thread, the hack was caused by a vulnerability in the news section of this website, then maybe it would be better to remove the news section entirely?

No then how will we know of new releases or important information.

Want to earn 2500 SATOSHIS per hour? Come Chat and Chill in https://goseemybits.com/lobby
favdesu
Legendary
*
Offline Offline

Activity: 1652
Merit: 1000



View Profile WWW
October 07, 2013, 05:05:48 AM
 #4

maybe a global "change your password" message would be helpful

Tomatocage
Legendary
*
Offline Offline

Activity: 1540
Merit: 1168

brb keeping up with the Kardashians


View Profile
October 07, 2013, 05:10:54 AM
 #5

maybe a global "change your password" message would be helpful

The news banner is probably disabled since it's suspect in whatever attack vector the hax0r used.

Recommended Exchanges: Binance.com | Altcoin.io
GPG ID: 4880D85C | 1% Escrow | 8% IPO/ICO Escrow services Temporarily Closed | Bitcointalk is the ONLY place where I use this name (No Skype/IRC/YIM/AIM/etc) | 13CsmTqGNwvFXb7tD9yFvJcEYCDTB8wQTS | Beware of these SCAM sites! | *Sponsored Link
DPoS
Sr. Member
****
Offline Offline

Activity: 462
Merit: 250



View Profile
October 07, 2013, 05:14:43 AM
 #6

maybe a global "change your password" message would be helpful

if they can use people's passwords then it would be too late anyway..  you know they would be on watch for the board to be back up before 99% of the users would know

~~BTC~~GAMBIT~~BTC~~Play Boardgames for Bitcoins!!~~BTC~~GAMBIT~~BTC~~ Something I say help? Donate BTC! 1KN1K1xStzsgfYxdArSX4PEjFfcLEuYhid
Maged
Legendary
*
Offline Offline

Activity: 1260
Merit: 1006


View Profile
October 07, 2013, 05:20:39 AM
 #7

maybe a global "change your password" message would be helpful

if they can use people's passwords then it would be too late anyway..  you know they would be on watch for the board to be back up before 99% of the users would know
Not really. It will take awhile to crack the passwords, so they would start with the high-value targets.

That being said, it's not worse than before. For the last several months, the hackers had access to any account they pleased.

MrHempstock
Full Member
***
Offline Offline

Activity: 140
Merit: 100


"Don't worry. My career died after Batman, too."


View Profile
October 07, 2013, 05:37:14 AM
 #8



That being said, it's not worse than before. For the last several months, the hackers had access to any account they pleased.

Since 2011.

BTCitcointalk 1%ers manipulate the currency and deceive its user community.
Maged
Legendary
*
Offline Offline

Activity: 1260
Merit: 1006


View Profile
October 07, 2013, 05:38:10 AM
 #9



That being said, it's not worse than before. For the last several months, the hackers had access to any account they pleased.

Since 2011.
Some of us were still out of the loop  Undecided

MrHempstock
Full Member
***
Offline Offline

Activity: 140
Merit: 100


"Don't worry. My career died after Batman, too."


View Profile
October 07, 2013, 05:47:24 AM
 #10

No worries!

But that is a much longer time to tackle those PWs. Finally a reason to be glad I'm not one of the BTC-laden early adopters (target)

BTCitcointalk 1%ers manipulate the currency and deceive its user community.
BorderBits
Sr. Member
****
Offline Offline

Activity: 275
Merit: 250


View Profile
October 07, 2013, 06:04:04 AM
 #11

It was the same person who did the CosbyCoin hack and they used the same exploit. . lol!  Guaranteed it will happen again, too.  What exactly has Theymos done with the tens of thousands of dollars donated to this forum?? ? ? ?
bitspill
Legendary
*
Offline Offline

Activity: 1834
Merit: 1006



View Profile
October 07, 2013, 06:08:33 AM
 #12

maybe a global "change your password" message would be helpful

The news banner is probably disabled since it's suspect in whatever attack vector the hax0r used.
But it's not
Quote
News: Change your forum password

{ BitSpill }
Pages: [1]
  Print  
 
Jump to:  

Bitcointalk.org is not available or authorized for sale. Do not believe any fake listings.
Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!