Bitcoin Forum
December 13, 2017, 02:03:42 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: whiskers75 Hacked  (Read 2016 times)
peapodamus
Jr. Member
*
Offline Offline

Activity: 43


Brony FTW!


View Profile
October 31, 2013, 04:21:32 PM
 #1

Just a quick note: the account `whiskers75` was recently hacked along with his chat site. Please do not trust or trade with this member until everything is resolved. Will update with proof when I have it.

EDIT: Got GPG proof, this is signed with his known GPG key:
Code:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The Bitcointalk account whiskers75 was hacked. Please could theymos help recover it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBAgAGBQJScoTLAAoJEPr4nLkydqH8eTYP/AjQePLFApX3nov1fdLj3IhM
geadgGC7DDqXcHUOb2isEZOLhdp9iav/G28qFu6s2nFPXL4vdZkfitL8mgONk49I
y2VTZ/v3V1H3XTZWUMDl/ezcHqOAq2Q8xzSw11iZsVdy8JndFcflVhgQADZ1qZeF
kVlRO4KlsGkkvlRXa++FDPu6xpVfu0CWOyIuPU1K4SFWCdUPmqk3d8Y8uE59cPNc
jrAj8EAqTaBqUxqXViDypPj/ix4G0AxRS7z5+EqrWI/V72/c2r+h0NgAxRjs/VLs
Q7IVPOYx2EJXu3fbA6obZUP+iMMKQscF374swwIaIwV0i4vzBRofHDdCQ4TDMX9L
x1WbHxWvS0FiWt0Qf6V2CCZN/YZdrl1w2LTi9WUMXLCtDnYweIuDfCvsL9oX1SXD
r+o1KwlqVJOznFViiYCK9A8u9+5lRyiXo4tQyZ33Ze66u7ufCCtQJw3v8j2ZEi6w
HbThYgQm9vaUsiVwWr4hQOUKbACt/nNxgNVs5ZOG44Aks4xSZ+550rbu/qTWhTcs
JQo3VGEMT8LONtf9EeGczTI8K4rWeKWjzY8OEe1Ptwg7yxS3i3jcFXYRr33pInRt
oXrtjy4qOguaF7ZieifwHNi1t1Xcn69hUIwwE3SnhFP9z0e6JDnMgYif1/6mTFmb
pyWDHQf/nC5/PoMZw5b+
=iE8P
-----END PGP SIGNATURE-----

Hi.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513130622
Hero Member
*
Offline Offline

Posts: 1513130622

View Profile Personal Message (Offline)

Ignore
1513130622
Reply with quote  #2

1513130622
Report to moderator
1513130622
Hero Member
*
Offline Offline

Posts: 1513130622

View Profile Personal Message (Offline)

Ignore
1513130622
Reply with quote  #2

1513130622
Report to moderator
Boelens
Hero Member
*****
Offline Offline

Activity: 672



View Profile
October 31, 2013, 04:50:52 PM
 #2

Confirmed.
DiamondCardz
Legendary
*
Offline Offline

Activity: 1050

A plague on both your houses.


View Profile
October 31, 2013, 05:11:05 PM
 #3

Mhmm. Confirmed.
BadBear
v2.0
Legendary
*
Offline Offline

Activity: 1652



View Profile WWW
October 31, 2013, 05:12:56 PM
 #4

Banned the account until one of the admins get it sorted.

1Kz25jm6pjNTaz8bFezEYUeBYfEtpjuKRG | PGP: B5797C4F

Tired of annoying signature ads? Ad block for signatures
theymos
Administrator
Legendary
*
Offline Offline

Activity: 2870


View Profile
October 31, 2013, 09:37:58 PM
 #5

Have him sign a message with 1whiskrpGeZVd5ormX2ihifc9uB2YSz82 or some other address associated with the account.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
dexX7
Legendary
*
Offline Offline

Activity: 1064



View Profile WWW
November 01, 2013, 03:18:19 AM
 #6

Have him sign a message with 1whiskrpGeZVd5ormX2ihifc9uB2YSz82 or some other address associated with the account.

He created back then a locked thread with his GPG key:

https://bitcointalk.org/index.php?topic=291161.msg3115725#msg3115725

Quote from: whiskers75
Below is my current PGP key.
Code:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.4
Comment: Hostname: keyserver.ubuntu.com

mQINBFHjrhEBEADOWCfdFQXFtZOI0LOZ/ENlhnsRLNe24wQwxYpwSoj1ouqYkm8PT0m8euEG
VaIrY6i4FRrYNGk0WG1ZNLBZyrEbbLBnKxpepyZhg0ZQ/nMRS5TfwL6eGiVz6GtZTwU9s1Dg
FrItOUD7xHcAiT+13vnDPVNIyi/TLE7iBg1Du4p4hSR0IelF/ZjTF0RDqrSl2yDBKhmvDRc9
psC57ARIryYomzz/sDeNpvRIIsrbJO+9yd1hV2pnDRILQ3rey9h9SaIljapalvvHpp4GwIOm
JKHwf6DEjeeGt+EDewisy7AK3pyPHge5LxIOdiEyYQOJSsXSb5uznt326dRtI2RwkJ+cLDDr
oGw3/R3dDxT4Axdy4uDfOJkRoPgYinWL5FVoRnd6u7rV88EAoBCxyrB2zTXtVCit/h6OCRbD
C8tkfAyMiP7t8MaD+2DFeyeamX4NxufjrkRZNdw3Tu1q01k9Hicsmv9gY0uk3t5MNRLUuNZt
eiRbGJg+i/w6acFlifRMjehDa5wi/qtRlHTjGznJtJHul4bisKCMh2U35wPKVhW0COQa1yaT
B2++20choI4dytTgTd86myhAWeOWasRfWJMGe0PmM48+G4b0Eb+KAOmzsNqoXI9GIWQlxfpc
dOeHpYI2m8XCJ63jVEsbqZPdg73MFR7vH8sQKsJZ6BqtJwrYFwARAQABtDZ3aGlza2Vyczc1
IChnaXRodWIuY29tL3doaXNrZXJzNzUpIDx3aGlza2Vyczc1QG1lLmNvbT6JAjgEEwECACIF
AlHjrhECGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEPr4nLkydqH8LDAQAJBcqTDY
tZT39resgnZOvGI7fuGU0fgGMzUOBh+NC/UHgQBg7TKgca2w7zAujvkLMod/4Ii+IQybAx5t
whN2bUm/P/mDyLHBtvqwWFw8v0g2JCp8MkorAt8JZKIcMci97JKhmzGM3kYouWjpS1AjUPDY
yoPQs+nGNFzBwzTrmMUKebA+8mzawhjJOkVi7/kHgNp3MSnO4sUXbeENjiUTKgztjrP0UvdR
XyU1IuJ2hisDZdykR7uyJ3qzvxfbQfBRaZUNkfVGwIApfk9fW89RUMoSq/fLGNYOVLZV44Fr
RXOZMPJjAtPiiO6UTjY06dD6z0SvvyA5h32BCJpvHXmZlRbef5+CzlYySuv2adDRWl5KRgKp
c5NBGCMxODx/2SHFW7B9XcWxTi8dlLRF3tvd3rnxTPI45vLFCpsfLD852kzQ/q9gISBYzw0A
Z+LBxyhQgAKesW0JMpPa6H7r1ERDtYihcLMtsGQnpWHkOIiw9gFAp6rn354W12UFAG10G7mZ
4xNAegX9YTTv9aY3+M0Rhvtf5/90hLTvsd8r2nCa7xfyS/ZUe3BMNEkTjtxbUUw6F/EcJ/Km
6qA2ajKknpQQ05U7Qpds7n8IKtiRQf2o+6msKeZSCI1JyT0sDdZof63BUKzrzCkkSiKJVLzm
x/eo2wFCpsTCw4R9eCHTqtwVqrO8uQINBFHjrhEBEADMvNnY2zogPHu2WEHtF8/n94ciYUhw
Ey7K7321m5nWSDvFXYa8w0LWzUk8D5CvjaLbaSJigDf6IhHwuzLqNxxP0Hx40J49VSUWCxDs
No6GAqvZwwrvs3x7FEUTZ69Vj2+T+9TFkyxr75pDjCA5FekbzoHvbtKCemv0eDxPIxuLuRS9
BT+1QZ8aWBerkbd5k/0McCI8xzWWkRik4Y33iw28g5lm/kT97hRvWbOF8G+picEoaahYutZe
Rq0TIRTZBySta4CgzrkodRt36GRwvFHPeajpfqhRotQMNTkbmORn4JRZA6LdgFy5whj730Ud
ObNDYBDoyWMWivXqqDIxZOXRK+7Bw5pJmo6k/bmJEC/OsoAbCXeLZADO301VSeuHYVX4tGFg
sMZ3YRbWOP9NWd1O+2k1K8aXK8NRsejOwGgGxvtt4nz/ue70nTb8/FAQB2rXKa+mfTNapFvc
kvHYihQ+U4AkJ/oOlszqViP51w3T0MktBOzAMCo9fPZiEpheVMsohyEEPLjEbM/Yd9HS8Cgj
RyDMa/xwxJbw7PxFCZfQWMb12+M1qSSISB3lDRx/NyuFIJl9o/Ob/8D2f5ENznqdSzN5XjA9
N4rrcp7iakCTwN6ukm1DBNMLs9iFBs20Qxp0POVzV8LWh0oKcpqmPA9zaivc5s0Ctl120S6A
gjylzQARAQABiQIfBBgBAgAJBQJR464RAhsMAAoJEPr4nLkydqH840EQAKk5h9Dlne+tztuo
MMsfVh+4vpDKJdW+MOqLOKPTP9a8vyZ0mLXHMRtvQhbG0EkNT2jsyXjtIWKWqjJFqASgcQ9x
HumrfYHkh5Zbgdym1+Wmbokazxm7XWK3iT1iBvcmc7Rl5wYRT83LntJNEnh4fY9RXlHCimS6
TJyW7FkvwuCK1z6sd4l54ae4mjqf1NH/xWlsUphttKe33UuOIwBjKCRuf3hfKzsR5PO98Dcc
nr1aAFCw6FfDiDZ+bWNHkBQ1noUq3/2dGmBFwJxxqjxz849B65aht8vWs+j+36Un0DlvyfK6
Pw4P2OycfOhAg0pmkN0nGT48XfnsDI46JAdKKeONCWoEChUVAjgqsEpwD8/Sd25R66DtsREB
TNanHx0Lnkxv5AwsA4XC4Ryx4QTabD+j0ZBTxnAI231ggNFi4YYe+S1hBmBk5boQnjNWMpIw
FpHnwDt2jpdAax+/a7lHWeZpXWoiAeUbzuNO0bzBYJCVgHLu1PeksGj25nRLkonbuoiuiTm9
gK3X1FtOlu1TLHt+S53kVcOOsIHnedHihgzTf/SdSPmqs6sgHCK9nn9zkk4OhYqO71osLyDL
bu7V25Fq4IUFmOhuRtHLh2YubTkijGPpdO/YDwPqxKuvbMn+sUfbNnGm5lvFphfy+OWm7PF7
s56qMoV4AyDYqSIZKLAw
=xrj/
-----END PGP PUBLIC KEY BLOCK-----

theymos
Administrator
Legendary
*
Offline Offline

Activity: 2870


View Profile
November 01, 2013, 03:50:38 AM
 #7

OK, have him send me (signed) the email address I should use for the account. He can then use the forgotten password feature.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
Boelens
Hero Member
*****
Offline Offline

Activity: 672



View Profile
November 01, 2013, 08:28:29 AM
 #8

OK, have him send me (signed) the email address I should use for the account. He can then use the forgotten password feature.

Theymos, I believe you own this website.

As new users, do we have to worry about account security? Why are individual accounts being hacked?

What purpose would it serve to hack user accounts of an online forum?

Thank you.

- Safvan Malik

The forum database wasn't compromised. There was a site he owned and that database got compromised, his password probably got compromised too, maybe from the database, a virus, etc. But none of it was due to a security leak in the forums.
TradeFortress
VIP
Legendary
*
Offline Offline

Activity: 910


View Profile
November 01, 2013, 09:01:09 AM
 #9

How was whiskers & whiskchat hacked?
Bullionado
Newbie
*
Offline Offline

Activity: 24


View Profile
November 01, 2013, 09:46:02 AM
 #10

OK, have him send me (signed) the email address I should use for the account. He can then use the forgotten password feature.

Theymos, I believe you own this website.

As new users, do we have to worry about account security? Why are individual accounts being hacked?

What purpose would it serve to hack user accounts of an online forum?

Thank you.

- Safvan Malik

The forum database wasn't compromised. There was a site he owned and that database got compromised, his password probably got compromised too, maybe from the database, a virus, etc. But none of it was due to a security leak in the forums.

Right. Thank you.
r3wt
Hero Member
*****
Offline Offline

Activity: 686


always the student, never the master.


View Profile
November 01, 2013, 09:48:17 AM
 #11

How was whiskers & whiskchat hacked?

kind of ironic we were all there last night. i'll just go ahead and say it wasn't I. must have been someone who was mad at him.
* r3wt casts glare at tradefortress  Cheesy

My negative trust rating is reflective of a personal vendetta by someone on default trust.
DiamondCardz
Legendary
*
Offline Offline

Activity: 1050

A plague on both your houses.


View Profile
November 01, 2013, 12:06:05 PM
 #12

How was whiskers & whiskchat hacked?

Probably his password or account was compromised and that probably led to the database being compromised. I did hear something about an old hotmail account, but that's about it.
theymos
Administrator
Legendary
*
Offline Offline

Activity: 2870


View Profile
November 01, 2013, 01:05:55 PM
 #13

Whoever owns your account email owns your account. So you should be careful about using non-existent webmail accounts, mailinator-type sites, etc.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
r3wt
Hero Member
*****
Offline Offline

Activity: 686


always the student, never the master.


View Profile
November 01, 2013, 03:14:38 PM
 #14

Whoever owns your account email owns your account. So you should be careful about using non-existent webmail accounts, mailinator-type sites, etc.

It just keeps getting better. look what i found in my email

Code:
We have come accross your personal information on the internet located at http://pastebin.com/raw.php?i=d1Wafvab. Someone may have stolen this information and posted it online. We are in no way affiliated with the stealing or posting of the information. As a public service, we let you know when your information is posted online and stolen so that you can minimize the damage.

If you need any additional help removing your information please contact us at info@defendmyid.org.

Thank you,
Jim
DefendMyId.org

That paste contains every username and password of whiskchat, including mine.

My negative trust rating is reflective of a personal vendetta by someone on default trust.
ekiro
Member
**
Offline Offline

Activity: 112


View Profile
November 02, 2013, 11:47:49 AM
 #15

I wonder how often this forum gets it's servers violated unknowingly.
anonameous
Jr. Member
*
Offline Offline

Activity: 48


View Profile
November 02, 2013, 10:10:00 PM
 #16

Whoever owns your account email owns your account. So you should be careful about using non-existent webmail accounts, mailinator-type sites, etc.

I think you nailed it.

A while ago, I remember WhiskChat's inputs.io account used a disposable yopmail.com email that I was able to access...although it wasn't much use as if I remember correctly you cannot reset password by email using inputs.io. I also remember Whiskers used at least one other disposable email account for other purposes too. I'm assuming this is how his website and forum account were compromised.

On a related note during my "security audit" I noticed there was also an IP filter on inputs.io. I found out that it can be circumvented by tricking the account owner into visiting a site with some simple JS that takes advantage of an old DNS rebinding attack and allows me to essentially use their browser as a proxy to access inputs.io or any other website of my choosing.
TradeFortress
VIP
Legendary
*
Offline Offline

Activity: 910


View Profile
November 03, 2013, 01:14:39 AM
 #17

On a related note during my "security audit" I noticed there was also an IP filter on inputs.io. I found out that it can be circumvented by tricking the account owner into visiting a site with some simple JS that takes advantage of an old DNS rebinding attack and allows me to essentially use their browser as a proxy to access inputs.io or any other website of my choosing.
Thanks for the report, this has been patched Smiley
anonameous
Jr. Member
*
Offline Offline

Activity: 48


View Profile
November 03, 2013, 05:14:17 AM
 #18

Thanks for the report, this has been patched Smiley

Do I get a bounty? Cheesy

I'll test it out later and ensure it is patched correctly.

If you feel compelled to tip for any reason: http://1v.io/m8r-74xku9@mailinator.com

Note: I haven't actually scammed anyone, this account received a precautionary scammer tag.
TradeFortress
VIP
Legendary
*
Offline Offline

Activity: 910


View Profile
November 03, 2013, 05:30:12 AM
 #19

Thanks for the report, this has been patched Smiley

Do I get a bounty? Cheesy

I'll test it out later and ensure it is patched correctly.

If you feel compelled to tip for any reason: http://1v.io/m8r-74xku9@mailinator.com

Note: I haven't actually scammed anyone, this account received a precautionary scammer tag.

You only receive a bounty / reward if you disclose something responsibly (ie email it to support@inputs.io). Let us know if you have any other reports.
anonameous
Jr. Member
*
Offline Offline

Activity: 48


View Profile
November 03, 2013, 05:40:15 AM
 #20

You only receive a bounty / reward if you disclose something responsibly (ie email it to support@inputs.io). Let us know if you have any other reports.

I see, yes I knew that oh well, I didn't have the time to fully demonstrate it or create an email account that can send emails as I do not own one. Oh well, maybe next time.

Actually I think I've found something else, it's an isolated attack but possibly much more severe (don't worry I found this same problem on linkedin.com and a large number of other sites). I'll email you when I get a fully working demonstration together.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!