whiskers75 Hacked

[peapodamus]

Just a quick note: the account `whiskers75` was recently hacked along with his chat site. Please do not trust or trade with this member until everything is resolved. Will update with proof when I have it.

EDIT: Got GPG proof, this is signed with his known GPG key:

Code:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The Bitcointalk account whiskers75 was hacked. Please could theymos help recover it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBAgAGBQJScoTLAAoJEPr4nLkydqH8eTYP/AjQePLFApX3nov1fdLj3IhM
geadgGC7DDqXcHUOb2isEZOLhdp9iav/G28qFu6s2nFPXL4vdZkfitL8mgONk49I
y2VTZ/v3V1H3XTZWUMDl/ezcHqOAq2Q8xzSw11iZsVdy8JndFcflVhgQADZ1qZeF
kVlRO4KlsGkkvlRXa++FDPu6xpVfu0CWOyIuPU1K4SFWCdUPmqk3d8Y8uE59cPNc
jrAj8EAqTaBqUxqXViDypPj/ix4G0AxRS7z5+EqrWI/V72/c2r+h0NgAxRjs/VLs
Q7IVPOYx2EJXu3fbA6obZUP+iMMKQscF374swwIaIwV0i4vzBRofHDdCQ4TDMX9L
x1WbHxWvS0FiWt0Qf6V2CCZN/YZdrl1w2LTi9WUMXLCtDnYweIuDfCvsL9oX1SXD
r+o1KwlqVJOznFViiYCK9A8u9+5lRyiXo4tQyZ33Ze66u7ufCCtQJw3v8j2ZEi6w
HbThYgQm9vaUsiVwWr4hQOUKbACt/nNxgNVs5ZOG44Aks4xSZ+550rbu/qTWhTcs
JQo3VGEMT8LONtf9EeGczTI8K4rWeKWjzY8OEe1Ptwg7yxS3i3jcFXYRr33pInRt
oXrtjy4qOguaF7ZieifwHNi1t1Xcn69hUIwwE3SnhFP9z0e6JDnMgYif1/6mTFmb
pyWDHQf/nC5/PoMZw5b+
=iE8P
-----END PGP SIGNATURE-----

[Boelens]

Confirmed.

[DiamondCardz]

Mhmm. Confirmed.

[BadBear]

Banned the account until one of the admins get it sorted.

[theymos]

Have him sign a message with 1whiskrpGeZVd5ormX2ihifc9uB2YSz82 or some other address associated with the account.

[dexX7]

Have him sign a message with 1whiskrpGeZVd5ormX2ihifc9uB2YSz82 or some other address associated with the account.

He created back then a locked thread with his GPG key:

https://bitcointalk.org/index.php?topic=291161.msg3115725#msg3115725

Below is my current PGP key.

Code:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.4
Comment: Hostname: keyserver.ubuntu.com

mQINBFHjrhEBEADOWCfdFQXFtZOI0LOZ/ENlhnsRLNe24wQwxYpwSoj1ouqYkm8PT0m8euEG
VaIrY6i4FRrYNGk0WG1ZNLBZyrEbbLBnKxpepyZhg0ZQ/nMRS5TfwL6eGiVz6GtZTwU9s1Dg
FrItOUD7xHcAiT+13vnDPVNIyi/TLE7iBg1Du4p4hSR0IelF/ZjTF0RDqrSl2yDBKhmvDRc9
psC57ARIryYomzz/sDeNpvRIIsrbJO+9yd1hV2pnDRILQ3rey9h9SaIljapalvvHpp4GwIOm
JKHwf6DEjeeGt+EDewisy7AK3pyPHge5LxIOdiEyYQOJSsXSb5uznt326dRtI2RwkJ+cLDDr
oGw3/R3dDxT4Axdy4uDfOJkRoPgYinWL5FVoRnd6u7rV88EAoBCxyrB2zTXtVCit/h6OCRbD
C8tkfAyMiP7t8MaD+2DFeyeamX4NxufjrkRZNdw3Tu1q01k9Hicsmv9gY0uk3t5MNRLUuNZt
eiRbGJg+i/w6acFlifRMjehDa5wi/qtRlHTjGznJtJHul4bisKCMh2U35wPKVhW0COQa1yaT
B2++20choI4dytTgTd86myhAWeOWasRfWJMGe0PmM48+G4b0Eb+KAOmzsNqoXI9GIWQlxfpc
dOeHpYI2m8XCJ63jVEsbqZPdg73MFR7vH8sQKsJZ6BqtJwrYFwARAQABtDZ3aGlza2Vyczc1
IChnaXRodWIuY29tL3doaXNrZXJzNzUpIDx3aGlza2Vyczc1QG1lLmNvbT6JAjgEEwECACIF
AlHjrhECGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEPr4nLkydqH8LDAQAJBcqTDY
tZT39resgnZOvGI7fuGU0fgGMzUOBh+NC/UHgQBg7TKgca2w7zAujvkLMod/4Ii+IQybAx5t
whN2bUm/P/mDyLHBtvqwWFw8v0g2JCp8MkorAt8JZKIcMci97JKhmzGM3kYouWjpS1AjUPDY
yoPQs+nGNFzBwzTrmMUKebA+8mzawhjJOkVi7/kHgNp3MSnO4sUXbeENjiUTKgztjrP0UvdR
XyU1IuJ2hisDZdykR7uyJ3qzvxfbQfBRaZUNkfVGwIApfk9fW89RUMoSq/fLGNYOVLZV44Fr
RXOZMPJjAtPiiO6UTjY06dD6z0SvvyA5h32BCJpvHXmZlRbef5+CzlYySuv2adDRWl5KRgKp
c5NBGCMxODx/2SHFW7B9XcWxTi8dlLRF3tvd3rnxTPI45vLFCpsfLD852kzQ/q9gISBYzw0A
Z+LBxyhQgAKesW0JMpPa6H7r1ERDtYihcLMtsGQnpWHkOIiw9gFAp6rn354W12UFAG10G7mZ
4xNAegX9YTTv9aY3+M0Rhvtf5/90hLTvsd8r2nCa7xfyS/ZUe3BMNEkTjtxbUUw6F/EcJ/Km
6qA2ajKknpQQ05U7Qpds7n8IKtiRQf2o+6msKeZSCI1JyT0sDdZof63BUKzrzCkkSiKJVLzm
x/eo2wFCpsTCw4R9eCHTqtwVqrO8uQINBFHjrhEBEADMvNnY2zogPHu2WEHtF8/n94ciYUhw
Ey7K7321m5nWSDvFXYa8w0LWzUk8D5CvjaLbaSJigDf6IhHwuzLqNxxP0Hx40J49VSUWCxDs
No6GAqvZwwrvs3x7FEUTZ69Vj2+T+9TFkyxr75pDjCA5FekbzoHvbtKCemv0eDxPIxuLuRS9
BT+1QZ8aWBerkbd5k/0McCI8xzWWkRik4Y33iw28g5lm/kT97hRvWbOF8G+picEoaahYutZe
Rq0TIRTZBySta4CgzrkodRt36GRwvFHPeajpfqhRotQMNTkbmORn4JRZA6LdgFy5whj730Ud
ObNDYBDoyWMWivXqqDIxZOXRK+7Bw5pJmo6k/bmJEC/OsoAbCXeLZADO301VSeuHYVX4tGFg
sMZ3YRbWOP9NWd1O+2k1K8aXK8NRsejOwGgGxvtt4nz/ue70nTb8/FAQB2rXKa+mfTNapFvc
kvHYihQ+U4AkJ/oOlszqViP51w3T0MktBOzAMCo9fPZiEpheVMsohyEEPLjEbM/Yd9HS8Cgj
RyDMa/xwxJbw7PxFCZfQWMb12+M1qSSISB3lDRx/NyuFIJl9o/Ob/8D2f5ENznqdSzN5XjA9
N4rrcp7iakCTwN6ukm1DBNMLs9iFBs20Qxp0POVzV8LWh0oKcpqmPA9zaivc5s0Ctl120S6A
gjylzQARAQABiQIfBBgBAgAJBQJR464RAhsMAAoJEPr4nLkydqH840EQAKk5h9Dlne+tztuo
MMsfVh+4vpDKJdW+MOqLOKPTP9a8vyZ0mLXHMRtvQhbG0EkNT2jsyXjtIWKWqjJFqASgcQ9x
HumrfYHkh5Zbgdym1+Wmbokazxm7XWK3iT1iBvcmc7Rl5wYRT83LntJNEnh4fY9RXlHCimS6
TJyW7FkvwuCK1z6sd4l54ae4mjqf1NH/xWlsUphttKe33UuOIwBjKCRuf3hfKzsR5PO98Dcc
nr1aAFCw6FfDiDZ+bWNHkBQ1noUq3/2dGmBFwJxxqjxz849B65aht8vWs+j+36Un0DlvyfK6
Pw4P2OycfOhAg0pmkN0nGT48XfnsDI46JAdKKeONCWoEChUVAjgqsEpwD8/Sd25R66DtsREB
TNanHx0Lnkxv5AwsA4XC4Ryx4QTabD+j0ZBTxnAI231ggNFi4YYe+S1hBmBk5boQnjNWMpIw
FpHnwDt2jpdAax+/a7lHWeZpXWoiAeUbzuNO0bzBYJCVgHLu1PeksGj25nRLkonbuoiuiTm9
gK3X1FtOlu1TLHt+S53kVcOOsIHnedHihgzTf/SdSPmqs6sgHCK9nn9zkk4OhYqO71osLyDL
bu7V25Fq4IUFmOhuRtHLh2YubTkijGPpdO/YDwPqxKuvbMn+sUfbNnGm5lvFphfy+OWm7PF7
s56qMoV4AyDYqSIZKLAw
=xrj/
-----END PGP PUBLIC KEY BLOCK-----

[theymos]

OK, have him send me (signed) the email address I should use for the account. He can then use the forgotten password feature.

[Boelens]

OK, have him send me (signed) the email address I should use for the account. He can then use the forgotten password feature.

Theymos, I believe you own this website.

As new users, do we have to worry about account security? Why are individual accounts being hacked?

What purpose would it serve to hack user accounts of an online forum?

Thank you.

- Safvan Malik

The forum database wasn't compromised. There was a site he owned and that database got compromised, his password probably got compromised too, maybe from the database, a virus, etc. But none of it was due to a security leak in the forums.

[🏰 TradeFortress 🏰]

How was whiskers & whiskchat hacked?

[Bullionado]

OK, have him send me (signed) the email address I should use for the account. He can then use the forgotten password feature.

Theymos, I believe you own this website.

As new users, do we have to worry about account security? Why are individual accounts being hacked?

What purpose would it serve to hack user accounts of an online forum?

Thank you.

- Safvan Malik

The forum database wasn't compromised. There was a site he owned and that database got compromised, his password probably got compromised too, maybe from the database, a virus, etc. But none of it was due to a security leak in the forums.

Right. Thank you.

[r3wt]

How was whiskers & whiskchat hacked?

kind of ironic we were all there last night. i'll just go ahead and say it wasn't I. must have been someone who was mad at him.

* r3wt casts glare at tradefortress 

[DiamondCardz]

How was whiskers & whiskchat hacked?

Probably his password or account was compromised and that probably led to the database being compromised. I did hear something about an old hotmail account, but that's about it.

[theymos]

Whoever owns your account email owns your account. So you should be careful about using non-existent webmail accounts, mailinator-type sites, etc.

[r3wt]

Whoever owns your account email owns your account. So you should be careful about using non-existent webmail accounts, mailinator-type sites, etc.

It just keeps getting better. look what i found in my email

Code:

We have come accross your personal information on the internet located at http://pastebin.com/raw.php?i=d1Wafvab. Someone may have stolen this information and posted it online. We are in no way affiliated with the stealing or posting of the information. As a public service, we let you know when your information is posted online and stolen so that you can minimize the damage.

If you need any additional help removing your information please contact us at info@defendmyid.org.

Thank you,
Jim
DefendMyId.org

That paste contains every username and password of whiskchat, including mine.

[ekiro]

I wonder how often this forum gets it's servers violated unknowingly.

[anonameous]

Whoever owns your account email owns your account. So you should be careful about using non-existent webmail accounts, mailinator-type sites, etc.

I think you nailed it.

A while ago, I remember WhiskChat's inputs.io account used a disposable yopmail.com email that I was able to access...although it wasn't much use as if I remember correctly you cannot reset password by email using inputs.io. I also remember Whiskers used at least one other disposable email account for other purposes too. I'm assuming this is how his website and forum account were compromised.

On a related note during my "security audit" I noticed there was also an IP filter on inputs.io. I found out that it can be circumvented by tricking the account owner into visiting a site with some simple JS that takes advantage of an old DNS rebinding attack and allows me to essentially use their browser as a proxy to access inputs.io or any other website of my choosing.

[🏰 TradeFortress 🏰]

On a related note during my "security audit" I noticed there was also an IP filter on inputs.io. I found out that it can be circumvented by tricking the account owner into visiting a site with some simple JS that takes advantage of an old DNS rebinding attack and allows me to essentially use their browser as a proxy to access inputs.io or any other website of my choosing.

Thanks for the report, this has been patched

[anonameous]

Thanks for the report, this has been patched

Do I get a bounty?

I'll test it out later and ensure it is patched correctly.

If you feel compelled to tip for any reason: http://1v.io/m8r-74xku9@mailinator.com

Note: I haven't actually scammed anyone, this account received a precautionary scammer tag.

[🏰 TradeFortress 🏰]

Thanks for the report, this has been patched

Do I get a bounty?

I'll test it out later and ensure it is patched correctly.

If you feel compelled to tip for any reason: http://1v.io/m8r-74xku9@mailinator.com

Note: I haven't actually scammed anyone, this account received a precautionary scammer tag.

You only receive a bounty / reward if you disclose something responsibly (ie email it to support@inputs.io). Let us know if you have any other reports.

[anonameous]

You only receive a bounty / reward if you disclose something responsibly (ie email it to support@inputs.io). Let us know if you have any other reports.

I see, yes I knew that oh well, I didn't have the time to fully demonstrate it or create an email account that can send emails as I do not own one. Oh well, maybe next time.

Actually I think I've found something else, it's an isolated attack but possibly much more severe (don't worry I found this same problem on linkedin.com and a large number of other sites). I'll email you when I get a fully working demonstration together.