Bitcoin Forum
November 17, 2018, 12:12:55 PM *
News: Latest Bitcoin Core release: 0.17.0 [Torrent].
 
   Home   Help Search Login Register More  
Pages: « 1 [2]  All
  Print  
Author Topic: [Guide] Bitcointalk account security  (Read 1260 times)
F2b
Full Member
***
Offline Offline

Activity: 406
Merit: 126

Unfortunately we're all humans Except me of course


View Profile WWW
August 20, 2018, 10:32:25 AM
 #21

Great guide! It brings together all the informations new members and hacked members need to have. A very good summary.

Do you allow translations of this guide into other languages?

Putain les gars on est descendu en-dessous des 6k$ !!!
Bitcoin est mort !! ^^
1542456775
Hero Member
*
Offline Offline

Posts: 1542456775

View Profile Personal Message (Offline)

Ignore
1542456775
Reply with quote  #2

1542456775
Report to moderator
1542456775
Hero Member
*
Offline Offline

Posts: 1542456775

View Profile Personal Message (Offline)

Ignore
1542456775
Reply with quote  #2

1542456775
Report to moderator
1542456775
Hero Member
*
Offline Offline

Posts: 1542456775

View Profile Personal Message (Offline)

Ignore
1542456775
Reply with quote  #2

1542456775
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
sncc
Sr. Member
****
Offline Offline

Activity: 336
Merit: 487


View Profile
August 20, 2018, 12:40:42 PM
 #22

Update: [GUIDES] on Bitcointalk. Index thread (work in progress).
When there is a child board, insubstantial topics can be Reported and moved. As an alternative: if users can't create new topics on that board, only Mods can move existing good topics, which keeps the quality high.
Thanks, looks good, this will be very useful.

Yes this is a nice index thread covering a wide range of topics.  This one https://bitcointalk.org/index.php?topic=1217042.0 is also useful.

I would also add in the password section that one shouldn't use the same password for multiple websites.
It was written so in the OP.

Do you allow translations of this guide into other languages?
Yes go ahead for any languages except Japanese since I've started to work on it no need to duplicate the effort.
F2b
Full Member
***
Offline Offline

Activity: 406
Merit: 126

Unfortunately we're all humans Except me of course


View Profile WWW
August 20, 2018, 12:42:30 PM
 #23

Do you allow translations of this guide into other languages?
Yes go ahead for any languages except Japanese since I've started to work on it no need to duplicate the effort.
Thanks!

Putain les gars on est descendu en-dessous des 6k$ !!!
Bitcoin est mort !! ^^
jointherevolution
Jr. Member
*
Offline Offline

Activity: 116
Merit: 1


View Profile
August 20, 2018, 06:13:22 PM
 #24

Thanks for taking time to put together this guide. I obtained some tips to make my password stronger from this.

EndChain - Complete logistical solution for all markets and supply chains
ICO Start: 1.12.2018 (https://endchain.io/)
sncc
Sr. Member
****
Offline Offline

Activity: 336
Merit: 487


View Profile
August 22, 2018, 09:27:01 AM
 #25

Bump.  Still see many accounts are hacked, hope more users learn the security.
iasenko
Sr. Member
****
Offline Offline

Activity: 378
Merit: 620


Bitcointalk Memes,post yours here> topic=4937275.0


View Profile WWW
August 22, 2018, 09:39:02 AM
 #26

Bump.  Still see many accounts are hacked, hope more users learn the security.

I think this should be in the stickies, for better exposure. Wonder why it's not there yet.

sry, hilarious I could't resist it..




Welsh
Staff
Legendary
*
Offline Offline

Activity: 1414
Merit: 1381



View Profile
August 22, 2018, 07:54:08 PM
Merited by dbshck (1)
 #27

Theymos mentioned recently that he's not complete opposed to delegating more responsibilities onto others for account recoveries. I imagine he would have to make sure that they were capable of it, but I'm sure hilariousandco and the like would be more than capable of it.

sncc
Sr. Member
****
Offline Offline

Activity: 336
Merit: 487


View Profile
August 25, 2018, 03:35:01 PM
Merited by dbshck (1)
 #28

I think this should be in the stickies, for better exposure. Wonder why it's not there yet.
It would be useful as the account security is a fundamental issue of the forum.  Even if it is not going to be in the stickies, I plan to continue to bump the thread and hope more forum members become aware of how to improve their account security.

Theymos mentioned recently that he's not complete opposed to delegating more responsibilities onto others for account recoveries. I imagine he would have to make sure that they were capable of it, but I'm sure hilariousandco and the like would be more than capable of it.
hilariousandco would be one the most natural candidates.  He already has a permission to unlock accounts as well.  I am sure LoyceV is also capable of it as he has been helping recovery of hacked accounts and made key contributions for several cases to be resolved.
athanz88
Sr. Member
****
Offline Offline

Activity: 420
Merit: 350


View Profile
August 26, 2018, 02:11:59 PM
 #29

I think this should be in the stickies, for better exposure. Wonder why it's not there yet.
It would be useful as the account security is a fundamental issue of the forum....

Thanks for a great guide and yes, it should be on sticky threads i guess, and it will be great if it can be on every local board too.

Theymos mentioned ....
hilariousandco would be one the most natural candidates....

I support hillariousandco and LoyceV to be one of the authority person to do some account recovery task. They are one of the oldest and best member in here and is active in Meta and want to spare their time for the sake of the forum. I believe there are more members like that but they are the most members i have seen since the day i joined the forum.

By the way, mind if i translate it for my local board??


````````````````███████████
```````````█████████████████████
```````█████████████████████████████
`````````█████████████████████████
````````````████████████████████
```████``````````````````````````````████
`████████`````````````````````````███████
`█████████``````██████████````````████████
█████████`````██████████████```````████████
████████`````████████████████``````████████
`████████`````███████████████``````████████
``████████`````████████████```````████████
``███████````````████████``````````███████
```███```````````````````````````````████
````````````███████████████████
`````````██████████████████████████
```````█████████████████████████████
``````````██████████████████████
````````````````██████████
EtherMium██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
LoyceV
Legendary
*
Online Online

Activity: 1302
Merit: 2262


Self-made Legendary!


View Profile WWW
August 26, 2018, 02:38:21 PM
 #30

Although I appreciate the endorsements, I don't think it's very likely for a user to go from "foot soldier" to Admin Cheesy

mapuche33
Jr. Member
*
Offline Offline

Activity: 45
Merit: 13


View Profile
August 27, 2018, 05:18:04 PM
Merited by Welsh (1)
 #31

Thanks for tips, actually I was wondering why your account was hacked since you did these security measures?  If you have somehow identify the reason why your account was hacked and potential loophole of the above strategies that would be worthwhile to share.

Honestly I'm not sure, I cannot recall if I was victim of phishing by making click on some URL posted on the forum. However, I remember using the search engine of btctalk days before being hacked (which asked me to login). Fake site bitcointalk.to I don't think so because I never remember my credentials so password-managers take care of it.
I always use different user names & random passwords on each site, also have several emails for different uses. The only thing that I regret is that my password wasn't that strong (12 characters) and after the 2015 data breach I changed the password by just adding a symbol. Also I should have done the homework of regularly changing all my password on January of this year but I didn't.
Even though, I still blame Admins because it could have been prevented just by being proactive.
sncc
Sr. Member
****
Offline Offline

Activity: 336
Merit: 487


View Profile
August 28, 2018, 03:05:27 PM
 #32

Thanks for a great guide and yes, it should be on sticky threads i guess, and it will be great if it can be on every local board too.
As the account security is fundamental and important thing, it would be good to have more exposure.  I would appreciate if this thread is in the stickies and translated into other languages.

By the way, mind if i translate it for my local board??
Sure feel free to translate this thread.  

Although I appreciate the endorsements, I don't think it's very likely for a user to go from "foot soldier" to Admin Cheesy
You deserve the position, we'll see Smiley

Honestly I'm not sure, I cannot recall if I was victim of phishing by making click on some URL posted on the forum. However, I remember using the search engine of btctalk days before being hacked (which asked me to login). Fake site bitcointalk.to I don't think so because I never remember my credentials so password-managers take care of it.
I think it is normal that forum search requires you to login.  It should have not been a phishing site.

I always use different user names & random passwords on each site, also have several emails for different uses. The only thing that I regret is that my password wasn't that strong (12 characters) and after the 2015 data breach I changed the password by just adding a symbol. Also I should have done the homework of regularly changing all my password on January of this year but I didn't.
Even though, I still blame Admins because it could have been prevented just by being proactive.
It might have been a combination of data breach and brute force hacking if you added a symbol to the old password.  I think now we really need to be careful about the protection of our accounts.  
hotforblockchain
Member
**
Offline Offline

Activity: 126
Merit: 21

DECOIN.io


View Profile
August 30, 2018, 10:21:52 AM
Merited by dbshck (1)
 #33

I just recently came across a possible security problem in this forum which seems not to be mentioned here and i believe should be.

Do not give out your frequently used email address to bounty managers , there are a lot managers who do not protect email addresses which they collect during bounty and they can be easily copied.

Also this applies to bounties who asks for registration to their websites, this could be attempt of stealing your details.

Welsh
Staff
Legendary
*
Offline Offline

Activity: 1414
Merit: 1381



View Profile
August 30, 2018, 10:32:56 AM
 #34

Also this applies to bounties who asks for registration to their websites, this could be attempt of stealing your details.
This has happened in the past, and continues to happen today. These bounties are an easy way to collect data, because people are willing to put in anything for the promise of free coins. There's been numerous fake bounties in an attempt to farm user details from native users signing up to everything, and anything.

Honestly, I wouldn't trust half of them, and would be using a disposable email. But, that's just me.

peter0425
Sr. Member
****
Offline Offline

Activity: 644
Merit: 268



View Profile
September 23, 2018, 09:01:41 PM
 #35

Hi,

I was able to recover my account as well here: https://bitcointalk.org/index.php?topic=4497259.0
The method I used was similar to Swenna (probably the same hacker) but prior to him/her spilling the beans.. I just didn't put in Meta how I recovered my account because I don't want the hacker/s to have a idea how I did it. But since Swenna reveal the method, (she/he did it in good faith though),I confirmed that its the step I took to get back my account, just saying.

BITEX
            ███     ███     ███
              ███     ███     ███
                ███     ███     ███
                  ███     ███     ███
                    ███     ███     ███
                      ███     ███     ███
                        ███     ███     ███
                          ███     ███     ███
                            ███     ███     ███
                              ███     ███     ███
                            ███     ███     ███
                          ███     ███     ███
                        ███     ███     ███
                      ███     ███     ███
                    ███     ███     ███
                  ███     ███     ███
                ███     ███     ███
              ███     ███     ███
            ███     ███     ███

The First Locally-Embedded, Yet Global, Crypto-Bank
TELEGRAM    FACEBOOK   TWITTER    YOUTUBE    LINE

                  ███     ███     ███
                ███     ███     ███
              ███     ███     ███
            ███     ███     ███
          ███     ███     ███
        ███     ███     ███
      ███     ███     ███
    ███     ███     ███
  ███     ███     ███
███     ███     ███
  ███     ███     ███
    ███     ███     ███
      ███     ███     ███
        ███     ███     ███
          ███     ███     ███
            ███     ███     ███
              ███     ███     ███
               ███     ███     ███
                 ███     ███     ███

WHITEPAPER | ANN
50% discount pre-ICO NOW!
hotforblockchain
Member
**
Offline Offline

Activity: 126
Merit: 21

DECOIN.io


View Profile
October 05, 2018, 10:04:33 AM
 #36

Also this applies to bounties who asks for registration to their websites, this could be attempt of stealing your details.
Honestly, I wouldn't trust half of them, and would be using a disposable email. But, that's just me.

I wouldn't also , if i have to I make new email to register with them.
I think that warning about this should be included in original post, since a lot of users do not know this or just haven't thought about this problem.

sncc
Sr. Member
****
Offline Offline

Activity: 336
Merit: 487


View Profile
October 06, 2018, 07:09:35 AM
 #37

True https://bitcointalk.org/
Fake https://www.google.com/  (link to google.com)
Did you mean this:
True https://bitcointalk.org/
Fake https://www.google.com/  (link to google.com)

Theymos is smart Cheesy Fake links work in preview, but get fixed when posted.

However, a homograph attack can still be used to create a fake link:
True https://bitcointalk.org/
Fake https://www.google.com/  (link to google.com)
Now it seems that
- (some?) homograph attacks are automatically replaced, and
- fake link is automatically replaced

Hi,

I was able to recover my account as well here: https://bitcointalk.org/index.php?topic=4497259.0
The method I used was similar to Swenna (probably the same hacker) but prior to him/her spilling the beans.. I just didn't put in Meta how I recovered my account because I don't want the hacker/s to have a idea how I did it. But since Swenna reveal the method, (she/he did it in good faith though),I confirmed that its the step I took to get back my account, just saying.
Yes I was aware of your story.  It is a difficult issue whether the method should be disclosed or not, as the hackers will notice it as well.  Added a note to the OP.

Also this applies to bounties who asks for registration to their websites, this could be attempt of stealing your details.
Honestly, I wouldn't trust half of them, and would be using a disposable email. But, that's just me.

I wouldn't also , if i have to I make new email to register with them.
I think that warning about this should be included in original post, since a lot of users do not know this or just haven't thought about this problem.
I think it is a little bit off-topic as it is not related to the security of the Bitcointalk account.  Also, the collection of email addresses and personal data always happens for any kind of registration, not only bounties.  Focusing on the registration of Bitcointalk, the OP already recommended to use new email address.  Having said that I understand your concern and added a remark as a related topic. 
LoyceV
Legendary
*
Online Online

Activity: 1302
Merit: 2262


Self-made Legendary!


View Profile WWW
October 06, 2018, 01:00:13 PM
Merited by sncc (1)
 #38

Now it seems that
- (some?) homograph attacks are automatically replaced, and
- fake link is automatically replaced
All homograph attacks should be automatically replaced on all non-local boards. This means fake links can still be posted in (for instance) a Russian thread.

sncc
Sr. Member
****
Offline Offline

Activity: 336
Merit: 487


View Profile
October 15, 2018, 03:59:15 PM
 #39

All homograph attacks should be automatically replaced on all non-local boards. This means fake links can still be posted in (for instance) a Russian thread.
Good to know that, at least in the non-local board we do not have the issue.  However non-Cyrillic characters like

ą ç í î ị ň ṇ ö ó ọ ú

are not replaced and one needs to be careful about it.  They are actually different characters but still could be used for a similar kind of attack like the Binance phishing website, they are less dangerous than the previous ones though.  For example,

True https://bitcointalk.org/
Fake https://bitcoiṇtalk.org/ (link to google.com)

sncc
Sr. Member
****
Offline Offline

Activity: 336
Merit: 487


View Profile
November 09, 2018, 01:37:30 AM
 #40

Bump.
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!