Bitcoin Forum
September 19, 2024, 05:26:30 PM *
News: Latest Bitcoin Core release: 27.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: 1 2 3 4 5 6 7 8 [All]
  Print  
Author Topic: Possible false alarm: MtGox break in  (Read 15364 times)
DiabloD3 (OP)
Legendary
*
Offline Offline

Activity: 1162
Merit: 1000


DiabloMiner author


View Profile WWW
September 12, 2011, 06:05:03 PM
Last edit: September 13, 2011, 04:49:32 AM by DiabloD3
 #1

It seems Mt Gox has been broken into again. My account was just liquidated and send to a foreign address, the IP of which seems to be in the Ukraine. I assume I was targeted because I'm a Bitcoin developer.

Since I use Linux and use unique high entropy passwords, I am ruling out any nonsense like local trojans.

Everyone: Clear out your accounts if you have anything in them.

1.21gigawatts
Member
**
Offline Offline

Activity: 98
Merit: 10


View Profile
September 12, 2011, 06:12:37 PM
 #2

let me guess, you used the same password at mtgox and at bitcointalk.org?
phantomcircuit
Sr. Member
****
Offline Offline

Activity: 463
Merit: 252


View Profile
September 12, 2011, 06:14:24 PM
 #3

I would like to add some information.  The IP address is 46.250.12.63.  It appears to be an endpoint for a p2p pptp based VPN.

So this looks like a reasonably sophisticated attacker.

I would also like to add that I have confidence in Diablo-D3's personal computer security practices. (ie he is most certainly not sharing passwords between the forums and mtgox).

Code:
# nmap -sS -sV -O -PN -n -p 1-65535 -vvvv -T5 46.250.12.63
Starting Nmap 5.00 ( http://nmap.org ) at 2011-09-12 18:52 BST
NSE: Loaded 3 scripts for scanning.
Initiating SYN Stealth Scan at 18:52
Scanning 46.250.12.63 [65535 ports]
Discovered open port 1723/tcp on 46.250.12.63
Warning: Giving up on port early because retransmission cap hit.
SYN Stealth Scan Timing: About 10.81% done; ETC: 18:57 (0:04:16 remaining)
SYN Stealth Scan Timing: About 51.13% done; ETC: 18:54 (0:00:58 remaining)
Discovered open port 14891/tcp on 46.250.12.63
Completed SYN Stealth Scan at 18:54, 90.67s elapsed (65535 total ports)
Initiating Service scan at 18:54
Scanning 2 services on 46.250.12.63
Service scan Timing: About 50.00% done; ETC: 18:58 (0:01:57 remaining)
Completed Service scan at 18:56, 117.08s elapsed (2 services on 1 host)
Initiating OS detection (try #1) against 46.250.12.63
Retrying OS detection (try #2) against 46.250.12.63
NSE: Script scanning 46.250.12.63.
NSE: Starting runlevel 1 scan
Initiating NSE at 18:56
Completed NSE at 18:56, 29.76s elapsed
NSE: Script Scanning completed.
Host 46.250.12.63 is up (0.034s latency).
Scanned at 2011-09-12 18:52:51 BST for 241s
Interesting ports on 46.250.12.63:
Not shown: 65528 closed ports
PORT      STATE    SERVICE      VERSION
135/tcp   filtered msrpc
137/tcp   filtered netbios-ns
138/tcp   filtered netbios-dgm
139/tcp   filtered netbios-ssn
445/tcp   filtered microsoft-ds
1723/tcp  open     pptp         Microsoft Windows NT (Firmware: 2600)
14891/tcp open     unknown
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
SF-Port14891-TCP:V=5.00%I=7%D=9/12%Time=4E6E4789%P=x86_64-unknown-linux-gnu%r(SMBProgNeg,F0,"\x1aPm\xc4\xb8\.\xd0\xee1\x93\x82\x9f\xcb\xb8s\x9bB\xf9\
SF:x95\x17{\x13\xecm\]\xad\xc8\xa2\x19\x08w\xee\xed}:2GuJ-\xc8'\xb3\x0e\x8
SF:btH<\xbb%N\0\]\xba\x12q\xfe\xffy1~\xb1\\Lv\x10;T\x12c\xda\xda\x18\x16\x
SF:91j\xa4#g\xa8\x9cv\x8d\*\xe4\x9fq>I~\t\+qB\x11\xad\x9ee#\x13\x08\xe5D\x
SF:1d&\xdd\[\x14\xad\xd9@W\xdaA\xb41t\xbb\x08b\x08\xfe\x82\xc9gs7#\xe6C\xa
SF:6\nW\xfc\xd2\x8a\x9e\xdc}\.\x12\xb8\xbc\xc7\xb9\xcf\x8dj\xf5z\x98\t7Xw\
SF:xb0\xd3\x1f\xfe\x97\xe9eq\x8a~\xec5\^L&\x88I\xce\x95\xd5\xb7\xe6\xec\xa
SF:0C#V=\xde\xe4\xb2\x870U\xe4\x9b\xf6\x0fRp\x0fnU\xe4N\xb6\xca\xc0X\xfc\x
SF:a52/dY\x11{D\xe7M\xeem\x98\xb8\xb0\xe0\x92\xef\x13u\xa7\*\xf2\?\xc7\x80
SF:\xeb\xae\x9b37\xa3\xac{k")%r(FourOhFourRequest,6C,"HTTP/1\.1\x20400\x20
SF:ERROR\r\nConnection:\x20keep-alive\r\nContent-Length:\x2017\r\nContent-
SF:Type:\x20text/html\r\n\r\n\r\ninvalid\x20request")%r(SIPOptions,7C,"!K\
SF:x10\xa0K\|\xf0\xd6\xed8\x05\x9f\x9c\xf8\x9b\x89\xbe\xa7\x96\x9d\xb7_=\^
SF:\xb7\xc5\xa8Q\x13\x0e\]\xdf\xfa\xc6\xb8\x8e\xd9~y\xc2\xe2\x10s\x14\xf2o
SF:\x92\0yH\x16\xeaV\xbam\xa5\xe2\x9c\x1d}A9\x8aVW\x94\x95\xf1\xbe\x88Y\xe
SF:56\xdcp\xd6\xca\xf7\xd3<\xea\x861\xd4\x8c\xeb\x8e\x95\xb9\xf8\x10\x0e\x
SF:d7M&\xbf\xf1\xaaf\xbc\x82NH\xb9p61\xf6\xfc\xcc\n\)\xe1c\xd2j\?\x01o<\x9
SF:cN\t#")%r(WMSRequest,144,"\xd8kk\x17e\xb7\x91\xa8C\x83\xae\xd6\x0ciO\x9
SF:8\xf3cVZE\x05\xe6\.T\xed\xb2<\xb3\xa4\x17\xcb\xd7\xecM\^wl\x1e\x9e\xbd\
SF:x89\xe2\xaf3\x19~i\xea\x92\x1d\x08\+\x95V\xae\x95\)\xd4\xf8\xa3\xab\xae
SF:c\xef\xe0\xaa\xd55\xe5\xb2\xa1\x16\$G\xe33\xb5\xe0\xf9\xdc\xe4\xa7\+sqB
SF:\x8f\xc2\xf2\xe9\xfd\xf2\x0ey\x1f\xbd\xaf}i\x0c\?}\xf5\(\xad\$\xd8\xcar
SF:\xc0\x9b\x17d\xbb3\xae;\xe5WX\x9e\x1b\xac\xb1\xba\xd6f\xe8\x9c\xb2`\xca
SF:\x8dH\xde{\x9e\x14\xf0\)~\xf8\r\xd6L\xecx\x17\xc5\x962\x13\x0cN\xda/\x9
SF:1\(\x1a\x88\xb8fU\xd5\xccf\xbaD\+\xcb\.8\xd3U\(\xd7\x91@\x19\xf7\x894\x
SF:ac`\x08\xb3\x88w\x8e\x7f\x15n\xe4\x8c/\xf3Y\nK=x\x1a\xa0\xd8\"\x20\x94\
SF:x9c\x8a\x82P\xf0h\xfapv\x0f\x15Q\xc0\xc9\xd0\x8c\xde3\x10\x90\x8a\xb9\x
SF:84y\xd4rB\x0f\xff\x7f\*R\xc2k\xd3~z\xa8\x89@\x93\"3\xa1x\xc5\xb7\xb3H\x
SF:d9\xb8\xfd\x9a\x1f\x12\xd2\xae\xd9\xdb\x1e>>#lD\xd6q\x92\xd6\x82\xfd\xb
SF:4F!\x89\xd2#\]%U\x08RSj\x15\x7f\xcb\xe1\x8c\xd8\xbf\xd3\x0f\xed\xfb\x88
SF:=I=\xc2D&\x16\x1c\x02\x88\xcb_\x92\xf5\xff\xc4\xe2\x18\x20H");
Device type: general purpose|PDA|terminal|media device|phone
Running (JUST GUESSING) : Microsoft Windows XP|2000|2003|PocketPC/CE|Me (96%), Fujitsu Siemens Windows PocketPC/CE (91%), HP Windows PocketPC/CE (91%), Microsoft embedded (91%), AT&T Windows PocketPC/CE (89%)
OS fingerprint not ideal because: Timing level 5 (Insane) used
Aggressive OS guesses: Microsoft Windows XP Professional SP2 (96%), Microsoft Windows XP SP2 (95%), Microsoft Windows 2000 SP2 - SP4, Windows XP SP2 - SP3, or Windows Server 2003 SP0 - SP2 (94%), Microsoft Windows 2000 SP4 or Windows XP SP2 (94%), Microsoft Windows Server 2003 SP2 (94%), Microsoft Windows Server 2003 SP2 (x64) (93%), Microsoft Windows XP SP3 (93%), Microsoft Windows XP Professional SP2 or Windows Server 2003 (92%), Microsoft Windows XP SP2 or SP3 (92%), Microsoft Windows XP SP2 or SP3, or Windows Server 2003 (92%)
No exact OS matches for host (test conditions non-ideal).
TCP/IP fingerprint:
SCAN(V=5.00%D=9/12%OT=1723%CT=1%CU=38423%PV=N%DS=7%G=N%TM=4E6E47E4%P=x86_64-unknown-linux-gnu)
SEQ(SP=102%GCD=1%ISR=10E%TI=I%CI=I%II=I%SS=S%TS=0)
OPS(O1=M550NW0NNT00NNS%O2=M550NW0NNT00NNS%O3=M550NW0NNT00%O4=M550NW0NNT00NNS%O5=M550NW0NNT00NNS%O6=M550NNT00NNS)
WIN(W1=4510%W2=4510%W3=4100%W4=40E8%W5=40E8%W6=402E)
ECN(R=Y%DF=Y%T=81%W=4510%O=M550NW0NNS%CC=N%Q=)
T1(R=Y%DF=Y%T=81%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=Y%DF=N%T=81%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)
T3(R=Y%DF=Y%T=81%W=402E%S=O%A=S+%F=AS%O=M550NW0NNT00NNS%RD=0%Q=)
T4(R=Y%DF=N%T=81%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
T5(R=Y%DF=N%T=81%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=N%T=81%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
T7(R=Y%DF=N%T=81%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
U1(R=Y%DF=N%T=81%IPL=B0%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)
IE(R=Y%DFI=S%T=81%CD=Z)

Network Distance: 7 hops
TCP Sequence Prediction: Difficulty=258 (Good luck!)
IP ID Sequence Generation: Incremental

Read data files from: /usr/share/nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 241.35 seconds
           Raw packets sent: 68143 (3.000MB) | Rcvd: 67683 (2.708MB)

apetersson
Hero Member
*****
Offline Offline

Activity: 668
Merit: 501



View Profile
September 12, 2011, 06:18:01 PM
 #4

were you using a yubikey?
i recently activated mine and i would like to think that my funds are now safe..
JeffK
Sr. Member
****
Offline Offline

Activity: 350
Merit: 250

I never hashed for this...


View Profile
September 12, 2011, 06:20:16 PM
 #5

let me guess, you used the same password at mtgox and at bitcointalk.org?

Quote
I use Linux and use unique high entropy passwords,

Quote
unique

The two events aren't related
tvbcof
Legendary
*
Offline Offline

Activity: 4704
Merit: 1276


View Profile
September 12, 2011, 06:29:14 PM
 #6

It seems Mt Gox has been broken into again. My account was just liquidated and send to a foreign address, the IP of which seems to be in the Ukraine. I assume I was targeted because I'm a Bitcoin developer.

Since I use Linux and use unique high entropy passwords, I am ruling out any nonsense like local trojans.

Everyone: Clear out your accounts if you have anything in them.

Actually I would find it rather odd that an attacker would target a developer (unless said happened to have a boatload of BTC available for appropriation.)  The ability to do significant development would likely be correlated with both a relatively high ability to understand and investigate the theft, and the ability to solicit a high degree of assistance in doing so.

If I were an attacker with a simple goal of enriching myself, I would certainly not be nailing a Bitcoin developer.  Or at least not on purpose.

Best of luck recovering your BTC, and thanks for the heads-up.

sig spam anywhere and self-moderated threads on the pol&soc board are for losers.
AssemblY
Full Member
***
Offline Offline

Activity: 392
Merit: 100



View Profile
September 12, 2011, 06:30:33 PM
 #7

Is official? Someone else had the same problem?  Embarrassed
hightax
Newbie
*
Offline Offline

Activity: 42
Merit: 0


View Profile
September 12, 2011, 06:59:58 PM
 #8

Looks like MagicalTux was lying about the wacky trades then.  When Mtgox got rooted the first time, everyone was forced to change their passwords to new, more complex ones.  Here we've got a prime example of somebody who's got both complex and DIFFERENT passwords on each site, and he still had his mtgox wallet stolen.

  • Bitcointalk had a comedy javascript added to the bottom of the page via unsanitized input because the forums admins refused to use current-versions (SMF 2.x) of their forums software.  So far nobody's posting accounts have been compromised or hijacked apparently.
  • Mtgox had some clearly chaotic trading activity on Sunday 9/11/2011, which was sourced from a ton of accounts that had different/more complex password requirements than bitcointalk forum accounts.

Yeah, those two attacks aren't related.

Magicaltux is lying to you, and he now controls both Bitcointalk and Mtgox.  

So... Who said paypal's worse than Bitcoin?  
jed
Full Member
***
Offline Offline

Activity: 182
Merit: 107

Jed McCaleb


View Profile WWW
September 12, 2011, 07:03:11 PM
 #9

Quote
My account was just liquidated and send to a foreign address, the IP of which seems to be in the Ukraine.

Hmm how can you tell his IP?

stellar.org   |    twitter
fastandfurious
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
September 12, 2011, 07:04:03 PM
 #10

Please answer this important question. Do you have a Yubikey??
BitcoinPorn
Hero Member
*****
Offline Offline

Activity: 630
Merit: 500


Posts: 69


View Profile WWW
September 12, 2011, 07:05:48 PM
 #11

Magicaltux is lying to you, and he now controls both Bitcointalk and Mtgox.  

So... Who said paypal's worse than Bitcoin?  

Amazingly, I am awaiting for MagicalTux to just whip out his penis and insert it in my anus over and over again (yes, in and out, not just full motions, he has to pull it out and stuff it in).

Still, Bitcoin wins over Paypal nearly every time.      Sadly this is only because when they stuff my ass, it is more consistent and surprisingly more annoying.  I wish they would just do it in one swoop.


Obviously sorry to read about this DiabloD3, I await to see more details and am sorry that no doubt this will cause others to 'give up' on this particular digital currency.   It is looking like NameCoin might have it's hey day as long as they keep things so technologically wound up where only a Linux user would touch it, thus making it the safest and most valueless digital currency next to SolidCoin.

BlockHash
Full Member
***
Offline Offline

Activity: 406
Merit: 100



View Profile
September 12, 2011, 07:08:06 PM
 #12

Looks like MagicalTux was lying about the wacky trades then.  When Mtgox got rooted the first time, everyone was forced to change their passwords to new, more complex ones.  Here we've got a prime example of somebody who's got both complex and DIFFERENT passwords on each site, and he still had his mtgox wallet stolen.

  • Bitcointalk had a comedy javascript added to the bottom of the page via unsanitized input because the forums admins refused to use current-versions (SMF 2.x) of their forums software.  So far nobody's posting accounts have been compromised or hijacked apparently.
  • Mtgox had some clearly chaotic trading activity on Sunday 9/11/2011, which was sourced from a ton of accounts that had different/more complex password requirements than bitcointalk forum accounts.

Yeah, those two attacks aren't related.

Magicaltux is lying to you, and he now controls both Bitcointalk and Mtgox.  

So... Who said paypal's worse than Bitcoin?  

Agreed. I took all of my BTC out of MTGox and moved them elsewhere. I'm not supporting a potential monopoly or their business practices. The fact that they still support Bruce Wagner is enough for me to sour on them.
wee baby seamus
Newbie
*
Offline Offline

Activity: 15
Merit: 0


View Profile
September 12, 2011, 07:10:05 PM
 #13

thats all i needed to hear. i just withdrew all my USD. i'll leave 1 BTC out of curriosity sake, but i'm not trusting this.

frankly, if you have any of your money left in mtgox you're simply asking for it to be stolen.

get your fucking money out of there now
c_k
Donator
Full Member
*
Offline Offline

Activity: 242
Merit: 100



View Profile
September 12, 2011, 07:23:19 PM
 #14

There are plenty of other exchanges to use: https://en.bitcoin.it/wiki/Category:Exchanges

bitdragon
Hero Member
*****
Offline Offline

Activity: 609
Merit: 501


peace


View Profile WWW
September 12, 2011, 07:27:35 PM
 #15

thats all i needed to hear. i just withdrew all my USD. i'll leave 1 BTC out of curriosity sake, but i'm not trusting this.

frankly, if you have any of your money left in mtgox you're simply asking for it to be stolen.

get your fucking money out of there now

Why were you even there in the first place? Why are you even in this forum, telling others to get their money out now? Let them be and learn. 
You didn't like them from the start so it's a bit odd that this is all you needed to hear.

I guess it is a very well rounded argument; it finally makes sense. Bravo

gusti
Legendary
*
Offline Offline

Activity: 1099
Merit: 1000


View Profile
September 12, 2011, 07:30:22 PM
 #16

Looks like MagicalTux was lying about the wacky trades then.  When Mtgox got rooted the first time, everyone was forced to change their passwords to new, more complex ones.  Here we've got a prime example of somebody who's got both complex and DIFFERENT passwords on each site, and he still had his mtgox wallet stolen.

  • Bitcointalk had a comedy javascript added to the bottom of the page via unsanitized input because the forums admins refused to use current-versions (SMF 2.x) of their forums software.  So far nobody's posting accounts have been compromised or hijacked apparently.
  • Mtgox had some clearly chaotic trading activity on Sunday 9/11/2011, which was sourced from a ton of accounts that had different/more complex password requirements than bitcointalk forum accounts.

Yeah, those two attacks aren't related.

Magicaltux is lying to you, and he now controls both Bitcointalk and Mtgox.  

So... Who said paypal's worse than Bitcoin?  


repeat with me, mtgox is not bitcoin

If you don't own the private keys, you don't own the coins.
hightax
Newbie
*
Offline Offline

Activity: 42
Merit: 0


View Profile
September 12, 2011, 07:31:22 PM
 #17

la la la la I can't hear you my fingers are in my ears

Is your own self affirmation so strong that you can't smell the shit piling up in front of you?

repeat with me, mtgox is not bitcoin

I didn't say it was.  I said MagicalTux is lying to you.
ElectricMucus
Legendary
*
Offline Offline

Activity: 1666
Merit: 1057


Marketing manager - GO MP


View Profile WWW
September 12, 2011, 07:32:44 PM
 #18

Damn I have a little money on the way to gox, so I should assume it's gone...

Or is there anything I can do about it? Recalling the wire transfer wouldn't be possible until tomorrow..   Undecided
JonHind
Full Member
***
Offline Offline

Activity: 154
Merit: 100



View Profile
September 12, 2011, 07:35:34 PM
 #19

I took out my $USD and BTC out of MtGox a week or two ago after they were white-knighting for our beloved convicted fraudster Bruce. It looks as though I made the right decision,

A friend of mine was locked out of his MtGox account last night. I had assumed that his account was one of the 2000 accounts that Marc blocked due to volume trades (my friend was desperately trying to cash out), but it now looks as though his account was hijacked. He just told me that he had a unique secure password too.

gusti
Legendary
*
Offline Offline

Activity: 1099
Merit: 1000


View Profile
September 12, 2011, 07:38:48 PM
 #20

la la la la I can't hear you my fingers are in my ears

Is your own self affirmation so strong that you can't smell the shit piling up in front of you?

repeat with me, mtgox is not bitcoin

I didn't say it was.  I said MagicalTux is lying to you.


you miss the question then, correct one is : Who said paypal's worse than mtgox ?

If you don't own the private keys, you don't own the coins.
logansryche
Sr. Member
****
Offline Offline

Activity: 350
Merit: 250



View Profile
September 12, 2011, 07:39:16 PM
 #21

I think this was a remote attack, my btc are still there and I have just a smidge over one(1.6btc to be exact)
BlockHash
Full Member
***
Offline Offline

Activity: 406
Merit: 100



View Profile
September 12, 2011, 07:39:29 PM
 #22

I took out my $USD and BTC out of MtGox a week or two ago after they were white-knighting for our beloved convicted fraudster Bruce. It looks as though I made the right decision,

A friend of mine was locked out of his MtGox account last night. I had assumed that his account was one of the 2000 accounts that Marc blocked due to volume trades (my friend was desperately trying to cash out), but it now looks as though his account was hijacked. He just told me that he had a unique secure password too.



CosbyCoin was pretty funny, but it couldn't have happened at a worse time. It gave MtGox and other players cover to blame some really shady stuff going on over there on it.
hightax
Newbie
*
Offline Offline

Activity: 42
Merit: 0


View Profile
September 12, 2011, 07:40:57 PM
 #23

you miss the question then, correct one is : Who said paypal's worse than mtgox ?

Point taken.  Let's do the apples-to-apples comparisons:
Who said USD is worse than Bitcoin?
Who said Paypal is worse than MtGox?
molecular
Donator
Legendary
*
Offline Offline

Activity: 2772
Merit: 1019



View Profile
September 12, 2011, 07:46:30 PM
 #24

It seems Mt Gox has been broken into again. My account was just liquidated and send to a foreign address, the IP of which seems to be in the Ukraine. I assume I was targeted because I'm a Bitcoin developer.

Since I use Linux and use unique high entropy passwords, I am ruling out any nonsense like local trojans.

Everyone: Clear out your accounts if you have anything in them.

It would really be nice for us if you could answer our questions. Just dumping this on us and leaving is not very helpfull.

PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
hugolp
Legendary
*
Offline Offline

Activity: 1148
Merit: 1001


Radix-The Decentralized Finance Protocol


View Profile
September 12, 2011, 07:46:34 PM
 #25

you miss the question then, correct one is : Who said paypal's worse than mtgox ?

Point taken.  Let's do the apples-to-apples comparisons:
Who said USD is worse than Bitcoin?
Who said Paypal is worse than MtGox?

Paypal and MtGox are completely different services. Bitcoin is dollars and Paypal all together.


               ▄████████▄
               ██▀▀▀▀▀▀▀▀
              ██▀
             ███
▄▄▄▄▄       ███
██████     ███
    ▀██▄  ▄██
     ▀██▄▄██▀
       ████▀
        ▀█▀
The Radix DeFi Protocol is
R A D I X

███████████████████████████████████

The Decentralized

Finance Protocol
Scalable
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
██▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀██
██                   ██
██                   ██
████████████████     ██
██            ██     ██
██            ██     ██
██▄▄▄▄▄▄      ██     ██
██▀▀▀▀██      ██     ██
██    ██      ██     
██    ██      ██
███████████████████████

███
Secure
      ▄▄▄▄▄
    █████████
   ██▀     ▀██
  ███       ███

▄▄███▄▄▄▄▄▄▄███▄▄
██▀▀▀▀▀▀▀▀▀▀▀▀▀██
██             ██
██             ██
██             ██
██             ██
██             ██
██    ███████████

███
Community Driven
      ▄█   ▄▄
      ██ ██████▄▄
      ▀▀▄█▀   ▀▀██▄
     ▄▄ ██       ▀███▄▄██
    ██ ██▀          ▀▀██▀
    ██ ██▄            ██
   ██ ██████▄▄       ██▀
  ▄██       ▀██▄     ██
  ██▀         ▀███▄▄██▀
 ▄██             ▀▀▀▀
 ██▀
▄██
▄▄
██
███▄
▀███▄
 ▀███▄
  ▀████
    ████
     ████▄
      ▀███▄
       ▀███▄
        ▀████
          ███
           ██
           ▀▀

███
Radix is using our significant technology
innovations to be the first layer 1 protocol
specifically built to serve the rapidly growing DeFi.
Radix is the future of DeFi
█████████████████████████████████████

   ▄▄█████
  ▄████▀▀▀
  █████
█████████▀
▀▀█████▀▀
  ████
  ████
  ████

Facebook

███

             ▄▄
       ▄▄▄█████
  ▄▄▄███▀▀▄███
▀▀███▀ ▄██████
    █ ███████
     ██▀▀▀███
           ▀▀

Telegram

███

▄      ▄███▄▄
██▄▄▄ ██████▀
████████████
 ██████████▀
   ███████▀
 ▄█████▀▀

Twitter

██████

...Get Tokens...
JonHind
Full Member
***
Offline Offline

Activity: 154
Merit: 100



View Profile
September 12, 2011, 07:47:46 PM
 #26

This was yesterday in the MtGox IRC channel:

Quote
17:31 < kinlo> there is something wrong, how can it have gone above 10 when my sell order at 8 didn't occur?
17:31 < molecular> it didnt reall go above 10, I assume
17:31 < Ymgve> kinlo: bugs, the orders didn't happen or there was something wrong in the matching algorithm
17:32 < kinlo> MagicalTux: ?
17:32 < molecular> likely has to do with the "new currency markets"
17:32 <@MagicalTux> no
17:32 <@MagicalTux> has to do with hackers trying their best to do stuff normal people wouldn't by dropping large amounts of stolen funds/coins

...

17:35 < molecular> flushing bad orders? How do I make a "bad sell order" at 30 USD? ^^
17:35 < xelister> molecular: =)
17:35 <@MagicalTux> molecular, I blocked ~2000 accounts created most likely for the purpose of killing bitcoin on 9/11
17:35 <@MagicalTux> their trades do remain however
17:35 < molecular> MagicalTux, holy moly!
17:35 <@MagicalTux> but they cannot execute, causing weird results


casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1140


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
September 12, 2011, 07:48:29 PM
 #27

I would feel much calmer if withdrawals of BTC could be locked down by IP address and/or PGP key...

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
hightax
Newbie
*
Offline Offline

Activity: 42
Merit: 0


View Profile
September 12, 2011, 07:49:14 PM
 #28

This was yesterday in the MtGox IRC channel:

Quote
17:31 < kinlo> there is something wrong, how can it have gone above 10 when my sell order at 8 didn't occur?
17:31 < molecular> it didnt reall go above 10, I assume
17:31 < Ymgve> kinlo: bugs, the orders didn't happen or there was something wrong in the matching algorithm
17:32 < kinlo> MagicalTux: ?
17:32 < molecular> likely has to do with the "new currency markets"
17:32 <@MagicalTux> no
17:32 <@MagicalTux> has to do with hackers trying their best to do stuff normal people wouldn't by dropping large amounts of stolen funds/coins

...

17:35 < molecular> flushing bad orders? How do I make a "bad sell order" at 30 USD? ^^
17:35 < xelister> molecular: =)
17:35 <@MagicalTux> molecular, I blocked ~2000 accounts created most likely for the purpose of killing bitcoin on 9/11
17:35 <@MagicalTux> their trades do remain however
17:35 < molecular> MagicalTux, holy moly!
17:35 <@MagicalTux> but they cannot execute, causing weird results


There we go - I knew I saw it somewhere but couldn't remember exactly where.
gusti
Legendary
*
Offline Offline

Activity: 1099
Merit: 1000


View Profile
September 12, 2011, 07:51:08 PM
 #29

you miss the question then, correct one is : Who said paypal's worse than mtgox ?

Point taken.  Let's do the apples-to-apples comparisons:
Who said USD is worse than Bitcoin?
Who said Paypal is worse than MtGox?

you're still missing the main point :
despite all trolls fuding (not implying this for you), bitcoin (not the exchanges, not the online wallets, not the service providers around it) is still working flawlessly  
and I'm beginning to think that bitcoin is unbreakable ...  Wink
  

If you don't own the private keys, you don't own the coins.
gusti
Legendary
*
Offline Offline

Activity: 1099
Merit: 1000


View Profile
September 12, 2011, 07:54:42 PM
 #30

I would feel much calmer if withdrawals of BTC could be locked down by IP address and/or PGP key...

or much simple email a confirmation code, like e-gold 

If you don't own the private keys, you don't own the coins.
hightax
Newbie
*
Offline Offline

Activity: 42
Merit: 0


View Profile
September 12, 2011, 07:56:41 PM
 #31

you're still missing the main point :
despite all trolls fuding (not implying this for you), bitcoin (not the exchanges, not the online wallets, not the service providers around it) is still working flawlessly  
and I'm beginning to think that bitcoin is unbreakable ...  Wink

If the only bitcoin-related-thing that works is the protocol itself, then it's still a massive failure as a whole.
N12
Donator
Legendary
*
Offline Offline

Activity: 1610
Merit: 1010



View Profile
September 12, 2011, 08:01:28 PM
 #32

I would feel much calmer if withdrawals of BTC could be locked down by IP address and/or PGP key...
Good ideas. If you don’t have one yet, a MtGox Yubikey should do the same job.
JonHind
Full Member
***
Offline Offline

Activity: 154
Merit: 100



View Profile
September 12, 2011, 08:01:54 PM
 #33

gusti
Legendary
*
Offline Offline

Activity: 1099
Merit: 1000


View Profile
September 12, 2011, 08:04:26 PM
 #34

you're still missing the main point :
despite all trolls fuding (not implying this for you), bitcoin (not the exchanges, not the online wallets, not the service providers around it) is still working flawlessly  
and I'm beginning to think that bitcoin is unbreakable ...  Wink

If the only bitcoin-related-thing that works is the protocol itself, then it's still a massive failure as a whole.


you may call sony "a massive failure" because it's site was hacked ... give it some time, bro, bitcoin is in the path of being a massive success   Grin

If you don't own the private keys, you don't own the coins.
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1358
Merit: 1002



View Profile
September 12, 2011, 08:06:27 PM
 #35

I didn't say it was.  I said MagicalTux is lying to you.

Yes you did...

OH MY GOD! The same fucking mistake in another thread... You are really an awful(pun intended) troll...

You can't distinguish projects that deal with Bitcoin from Bitcoin itself.

Do yourself a favour and STFU you bescumbered ninnyhammer!
fcmatt
Legendary
*
Offline Offline

Activity: 2072
Merit: 1001


View Profile
September 12, 2011, 09:14:42 PM
 #36

It seems Mt Gox has been broken into again. My account was just liquidated and send to a foreign address, the IP of which seems to be in the Ukraine. I assume I was targeted because I'm a Bitcoin developer.

Since I use Linux and use unique high entropy passwords, I am ruling out any nonsense like local trojans.

Everyone: Clear out your accounts if you have anything in them.

So here we have a staff member.
Linux user.
Knows to use strong passwords.
Has no reason to lie.
Had this account hacked before and right before he mentioned this on the forum shtf.
Probably did not use the same password here on the forum and on mtgox.

Help me understand why this is not more of a big deal?
gusti
Legendary
*
Offline Offline

Activity: 1099
Merit: 1000


View Profile
September 12, 2011, 09:21:31 PM
 #37

At this moment, I'm questioning if DiabloD3 really posted this thread, I smelll something fishy here.
Maybe the forum (or DiabloD3 account) is compromised again.

If you don't own the private keys, you don't own the coins.
nelisky
Legendary
*
Offline Offline

Activity: 1540
Merit: 1002


View Profile
September 12, 2011, 09:26:26 PM
 #38

Yep, that's my suspicion too. Easy to cry wolf these days, everyone is already biased one way or another...

Anyone got a confirmation from DiabloD3 that he was indeed the one to post this?
BitcoinPorn
Hero Member
*****
Offline Offline

Activity: 630
Merit: 500


Posts: 69


View Profile WWW
September 12, 2011, 09:27:01 PM
 #39

Help me understand why this is not more of a big deal?
It is a big deal.  Don't let the sound of these forums silence on the ordeal or many other issues currently running with Bitcoin make you think that no one cares.

I made this post for Bitcoin Media http://bitcoinmedia.com/the-bitcoin-communities-find-the-place-right and I am thinking about making a more updated and detailed post if enough people request it, as since it's posting these forums turned into CosbyCoin among other hackings and other happenings.   I would side with gusti so far on the 'maybe this isn't DiabloD3' at all way of thinking, but at this point of the day, someone associated with him would have already denied or confirmed something else if it wasn't the truth posted here.    Or not, who knows lol.

ElectricMucus
Legendary
*
Offline Offline

Activity: 1666
Merit: 1057


Marketing manager - GO MP


View Profile WWW
September 12, 2011, 09:27:46 PM
 #40

At this moment, I'm questioning if DiabloD3 really posted this thread, I smelll something fishy here.
Maybe the forum (or DiabloD3 account) is compromised again.
Wouldn't the staff members be the first ones to secure their accounts on the forum, even before it went back online after the hack?
cablepair
Hero Member
*****
Offline Offline

Activity: 896
Merit: 1000


Buy this account on March-2019. New Owner here!!


View Profile WWW
September 12, 2011, 09:29:06 PM
 #41

I also am finding this hard to believe that this is really DiabloD3d, it does not make sense, that he would issue a statement of this magnitude in this way.

This would be a major incident and it wouldn't be reported in such a short and easy way like this.

I would believe that his forum account is hacked. The hackers that did the CosbyCoin hack probably set this up in order to have some more of their fun down the road.
tvbcof
Legendary
*
Offline Offline

Activity: 4704
Merit: 1276


View Profile
September 12, 2011, 09:32:19 PM
 #42


...

Help me understand why this is not more of a big deal?

I remember a similar event a few weeks ago.  The user presented himself as a competent individual, but eventually MtGox looked at their logs and presented a pretty compelling argument that it was user error.  The dude probably got keystroke logged IIRC.

I'll sit on the fence until either 1) more similar events pop up, or 2) MtGox presents evidence from their logs which explains things.  It is easy for me to fence sit here though since I'm not an MtGox users Smiley

(Disclosure:  I've had some very low buys in in case MtGox crashes the train.  Been in for a long time and it has not happened yet.)

sig spam anywhere and self-moderated threads on the pol&soc board are for losers.
ctoon6
Sr. Member
****
Offline Offline

Activity: 350
Merit: 251



View Profile
September 12, 2011, 09:41:31 PM
 #43

either way, mtgox is not a bank, so do not treat it as such. your a fool to think anything else.

1.21gigawatts
Member
**
Offline Offline

Activity: 98
Merit: 10


View Profile
September 12, 2011, 09:42:13 PM
 #44

It would be a big deal if hundreds of people were coming here complaining that their mt gox accounts were hacked AGAIN.
Bitcoin Swami
Full Member
***
Offline Offline

Activity: 182
Merit: 100


View Profile
September 12, 2011, 09:43:14 PM
 #45

Swami Sense tells me he got his forum account hacked.
stsbrad
Full Member
***
Offline Offline

Activity: 168
Merit: 100

Brad Willman, SSCP, LTCP, MCTS,SCE,BCE


View Profile
September 12, 2011, 09:43:23 PM
 #46

I also am finding this hard to believe that this is really DiabloD3d, it does not make sense, that he would issue a statement of this magnitude in this way.

This would be a major incident and it wouldn't be reported in such a short and easy way like this.

I would believe that his forum account is hacked. The hackers that did the CosbyCoin hack probably set this up in order to have some more of their fun down the road.


I find it hard to believe as well, especially since the trolls at SA stated it was wagner first, then gox right?

The "everyone clear out your accounts" was the biggest red flag of the post for me.
fcmatt
Legendary
*
Offline Offline

Activity: 2072
Merit: 1001


View Profile
September 12, 2011, 09:44:01 PM
 #47

It would be a big deal if hundreds of people were coming here complaining that their mt gox accounts were hacked AGAIN.

But that is not how it all started last time. People talked about it happening in a trickle.
They were told it was completely their fault, etc.. Then it all blew up with a password file
being handed around like nothing days after.
makomk
Hero Member
*****
Offline Offline

Activity: 686
Merit: 564


View Profile
September 12, 2011, 09:48:33 PM
 #48

At this moment, I'm questioning if DiabloD3 really posted this thread, I smelll something fishy here.
Maybe the forum (or DiabloD3 account) is compromised again.
Not unless the box he connects to IRC from has been hacked too; he said essentially the same things in there.

I remember a similar event a few weeks ago.  The user presented himself as a competent individual, but eventually MtGox looked at their logs and presented a pretty compelling argument that it was user error.  The dude probably got keystroke logged IIRC.
Was that the one where the "evidence" was that the attacker logged into the victim's account with the correct password on the first attempt, and it later turned out that MtGox's password database had previously been stolen and many of the passwords cracked, or another incident?

Quad XC6SLX150 Board: 860 MHash/s or so.
SIGS ABOUT BUTTERFLY LABS ARE PAID ADS
ctoon6
Sr. Member
****
Offline Offline

Activity: 350
Merit: 251



View Profile
September 12, 2011, 09:50:12 PM
 #49

It would be a big deal if hundreds of people were coming here complaining that their mt gox accounts were hacked AGAIN.

But that is not how it all started last time. People talked about it happening in a trickle.
They were told it was completely their fault, etc.. Then it all blew up with a password file
being handed around like nothing days after.

yep yep, guys, be careful if you want to exchange your hard earned fiat for bitcoins. because if the gox goes down, you could loose everything.

Littleshop
Legendary
*
Offline Offline

Activity: 1386
Merit: 1004



View Profile WWW
September 12, 2011, 09:53:13 PM
 #50

My funds are still at mtgox.com   

I have a yubi.

tvbcof
Legendary
*
Offline Offline

Activity: 4704
Merit: 1276


View Profile
September 12, 2011, 10:02:43 PM
 #51


I remember a similar event a few weeks ago.  The user presented himself as a competent individual, but eventually MtGox looked at their logs and presented a pretty compelling argument that it was user error.  The dude probably got keystroke logged IIRC.
Was that the one where the "evidence" was that the attacker logged into the victim's account with the correct password on the first attempt, and it later turned out that MtGox's password database had previously been stolen and many of the passwords cracked, or another incident?

Different one.  They guy had quite a good password IMHO (but that did not stop people for berating him about it.)  Certainly it was much to good for a cold remote guess style attack.

MtGox dug up a log showing a login from somewhere.  And some other people dug up some (not too) old posts from the guy which seemed to show that he was not quite as much of a security guru as he seemed to have been presenting himself as.  This was long after the main MtGox hack where the password database was filtched...or at least the only such time I am aware of where this happened to MtGox.  I'm thinking 3 weeks or a month ago.

sig spam anywhere and self-moderated threads on the pol&soc board are for losers.
geek-trader
Sr. Member
****
Offline Offline

Activity: 294
Merit: 250


View Profile
September 12, 2011, 10:05:39 PM
 #52

My funds are still at mtgox.com   

I have a yubi.

Me too, on both points.

Make 1 deposit and earn BTC for life! http://bitcoinpyramid.com/r/345
Play my FREE HTML5 games at: http://magigames.org  BTC donations accepted.
cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
September 12, 2011, 10:51:41 PM
 #53

my bet is Diablo has had his forum acct hacked.  look, he puts up an OP then refuses to elaborate?

this could be a new tactic from the banker/gov't trolls lurking here to combat Bitcoin.  an "allten" guy here is advocating clearing out your mtgox accts as well to force an audit which makes no sense if he really was concerned about bitcoin or mtgox as it would cause a bank run like event killing mtgox.
ElectricMucus
Legendary
*
Offline Offline

Activity: 1666
Merit: 1057


Marketing manager - GO MP


View Profile WWW
September 12, 2011, 10:55:22 PM
 #54

Well he appears to be offline, so the only thing we can do now is wait...
cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
September 12, 2011, 10:55:28 PM
 #55

why is the price up then the last few days?

if you want to get your USD out then the fastest way is to BUY bitcoin and then transfer it out.  after all, this is as good a time as any if you're bullish.
cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
September 12, 2011, 10:56:51 PM
 #56

a true hacker would clean out hundreds of accts at once to maximize the theft before anyone else could react.  this doesn't pass the smell test.
Otoh
Donator
Legendary
*
Offline Offline

Activity: 3066
Merit: 1164



View Profile
September 12, 2011, 11:01:43 PM
 #57



Mount Goxxed - surely

though also:

"My funds are still at mtgox.com   

I have a yubi"

BTC = $c²     My BTC addie = 1otohotohMoQoxHuxLBveQiZcV3Pji3Tc 
Bitstamp Exchange: Referal Code
CHARITY | MY REP | PREDICTION 1 | PREDICTION 2 | PREDICTION 3
Maged
Legendary
*
Offline Offline

Activity: 1204
Merit: 1015


View Profile
September 13, 2011, 12:00:23 AM
 #58

my bet is Diablo has had his forum acct hacked.  look, he puts up an OP then refuses to elaborate?
Ha! I see what you did there.
At this moment, I'm questioning if DiabloD3 really posted this thread, I smelll something fishy here.
Maybe the forum (or DiabloD3 account) is compromised again.
Wouldn't the staff members be the first ones to secure their accounts on the forum, even before it went back online after the hack?
Yup. All staff had to re-verify themselves after the forum came back up.
At this moment, I'm questioning if DiabloD3 really posted this thread, I smelll something fishy here.
Maybe the forum (or DiabloD3 account) is compromised again.
Not unless the box he connects to IRC from has been hacked too; he said essentially the same things in there.
This. I saw that too.

mizerydearia
Hero Member
*****
Offline Offline

Activity: 574
Merit: 509



View Profile
September 13, 2011, 12:23:51 AM
 #59

This was yesterday in the MtGox IRC channel:

Quote
17:31 < kinlo> there is something wrong, how can it have gone above 10 when my sell order at 8 didn't occur?
17:31 < molecular> it didnt reall go above 10, I assume
17:31 < Ymgve> kinlo: bugs, the orders didn't happen or there was something wrong in the matching algorithm
17:32 < kinlo> MagicalTux: ?
17:32 < molecular> likely has to do with the "new currency markets"
17:32 <@MagicalTux> no
17:32 <@MagicalTux> has to do with hackers trying their best to do stuff normal people wouldn't by dropping large amounts of stolen funds/coins

...

17:35 < molecular> flushing bad orders? How do I make a "bad sell order" at 30 USD? ^^
17:35 < xelister> molecular: =)
17:35 <@MagicalTux> molecular, I blocked ~2000 accounts created most likely for the purpose of killing bitcoin on 9/11
17:35 <@MagicalTux> their trades do remain however
17:35 < molecular> MagicalTux, holy moly!
17:35 <@MagicalTux> but they cannot execute, causing weird results





Quote
<wardearia> <MagicalTux> has to do with hackers trying their best to do stuff normal people wouldn't by dropping large amounts of stolen funds/coins  ---  Is the claim of the people behind the large amounts of bitcoins transacting at mtgox being 'hackers' accurate or is it speculation?  Also, is it accurate that if large transactions occur at mtgox.com the site will only break if those people transacting are hackers and not legitimate transacters?
<upb> lol
<upb> good questions Smiley




Also, with a shady history of lying and censoring/deleting posts to cover history of events/information, why not resort to even further shadiness of preserving buggy code for sake of compromise or even participating in the compromises 1st partily in the guise of 3rd party compromizations?  Regardless though, the codebase developed for mtgox.com exchange seems ripe for abuse and exploitation and will be a feeding ground for those that want bitcoins through the challenge of exploitation.

I would imagine it would be more wise to collectively or consensually switch to a more reputable and secure/reliable exchange market and allow it to establish as most popular exchange site..... preferably one that has 0% transaction fees.   Otherwise with mtgox's 0.6% transaction fee from both sides of each transaction and approximate 1,200,000 bitcoins per month transacted, mtgox makes 14,400 bitcoins a month...and at us$6 each, that's almost us$100,000 profix per month.  OMFGZ!! =/
ctoon6
Sr. Member
****
Offline Offline

Activity: 350
Merit: 251



View Profile
September 13, 2011, 12:25:41 AM
 #60

i like how mtgox is blocking traffic that would "kill bitcoin" its not up to mtgox to do this, so please stop, you are not god so dont act like it.

DiabloD3 (OP)
Legendary
*
Offline Offline

Activity: 1162
Merit: 1000


DiabloMiner author


View Profile WWW
September 13, 2011, 02:19:26 AM
 #61

my bet is Diablo has had his forum acct hacked.  look, he puts up an OP then refuses to elaborate?

this could be a new tactic from the banker/gov't trolls lurking here to combat Bitcoin.  an "allten" guy here is advocating clearing out your mtgox accts as well to force an audit which makes no sense if he really was concerned about bitcoin or mtgox as it would cause a bank run like event killing mtgox.

Having my forum account "hacked" (which theymos does not believe has happened to anyone because everyone changed their passwords too fast) cannot be related to mtgox getting hacked. I use two different passwords if the op post wasn't clear by the use of the word unique.

DiabloD3 (OP)
Legendary
*
Offline Offline

Activity: 1162
Merit: 1000


DiabloMiner author


View Profile WWW
September 13, 2011, 02:22:37 AM
 #62

At this moment, I'm questioning if DiabloD3 really posted this thread, I smelll something fishy here.
Maybe the forum (or DiabloD3 account) is compromised again.

Nope, its really me. Hi.

gusti
Legendary
*
Offline Offline

Activity: 1099
Merit: 1000


View Profile
September 13, 2011, 02:24:35 AM
 #63

At this moment, I'm questioning if DiabloD3 really posted this thread, I smelll something fishy here.
Maybe the forum (or DiabloD3 account) is compromised again.

Nope, its really me. Hi.

Really ? Please show your ID.   Grin

If you don't own the private keys, you don't own the coins.
niko
Hero Member
*****
Offline Offline

Activity: 756
Merit: 501


There is more to Bitcoin than bitcoins.


View Profile
September 13, 2011, 02:25:21 AM
 #64

I'm out of here. Goodbye.

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
DiabloD3 (OP)
Legendary
*
Offline Offline

Activity: 1162
Merit: 1000


DiabloMiner author


View Profile WWW
September 13, 2011, 02:34:51 AM
 #65

I notified MagicTux through his support email, and he sent back a useless form letter as a reply.

Quote
Hello,


Recently there has been a large increase in the number of “phishing” attacks that have been made against the users of Mt.Gox.

Phishing involves deceiving users through fake emails or websites into providing their user name and password to the phisher, who then uses this information to log into the account and withdraw as many funds as they are able into their own bank account.

Phishing is another form of Internet crime similar to hacking which has steadily become more prevalent with the increase of Internet banking, shopping and exchange services. We urge our users to be cautious of phishing attacks, not only when accessing Mt.Gox but when providing any personal information over the Internet.

While the following steps cannot protect users completely from phishing, they will ensure that any attempt to steal personal information is far less successful:

-Always check the URL in the address bar of your browser when logging into Mt.Gox. It should read “https://mtgox.com”.
-Never click on hyperlinks in emails to access Mt.Gox.
-If you are ever unsure of the veracity of an email’s contents, contact Mt.Gox Support. We will be more than happy to confirm whether or not the email you have received is authentic.
-Be aware that Mt.Gox will never contact you by email asking for your user name or password.
-Check the security certificate of the website you are logging into. In modern browsers, this can be done by looking at the address bar and checking whether or not a blue certificate appears to the left of the address.
-Mt.Gox will soon implement the VeriSign EV Authentication certificate, which will make the address bar turn green when you are accessing the real Mt.Gox website.
-Use anti-virus software at all times. A number of anti-virus programmes include anti-phishing features which will notify you when you are accessing a suspect website.

We sincerely apologize for the inconvenience our users have suffered at the hands of phishers, and are doing all that we can to prevent further attacks in the future.

Thanks,

MtGox.com Team

I consider this a smoking gun.

stsbrad
Full Member
***
Offline Offline

Activity: 168
Merit: 100

Brad Willman, SSCP, LTCP, MCTS,SCE,BCE


View Profile
September 13, 2011, 02:38:55 AM
 #66

so you are staff here. developer? seen it all done it all bitcoin related. and you still chose to leave your money on an exchange that was compromised before and never decided that two factor auth might be a good idea? bro... I'm sorry but c'mon. I know if they have been compromised they are the LARGER part of the problem don't get me wrong but shit. you should know better.
ctoon6
Sr. Member
****
Offline Offline

Activity: 350
Merit: 251



View Profile
September 13, 2011, 02:44:21 AM
 #67

my bet is Diablo has had his forum acct hacked.  look, he puts up an OP then refuses to elaborate?

this could be a new tactic from the banker/gov't trolls lurking here to combat Bitcoin.  an "allten" guy here is advocating clearing out your mtgox accts as well to force an audit which makes no sense if he really was concerned about bitcoin or mtgox as it would cause a bank run like event killing mtgox.

Having my forum account "hacked" (which theymos does not believe has happened to anyone because everyone changed their passwords too fast) cannot be related to mtgox getting hacked. I use two different passwords if the op post wasn't clear by the use of the word unique.

do you have a key we can verify?

ElectricMucus
Legendary
*
Offline Offline

Activity: 1666
Merit: 1057


Marketing manager - GO MP


View Profile WWW
September 13, 2011, 02:54:01 AM
 #68

So far I can come up with 5 possible scenarios:

-mtgox is compromised and are covering it up.
-mtgox deliberately messing with Diablo3Ds account.
-Diablo3Ds computer/account is compromised.
-Diablo3D is posting disinformation.
-a third party is engaging in a cyberwar against bitcoin using man in the middle attacks.
/tinfoilhat mode off
ctoon6
Sr. Member
****
Offline Offline

Activity: 350
Merit: 251



View Profile
September 13, 2011, 03:07:29 AM
 #69

At this moment, I'm questioning if DiabloD3 really posted this thread, I smelll something fishy here.
Maybe the forum (or DiabloD3 account) is compromised again.

Nope, its really me. Hi.

Long form birth certificate, please.

starting to sound like a certain incident involving a certain president we currently have...

bitrick
Member
**
Offline Offline

Activity: 64
Merit: 140


View Profile
September 13, 2011, 03:07:56 AM
 #70

So far I can come up with 5 possible scenarios:

-mtgox is compromised and are covering it up.
-mtgox deliberately messing with Diablo3Ds account.
-Diablo3Ds computer/account is compromised.
-Diablo3D is posting disinformation.
-a third party is engaging in a cyberwar against bitcoin using man in the middle attacks.
/tinfoilhat mode off

Perhaps we should take a poll?
ctoon6
Sr. Member
****
Offline Offline

Activity: 350
Merit: 251



View Profile
September 13, 2011, 03:08:55 AM
 #71

So far I can come up with 5 possible scenarios:

-mtgox is compromised and are covering it up.
-mtgox deliberately messing with Diablo3Ds account.
-Diablo3Ds computer/account is compromised.
-Diablo3D is posting disinformation.
-a third party is engaging in a cyberwar against bitcoin using man in the middle attacks.
/tinfoilhat mode off

Perhaps we should take a poll?

what good is a poll, all that matters is what is, not what people think.

Shortline
Full Member
***
Offline Offline

Activity: 123
Merit: 101


View Profile
September 13, 2011, 03:11:25 AM
 #72

I notified MagicTux through his support email, and he sent back a useless form letter as a reply.

Quote
Hello,


Recently there has been a large increase in the number of “phishing” attacks that have been made against the users of Mt.Gox.

I consider this a smoking gun.

It probably is.

But he may have just forgotten who you are. Perhaps he thinks your some run-of-the-mill bitcoin crackpot. I don't know if you've noticed, but there are more than a few of those around.
geek-trader
Sr. Member
****
Offline Offline

Activity: 294
Merit: 250


View Profile
September 13, 2011, 03:13:42 AM
 #73

So far I can come up with 5 possible scenarios:

-mtgox is compromised and are covering it up.
-mtgox deliberately messing with Diablo3Ds account.
-Diablo3Ds computer/account is compromised.
-Diablo3D is posting disinformation.
-a third party is engaging in a cyberwar against bitcoin using man in the middle attacks.
/tinfoilhat mode off

Perhaps we should take a poll?

what good is a poll, all that matters is what is, not what people think.

As far as the short term price of BTC goes, what matters is what people think, not what is.  Wink

Make 1 deposit and earn BTC for life! http://bitcoinpyramid.com/r/345
Play my FREE HTML5 games at: http://magigames.org  BTC donations accepted.
DiabloD3 (OP)
Legendary
*
Offline Offline

Activity: 1162
Merit: 1000


DiabloMiner author


View Profile WWW
September 13, 2011, 03:24:38 AM
 #74

-a third party is engaging in a cyberwar against bitcoin using man in the middle attacks.

After a lengthy conversation with MagicTux, unless it does turn up that mtgox has been hacked, neither of us can figure out what happened. Its obviously not me and I didn't fall for a phishing expedition, and Im pretty sure its not on his end. His description of security on the new post-hack mtgox is pretty decent. Its not perfect, but he has gone to great lengths to prevent a repeat.

Even if they dumped the password database, the passwords are sufficiently salted and hashed that it is extremely unlikely they grabbed my password first.

I also do not think it is likely the recent DigiNotar or Globalsign break ins have produced SSL certs to attack mtgox with (which WOULD explain this) because mtgox uses EV certs and as far as I know none of the fake certs were for EV, but DigiNotar and Globalsign both DO issue EV certs. Although I am not ruling this out.

DigiNotar knew about the break in for months, and I obviously have logged in since then.

Tux has replaced the missing BTC.

fastandfurious
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
September 13, 2011, 03:31:02 AM
 #75

-a third party is engaging in a cyberwar against bitcoin using man in the middle attacks.

After a lengthy conversation with MagicTux, unless it does turn up that mtgox has been hacked, neither of us can figure out what happened. Its obviously not me and I didn't fall for a phishing expedition, and Im pretty sure its not on his end. His description of security on the new post-hack mtgox is pretty decent. Its not perfect, but he has gone to great lengths to prevent a repeat.

Even if they dumped the password database, the passwords are sufficiently salted and hashed that it is extremely unlikely they grabbed my password first.

I also do not think it is likely the recent DigiNotar or Globalsign break ins have produced SSL certs to attack mtgox with (which WOULD explain this) because mtgox uses EV certs and as far as I know none of the fake certs were for EV, but DigiNotar and Globalsign both DO issue EV certs. Although I am not ruling this out.

DigiNotar knew about the break in for months, and I obviously have logged in since then.

Tux has replaced the missing BTC.

Asking once again. Do you use a Yubikey on Mt.Gox?
stsbrad
Full Member
***
Offline Offline

Activity: 168
Merit: 100

Brad Willman, SSCP, LTCP, MCTS,SCE,BCE


View Profile
September 13, 2011, 03:33:21 AM
 #76

easy answer. no
DiabloD3 (OP)
Legendary
*
Offline Offline

Activity: 1162
Merit: 1000


DiabloMiner author


View Profile WWW
September 13, 2011, 03:38:25 AM
 #77

-a third party is engaging in a cyberwar against bitcoin using man in the middle attacks.

After a lengthy conversation with MagicTux, unless it does turn up that mtgox has been hacked, neither of us can figure out what happened. Its obviously not me and I didn't fall for a phishing expedition, and Im pretty sure its not on his end. His description of security on the new post-hack mtgox is pretty decent. Its not perfect, but he has gone to great lengths to prevent a repeat.

Even if they dumped the password database, the passwords are sufficiently salted and hashed that it is extremely unlikely they grabbed my password first.

I also do not think it is likely the recent DigiNotar or Globalsign break ins have produced SSL certs to attack mtgox with (which WOULD explain this) because mtgox uses EV certs and as far as I know none of the fake certs were for EV, but DigiNotar and Globalsign both DO issue EV certs. Although I am not ruling this out.

DigiNotar knew about the break in for months, and I obviously have logged in since then.

Tux has replaced the missing BTC.

Asking once again. Do you use a Yubikey on Mt.Gox?

As Ive said in the past, I do not believe that they improve security.

fcmatt
Legendary
*
Offline Offline

Activity: 2072
Merit: 1001


View Profile
September 13, 2011, 03:40:31 AM
 #78

Do not improve security? How could it possibly hurt or at least be neutral?
It seems it would have stopped this whole problem easily unless the attacker was using a more sophisticated method.
cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
September 13, 2011, 03:41:36 AM
 #79

-a third party is engaging in a cyberwar against bitcoin using man in the middle attacks.

After a lengthy conversation with MagicTux, unless it does turn up that mtgox has been hacked, neither of us can figure out what happened. Its obviously not me and I didn't fall for a phishing expedition, and Im pretty sure its not on his end. His description of security on the new post-hack mtgox is pretty decent. Its not perfect, but he has gone to great lengths to prevent a repeat.

Even if they dumped the password database, the passwords are sufficiently salted and hashed that it is extremely unlikely they grabbed my password first.

I also do not think it is likely the recent DigiNotar or Globalsign break ins have produced SSL certs to attack mtgox with (which WOULD explain this) because mtgox uses EV certs and as far as I know none of the fake certs were for EV, but DigiNotar and Globalsign both DO issue EV certs. Although I am not ruling this out.

DigiNotar knew about the break in for months, and I obviously have logged in since then.

Tux has replaced the missing BTC.

i'm sure at his own expense too.  you should at least say thank you.

i'm sick and tired of ppl blaming mtgox and MagTux as some sort of lying crook.  if he were would he have done this?  as well as bailing out Bitomat and donating many btc to charity and btc businesses?
phantomcircuit
Sr. Member
****
Offline Offline

Activity: 463
Merit: 252


View Profile
September 13, 2011, 03:42:15 AM
 #80

-a third party is engaging in a cyberwar against bitcoin using man in the middle attacks.

After a lengthy conversation with MagicTux, unless it does turn up that mtgox has been hacked, neither of us can figure out what happened. Its obviously not me and I didn't fall for a phishing expedition, and Im pretty sure its not on his end. His description of security on the new post-hack mtgox is pretty decent. Its not perfect, but he has gone to great lengths to prevent a repeat.

Even if they dumped the password database, the passwords are sufficiently salted and hashed that it is extremely unlikely they grabbed my password first.

I also do not think it is likely the recent DigiNotar or Globalsign break ins have produced SSL certs to attack mtgox with (which WOULD explain this) because mtgox uses EV certs and as far as I know none of the fake certs were for EV, but DigiNotar and Globalsign both DO issue EV certs. Although I am not ruling this out.

DigiNotar knew about the break in for months, and I obviously have logged in since then.

Tux has replaced the missing BTC.

I believe that fraudulent EV certificates were issued.
julz
Legendary
*
Offline Offline

Activity: 1092
Merit: 1001



View Profile
September 13, 2011, 03:44:43 AM
 #81

I notified MagicTux through his support email, and he sent back a useless form letter as a reply.

Quote
Recently there has been a large increase in the number of “phishing” attacks that have been made against the users of Mt.Gox.
...
We sincerely apologize for the inconvenience our users have suffered at the hands of phishers, and are doing all that we can to prevent further attacks in the future.

Thanks,

MtGox.com Team

I consider this a smoking gun.


What about browsing other sites whilst you are logged into mtgox?  
Due to CSRF attacks - this is something you shouldn't do when you are logged in to an important account.

You can argue that the site should be fully protected against CSRF, especially as this has come up before regarding mtgox - but it's possible there is a regression in this area or even that your specific browser version is contributing to this risk.

 









@electricwings   BM-GtyD5exuDJ2kvEbr41XchkC8x9hPxdFd
fcmatt
Legendary
*
Offline Offline

Activity: 2072
Merit: 1001


View Profile
September 13, 2011, 03:50:38 AM
 #82

Man in the middle attacks are hard because actually being the in the middle is hard.
Most packets now days go not go through a linux/bsd box or something else with enough of an OS to do such
attacks. Unless you want to portray hackers having enough skills to take over cisco/juniper/extreme/foundry/etc..
switches and routers to actually get in the middle and subvert them enough to do the attack...

CSRF sounds much more plausible especially when this entire forum was abused recently.
geek-trader
Sr. Member
****
Offline Offline

Activity: 294
Merit: 250


View Profile
September 13, 2011, 03:54:22 AM
 #83

-a third party is engaging in a cyberwar against bitcoin using man in the middle attacks.

After a lengthy conversation with MagicTux, unless it does turn up that mtgox has been hacked, neither of us can figure out what happened. Its obviously not me and I didn't fall for a phishing expedition, and Im pretty sure its not on his end. His description of security on the new post-hack mtgox is pretty decent. Its not perfect, but he has gone to great lengths to prevent a repeat.

Even if they dumped the password database, the passwords are sufficiently salted and hashed that it is extremely unlikely they grabbed my password first.

I also do not think it is likely the recent DigiNotar or Globalsign break ins have produced SSL certs to attack mtgox with (which WOULD explain this) because mtgox uses EV certs and as far as I know none of the fake certs were for EV, but DigiNotar and Globalsign both DO issue EV certs. Although I am not ruling this out.

DigiNotar knew about the break in for months, and I obviously have logged in since then.

Tux has replaced the missing BTC.

i'm sure at his own expense too.  you should at least say thank you.

i'm sick and tired of ppl blaming mtgox and MagTux as some sort of lying crook.  if he were would he have done this?  as well as bailing out Bitomat and donating many btc to charity and btc businesses?

This.

MtGox makes a shit-ton of money every day.  They know if they lose people's trust this money fountain they have will dry up.  Do you REALLY think they are going to cheat people?

NO.  In fact, it is the exact opposite.  They pay out people out of their pocket to keep our trust.

Everyone always says "follow the money".  In the case of MtGox, it is their best interest to be safe, to be honest, to stay the #1 exchange, AND grow Bitcoin as well.

To think they would skim or cheat for some short term gain when the long term gain is so HUGE for them, is just stupid.

Make 1 deposit and earn BTC for life! http://bitcoinpyramid.com/r/345
Play my FREE HTML5 games at: http://magigames.org  BTC donations accepted.
fastandfurious
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
September 13, 2011, 03:56:18 AM
 #84

-a third party is engaging in a cyberwar against bitcoin using man in the middle attacks.

After a lengthy conversation with MagicTux, unless it does turn up that mtgox has been hacked, neither of us can figure out what happened. Its obviously not me and I didn't fall for a phishing expedition, and Im pretty sure its not on his end. His description of security on the new post-hack mtgox is pretty decent. Its not perfect, but he has gone to great lengths to prevent a repeat.

Even if they dumped the password database, the passwords are sufficiently salted and hashed that it is extremely unlikely they grabbed my password first.

I also do not think it is likely the recent DigiNotar or Globalsign break ins have produced SSL certs to attack mtgox with (which WOULD explain this) because mtgox uses EV certs and as far as I know none of the fake certs were for EV, but DigiNotar and Globalsign both DO issue EV certs. Although I am not ruling this out.

DigiNotar knew about the break in for months, and I obviously have logged in since then.

Tux has replaced the missing BTC.


Asking once again. Do you use a Yubikey on Mt.Gox?

As Ive said in the past, I do not believe that they improve security.


You are much smarter than "15,000 customers and over a million users in 90 countries" (from the Yubico homepage), becuase you know that a two-factor authentication is just bull shit. Banks use it just for fun. Or maybe you don't know what you are talking about.
Valhalla1
Newbie
*
Offline Offline

Activity: 51
Merit: 0


View Profile
September 13, 2011, 04:00:10 AM
 #85

Tux has replaced the missing BTC.

oh wow.  How many BTC are we talking about here?  So can I now log in to my own account from some foreign VPN or Tor, withdraw my own bitcoins and claim I was hacked and get free BTC?  Or do I have to have one of those "staff" labels to qualify?  
stsbrad
Full Member
***
Offline Offline

Activity: 168
Merit: 100

Brad Willman, SSCP, LTCP, MCTS,SCE,BCE


View Profile
September 13, 2011, 04:03:07 AM
 #86

Tux has replaced the missing BTC.

oh wow.  How many BTC are we talking about here?  So can I now log in to my own account from some foreign VPN or Tor, withdraw my own bitcoins and claim I was hacked and get free BTC?  Or do I have to have one of those "staff" labels to qualify?  



+1
fastandfurious
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
September 13, 2011, 04:03:27 AM
 #87

I can recommend everyone with a larger amount of BTC/fiat on Mt.Gox to start using a Yubikey, I really think it will make a different security-wise. If anyone can give facts that tells me it is the contrary of my thinking, please tell me.
fcmatt
Legendary
*
Offline Offline

Activity: 2072
Merit: 1001


View Profile
September 13, 2011, 04:04:12 AM
 #88

Tux has replaced the missing BTC.

oh wow.  How many BTC are we talking about here?  So can I now log in to my own account from some foreign VPN or Tor, withdraw my own bitcoins and claim I was hacked and get free BTC?  Or do I have to have one of those "staff" labels to qualify?  



+1

did the users who got hacked due to the password file being taken on mtgox and whatever else went on during that time frame get
reimbursed? Why random users and the polish exchange but not all the customers of mtgox? Hey.. i felt like piling in.
fcmatt
Legendary
*
Offline Offline

Activity: 2072
Merit: 1001


View Profile
September 13, 2011, 04:05:44 AM
 #89

I can recommend everyone with a larger amount of BTC/fiat on Mt.Gox to start using a Yubikey, I really think it will make a different security-wise. If anyone can give facts that tells me it is the contrary of my thinking, please tell me.

It does appear it would stop a lot of the most common attacks that take place around here when it comes to mtgox.
Now if an attacker has control of the mysql db as well as possible write permits to the file system.. I do not think a yubikey
will matter much.
fastandfurious
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
September 13, 2011, 04:14:13 AM
 #90

I can recommend everyone with a larger amount of BTC/fiat on Mt.Gox to start using a Yubikey, I really think it will make a different security-wise. If anyone can give facts that tells me it is the contrary of my thinking, please tell me.

It does appear it would stop a lot of the most common attacks that take place around here when it comes to mtgox.
Now if an attacker has control of the mysql db as well as possible write permits to the file system.. I do not think a yubikey
will matter much.

I understand that is not 100 % secure, nothing is. But having said that it will make it much harder if we think Mt.Gox is using a two-factor authentication plus having a secure site that together gives a very high security level. This is the way banks does it, and last I looked they are still in business.
cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
September 13, 2011, 04:15:07 AM
 #91

Tux has replaced the missing BTC.

oh wow.  How many BTC are we talking about here?  So can I now log in to my own account from some foreign VPN or Tor, withdraw my own bitcoins and claim I was hacked and get free BTC?  Or do I have to have one of those "staff" labels to qualify?  

he spent 17000 BTC bailing out Bitomat.  he could've just let them and their btc holders die on the vine and he would've been better off than buying a worthless exchange.
fastandfurious
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
September 13, 2011, 04:20:28 AM
 #92

I have to say one more thing. It is not right to bail out some (because they are a staff member on Bitcoin forum etc.) ans let others that get hacked for different reasons get nothing. This sounds to me like what the Federal Reserve did and are doing today, they bailed out friends/banks with trillions of dollars of interest free/low interest money and let "Main street" take the hit.
DiabloD3 (OP)
Legendary
*
Offline Offline

Activity: 1162
Merit: 1000


DiabloMiner author


View Profile WWW
September 13, 2011, 04:28:01 AM
 #93

-a third party is engaging in a cyberwar against bitcoin using man in the middle attacks.

After a lengthy conversation with MagicTux, unless it does turn up that mtgox has been hacked, neither of us can figure out what happened. Its obviously not me and I didn't fall for a phishing expedition, and Im pretty sure its not on his end. His description of security on the new post-hack mtgox is pretty decent. Its not perfect, but he has gone to great lengths to prevent a repeat.

Even if they dumped the password database, the passwords are sufficiently salted and hashed that it is extremely unlikely they grabbed my password first.

I also do not think it is likely the recent DigiNotar or Globalsign break ins have produced SSL certs to attack mtgox with (which WOULD explain this) because mtgox uses EV certs and as far as I know none of the fake certs were for EV, but DigiNotar and Globalsign both DO issue EV certs. Although I am not ruling this out.

DigiNotar knew about the break in for months, and I obviously have logged in since then.

Tux has replaced the missing BTC.

I believe that fraudulent EV certificates were issued.

For reasons unrelated to this, I would like to have this citation notated.

Valhalla1
Newbie
*
Offline Offline

Activity: 51
Merit: 0


View Profile
September 13, 2011, 04:28:49 AM
 #94

Tux has replaced the missing BTC.

oh wow.  How many BTC are we talking about here?  So can I now log in to my own account from some foreign VPN or Tor, withdraw my own bitcoins and claim I was hacked and get free BTC?  Or do I have to have one of those "staff" labels to qualify?  

he spent 17000 BTC bailing out Bitomat.  he could've just let them and their btc holders die on the vine and he would've been better off than buying a worthless exchange.

so is that a 'yes' answer to my question?  Awesome, everybody load up, bitcoin bailouts for all!
DiabloD3 (OP)
Legendary
*
Offline Offline

Activity: 1162
Merit: 1000


DiabloMiner author


View Profile WWW
September 13, 2011, 04:30:02 AM
 #95

I have to say one more thing. It is not right to bail out some (because they are a staff member on Bitcoin forum etc.) ans let others that get hacked for different reasons get nothing. This sounds to me like what the Federal Reserve did and are doing today, they bailed out friends/banks with trillions of dollars of interest free/low interest money and let "Main street" take the hit.

As a supporter of Ron Paul, that is the most slanderous and insulting thing I've seen said on this message board in awhile.

As it stands, there are no other people reporting account problems. I still believe I was targeted because I'm a well known face for the Bitcoin community and a developer of software that is used in conjunction with Bitcoin frequently.

cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
September 13, 2011, 04:30:14 AM
 #96

I have to say one more thing. It is not right to bail out some (because they are a staff member on Bitcoin forum etc.) ans let others that get hacked for different reasons get nothing. This sounds to me like what the Federal Reserve did and are doing today, they bailed out friends/banks with trillions of dollars of interest free/low interest money and let "Main street" take the hit.

except that the Fed uses USD it prints up out of thin air at taxpayer expense via devaluation of the USD.  MagTux used his own BTC. 
DiabloD3 (OP)
Legendary
*
Offline Offline

Activity: 1162
Merit: 1000


DiabloMiner author


View Profile WWW
September 13, 2011, 04:31:52 AM
 #97

Tux has replaced the missing BTC.

oh wow.  How many BTC are we talking about here?  So can I now log in to my own account from some foreign VPN or Tor, withdraw my own bitcoins and claim I was hacked and get free BTC?  Or do I have to have one of those "staff" labels to qualify?  

he spent 17000 BTC bailing out Bitomat.  he could've just let them and their btc holders die on the vine and he would've been better off than buying a worthless exchange.

$60 USD worth. It was a trivial amount, I was more worried about a large scale attack, which doesn't seem to be underway. Its better to warn everyone instead of sit on the information. I'm glad I was the only one hit so far.

tvbcof
Legendary
*
Offline Offline

Activity: 4704
Merit: 1276


View Profile
September 13, 2011, 04:33:15 AM
 #98

This was yesterday in the MtGox IRC channel:

Quote
17:31 < kinlo> there is something wrong, how can it have gone above 10 when my sell order at 8 didn't occur?
17:31 < molecular> it didnt reall go above 10, I assume
17:31 < Ymgve> kinlo: bugs, the orders didn't happen or there was something wrong in the matching algorithm
17:32 < kinlo> MagicalTux: ?
17:32 < molecular> likely has to do with the "new currency markets"
17:32 <@MagicalTux> no
17:32 <@MagicalTux> has to do with hackers trying their best to do stuff normal people wouldn't by dropping large amounts of stolen funds/coins

...

17:35 < molecular> flushing bad orders? How do I make a "bad sell order" at 30 USD? ^^
17:35 < xelister> molecular: =)
17:35 <@MagicalTux> molecular, I blocked ~2000 accounts created most likely for the purpose of killing bitcoin on 9/11
17:35 <@MagicalTux> their trades do remain however
17:35 < molecular> MagicalTux, holy moly!
17:35 <@MagicalTux> but they cannot execute, causing weird results



I must say, it would take balls of steel to fuck with people who have stolen a large amount of money and wish to capitalize.  If one does not have a pretty good sense of their dispositions and means at least.  That would be a much bigger commitment to Bitcoin than I could ever muster.

sig spam anywhere and self-moderated threads on the pol&soc board are for losers.
fastandfurious
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
September 13, 2011, 04:34:53 AM
 #99

I have to say one more thing. It is not right to bail out some (because they are a staff member on Bitcoin forum etc.) ans let others that get hacked for different reasons get nothing. This sounds to me like what the Federal Reserve did and are doing today, they bailed out friends/banks with trillions of dollars of interest free/low interest money and let "Main street" take the hit.

except that the Fed uses USD it prints up out of thin air at taxpayer expense via devaluation of the USD.  MagTux used his own BTC. 

The principle is the same. If he just bails out some people, the others have to pay for that through higher trading fees, trading fees that in theory could have been lower because bailing out is a cost that in the end has to be taking from somewhere.
DiabloD3 (OP)
Legendary
*
Offline Offline

Activity: 1162
Merit: 1000


DiabloMiner author


View Profile WWW
September 13, 2011, 04:35:56 AM
 #100

I can recommend everyone with a larger amount of BTC/fiat on Mt.Gox to start using a Yubikey, I really think it will make a different security-wise. If anyone can give facts that tells me it is the contrary of my thinking, please tell me.

It does appear it would stop a lot of the most common attacks that take place around here when it comes to mtgox.
Now if an attacker has control of the mysql db as well as possible write permits to the file system.. I do not think a yubikey
will matter much.

I will expand on this. If someone gains control of mtgox, the attacker can just alter logs and dbs to make it appear that users are doing it themselves with little to no evidence that the machine was broken into.

Magic hardware oracles only make it harder for attackers to attack from the perspective of the user. They are also not perfect due to lack of public third party auditing. The one RSA produces and is used by secure government and corporate facilities and was recently defeated.

tl;dr: It prevents attacks like keylogging, it doesn't prevent attacking mtgox itself.

fastandfurious
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
September 13, 2011, 04:38:08 AM
 #101

I have to say one more thing. It is not right to bail out some (because they are a staff member on Bitcoin forum etc.) ans let others that get hacked for different reasons get nothing. This sounds to me like what the Federal Reserve did and are doing today, they bailed out friends/banks with trillions of dollars of interest free/low interest money and let "Main street" take the hit.

As a supporter of Ron Paul, that is the most slanderous and insulting thing I've seen said on this message board in awhile.

As it stands, there are no other people reporting account problems. I still believe I was targeted because I'm a well known face for the Bitcoin community and a developer of software that is used in conjunction with Bitcoin frequently.

What exactly did you think was "slanderous and insulting"?

My statement is a general point o view and are not targeted on you, I don't know all the exact details of what happened in your case, but in general I think that what I stated is something that is important to think about.
DiabloD3 (OP)
Legendary
*
Offline Offline

Activity: 1162
Merit: 1000


DiabloMiner author


View Profile WWW
September 13, 2011, 04:47:45 AM
 #102

I notified MagicTux through his support email, and he sent back a useless form letter as a reply.

Quote
Recently there has been a large increase in the number of “phishing” attacks that have been made against the users of Mt.Gox.
...
We sincerely apologize for the inconvenience our users have suffered at the hands of phishers, and are doing all that we can to prevent further attacks in the future.

Thanks,

MtGox.com Team

I consider this a smoking gun.


What about browsing other sites whilst you are logged into mtgox?  
Due to CSRF attacks - this is something you shouldn't do when you are logged in to an important account.

You can argue that the site should be fully protected against CSRF, especially as this has come up before regarding mtgox - but it's possible there is a regression in this area or even that your specific browser version is contributing to this risk.

XSRF attacks are largely difficult to perform in many cases. The problem is I would have had to visit the attacker's website at some point inside of the same environment I use to access mtgox to allow it.

cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
September 13, 2011, 04:47:55 AM
 #103

Tux has replaced the missing BTC.

oh wow.  How many BTC are we talking about here?  So can I now log in to my own account from some foreign VPN or Tor, withdraw my own bitcoins and claim I was hacked and get free BTC?  Or do I have to have one of those "staff" labels to qualify?  

he spent 17000 BTC bailing out Bitomat.  he could've just let them and their btc holders die on the vine and he would've been better off than buying a worthless exchange.

$60 USD worth. It was a trivial amount, I was more worried about a large scale attack, which doesn't seem to be underway. Its better to warn everyone instead of sit on the information. I'm glad I was the only one hit so far.

i would suggest you change the title of this thread to something much less ominous.  you're scaring people.
kjj
Legendary
*
Offline Offline

Activity: 1302
Merit: 1026



View Profile
September 13, 2011, 04:48:31 AM
 #104

I believe that fraudulent EV certificates were issued.

For reasons unrelated to this, I would like to have this citation notated.

I only found one useful article that mentions that EVSSL may have been included in the breach.

http://isc.sans.edu/diary.html?storyid=11500

I'm assuming that you and MagicalTux checked the IPs used on your account.  Anything strange there?

17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8
I routinely ignore posters with paid advertising in their sigs.  You should too.
cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
September 13, 2011, 04:48:41 AM
 #105

I have to say one more thing. It is not right to bail out some (because they are a staff member on Bitcoin forum etc.) ans let others that get hacked for different reasons get nothing. This sounds to me like what the Federal Reserve did and are doing today, they bailed out friends/banks with trillions of dollars of interest free/low interest money and let "Main street" take the hit.

except that the Fed uses USD it prints up out of thin air at taxpayer expense via devaluation of the USD.  MagTux used his own BTC.  

The principle is the same. If he just bails out some people, the others have to pay for that through higher trading fees, trading fees that in theory could have been lower because bailing out is a cost that in the end has to be taking from somewhere.

you're assuming that the tx fees will increase.  how do you know that?

and the principle is totally different.
DiabloD3 (OP)
Legendary
*
Offline Offline

Activity: 1162
Merit: 1000


DiabloMiner author


View Profile WWW
September 13, 2011, 04:50:56 AM
 #106

i would suggest you change the title of this thread to something much less ominous.  you're scaring people.

Changed. But until me or Tux can figure out what exactly happened, the issue remains open.

fastandfurious
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
September 13, 2011, 04:51:12 AM
 #107

I have to say one more thing. It is not right to bail out some (because they are a staff member on Bitcoin forum etc.) ans let others that get hacked for different reasons get nothing. This sounds to me like what the Federal Reserve did and are doing today, they bailed out friends/banks with trillions of dollars of interest free/low interest money and let "Main street" take the hit.

except that the Fed uses USD it prints up out of thin air at taxpayer expense via devaluation of the USD.  MagTux used his own BTC.  

The principle is the same. If he just bails out some people, the others have to pay for that through higher trading fees, trading fees that in theory could have been lower because bailing out is a cost that in the end has to be taking from somewhere.

you're assuming that the tx fees will increase.  how do you know that?

Study Economics 101.
DiabloD3 (OP)
Legendary
*
Offline Offline

Activity: 1162
Merit: 1000


DiabloMiner author


View Profile WWW
September 13, 2011, 04:52:02 AM
 #108

I believe that fraudulent EV certificates were issued.

For reasons unrelated to this, I would like to have this citation notated.

I only found one useful article that mentions that EVSSL may have been included in the breach.

http://isc.sans.edu/diary.html?storyid=11500

I'm assuming that you and MagicalTux checked the IPs used on your account.  Anything strange there?

See the third post, MtGox emails you the IP that made the request on withdraws.

DiabloD3 (OP)
Legendary
*
Offline Offline

Activity: 1162
Merit: 1000


DiabloMiner author


View Profile WWW
September 13, 2011, 04:53:04 AM
 #109

I have to say one more thing. It is not right to bail out some (because they are a staff member on Bitcoin forum etc.) ans let others that get hacked for different reasons get nothing. This sounds to me like what the Federal Reserve did and are doing today, they bailed out friends/banks with trillions of dollars of interest free/low interest money and let "Main street" take the hit.

except that the Fed uses USD it prints up out of thin air at taxpayer expense via devaluation of the USD.  MagTux used his own BTC.  

The principle is the same. If he just bails out some people, the others have to pay for that through higher trading fees, trading fees that in theory could have been lower because bailing out is a cost that in the end has to be taking from somewhere.

you're assuming that the tx fees will increase.  how do you know that?

Study Economics 101.

Thats assuming tx fees are not already set high enough to cover projected fraud issues.

cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
September 13, 2011, 04:53:10 AM
 #110

I have to say one more thing. It is not right to bail out some (because they are a staff member on Bitcoin forum etc.) ans let others that get hacked for different reasons get nothing. This sounds to me like what the Federal Reserve did and are doing today, they bailed out friends/banks with trillions of dollars of interest free/low interest money and let "Main street" take the hit.

except that the Fed uses USD it prints up out of thin air at taxpayer expense via devaluation of the USD.  MagTux used his own BTC.  

The principle is the same. If he just bails out some people, the others have to pay for that through higher trading fees, trading fees that in theory could have been lower because bailing out is a cost that in the end has to be taking from somewhere.

you're assuming that the tx fees will increase.  how do you know that?

Study Economics 101.

Studying Economics 101 will allow me to predict that MagTux will raise his tx fees as a result of this incident?
phillipsjk
Legendary
*
Offline Offline

Activity: 1008
Merit: 1001

Let the chips fall where they may.


View Profile WWW
September 13, 2011, 04:55:22 AM
Last edit: September 13, 2011, 05:06:41 AM by phillipsjk
 #111


Since I use Linux and use unique high entropy passwords, I am ruling out any nonsense like local trojans.


I'm not so sure you can completely rule those out. Last month kernel.org was compromized. In order to compromise the kernel, several developement machines would need to be compromized as well. Which is about as unlikely as Intel installing a back-door in one of their chips. Note: I think that 'Intel Insider' is probably just a modified version of DTCP with latency limits on the initial hop relaxed.

Edit: Tabnabbing looks like it may work on even sophisticated users, unless they leave JavaScript disabled.

James' OpenPGP public key fingerprint: EB14 9E5B F80C 1F2D 3EBE  0A2F B3DE 81FF 7B9D 5160
fastandfurious
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
September 13, 2011, 04:57:01 AM
 #112

I have to say one more thing. It is not right to bail out some (because they are a staff member on Bitcoin forum etc.) ans let others that get hacked for different reasons get nothing. This sounds to me like what the Federal Reserve did and are doing today, they bailed out friends/banks with trillions of dollars of interest free/low interest money and let "Main street" take the hit.

except that the Fed uses USD it prints up out of thin air at taxpayer expense via devaluation of the USD.  MagTux used his own BTC.  

The principle is the same. If he just bails out some people, the others have to pay for that through higher trading fees, trading fees that in theory could have been lower because bailing out is a cost that in the end has to be taking from somewhere.

you're assuming that the tx fees will increase.  how do you know that?

Study Economics 101.

Studying Economics 101 will allow me to predict that MagTux will raise his tx fees as a result of this incident?

When you understand Economics 101, come back and I promise you we can continue this discussion.
DiabloD3 (OP)
Legendary
*
Offline Offline

Activity: 1162
Merit: 1000


DiabloMiner author


View Profile WWW
September 13, 2011, 05:02:34 AM
 #113

I'm not so sure you can completely rule this out. Last month kernel.org was compromized. In order to compromise the kernel, several developement machines would need to be compromized as well.

Yes, I'm aware of the kernel.org break in. This does not apply here as the kernel I am running predates the break in and I do not get my kernel source from kernel.org.

Mmm delicious git.

cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
September 13, 2011, 05:27:51 AM
 #114

I have to say one more thing. It is not right to bail out some (because they are a staff member on Bitcoin forum etc.) ans let others that get hacked for different reasons get nothing. This sounds to me like what the Federal Reserve did and are doing today, they bailed out friends/banks with trillions of dollars of interest free/low interest money and let "Main street" take the hit.

except that the Fed uses USD it prints up out of thin air at taxpayer expense via devaluation of the USD.  MagTux used his own BTC.  

The principle is the same. If he just bails out some people, the others have to pay for that through higher trading fees, trading fees that in theory could have been lower because bailing out is a cost that in the end has to be taking from somewhere.

you're assuming that the tx fees will increase.  how do you know that?

Study Economics 101.

Studying Economics 101 will allow me to predict that MagTux will raise his tx fees as a result of this incident?

When you understand Economics 101, come back and I promise you we can continue this discussion.

you're an arrogant ass.  educate me now.
WiseOldOwl
Full Member
***
Offline Offline

Activity: 238
Merit: 100



View Profile
September 13, 2011, 05:35:09 AM
 #115


Since I use Linux and use unique high entropy passwords, I am ruling out any nonsense like local trojans.


I'm not so sure you can completely rule those out. Last month kernel.org was compromized. In order to compromise the kernel, several developement machines would need to be compromized as well. Which is about as unlikely as Intel installing a back-door in one of their chips. Note: I think that 'Intel Insider' is probably just a modified version of DTCP with latency limits on the initial hop relaxed.

Edit: Tabnabbing looks like it may work on even sophisticated users, unless they leave JavaScript disabled.
Damn this is a bust.
mrb
Legendary
*
Offline Offline

Activity: 1512
Merit: 1028


View Profile WWW
September 13, 2011, 05:38:47 AM
Last edit: September 13, 2011, 05:53:22 AM by mrb
 #116

After a lengthy conversation with MagicTux, unless it does turn up that mtgox has been hacked, neither of us can figure out what happened. Its obviously not me and I didn't fall for a phishing expedition, and Im pretty sure its not on his end. His description of security on the new post-hack mtgox is pretty decent. Its not perfect, but he has gone to great lengths to prevent a repeat.

Your compromise may be linked to a huge mystery that was never solved during the MtGox hack of June 19, 2011: many supremely strong passwords were cracked, but no one, not even Mark Karpelès, knows how it happened. One of the theories I posted in this comment is that the MtGox infrastructure has been deeply compromised, and attackers still have access to it. (I hope this is not true.)

If not that, I know that we, security-conscious people, like to think it would never happen to us, but you may have fallen to sophisticated targeted attack. There are occurrences of paranoiac security guys who do get compromised. For example even if your Linux workstation is relatively secure and updated, all it would take to compromise you is a Flash 0-day and to entice you to visit a malicious site. You may say you won't fall for it, but you do it all the time: you hang in #bitcoin-mining, someone posts a URL, you click on it. Bam! User-level X11 keylogger now running on your fully patched Linux machine. Flash is by far the scariest client-side attack vector these days...
phillipsjk
Legendary
*
Offline Offline

Activity: 1008
Merit: 1001

Let the chips fall where they may.


View Profile WWW
September 13, 2011, 06:21:10 AM
 #117


When you understand Economics 101, come back and I promise you we can continue this discussion.

you're an arrogant ass.  educate me now.

In MicroEconomics, you make several 'reasonable' assumptions, including:
  • Rational Market participants
  • The price system is a good way to communicate efficiency
  • Easy entry and exit in the market place

I think fastandfurious is arguing that if Mt.Gox can't cover their costs, they will leave the market. Of course, by the same argument, competitors less "inefficient" should be able to enter the market and undercut the Mt.Gox fees. The easy entry and exit assumption assumes captical costs don't exist (or that they are ammortized perfectly).

James' OpenPGP public key fingerprint: EB14 9E5B F80C 1F2D 3EBE  0A2F B3DE 81FF 7B9D 5160
hightax
Newbie
*
Offline Offline

Activity: 42
Merit: 0


View Profile
September 13, 2011, 07:22:39 AM
 #118

I also do not think it is likely the recent DigiNotar or Globalsign break ins have produced SSL certs to attack mtgox with (which WOULD explain this) because mtgox uses EV certs and as far as I know none of the fake certs were for EV, but DigiNotar and Globalsign both DO issue EV certs. Although I am not ruling this out.


Forging a SSL cert only enables the possibility of a man-in-the-middle attack from being transparently obvious when it's no longer signed properly.  However, you still have to accept the change in certificate for the forged-SSL MIM attack to work.  Did you log in to MtGox from strange internet connections in shady places?  Or did MtGox get their DNS forged as well?
stergium
Hero Member
*****
Offline Offline

Activity: 655
Merit: 500



View Profile
September 13, 2011, 07:32:04 AM
 #119

It seems Mt Gox has been broken into again. My account was just liquidated and send to a foreign address, the IP of which seems to be in the Ukraine. I assume I was targeted because I'm a Bitcoin developer.

Since I use Linux and use unique high entropy passwords, I am ruling out any nonsense like local trojans.

Everyone: Clear out your accounts if you have anything in them.
again?
http://www.youtube.com/watch?v=TVpkIuutIqw
they seem to have more holes than a sponge...
and the bitcointalk incident these days..
ppl should implement temporary accounts..
kjj
Legendary
*
Offline Offline

Activity: 1302
Merit: 1026



View Profile
September 13, 2011, 07:37:04 AM
 #120

I also do not think it is likely the recent DigiNotar or Globalsign break ins have produced SSL certs to attack mtgox with (which WOULD explain this) because mtgox uses EV certs and as far as I know none of the fake certs were for EV, but DigiNotar and Globalsign both DO issue EV certs. Although I am not ruling this out.


Forging a SSL cert only enables the possibility of a man-in-the-middle attack from being transparently obvious when it's no longer signed properly.  However, you still have to accept the change in certificate for the forged-SSL MIM attack to work.  Did you log in to MtGox from strange internet connections in shady places?  Or did MtGox get their DNS forged as well?

Is there actually a browser that will remember a certificate and complain if that cert is replaced with a different valid CA-signed cert?

17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8
I routinely ignore posters with paid advertising in their sigs.  You should too.
mrb
Legendary
*
Offline Offline

Activity: 1512
Merit: 1028


View Profile WWW
September 13, 2011, 07:41:22 AM
 #121

Forging a SSL cert only enables the possibility of a man-in-the-middle attack from being transparently obvious when it's no longer signed properly.  However, you still have to accept the change in certificate for the forged-SSL MIM attack to work.  Did you log in to MtGox from strange internet connections in shady places?  Or did MtGox get their DNS forged as well?

No, a forged cert from DigiNotar would allow to transparently execute a MiTM attack against an end-user, without her seeing any security warning whatsoever. Except in 1 scenario, see below...

Quote from: kjj
Is there actually a browser that will remember a certificate and complain if that cert is replaced with a different valid CA-signed cert?

...only 1 browser would warn you: Chrome, because Google hard-coded hashes of the public keys for a small number of high-profile websites certificates keys. This is called public key pinning.
makomk
Hero Member
*****
Offline Offline

Activity: 686
Merit: 564


View Profile
September 13, 2011, 07:47:20 AM
 #122

Tux has replaced the missing BTC.
That's unusual. He didn't even do that for people whose accounts were compromised in circumstances suggesting it was due to the password database being extracted by hackers...

Quad XC6SLX150 Board: 860 MHash/s or so.
SIGS ABOUT BUTTERFLY LABS ARE PAID ADS
DiabloD3 (OP)
Legendary
*
Offline Offline

Activity: 1162
Merit: 1000


DiabloMiner author


View Profile WWW
September 13, 2011, 07:56:49 AM
 #123

I also do not think it is likely the recent DigiNotar or Globalsign break ins have produced SSL certs to attack mtgox with (which WOULD explain this) because mtgox uses EV certs and as far as I know none of the fake certs were for EV, but DigiNotar and Globalsign both DO issue EV certs. Although I am not ruling this out.


Forging a SSL cert only enables the possibility of a man-in-the-middle attack from being transparently obvious when it's no longer signed properly.  However, you still have to accept the change in certificate for the forged-SSL MIM attack to work.  Did you log in to MtGox from strange internet connections in shady places?  Or did MtGox get their DNS forged as well?

The problem is you DONT need to accept the cert since its signed by a CA. Thats why this was so dangerous. All you need is someone at Tux's ISP juping the traffic and bam MITM attack and no one is the wiser.

DiabloD3 (OP)
Legendary
*
Offline Offline

Activity: 1162
Merit: 1000


DiabloMiner author


View Profile WWW
September 13, 2011, 08:00:31 AM
 #124

Forging a SSL cert only enables the possibility of a man-in-the-middle attack from being transparently obvious when it's no longer signed properly.  However, you still have to accept the change in certificate for the forged-SSL MIM attack to work.  Did you log in to MtGox from strange internet connections in shady places?  Or did MtGox get their DNS forged as well?

No, a forged cert from DigiNotar would allow to transparently execute a MiTM attack against an end-user, without her seeing any security warning whatsoever. Except in 1 scenario, see below...

Quote from: kjj
Is there actually a browser that will remember a certificate and complain if that cert is replaced with a different valid CA-signed cert?

...only 1 browser would warn you: Chrome, because Google hard-coded hashes of the public keys for a small number of high-profile websites certificates keys. This is called public key pinning.


Mozilla is considering pinning keys on first site access. So the only way to MITM false certs is during the first access (which makes it same to ssh's flaw on server fingerprint (aka ~/.ssh/known_hosts)).

DigiNotar is a clusterfuck, regardless.

mrb
Legendary
*
Offline Offline

Activity: 1512
Merit: 1028


View Profile WWW
September 13, 2011, 08:24:45 AM
 #125

Mozilla is considering pinning keys on first site access. So the only way to MITM false certs is during the first access (which makes it same to ssh's flaw on server fingerprint (aka ~/.ssh/known_hosts)).

I would love it  Kiss The only way to provide this sort of pinning with any browser is to delete all trusted CAs before browsing any HTTPS site.
nhodges
Sr. Member
****
Offline Offline

Activity: 322
Merit: 251


View Profile
September 13, 2011, 08:30:34 AM
 #126

It's possible with the recent security lapses at certificate authorities (a la comodohacker) that someone, for some period of time, was able to do a csrf / mitm attack, no?

[Edit: Should have read 3 posts further, I guess I'll leave my original reply, lol.]

DiabloD3 (OP)
Legendary
*
Offline Offline

Activity: 1162
Merit: 1000


DiabloMiner author


View Profile WWW
September 13, 2011, 08:32:15 AM
 #127

It's possible with the recent security lapses at certificate authorities (a la comodohacker) that someone, for some period of time, was able to do a csrf / mitm attack, no?

This is what I implied earlier. It is, in fact, possible. Just very unlikely.

hugolp
Legendary
*
Offline Offline

Activity: 1148
Merit: 1001


Radix-The Decentralized Finance Protocol


View Profile
September 13, 2011, 08:35:41 AM
 #128

Sorry if this is a bit offtopic, but does anyone has a propper explanation of what happen at MtGox on Sunday with the ghost trades? The technical explanations Ive heard until now dont seem to make much sense.


               ▄████████▄
               ██▀▀▀▀▀▀▀▀
              ██▀
             ███
▄▄▄▄▄       ███
██████     ███
    ▀██▄  ▄██
     ▀██▄▄██▀
       ████▀
        ▀█▀
The Radix DeFi Protocol is
R A D I X

███████████████████████████████████

The Decentralized

Finance Protocol
Scalable
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
██▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀██
██                   ██
██                   ██
████████████████     ██
██            ██     ██
██            ██     ██
██▄▄▄▄▄▄      ██     ██
██▀▀▀▀██      ██     ██
██    ██      ██     
██    ██      ██
███████████████████████

███
Secure
      ▄▄▄▄▄
    █████████
   ██▀     ▀██
  ███       ███

▄▄███▄▄▄▄▄▄▄███▄▄
██▀▀▀▀▀▀▀▀▀▀▀▀▀██
██             ██
██             ██
██             ██
██             ██
██             ██
██    ███████████

███
Community Driven
      ▄█   ▄▄
      ██ ██████▄▄
      ▀▀▄█▀   ▀▀██▄
     ▄▄ ██       ▀███▄▄██
    ██ ██▀          ▀▀██▀
    ██ ██▄            ██
   ██ ██████▄▄       ██▀
  ▄██       ▀██▄     ██
  ██▀         ▀███▄▄██▀
 ▄██             ▀▀▀▀
 ██▀
▄██
▄▄
██
███▄
▀███▄
 ▀███▄
  ▀████
    ████
     ████▄
      ▀███▄
       ▀███▄
        ▀████
          ███
           ██
           ▀▀

███
Radix is using our significant technology
innovations to be the first layer 1 protocol
specifically built to serve the rapidly growing DeFi.
Radix is the future of DeFi
█████████████████████████████████████

   ▄▄█████
  ▄████▀▀▀
  █████
█████████▀
▀▀█████▀▀
  ████
  ████
  ████

Facebook

███

             ▄▄
       ▄▄▄█████
  ▄▄▄███▀▀▄███
▀▀███▀ ▄██████
    █ ███████
     ██▀▀▀███
           ▀▀

Telegram

███

▄      ▄███▄▄
██▄▄▄ ██████▀
████████████
 ██████████▀
   ███████▀
 ▄█████▀▀

Twitter

██████

...Get Tokens...
Bitcoin Oz
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500


Wat


View Profile WWW
September 13, 2011, 09:26:59 AM
 #129

http://www.youtube.com/watch?v=MK6TXMsvgQg



Otoh
Donator
Legendary
*
Offline Offline

Activity: 3066
Merit: 1164



View Profile
September 13, 2011, 09:46:40 AM
 #130

Sorry if this is a bit offtopic, but does anyone has a propper explanation of what happen at MtGox on Sunday with the ghost trades? The technical explanations Ive heard until now dont seem to make much sense.

It seems MtGox blocked about 2,000 accounts so that their trades still showed up but were not actually executed, opperating with alededly stolen funds & Bitcoins with the intent to seriously disrupt the market, why wasn't there a MtGox warning that their data was going to be completely off - people make trading decisions based on this

What now happens to the funds & Btc now locked down at MtGox, how much is this worth, if they were stolen from MyBitCoin will they be expropriated & returned for additional refund to clients there

Far too little information comes out of MtGox about these constant shenanigans - I guess that the OP also gets a free MtGox Yubi key as well as his Btc back

BTC = $c²     My BTC addie = 1otohotohMoQoxHuxLBveQiZcV3Pji3Tc 
Bitstamp Exchange: Referal Code
CHARITY | MY REP | PREDICTION 1 | PREDICTION 2 | PREDICTION 3
hugolp
Legendary
*
Offline Offline

Activity: 1148
Merit: 1001


Radix-The Decentralized Finance Protocol


View Profile
September 13, 2011, 10:01:15 AM
 #131

It seems MtGox blocked about 2,000 accounts so that their trades still showed up but were not actually executed,

Yes, I read MagicalTux chat explanations. But I think the explanation is lacking. How does a user manage to create an order that does not get executed but still shows in the data? Is this normal at MtGox?

Without more information Im guessing it might be a bug more than a hack, but the explanation he has given is lacking (as you already said).

Quote
opperating with alededly stolen funds & Bitcoins with the intent to seriously disrupt the market, why wasn't there a MtGox warning that their data was going to be completely off - people make trading decisions based on this

What now happens to the funds & Btc now locked down at MtGox, how much is this worth, if they were stolen from MyBitCoin will they be expropriated & returned for additional refund to clients there

Far too little information comes out of MtGox about these constant shenanigans - I guess that the OP also gets a free MtGox Yubi key as well as his Btc back


               ▄████████▄
               ██▀▀▀▀▀▀▀▀
              ██▀
             ███
▄▄▄▄▄       ███
██████     ███
    ▀██▄  ▄██
     ▀██▄▄██▀
       ████▀
        ▀█▀
The Radix DeFi Protocol is
R A D I X

███████████████████████████████████

The Decentralized

Finance Protocol
Scalable
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
██▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀██
██                   ██
██                   ██
████████████████     ██
██            ██     ██
██            ██     ██
██▄▄▄▄▄▄      ██     ██
██▀▀▀▀██      ██     ██
██    ██      ██     
██    ██      ██
███████████████████████

███
Secure
      ▄▄▄▄▄
    █████████
   ██▀     ▀██
  ███       ███

▄▄███▄▄▄▄▄▄▄███▄▄
██▀▀▀▀▀▀▀▀▀▀▀▀▀██
██             ██
██             ██
██             ██
██             ██
██             ██
██    ███████████

███
Community Driven
      ▄█   ▄▄
      ██ ██████▄▄
      ▀▀▄█▀   ▀▀██▄
     ▄▄ ██       ▀███▄▄██
    ██ ██▀          ▀▀██▀
    ██ ██▄            ██
   ██ ██████▄▄       ██▀
  ▄██       ▀██▄     ██
  ██▀         ▀███▄▄██▀
 ▄██             ▀▀▀▀
 ██▀
▄██
▄▄
██
███▄
▀███▄
 ▀███▄
  ▀████
    ████
     ████▄
      ▀███▄
       ▀███▄
        ▀████
          ███
           ██
           ▀▀

███
Radix is using our significant technology
innovations to be the first layer 1 protocol
specifically built to serve the rapidly growing DeFi.
Radix is the future of DeFi
█████████████████████████████████████

   ▄▄█████
  ▄████▀▀▀
  █████
█████████▀
▀▀█████▀▀
  ████
  ████
  ████

Facebook

███

             ▄▄
       ▄▄▄█████
  ▄▄▄███▀▀▄███
▀▀███▀ ▄██████
    █ ███████
     ██▀▀▀███
           ▀▀

Telegram

███

▄      ▄███▄▄
██▄▄▄ ██████▀
████████████
 ██████████▀
   ███████▀
 ▄█████▀▀

Twitter

██████

...Get Tokens...
EhVedadoOAnonimato
Hero Member
*****
Offline Offline

Activity: 630
Merit: 500



View Profile
September 13, 2011, 10:11:30 AM
 #132

The problem is you DONT need to accept the cert since its signed by a CA. Thats why this was so dangerous. All you need is someone at Tux's ISP juping the traffic and bam

It shouldn't be that easy to be in the middle of the traffic like that. Unless you were using Tor or any similar kind of proxy. Were you?
Sukrim
Legendary
*
Offline Offline

Activity: 2618
Merit: 1007


View Profile
September 13, 2011, 11:10:34 AM
 #133

repeat with me, mtgox is not bitcoin

Not yet, they are trying to register it as a trademark though - have fun paying them license fees just to use the name!
Proof:
http://esearch.oami.europa.eu/copla/trademark/data/010103646

https://www.coinlend.org <-- automated lending at various exchanges.
https://www.bitfinex.com <-- Trade BTC for other currencies and vice versa.
kripz
Full Member
***
Offline Offline

Activity: 182
Merit: 100


View Profile
September 13, 2011, 12:43:04 PM
 #134

Probably radiation (Fukishima? Cosmic?) effected the ram, flipped a bit and the account ID that was being liquidated happen to be Diablo's (and others in the past since the Fukishima incident).

 Merged mining, free SMS notifications, PayPal payout and much more.
http://btcstats.net/sig/JZCODg2
ElectricMucus
Legendary
*
Offline Offline

Activity: 1666
Merit: 1057


Marketing manager - GO MP


View Profile WWW
September 13, 2011, 12:51:32 PM
 #135

Probably radiation (Fukishima? Cosmic?) effected the ram, flipped a bit and the account ID that was being liquidated happen to be Diablo's (and others in the past since the Fukishima incident).
Possibly

http://xkcd.com/378/
BlockHash
Full Member
***
Offline Offline

Activity: 406
Merit: 100



View Profile
September 13, 2011, 12:52:14 PM
 #136

repeat with me, mtgox is not bitcoin

Not yet, they are trying to register it as a trademark though - have fun paying them license fees just to use the name!
Proof:
http://esearch.oami.europa.eu/copla/trademark/data/010103646

This is exactly what reputable and forthright companies would do. Roll Eyes
Littleshop
Legendary
*
Offline Offline

Activity: 1386
Merit: 1004



View Profile WWW
September 13, 2011, 12:57:19 PM
 #137

-a third party is engaging in a cyberwar against bitcoin using man in the middle attacks.

After a lengthy conversation with MagicTux, unless it does turn up that mtgox has been hacked, neither of us can figure out what happened. Its obviously not me and I didn't fall for a phishing expedition, and Im pretty sure its not on his end. His description of security on the new post-hack mtgox is pretty decent. Its not perfect, but he has gone to great lengths to prevent a repeat.

Even if they dumped the password database, the passwords are sufficiently salted and hashed that it is extremely unlikely they grabbed my password first.

I also do not think it is likely the recent DigiNotar or Globalsign break ins have produced SSL certs to attack mtgox with (which WOULD explain this) because mtgox uses EV certs and as far as I know none of the fake certs were for EV, but DigiNotar and Globalsign both DO issue EV certs. Although I am not ruling this out.

DigiNotar knew about the break in for months, and I obviously have logged in since then.

Tux has replaced the missing BTC.

Asking once again. Do you use a Yubikey on Mt.Gox?

As Ive said in the past, I do not believe that they improve security.

They do not prevent every kind of attack but they stop entire categories of attacks.  You are wrong on this one and should think about it a bit more. 

phillipsjk
Legendary
*
Offline Offline

Activity: 1008
Merit: 1001

Let the chips fall where they may.


View Profile WWW
September 13, 2011, 03:49:48 PM
 #138

Is there actually a browser that will remember a certificate and complain if that cert is replaced with a different valid CA-signed cert?

There is a browser plug-in that will do that: Certificate Patrol.

James' OpenPGP public key fingerprint: EB14 9E5B F80C 1F2D 3EBE  0A2F B3DE 81FF 7B9D 5160
rotrott
Newbie
*
Offline Offline

Activity: 47
Merit: 0



View Profile
September 13, 2011, 10:48:07 PM
 #139

Was this a mtgox session hijack from the forum hack?  Were you logged into mtgox when the forum hack occurred?

tvbcof
Legendary
*
Offline Offline

Activity: 4704
Merit: 1276


View Profile
September 13, 2011, 11:55:18 PM
 #140


Asking once again. Do you use a Yubikey on Mt.Gox?

As Ive said in the past, I do not believe that they improve security.

They do not prevent every kind of attack but they stop entire categories of attacks.  You are wrong on this one and should think about it a bit more. 

They stop entire categories of attacks which not everyone is especially prone to.  SSO is a nice to have and very worthwhile in a lot of cases, but it introduce yet another layer of expense and complexity.  I don't use one at my exchange but I am quite careful about my username, password, access methods, etc.

Most importantly, I do consider the funds I have at my exchange to be disposable.  I consider the risk from incompetence, dishonesty, and government intervention to put the assets I have at my exchange at risk more than my authentication being compromised.  A good number of people would be well advised to NOT follow suite here.

sig spam anywhere and self-moderated threads on the pol&soc board are for losers.
DiabloD3 (OP)
Legendary
*
Offline Offline

Activity: 1162
Merit: 1000


DiabloMiner author


View Profile WWW
September 14, 2011, 03:04:02 AM
 #141

Was this a mtgox session hijack from the forum hack?  Were you logged into mtgox when the forum hack occurred?



That would be interesting if it was related.

deepceleron
Legendary
*
Offline Offline

Activity: 1512
Merit: 1036



View Profile WWW
September 14, 2011, 06:17:43 AM
 #142


Asking once again. Do you use a Yubikey on Mt.Gox?

As Ive said in the past, I do not believe that they improve security.

They do not prevent every kind of attack but they stop entire categories of attacks.  You are wrong on this one and should think about it a bit more.  

They stop entire categories of attacks which not everyone is especially prone to.  SSO is a nice to have and very worthwhile in a lot of cases, but it introduce yet another layer of expense and complexity.  I don't use one at my exchange but I am quite careful about my username, password, access methods, etc.

Most importantly, I do consider the funds I have at my exchange to be disposable.  I consider the risk from incompetence, dishonesty, and government intervention to put the assets I have at my exchange at risk more than my authentication being compromised.  A good number of people would be well advised to NOT follow suite here.


The yubikey is the "something you have" in two-factor authentication. Even if Diablo was successfully phished for his password by a fake email, the yubikey credentials would also be needed in order to log in. Then there is a second passkey in the yubikey needed to execute trades. The answer is, unless MtGox is still deeply hacked and PwNd from the inside and the cracker is going after $60 accounts first, the yubikey requirement would have prevented an attacker from logging in and executing trades or withdraws.

Mtgox should have audit logging, and be able to see when the IP logged in and if they used Diablo's login. Ideally a log of the last several logins and IPs should be shown on your user account page too - gmail can even do this. If the hackers used Diablo's username and password, and it is long and hard to crack as Diablo indicates, then it isn't MtGox's fault, as Diablo's credentials were obtained some other way.
TiagoTiago
Hero Member
*****
Offline Offline

Activity: 616
Merit: 500


Firstbits.com/1fg4i :)


View Profile
September 14, 2011, 07:04:30 AM
 #143

Was this a mtgox session hijack from the forum hack?  Were you logged into mtgox when the forum hack occurred?



That would be interesting if it was related.
Wouldn't it be possible that some of the code injected in the forum during the attack included somthing that would do some nastiness if you had 'gox opened in another tab?

(I dont always get new reply notifications, pls send a pm when you think it has happened)

Wanna gimme some BTC/BCH for any or no reason? 1FmvtS66LFh6ycrXDwKRQTexGJw4UWiqDX Smiley

The more you believe in Bitcoin, and the more you show you do to other people, the faster the real value will soar!

Do you like mmmBananas?!
EhVedadoOAnonimato
Hero Member
*****
Offline Offline

Activity: 630
Merit: 500



View Profile
September 14, 2011, 08:05:07 AM
 #144

Wouldn't it be possible that some of the code injected in the forum during the attack included somthing that would do some nastiness if you had 'gox opened in another tab?

Yes, a CSRF attack, but if MtGox code is well written it should be protected against it, afaik.
Pages: 1 2 3 4 5 6 7 8 [All]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!