Bitcoin Forum
October 06, 2024, 12:20:28 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 [4] 5 6 7 8 »  All
  Print  
Author Topic: Possible false alarm: MtGox break in  (Read 15371 times)
DiabloD3 (OP)
Legendary
*
Offline Offline

Activity: 1162
Merit: 1000


DiabloMiner author


View Profile WWW
September 13, 2011, 02:19:26 AM
 #61

my bet is Diablo has had his forum acct hacked.  look, he puts up an OP then refuses to elaborate?

this could be a new tactic from the banker/gov't trolls lurking here to combat Bitcoin.  an "allten" guy here is advocating clearing out your mtgox accts as well to force an audit which makes no sense if he really was concerned about bitcoin or mtgox as it would cause a bank run like event killing mtgox.

Having my forum account "hacked" (which theymos does not believe has happened to anyone because everyone changed their passwords too fast) cannot be related to mtgox getting hacked. I use two different passwords if the op post wasn't clear by the use of the word unique.

DiabloD3 (OP)
Legendary
*
Offline Offline

Activity: 1162
Merit: 1000


DiabloMiner author


View Profile WWW
September 13, 2011, 02:22:37 AM
 #62

At this moment, I'm questioning if DiabloD3 really posted this thread, I smelll something fishy here.
Maybe the forum (or DiabloD3 account) is compromised again.

Nope, its really me. Hi.

gusti
Legendary
*
Offline Offline

Activity: 1099
Merit: 1000


View Profile
September 13, 2011, 02:24:35 AM
 #63

At this moment, I'm questioning if DiabloD3 really posted this thread, I smelll something fishy here.
Maybe the forum (or DiabloD3 account) is compromised again.

Nope, its really me. Hi.

Really ? Please show your ID.   Grin

If you don't own the private keys, you don't own the coins.
niko
Hero Member
*****
Offline Offline

Activity: 756
Merit: 501


There is more to Bitcoin than bitcoins.


View Profile
September 13, 2011, 02:25:21 AM
 #64

I'm out of here. Goodbye.

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
DiabloD3 (OP)
Legendary
*
Offline Offline

Activity: 1162
Merit: 1000


DiabloMiner author


View Profile WWW
September 13, 2011, 02:34:51 AM
 #65

I notified MagicTux through his support email, and he sent back a useless form letter as a reply.

Quote
Hello,


Recently there has been a large increase in the number of “phishing” attacks that have been made against the users of Mt.Gox.

Phishing involves deceiving users through fake emails or websites into providing their user name and password to the phisher, who then uses this information to log into the account and withdraw as many funds as they are able into their own bank account.

Phishing is another form of Internet crime similar to hacking which has steadily become more prevalent with the increase of Internet banking, shopping and exchange services. We urge our users to be cautious of phishing attacks, not only when accessing Mt.Gox but when providing any personal information over the Internet.

While the following steps cannot protect users completely from phishing, they will ensure that any attempt to steal personal information is far less successful:

-Always check the URL in the address bar of your browser when logging into Mt.Gox. It should read “https://mtgox.com”.
-Never click on hyperlinks in emails to access Mt.Gox.
-If you are ever unsure of the veracity of an email’s contents, contact Mt.Gox Support. We will be more than happy to confirm whether or not the email you have received is authentic.
-Be aware that Mt.Gox will never contact you by email asking for your user name or password.
-Check the security certificate of the website you are logging into. In modern browsers, this can be done by looking at the address bar and checking whether or not a blue certificate appears to the left of the address.
-Mt.Gox will soon implement the VeriSign EV Authentication certificate, which will make the address bar turn green when you are accessing the real Mt.Gox website.
-Use anti-virus software at all times. A number of anti-virus programmes include anti-phishing features which will notify you when you are accessing a suspect website.

We sincerely apologize for the inconvenience our users have suffered at the hands of phishers, and are doing all that we can to prevent further attacks in the future.

Thanks,

MtGox.com Team

I consider this a smoking gun.

stsbrad
Full Member
***
Offline Offline

Activity: 168
Merit: 100

Brad Willman, SSCP, LTCP, MCTS,SCE,BCE


View Profile
September 13, 2011, 02:38:55 AM
 #66

so you are staff here. developer? seen it all done it all bitcoin related. and you still chose to leave your money on an exchange that was compromised before and never decided that two factor auth might be a good idea? bro... I'm sorry but c'mon. I know if they have been compromised they are the LARGER part of the problem don't get me wrong but shit. you should know better.
ctoon6
Sr. Member
****
Offline Offline

Activity: 350
Merit: 251



View Profile
September 13, 2011, 02:44:21 AM
 #67

my bet is Diablo has had his forum acct hacked.  look, he puts up an OP then refuses to elaborate?

this could be a new tactic from the banker/gov't trolls lurking here to combat Bitcoin.  an "allten" guy here is advocating clearing out your mtgox accts as well to force an audit which makes no sense if he really was concerned about bitcoin or mtgox as it would cause a bank run like event killing mtgox.

Having my forum account "hacked" (which theymos does not believe has happened to anyone because everyone changed their passwords too fast) cannot be related to mtgox getting hacked. I use two different passwords if the op post wasn't clear by the use of the word unique.

do you have a key we can verify?

ElectricMucus
Legendary
*
Offline Offline

Activity: 1666
Merit: 1057


Marketing manager - GO MP


View Profile WWW
September 13, 2011, 02:54:01 AM
 #68

So far I can come up with 5 possible scenarios:

-mtgox is compromised and are covering it up.
-mtgox deliberately messing with Diablo3Ds account.
-Diablo3Ds computer/account is compromised.
-Diablo3D is posting disinformation.
-a third party is engaging in a cyberwar against bitcoin using man in the middle attacks.
/tinfoilhat mode off
ctoon6
Sr. Member
****
Offline Offline

Activity: 350
Merit: 251



View Profile
September 13, 2011, 03:07:29 AM
 #69

At this moment, I'm questioning if DiabloD3 really posted this thread, I smelll something fishy here.
Maybe the forum (or DiabloD3 account) is compromised again.

Nope, its really me. Hi.

Long form birth certificate, please.

starting to sound like a certain incident involving a certain president we currently have...

bitrick
Member
**
Offline Offline

Activity: 64
Merit: 140


View Profile
September 13, 2011, 03:07:56 AM
 #70

So far I can come up with 5 possible scenarios:

-mtgox is compromised and are covering it up.
-mtgox deliberately messing with Diablo3Ds account.
-Diablo3Ds computer/account is compromised.
-Diablo3D is posting disinformation.
-a third party is engaging in a cyberwar against bitcoin using man in the middle attacks.
/tinfoilhat mode off

Perhaps we should take a poll?
ctoon6
Sr. Member
****
Offline Offline

Activity: 350
Merit: 251



View Profile
September 13, 2011, 03:08:55 AM
 #71

So far I can come up with 5 possible scenarios:

-mtgox is compromised and are covering it up.
-mtgox deliberately messing with Diablo3Ds account.
-Diablo3Ds computer/account is compromised.
-Diablo3D is posting disinformation.
-a third party is engaging in a cyberwar against bitcoin using man in the middle attacks.
/tinfoilhat mode off

Perhaps we should take a poll?

what good is a poll, all that matters is what is, not what people think.

Shortline
Full Member
***
Offline Offline

Activity: 123
Merit: 101


View Profile
September 13, 2011, 03:11:25 AM
 #72

I notified MagicTux through his support email, and he sent back a useless form letter as a reply.

Quote
Hello,


Recently there has been a large increase in the number of “phishing” attacks that have been made against the users of Mt.Gox.

I consider this a smoking gun.

It probably is.

But he may have just forgotten who you are. Perhaps he thinks your some run-of-the-mill bitcoin crackpot. I don't know if you've noticed, but there are more than a few of those around.
geek-trader
Sr. Member
****
Offline Offline

Activity: 294
Merit: 250


View Profile
September 13, 2011, 03:13:42 AM
 #73

So far I can come up with 5 possible scenarios:

-mtgox is compromised and are covering it up.
-mtgox deliberately messing with Diablo3Ds account.
-Diablo3Ds computer/account is compromised.
-Diablo3D is posting disinformation.
-a third party is engaging in a cyberwar against bitcoin using man in the middle attacks.
/tinfoilhat mode off

Perhaps we should take a poll?

what good is a poll, all that matters is what is, not what people think.

As far as the short term price of BTC goes, what matters is what people think, not what is.  Wink

Make 1 deposit and earn BTC for life! http://bitcoinpyramid.com/r/345
Play my FREE HTML5 games at: http://magigames.org  BTC donations accepted.
DiabloD3 (OP)
Legendary
*
Offline Offline

Activity: 1162
Merit: 1000


DiabloMiner author


View Profile WWW
September 13, 2011, 03:24:38 AM
 #74

-a third party is engaging in a cyberwar against bitcoin using man in the middle attacks.

After a lengthy conversation with MagicTux, unless it does turn up that mtgox has been hacked, neither of us can figure out what happened. Its obviously not me and I didn't fall for a phishing expedition, and Im pretty sure its not on his end. His description of security on the new post-hack mtgox is pretty decent. Its not perfect, but he has gone to great lengths to prevent a repeat.

Even if they dumped the password database, the passwords are sufficiently salted and hashed that it is extremely unlikely they grabbed my password first.

I also do not think it is likely the recent DigiNotar or Globalsign break ins have produced SSL certs to attack mtgox with (which WOULD explain this) because mtgox uses EV certs and as far as I know none of the fake certs were for EV, but DigiNotar and Globalsign both DO issue EV certs. Although I am not ruling this out.

DigiNotar knew about the break in for months, and I obviously have logged in since then.

Tux has replaced the missing BTC.

fastandfurious
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
September 13, 2011, 03:31:02 AM
 #75

-a third party is engaging in a cyberwar against bitcoin using man in the middle attacks.

After a lengthy conversation with MagicTux, unless it does turn up that mtgox has been hacked, neither of us can figure out what happened. Its obviously not me and I didn't fall for a phishing expedition, and Im pretty sure its not on his end. His description of security on the new post-hack mtgox is pretty decent. Its not perfect, but he has gone to great lengths to prevent a repeat.

Even if they dumped the password database, the passwords are sufficiently salted and hashed that it is extremely unlikely they grabbed my password first.

I also do not think it is likely the recent DigiNotar or Globalsign break ins have produced SSL certs to attack mtgox with (which WOULD explain this) because mtgox uses EV certs and as far as I know none of the fake certs were for EV, but DigiNotar and Globalsign both DO issue EV certs. Although I am not ruling this out.

DigiNotar knew about the break in for months, and I obviously have logged in since then.

Tux has replaced the missing BTC.

Asking once again. Do you use a Yubikey on Mt.Gox?
stsbrad
Full Member
***
Offline Offline

Activity: 168
Merit: 100

Brad Willman, SSCP, LTCP, MCTS,SCE,BCE


View Profile
September 13, 2011, 03:33:21 AM
 #76

easy answer. no
DiabloD3 (OP)
Legendary
*
Offline Offline

Activity: 1162
Merit: 1000


DiabloMiner author


View Profile WWW
September 13, 2011, 03:38:25 AM
 #77

-a third party is engaging in a cyberwar against bitcoin using man in the middle attacks.

After a lengthy conversation with MagicTux, unless it does turn up that mtgox has been hacked, neither of us can figure out what happened. Its obviously not me and I didn't fall for a phishing expedition, and Im pretty sure its not on his end. His description of security on the new post-hack mtgox is pretty decent. Its not perfect, but he has gone to great lengths to prevent a repeat.

Even if they dumped the password database, the passwords are sufficiently salted and hashed that it is extremely unlikely they grabbed my password first.

I also do not think it is likely the recent DigiNotar or Globalsign break ins have produced SSL certs to attack mtgox with (which WOULD explain this) because mtgox uses EV certs and as far as I know none of the fake certs were for EV, but DigiNotar and Globalsign both DO issue EV certs. Although I am not ruling this out.

DigiNotar knew about the break in for months, and I obviously have logged in since then.

Tux has replaced the missing BTC.

Asking once again. Do you use a Yubikey on Mt.Gox?

As Ive said in the past, I do not believe that they improve security.

fcmatt
Legendary
*
Offline Offline

Activity: 2072
Merit: 1001


View Profile
September 13, 2011, 03:40:31 AM
 #78

Do not improve security? How could it possibly hurt or at least be neutral?
It seems it would have stopped this whole problem easily unless the attacker was using a more sophisticated method.
cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
September 13, 2011, 03:41:36 AM
 #79

-a third party is engaging in a cyberwar against bitcoin using man in the middle attacks.

After a lengthy conversation with MagicTux, unless it does turn up that mtgox has been hacked, neither of us can figure out what happened. Its obviously not me and I didn't fall for a phishing expedition, and Im pretty sure its not on his end. His description of security on the new post-hack mtgox is pretty decent. Its not perfect, but he has gone to great lengths to prevent a repeat.

Even if they dumped the password database, the passwords are sufficiently salted and hashed that it is extremely unlikely they grabbed my password first.

I also do not think it is likely the recent DigiNotar or Globalsign break ins have produced SSL certs to attack mtgox with (which WOULD explain this) because mtgox uses EV certs and as far as I know none of the fake certs were for EV, but DigiNotar and Globalsign both DO issue EV certs. Although I am not ruling this out.

DigiNotar knew about the break in for months, and I obviously have logged in since then.

Tux has replaced the missing BTC.

i'm sure at his own expense too.  you should at least say thank you.

i'm sick and tired of ppl blaming mtgox and MagTux as some sort of lying crook.  if he were would he have done this?  as well as bailing out Bitomat and donating many btc to charity and btc businesses?
phantomcircuit
Sr. Member
****
Offline Offline

Activity: 463
Merit: 252


View Profile
September 13, 2011, 03:42:15 AM
 #80

-a third party is engaging in a cyberwar against bitcoin using man in the middle attacks.

After a lengthy conversation with MagicTux, unless it does turn up that mtgox has been hacked, neither of us can figure out what happened. Its obviously not me and I didn't fall for a phishing expedition, and Im pretty sure its not on his end. His description of security on the new post-hack mtgox is pretty decent. Its not perfect, but he has gone to great lengths to prevent a repeat.

Even if they dumped the password database, the passwords are sufficiently salted and hashed that it is extremely unlikely they grabbed my password first.

I also do not think it is likely the recent DigiNotar or Globalsign break ins have produced SSL certs to attack mtgox with (which WOULD explain this) because mtgox uses EV certs and as far as I know none of the fake certs were for EV, but DigiNotar and Globalsign both DO issue EV certs. Although I am not ruling this out.

DigiNotar knew about the break in for months, and I obviously have logged in since then.

Tux has replaced the missing BTC.

I believe that fraudulent EV certificates were issued.
Pages: « 1 2 3 [4] 5 6 7 8 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!