Bitcoin Forum
May 22, 2019, 06:07:51 AM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: FYI: "ownership change queued"  (Read 666 times)
theymos
Administrator
Legendary
*
Offline Offline

Activity: 3402
Merit: 5538


View Profile
December 14, 2018, 04:41:28 AM
Merited by Foxpup (5), dbshck (4), Mr. Big (4), LoyceV (1), ibminer (1), iasenko (1)
 #1

As an extra protection against any possible social engineering attacks, whenever* the administration changes an account's email address from its current value, the following process occurs:
 - The change is queued.
 - It is listed in seclog.php.
 - The old email receives a warning.
 - After 7 days, the change goes through and another seclog.php entry is added.

The account stays locked throughout all of this.

Hopefully it will be essentially unheard of, but if an account is going to be incorrectly transferred, everyone who knows about the incorrect change should noisily post all of the evidence they have so that we can at least put the change on hold and re-review the evidence.

* Admins can act outside of procedure and bypass the queue if necessary, but hardly ever will.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
1558505271
Hero Member
*
Offline Offline

Posts: 1558505271

View Profile Personal Message (Offline)

Ignore
1558505271
Reply with quote  #2

1558505271
Report to moderator
1558505271
Hero Member
*
Offline Offline

Posts: 1558505271

View Profile Personal Message (Offline)

Ignore
1558505271
Reply with quote  #2

1558505271
Report to moderator
The Man Behind
Pokémon
&
Yu-Gi-Oh
brands
Collect!
Trade!
Play!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1558505271
Hero Member
*
Offline Offline

Posts: 1558505271

View Profile Personal Message (Offline)

Ignore
1558505271
Reply with quote  #2

1558505271
Report to moderator
1558505271
Hero Member
*
Offline Offline

Posts: 1558505271

View Profile Personal Message (Offline)

Ignore
1558505271
Reply with quote  #2

1558505271
Report to moderator
Findingnemo
Member
**
Offline Offline

Activity: 546
Merit: 61

Keep it simple,stupid!


View Profile
December 14, 2018, 05:10:02 AM
 #2

Is it I understand correctly?

When someone want to change his email on BTT account,then he can't use his/her account for those 7 days because "The account stays locked throughout all of this.

theymos
Administrator
Legendary
*
Offline Offline

Activity: 3402
Merit: 5538


View Profile
December 14, 2018, 05:12:46 AM
Merited by LoyceV (1)
 #3

Is it I understand correctly?

When someone want to change his email on BTT account,then he can't use his/her account for those 7 days because "The account stays locked throughout all of this.

No, the queue only applies when the administration changes the email address, not when you change it yourself. It's for recovering hacked accounts and similar. Most people don't need to care about it.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
iwantapony_alt
Copper Member
Newbie
*
Offline Offline

Activity: 18
Merit: 1


View Profile
December 14, 2018, 05:18:19 AM
 #4

I didn't understand anything. My account is locked because of email changing. will it unlock in 7 days?

please help me clear this issue.

Findingnemo
Member
**
Offline Offline

Activity: 546
Merit: 61

Keep it simple,stupid!


View Profile
December 14, 2018, 05:21:57 AM
 #5

No, the queue only applies when the administration changes the email address, not when you change it yourself. It's for recovering hacked accounts and similar. Most people don't need to care about it.
Thank you for clearing it. Smiley Smiley
I didn't understand anything. My account is locked because of email changing. will it unlock in 7 days?

please help me clear this issue.

I think this system will be implemented from today so you may need to follow the old procedure since you locked your account for a while now.

theymos
Administrator
Legendary
*
Offline Offline

Activity: 3402
Merit: 5538


View Profile
December 14, 2018, 05:25:06 AM
Merited by Vod (10), suchmoon (4), LoyceV (1), AdolfinWolf (1)
 #6

will it unlock in 7 days?

No.

This is a component of a comprehensive new set of recovery procedures which will be fully rolled out in the very near future (before the end of the year). This will allow recoveries to move forward at a reasonable pace again. But there is no immediate impact of this component to most people; I just needed to document it because the seclog entries are starting to appear.

If you are given an email address on the page which tells you that your account is locked, then it may have recently changed. If so, sending an email to the new address may expedite things.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
iwantapony_alt
Copper Member
Newbie
*
Offline Offline

Activity: 18
Merit: 1


View Profile
December 14, 2018, 05:59:08 AM
 #7

No.

This is a component of a comprehensive new set of recovery procedures which will be fully rolled out in the very near future (before the end of the year). This will allow recoveries to move forward at a reasonable pace again. But there is no immediate impact of this component to most people; I just needed to document it because the seclog entries are starting to appear.

If you are given an email address on the page which tells you that your account is locked, then it may have recently changed. If so, sending an email to the new address may expedite things.

Thanks, I just sent an email to locked...@bitcointalk.org

Kopyleft
Member
**
Offline Offline

Activity: 168
Merit: 15

Future of Security Tokens


View Profile
December 14, 2018, 08:30:18 AM
 #8

This is a welcome development and would significantly lighten the long line of hacked and locked accounts waiting to have their issue addressed.

And allowing the community weigh in on decisions would also help reduce wrongful claiming of accounts.
Although it would do little for those who sold their accounts and attempted to reclaim it.
This I believe might not be an issue the admins would be much interested in

Quickseller
Copper Member
Legendary
*
Offline Offline

Activity: 1792
Merit: 1564


View Profile WWW
December 14, 2018, 02:38:37 PM
 #9

Does this mean that more password reset / account unlock requests will be processed by the admins?

NOTBanned from displaying signatures until May 20, 2022, 11:26:45 PM
Don’t Plagiarize, it’s dishonest and you *will* get caught
mdayonliner
Sr. Member
****
Offline Offline

Activity: 490
Merit: 362


I always respected forum rules even private ones


View Profile WWW
December 14, 2018, 02:56:13 PM
 #10

Does this mean that more password reset / account unlock requests will be processed by the admins?
Good question. Hope theymos have this in mind.

I could not stand the lies against me anymore. I can not prove them wrong too. It's better I live in peace.
So, I am willingly locking mdayonliner. Thank you BitcoinTalk. Be addictive, be a Bitcoiner.
jackg
Copper Member
Legendary
*
Offline Offline

Activity: 1372
Merit: 1244


https://bit.ly/2FR9nyn - free python tutorials


View Profile
December 14, 2018, 03:21:15 PM
 #11

will it unlock in 7 days?

No.

This is a component of a comprehensive new set of recovery procedures which will be fully rolled out in the very near future (before the end of the year). This will allow recoveries to move forward at a reasonable pace again. But there is no immediate impact of this component to most people; I just needed to document it because the seclog entries are starting to appear.

If you are given an email address on the page which tells you that your account is locked, then it may have recently changed. If so, sending an email to the new address may expedite things.

Is it still just going to be via public key signing?
If not, I’d there a way to opt for it to be for each account to make accounts much more secure, unless a large amount of develop,went is put into the new system as you mention social engineering, we might become a victim to that otherwise inless other factors are taken into account such as Mac addresses/iPs.

CoinLearn_org
Newbie
*
Offline Offline

Activity: 16
Merit: 0


View Profile
December 14, 2018, 08:41:44 PM
 #12

Is it I understand correctly?

When someone want to change his email on BTT account,then he can't use his/her account for those 7 days because "The account stays locked throughout all of this.

No, the queue only applies when the administration changes the email address, not when you change it yourself. It's for recovering hacked accounts and similar. Most people don't need to care about it.

Nice to know that you still recover hacked accounts. My account CoinLearn was hacked more than a year ago. I sent you & Cyrus the first signed message in PM on September 03, 2017. Next, I re-sent the same to you on October 17, 2018. Here is my public thread - https://bitcointalk.org/index.php?topic=2156605.0. Current owner even accepted that he bought it...

I don't remember that username of seller account. If you read through the links provided, and some of my posts above, you'll see what seller sent me account pass without escrow. And as i got it, i paid him directly.

Is there any hope left to get my account back?
coupable-1
Newbie
*
Offline Offline

Activity: 36
Merit: 0


View Profile
December 14, 2018, 10:31:47 PM
 #13

Finally some good news Smiley

It wasn't expected that the system will be fully set before the end of this year as mentioned by Theymos three months ago after responsing suggestions from @hilarious :
maybe theymos and cyrus should just take a day or two out of every month to investigate and restore them.

It would take at least a couple hours every day to deal with them. Each case typically requires a lot of follow-up. And it's really annoying work. I used to do them sort-of regularly, but at some point I just couldn't stand it anymore, in addition to not really having time. Cyrus is still doing some, though not enough to keep up.

There's no need for any fee, and a fee probably wouldn't be appropriate unless absolutely necessary. Money is not a problem. If I could throw $100k at the problem and make it go away, I would do so. But in the real world, there is no magic wishing well where you can throw money and make things happen. You give people money and they don't do what you want, or the people you hire turn out not to be trustworthy, or you fill out the tax forms wrong and then later have to spend more time&money dealing with that than you would've by just doing the thing with current sub-optimal resources, etc.

I acknowledge that the current situation is very bad, and we have some plans for fixing it. I hope to have manual account reviews going smoothly again before the end of the year at the latest.

I am still waiting to read from Mods if they got information about this queue.
We still don't know how the recoveries will be rolled out but seems that Mods will have the ability to change emails. We just have to wait for few other days until full set.


JusticeForYou
VIP
Sr. Member
*
Offline Offline

Activity: 490
Merit: 271


"Blockchain is the next big thing after Internet"


View Profile
December 15, 2018, 05:06:04 AM
Last edit: December 15, 2018, 05:22:10 AM by JusticeForYou
 #14

Ownership change queue will help in a more effective way to get the cases of Hacked/Locked/Compressed  accounts to be studied as it will give us a list of usernames to the accounts which are in the process of recovery.

Also if any user finds his related or known account in the Ownership change queue displayed in the seclog.php, he could check if its done by the real owner. This will increases the scope of finding a scammer and each case can be studied in depth.

I am happy that some of the updates will be upcoming until the end of the year and most of the account in a queue to be recovered from months (some from years ) would get a decision from the administration.

Thanks for a update @theymos.



5░░░░░░░▄▄▄▄▄▄
░░░░▄██████████▄
░░░██████████████
░░██████▐▌██████
█████░░░░░░░▀█████
██████▄▄░░▄▄░░██████
████████░░▀▀▄██████
████████░░▄▄▄░░█████
██████▀▀░░▀▀▀░░█████
█████░░░░░░░░█████
░░██████▐▌██████
░░░██████████████
░░░░▀██████████▀
░░░░░░░▀▀▀▀▀▀
░░░
░░░░░░░▄▄▄▄▄▄
░░░░▄██████████▄
░░░██████████████
░░██████▐▌██████
█████░░░░░░░▀█████
██████▄▄░░▄▄░░██████
████████░░▀▀▄██████
████████░░▄▄▄░░█████
██████▀▀░░▀▀▀░░█████
█████░░░░░░░░█████
░░██████▐▌██████
░░░██████████████
░░░░▀██████████▀
░░░░░░░▀▀▀▀▀▀
░░░
Marshall14
Member
**
Offline Offline

Activity: 112
Merit: 20


View Profile
December 15, 2018, 05:31:54 AM
 #15

Ownership change queue will help in a more effective way to get the cases of Hacked/Locked/Compressed  accounts......
I understand your explanation a bit more and even better,so the general idea if I'm not wrong is to provide a comprehensive lists of the accounts that have been hacked and that which theymos,cryrus and the mods are working or in the process of recovering it to the real owner.
Also if any user finds his related or known account in the Ownership change queue displayed in the seclog.php, he could check if its done by the real owner
Thus is the general community going to be involved in the recovery process?
And is it by checking if the post pattern or whatever he or she can lay hands on varies from the Initial owner(poster)or something like that
JusticeForYou
VIP
Sr. Member
*
Offline Offline

Activity: 490
Merit: 271


"Blockchain is the next big thing after Internet"


View Profile
December 15, 2018, 05:49:31 AM
 #16

Thus is the general community going to be involved in the recovery process?
And is it by checking if the post pattern or whatever he or she can lay hands on varies from the Initial owner(poster)or something like that
You could get a answer in the OP.

everyone who knows about the incorrect change should noisily post all of the evidence they have so that we can at least put the change on hold and re-review the evidence.


5░░░░░░░▄▄▄▄▄▄
░░░░▄██████████▄
░░░██████████████
░░██████▐▌██████
█████░░░░░░░▀█████
██████▄▄░░▄▄░░██████
████████░░▀▀▄██████
████████░░▄▄▄░░█████
██████▀▀░░▀▀▀░░█████
█████░░░░░░░░█████
░░██████▐▌██████
░░░██████████████
░░░░▀██████████▀
░░░░░░░▀▀▀▀▀▀
░░░
░░░░░░░▄▄▄▄▄▄
░░░░▄██████████▄
░░░██████████████
░░██████▐▌██████
█████░░░░░░░▀█████
██████▄▄░░▄▄░░██████
████████░░▀▀▄██████
████████░░▄▄▄░░█████
██████▀▀░░▀▀▀░░█████
█████░░░░░░░░█████
░░██████▐▌██████
░░░██████████████
░░░░▀██████████▀
░░░░░░░▀▀▀▀▀▀
░░░
LeGaulois
Copper Member
Legendary
*
Offline Offline

Activity: 1078
Merit: 1084

Bitcoin Ninja Unregulated Banker Unbanking Folks


View Profile
December 15, 2018, 08:34:18 AM
 #17

Is it I understand correctly?

When someone want to change his email on BTT account,then he can't use his/her account for those 7 days because "The account stays locked throughout all of this.

No, the queue only applies when the administration changes the email address, not when you change it yourself. It's for recovering hacked accounts and similar. Most people don't need to care about it.

Is it the new year resolution for 2019? Because hacked accounts are usually never recovered

cryptomax217
Jr. Member
*
Offline Offline

Activity: 50
Merit: 1


View Profile
December 15, 2018, 02:45:05 PM
 #18

i didn't know that there is such a thing.  how is this done? who manages the accounts then?
TryNinja
Legendary
*
Offline Offline

Activity: 1008
Merit: 1254


ChipMixer's Badge of Honor


View Profile
December 15, 2018, 02:47:53 PM
 #19

Is it the new year resolution for 2019? Because hacked accounts are usually never recovered

But they will be. Take a look at his second reply to this thread.
This is a component of a comprehensive new set of recovery procedures which will be fully rolled out in the very near future (before the end of the year). This will allow recoveries to move forward at a reasonable pace again. But there is no immediate impact of this component to most people; I just needed to document it because the seclog entries are starting to appear.

Alone055
Full Member
***
Offline Offline

Activity: 448
Merit: 169


View Profile
December 15, 2018, 05:21:58 PM
 #20

What's with the color differences of the accounts shown in the Security log page? May I/we have some clarity on that?
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!