Bitcoin Forum
November 01, 2024, 09:26:31 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 4 »  All
  Print  
Author Topic: weird pm received  (Read 1092 times)
philipma1957 (OP)
Legendary
*
Online Online

Activity: 4298
Merit: 8768


'The right to privacy matters'


View Profile WWW
July 07, 2022, 04:12:16 AM
Merited by DdmrDdmr (2), vapourminer (1), BitMaxz (1), Welsh (1), ABCbits (1), 1miau (1)
 #1

here it is anyone else get this?

Hi there,

you are member of DefaultTrust. Therefore, the security of your account is crucial.

However, you have a security question in place, what often means lower entropy than a secure password and maybe being easier to guess. Simplest thing I have seen in DefaultTrust was "1+1" with answer "2" was correct - I have frozen it for security. Easy questions ask for an age (try 0-99) or a birth year (try 1940-2022) or lower case initials (try aa-zz). Many questions ask for a city or a make of first car - brute force can help. And there are loads of questions for names of wife, birth names, pet names and so on. These are things that may be shared even in a post or require only your real name! The better people know the account owner, the better they know the answer!

Recommended action to take is to remove security question at all. Please get back to me stating how you improved account security. If I do not get a reply, I need to inform board administration for our all safety.

I started with whole DefaultTrust as I think the base of community should be secured first. Later, I will go for more users. Captcha is useless as I use some trick I will only discuss with theymos.

Thank you!

I will quote this with my alt as I am concerned this is a hack attempt .

▄▄███████▄▄
▄██████████████▄
▄██████████████████▄
▄████▀▀▀▀███▀▀▀▀█████▄
▄█████████████▄█▀████▄
███████████▄███████████
██████████▄█▀███████████
██████████▀████████████
▀█████▄█▀█████████████▀
▀████▄▄▄▄███▄▄▄▄████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀
.
 MΞTAWIN  THE FIRST WEB3 CASINO   
.
.. PLAY NOW ..
a1 Hashrate LLC2022
Member
**
Offline Offline

Activity: 112
Merit: 83


View Profile
July 07, 2022, 04:13:50 AM
Last edit: July 07, 2022, 04:26:00 AM by a1 Hashrate LLC2022
 #2

quoted with my alt. edit quote is below:

here it is anyone else get this?

Hi there,

you are member of DefaultTrust. Therefore, the security of your account is crucial.

However, you have a security question in place, what often means lower entropy than a secure password and maybe being easier to guess. Simplest thing I have seen in DefaultTrust was "1+1" with answer "2" was correct - I have frozen it for security. Easy questions ask for an age (try 0-99) or a birth year (try 1940-2022) or lower case initials (try aa-zz). Many questions ask for a city or a make of first car - brute force can help. And there are loads of questions for names of wife, birth names, pet names and so on. These are things that may be shared even in a post or require only your real name! The better people know the account owner, the better they know the answer!

Recommended action to take is to remove security question at all. Please get back to me stating how you improved account security. If I do not get a reply, I need to inform board administration for our all safety.

I started with whole DefaultTrust as I think the base of community should be secured first. Later, I will go for more users. Captcha is useless as I use some trick I will only discuss with theymos.

Thank you!
EFS
Staff
Legendary
*
Online Online

Activity: 3906
Merit: 2189


Crypto Swap Exchange


View Profile
July 07, 2022, 04:20:45 AM
Merited by vapourminer (1), philipma1957 (1), ABCbits (1), mole0815 (1)
 #3

You are not the only one. Just "Report to Admin" the PM and they will take care of this.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
philipma1957 (OP)
Legendary
*
Online Online

Activity: 4298
Merit: 8768


'The right to privacy matters'


View Profile WWW
July 07, 2022, 04:22:35 AM
 #4

So I did check the pm out and the security question is disabled. So I am not sure why this person sent me the pm.

It implies he knows that I have a security question setup. Like I said my security question was in a disabled status.


@efs I reported it to admin.


note no password change has been made by me  and my btc address is this:


https://www.blockchain.com/btc/address/1JdC6Xg3ajT3rge3FgPNSYYFpmf53Vbtje


someone please quote this.

I have it quoted somewhere else but just in case.

▄▄███████▄▄
▄██████████████▄
▄██████████████████▄
▄████▀▀▀▀███▀▀▀▀█████▄
▄█████████████▄█▀████▄
███████████▄███████████
██████████▄█▀███████████
██████████▀████████████
▀█████▄█▀█████████████▀
▀████▄▄▄▄███▄▄▄▄████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀
.
 MΞTAWIN  THE FIRST WEB3 CASINO   
.
.. PLAY NOW ..
jackg
Copper Member
Legendary
*
Offline Offline

Activity: 2856
Merit: 3071


https://bit.ly/387FXHi lightning theory


View Profile
July 07, 2022, 04:26:13 AM
 #5

There's a recommendation that security questions are quite weak for keeping accounts safe (it's why most places have multiple and why a lot got replaced with multifactor authentication).

I had a brief skim through the seclog and haven't found much over the past week of many resets actually being done so it's probably just an unsolicited piece of advice.
philipma1957 (OP)
Legendary
*
Online Online

Activity: 4298
Merit: 8768


'The right to privacy matters'


View Profile WWW
July 07, 2022, 04:31:01 AM
 #6

There's a recommendation that security questions are quite weak for keeping accounts safe (it's why most places have multiple and why a lot got replaced with multifactor authentication).

I had a brief skim through the seclog and haven't found much over the past week of many resets actually being done so it's probably just an unsolicited piece of advice.


Okay I had disabled the question a while back. but I guess it was showing as active to admin as this account had red type saying to delete it.

my alt had nothing.

as I said password was not altered.  I will keep an eye out for issues with this account.

and

a1 Hashrate LLC2022

 https://bitcointalk.org/index.php?action=profile;u=3482040


  Summary - a1 Hashrate LLC2022   Picture/Text
Name:   a1 Hashrate LLC2022
Posts:   82
Activity:   42
Merit:   60
Position:   Jr. Member
Date Registered:   June 05, 2022, 04:38:14 PM
Last Active:   Today at 04:31:21 AM


is my current alt.


Please note I always have an active alt to protect the main account.

▄▄███████▄▄
▄██████████████▄
▄██████████████████▄
▄████▀▀▀▀███▀▀▀▀█████▄
▄█████████████▄█▀████▄
███████████▄███████████
██████████▄█▀███████████
██████████▀████████████
▀█████▄█▀█████████████▀
▀████▄▄▄▄███▄▄▄▄████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀
.
 MΞTAWIN  THE FIRST WEB3 CASINO   
.
.. PLAY NOW ..
cabalism13
Legendary
*
Offline Offline

Activity: 1428
Merit: 1166

🤩Finally Married🤩


View Profile
July 07, 2022, 06:05:08 AM
 #7

I am an inactive user here,...
First I thought this user was the one who hacked my google account just recently (already changed my password few days ago) so I checked the email regarding this...
So it seems it wasn't just me.



So I did check the pm out and the security question is disabled. So I am not sure why this person sent me the pm.

It implies he knows that I have a security question setup. Like I said my security question was in a disabled status.


@efs I reported it to admin.


note no password change has been made by me  and my btc address is this:


https://www.blockchain.com/btc/address/1JdC6Xg3ajT3rge3FgPNSYYFpmf53Vbtje


someone please quote this.

I have it quoted somewhere else but just in case.

joeperry
Sr. Member
****
Offline Offline

Activity: 2282
Merit: 470


Telegram: @jperryC


View Profile WWW
July 07, 2022, 06:26:05 AM
 #8

Received the same thing from this user, not quite sure what's the goal of this guy. Trying a petty attempt to disable the user's security question so probably he could get easy link to change the password of the account? I think he sends all the DT user a personal message.


lovesmayfamilis
Legendary
*
Offline Offline

Activity: 2268
Merit: 4532


✿♥‿♥✿


View Profile
July 07, 2022, 06:31:39 AM
 #9

I also received this PM. Probably, according to the one who poisoned these PMs, he sent such letters to all DT, and not necessarily whether they have control questions or not.

If I'm not mistaken, having a security question hasn't been important for a long time, or does it still matter?

▄▄███████▄▄
▄██████████████▄
▄██████████████████▄
▄████▀▀▀▀███▀▀▀▀█████▄
▄█████████████▄█▀████▄
███████████▄███████████
██████████▄█▀███████████
██████████▀████████████
▀█████▄█▀█████████████▀
▀████▄▄▄▄███▄▄▄▄████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀
.
 MΞTAWIN  THE FIRST WEB3 CASINO   
.
.. PLAY NOW ..
LoyceV
Legendary
*
Offline Offline

Activity: 3486
Merit: 17610


Thick-Skinned Gang Leader and Golden Feather 2021


View Profile WWW
July 07, 2022, 06:45:28 AM
 #10

There's a recommendation that security questions are quite weak for keeping accounts safe
I usually enter random gibberish to those questions (but keep the random data, just in case). Dumb questions like the name of your first pet make social engineering very easy. SMS account recovery is also a big security risk.
I disable all of this whenever I can, including Bitcointalk. I'm not sure what newalias' angle is here, he seems to know that security questions can only lock an account, so it's in no way a security risk for DefaultTrust.

No PM for me, I feel left out Sad Maybe that's because trying to restore my account through security questions shows:
Code:
Sorry, there is no secret question set for this member.

▄▄███████████████████▄▄
▄█████████▀█████████████▄
███████████▄▐▀▄██████████
███████▀▀███████▀▀███████
██████▀███▄▄████████████
█████████▐█████████▐█████
█████████▐█████████▐█████
██████████▀███▀███▄██████
████████████████▄▄███████
███████████▄▄▄███████████
█████████████████████████
▀█████▄▄████████████████▀
▀▀███████████████████▀▀
Peach
BTC bitcoin
Buy and Sell
Bitcoin P2P
.
.
▄▄███████▄▄
▄████████
██████▄
▄██
█████████████████▄
▄███████
██████████████▄
███████████████████████
█████████████████████████
████████████████████████
█████████████████████████
▀███████████████████████▀
▀█████████████████████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀

▀▀▀▀███▀▀▀▀
EUROPE | AFRICA
LATIN AMERICA
▄▀▀▀











▀▄▄▄


███████▄█
███████▀
██▄▄▄▄▄░▄▄▄▄▄
████████████▀
▐███████████▌
▐███████████▌
████████████▄
██████████████
███▀███▀▀███▀
.
Download on the
App Store
▀▀▀▄











▄▄▄▀
▄▀▀▀











▀▄▄▄


▄██▄
██████▄
█████████▄
████████████▄
███████████████
████████████▀
█████████▀
██████▀
▀██▀
.
GET IT ON
Google Play
▀▀▀▄











▄▄▄▀
NotATether
Legendary
*
Offline Offline

Activity: 1778
Merit: 7354


Top Crypto Casino


View Profile WWW
July 07, 2022, 07:11:21 AM
Merited by mprep (5), vapourminer (1)
 #11

I also received this PM. Probably, according to the one who poisoned these PMs, he sent such letters to all DT, and not necessarily whether they have control questions or not.


I haven't received that PM. So maybe the list he's using to determine DT users is not accurate.

Quote
If I'm not mistaken, having a security question hasn't been important for a long time, or does it still matter?

Attempting to answer the security questions will automatically lock your account, because they were leaked with the rest of the DB back in 2015.

███████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████

███████████████████████
.
BC.GAME
▄▄▀▀▀▀▀▀▀▄▄
▄▀▀░▄██▀░▀██▄░▀▀▄
▄▀░▐▀▄░▀░░▀░░▀░▄▀▌░▀▄
▄▀▄█▐░▀▄▀▀▀▀▀▄▀░▌█▄▀▄
▄▀░▀░░█░▄███████▄░█░░▀░▀▄
█░█░▀░█████████████░▀░█░█
█░██░▀█▀▀█▄▄█▀▀█▀░██░█
█░█▀██░█▀▀██▀▀█░██▀█░█
▀▄▀██░░░▀▀▄▌▐▄▀▀░░░██▀▄▀
▀▄▀██░░▄░▀▄█▄▀░▄░░██▀▄▀
▀▄░▀█░▄▄▄░▀░▄▄▄░█▀░▄▀
▀▄▄▀▀███▄███▀▀▄▄▀
██████▄▄▄▄▄▄▄██████
.
..CASINO....SPORTS....RACING..


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
crwth
Copper Member
Legendary
*
Offline Offline

Activity: 2940
Merit: 1280


https://linktr.ee/crwthopia


View Profile WWW
July 07, 2022, 07:34:34 AM
 #12

Do you think that newalias tried to check every DT member who has security questions? Then PM-ed them accordingly? I don't have a security question for this so that's probably why I didn't receive a PM.

Attempting to answer the security questions will automatically lock your account, because they were leaked with the rest of the DB back in 2015.
Members after that time when it was leaked are safe? Is that correct?

███████████████████████████
███████▄████████████▄██████
████████▄████████▄████████
███▀█████▀▄███▄▀█████▀███
█████▀█▀▄██▀▀▀██▄▀█▀█████
███████▄███████████▄███████
███████████████████████████
███████▀███████████▀███████
████▄██▄▀██▄▄▄██▀▄██▄████
████▄████▄▀███▀▄████▄████
██▄███▀▀█▀██████▀█▀███▄███
██▀█▀████████████████▀█▀███
███████████████████████████
.
.Duelbits.
..........UNLEASH..........
THE ULTIMATE
GAMING EXPERIENCE
DUELBITS
FANTASY
SPORTS
████▄▄█████▄▄
░▄████
███████████▄
▐███
███████████████▄
███
████████████████
███
████████████████▌
███
██████████████████
████████████████▀▀▀
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀
.
▬▬
VS
▬▬
████▄▄▄█████▄▄▄
░▄████████████████▄
▐██████████████████▄
████████████████████
████████████████████▌
█████████████████████
███████████████████
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀
/// PLAY FOR  FREE  ///
WIN FOR REAL
..PLAY NOW..
The Sceptical Chymist
Legendary
*
Offline Offline

Activity: 3514
Merit: 6984


Top Crypto Casino


View Profile
July 07, 2022, 07:42:52 AM
 #13

so it's probably just an unsolicited piece of advice.
I don't know if we read the same PM, because it totally looks like some kind of phishing attempt to me--and a bad one at that, despite all the technical garbledegoo.

I haven't received any PMs like that, but I just started a thread in Reputation about being alerted via e-mail about someone trying to reset my password or some such thing.  And not that it matters, but I recently got a PM from some guy who wanted to pay me for a review of some app.  The devil was on my shoulder and I wanted to string him along for a bit, but I lost motivation after his second reply.  I'm wondering if other DT members got that same PM, because I'm pretty sure I wasn't singled out for that one.

███████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████

███████████████████████
.
BC.GAME
▄▄▀▀▀▀▀▀▀▄▄
▄▀▀░▄██▀░▀██▄░▀▀▄
▄▀░▐▀▄░▀░░▀░░▀░▄▀▌░▀▄
▄▀▄█▐░▀▄▀▀▀▀▀▄▀░▌█▄▀▄
▄▀░▀░░█░▄███████▄░█░░▀░▀▄
█░█░▀░█████████████░▀░█░█
█░██░▀█▀▀█▄▄█▀▀█▀░██░█
█░█▀██░█▀▀██▀▀█░██▀█░█
▀▄▀██░░░▀▀▄▌▐▄▀▀░░░██▀▄▀
▀▄▀██░░▄░▀▄█▄▀░▄░░██▀▄▀
▀▄░▀█░▄▄▄░▀░▄▄▄░█▀░▄▀
▀▄▄▀▀███▄███▀▀▄▄▀
██████▄▄▄▄▄▄▄██████
.
..CASINO....SPORTS....RACING..


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
Welsh
Staff
Legendary
*
Offline Offline

Activity: 3304
Merit: 4115


View Profile
July 07, 2022, 08:06:50 AM
 #14

Likely, by asking you to get back to them how you secured your account after removing it, is likely a way to get more information. They've already claimed that they've frozen accounts, which isn't really possible, unless they had some kind of database access, which would mean they'd be able to remove the security questions themselves if they really wanted too.

In other words, this user isn't to be trusted, and no reply is warranted. If they have information about security, they can contact theymos. Other than that, them finding out who has a security question, and who doesn't is fairly simple as LoyceV alluded to above.

I suspect, a further attack would've been launched if you replied to them. Smells of social engineering, where they attempt to gain your trust by offering you some semi valid advice, and then looking to exploit that further down the line. 
nullius
Copper Member
Hero Member
*****
Offline Offline

Activity: 630
Merit: 2614


If you don’t do PGP, you don’t do crypto!


View Profile WWW
July 07, 2022, 08:48:42 AM
Merited by Welsh (2), ABCbits (1)
 #15

Before jumping to conclusions and screaming “hack!”, has anyone even considered a potentially innocent explanation?  I have a pessimistic view of human nature, but the paranoia in this thread is off the charts.

This is good advice, in my opinion:

The better people know the account owner, the better they know the answer!

Recommended action to take is to remove security question at all.

The forum officially agrees with newalias about that, and with me.  Read the warning that the forum gives you, when you set up the ridiculously stupid insecurity misfeature of a so-called “secret question”:


Duh.  Why does theymos even allow this?

I spot-checked this user’s post history.  At a glance, it looks normal to me.  I also noticed that he just received a red tag from someone in DT (fortunately outside my trust network; my trust network is infinitely superior to DT).

Now, this could be a bizarre beginning for a social engineering attack.  And the PM also seems to indicate that newalias is probing something, somehow.

I will reach out to him, and politely ask just what he is trying to do.  Meanwhile, I will add a neutral tag linking to this post—to be updated or removed, if or as appropriate.  I request that someone in DT should do likewise.

Maybe, just maybe, this could simply be a very clumsy attempt at whitehat protection of the forum, from someone who needs to see the late Dan Kaminsky’s White Hat Hacker Flowchart:


Welsh
Staff
Legendary
*
Offline Offline

Activity: 3304
Merit: 4115


View Profile
July 07, 2022, 08:58:10 AM
Merited by nullius (1)
 #16

Before jumping to conclusions and screaming “hack!”, has anyone even considered a potentially innocent explanation?  I have a pessimistic view of human nature, but the paranoia in this thread is off the charts.
Yeah, I haven't ruled out that. However, the things that stand out to me is the comment about letting them know how you've secured your account, and the fact they claimed to have frozen accounts. The latter being a outright lie. That's not exactly good, if you're looking to do some white hat work.

Although, that might have been a way of trying to convince the user. I'm not going to get my pitchfork out, but I do believe users should be cautious dealing with this user in further message exchanges. Not that I distrust them entirely, but at the very least advise caution.

On a side note, I don't like that anyone can find out if a user has a security question or not. I'm not a fan of security questions in the first place, but probing like that just opens up those accounts for further attack. I kind of wish that the security question field popped up regardless of if a user has set one or not. If someone tries to guess the security question of one of these users, it simply just gives a non match, rather than indicating they don't have one set up.
Igebotz
Staff
Legendary
*
Offline Offline

Activity: 1554
Merit: 1813


Stake Sherrif 🌠


View Profile WWW
July 07, 2022, 09:14:43 AM
 #17

I got mine as well, and I was about to tag his a$$ out when I realized he had already been tagged by OP, so I saved my time for something more important. Trying to con the most knowledgeable members of the forum appears stupid to me. Some con artists are dumps.


I suppose he came to a halt the moment he was exposed. You guys are lucky  Grin

No PM for me, I feel left out Sad Maybe that's because trying to restore my account through security questions shows:

I haven't received that PM. So maybe the list he's using to determine DT users is not accurate.

I haven't received any PMs like that, but I just started a thread in Reputation about being alerted via e-mail about someone trying to reset my password or some such thing. 

..stake.com..   ▄████████████████████████████████████▄
   ██ ▄▄▄▄▄▄▄▄▄▄            ▄▄▄▄▄▄▄▄▄▄ ██  ▄████▄
   ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██  ██████
   ██ ██████████ ██      ██ ██████████ ██   ▀██▀
   ██ ██      ██ ██████  ██ ██      ██ ██    ██
   ██ ██████  ██ █████  ███ ██████  ██ ████▄ ██
   ██ █████  ███ ████  ████ █████  ███ ████████
   ██ ████  ████ ██████████ ████  ████ ████▀
   ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
   ██            ▀▀▀▀▀▀▀▀▀▀            ██ 
   ▀█████████▀ ▄████████████▄ ▀█████████▀
  ▄▄▄▄▄▄▄▄▄▄▄▄███  ██  ██  ███▄▄▄▄▄▄▄▄▄▄▄▄
 ██████████████████████████████████████████
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█  ▄▀▄             █▀▀█▀▄▄
█  █▀█             █  ▐  ▐▌
█       ▄██▄       █  ▌  █
█     ▄██████▄     █  ▌ ▐▌
█    ██████████    █ ▐  █
█   ▐██████████▌   █ ▐ ▐▌
█    ▀▀██████▀▀    █ ▌ █
█     ▄▄▄██▄▄▄     █ ▌▐▌
█                  █▐ █
█                  █▐▐▌
█                  █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█
▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀       ▐█▌       ▀█▄
██         ▐█▌         ██
████▄     ▄█████▄     ▄████
████████▄███████████▄████████
███▀    █████████████    ▀███
██       ███████████       ██
▀█▄       █████████       ▄█▀
▀█▄    ▄██▀▀▀▀▀▀▀██▄  ▄▄▄█▀
▀███████         ███████▀
▀█████▄       ▄█████▀
▀▀▀███▄▄▄███▀▀▀
..PLAY NOW..

Code:
[center][table][tr][td][url=https://stake.com/?c=Igebotz][font=Arial black][size=24pt][glow=#0f212e,2][color=transparent][size=8pt].[/size].[size=9pt][sup][size=16pt][color=#fff]Stake.com[/size][/sup][/size].[size=8pt].[/td]
[td][/td][td][/td]
[td][size=2pt][tt]   [color=#2d4454]▄████████████████████████████████████▄
   [glow=#fff,2]██ [color=#ccc]▄▄▄▄▄▄▄▄▄▄[/color]            [color=#ccc]▄▄▄▄▄▄▄▄▄▄[/color] ██[/glow]  [color=#ed5564]▄████▄[/color]
   [glow=#fff,2]██ [color=#ccc]▀▀▀▀▀▀▀▀▀▀[/color] [color=#0c79ed]██████████[/color] [color=#ccc]▀▀▀▀▀▀▀▀▀▀[/color] ██[/glow]  [color=#ed5564]██████[/color]
   [glow=#fff,2]██ [color=#0c79ed]██████████ ██      ██ ██████████[/color] ██[/glow]   [color=#ed5564]▀██▀[/color]
   [glow=#fff,2]██ [color=#0c79ed]██      ██ ██████  ██ ██      ██[/color] ██[/glow]    [color=#ccc]██[/color]
   [glow=#fff,2]██ [color=#0c79ed]██████  ██ █████  ███ ██████  ██[/color] ██[/glow][color=#ccc]██▄ ██[/color]
   [glow=#fff,2]██ [color=#0c79ed]█████  ███ ████  ███
ABCbits
Legendary
*
Offline Offline

Activity: 3052
Merit: 8022


Crypto Swap Exchange


View Profile
July 07, 2022, 09:20:19 AM
Merited by vapourminer (1), nullius (1)
 #18

Looks like @newalias is online today, so i expect he'll respond to this thread soon either because he check Meta board or found out he has 2 new feedback and check reference link.


Duh.  Why does theymos even allow this?

It's part of SFM 1.x feature[1], so IMO it's either theymos don't bother remove it or it can't be removed without lots of work.

[1] https://wiki.simplemachines.org/smf/Logging_In

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
nullius
Copper Member
Hero Member
*****
Offline Offline

Activity: 630
Merit: 2614


If you don’t do PGP, you don’t do crypto!


View Profile WWW
July 07, 2022, 09:26:21 AM
Last edit: July 07, 2022, 09:48:15 AM by nullius
 #19

Before jumping to conclusions and screaming “hack!”, has anyone even considered a potentially innocent explanation?  I have a pessimistic view of human nature, but the paranoia in this thread is off the charts.
Yeah, I haven't ruled out that. However, the things that stand out to me is the comment about letting them know how you've secured your account, and the fact they claimed to have frozen accounts. The latter being a outright lie. That's not exactly good, if you're looking to do some white hat work.

Agreed.  [Edit:  I reread the PM quoted in OP.  He does not claim to have frozen accounts.  He seems to have some trick to bypass the CAPTCHA while probing accounts.  He only says that he will report DT accounts with “secret questions” to the administration; that sounds reasonable to me, in itself.]
[...snip good advice...]

Recommended action to take is to remove security question at all. Please get back to me stating how you improved account security. If I do not get a reply, I need to inform board administration for our all safety.

I started with whole DefaultTrust as I think the base of community should be secured first. Later, I will go for more users. Captcha is useless as I use some trick I will only discuss with theymos.

Thank you!
</edit>


Although, that might have been a way of trying to convince the user. I'm not going to get my pitchfork out, but I do believe users should be cautious dealing with this user in further message exchanges. Not that I distrust them entirely, but at the very least advise caution.

On a side note, I don't like that anyone can find out if a user has a security question or not. I'm not a fan of security questions in the first place, but probing like that just opens up those accounts for further attack. I kind of wish that the security question field popped up regardless of if a user has set one or not. If someone tries to guess the security question of one of these users, it simply just gives a non match, rather than indicating they don't have one set up.

On a side note, I don’t like that the forum doesn’t let you remove your e-mail address, and/or otherwise totally disable password reset by e-mail.  (Yes, you can set a fake e-mail address; but then, you need to be careful to make sure it can never be valid.  And that does not itself totally disable password reset by e-mail.)  I’m not the only one.  Lauda complained to me about that.

On a side note, I don’t like that the forum doesn’t let you disable password authentication, and log in by signing a challenge with your PGP key...  OK, I will stop right here. Smiley


Looks like @newalias is online today, so i expect he'll respond to this thread soon either because he check Meta board or found out he has 2 new feedback and check reference link.

For the record, I reached out to him by PM as I said I would.  With a link to my post on this thread.  Kind of sticking my neck out, doing that.  Eh.  Anyway, he should be well on notice about this thread.

JollyGood
Legendary
*
Offline Offline

Activity: 2716
Merit: 1812



View Profile
July 07, 2022, 09:55:44 AM
Merited by Welsh (2)
 #20

I also received this PM. Probably, according to the one who poisoned these PMs, he sent such letters to all DT, and not necessarily whether they have control questions or not.
I haven't received that PM. So maybe the list he's using to determine DT users is not accurate.
I did not receive the PM. Ah well.....

Before jumping to conclusions and screaming “hack!”, has anyone even considered a potentially innocent explanation?  I have a pessimistic view of human nature, but the paranoia in this thread is off the charts.

This is good advice, in my opinion:

The better people know the account owner, the better they know the answer!

Recommended action to take is to remove security question at all.
I maybe have less pessimistic view than yours when it comes to human nature in general but I am highly sceptical when to comes to the conduct of many users in this forum therefore I can understand your views and even relate to them.

On this subject of the PMs though, if English is not the first language of the sender (newalias) I think it only compounds the confusion. His post history shows he has been active in the German language boards as well but his trust currently shows the following message which might mean he is no longer in control of his account: This user's email address was changed recently

███████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████

███████████████████████
.
BC.GAME
▄▄▀▀▀▀▀▀▀▄▄
▄▀▀░▄██▀░▀██▄░▀▀▄
▄▀░▐▀▄░▀░░▀░░▀░▄▀▌░▀▄
▄▀▄█▐░▀▄▀▀▀▀▀▄▀░▌█▄▀▄
▄▀░▀░░█░▄███████▄░█░░▀░▀▄
█░█░▀░█████████████░▀░█░█
█░██░▀█▀▀█▄▄█▀▀█▀░██░█
█░█▀██░█▀▀██▀▀█░██▀█░█
▀▄▀██░░░▀▀▄▌▐▄▀▀░░░██▀▄▀
▀▄▀██░░▄░▀▄█▄▀░▄░░██▀▄▀
▀▄░▀█░▄▄▄░▀░▄▄▄░█▀░▄▀
▀▄▄▀▀███▄███▀▀▄▄▀
██████▄▄▄▄▄▄▄██████
.
..CASINO....SPORTS....RACING..


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
Pages: [1] 2 3 4 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!