Bitcoin Forum
November 19, 2024, 06:55:25 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 [3] 4 »  All
  Print  
Author Topic: weird pm received  (Read 1100 times)
Fivestar4everMVP
Legendary
*
Offline Offline

Activity: 2450
Merit: 1086


Leading Crypto Sports Betting & Casino Platform


View Profile
July 07, 2022, 07:46:37 PM
 #41

I was about to conclude that the message was only sent to high ranking members only, I just found out that DT members were the only target, I am just wondering what exactly this user is trying to achieve by this, because I believe its impossible to hack an account without having access to the password, now, my confusion is, how is it possible for an account to be hacked through a message like this ?, what kind of action is the sender of this PMs expecting his/her targets to take so as to enable him or her gain access to the target's account?
knowing this, I believe will keep us on a safer side.  

..Stake.com..   ▄████████████████████████████████████▄
   ██ ▄▄▄▄▄▄▄▄▄▄            ▄▄▄▄▄▄▄▄▄▄ ██  ▄████▄
   ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██  ██████
   ██ ██████████ ██      ██ ██████████ ██   ▀██▀
   ██ ██      ██ ██████  ██ ██      ██ ██    ██
   ██ ██████  ██ █████  ███ ██████  ██ ████▄ ██
   ██ █████  ███ ████  ████ █████  ███ ████████
   ██ ████  ████ ██████████ ████  ████ ████▀
   ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
   ██            ▀▀▀▀▀▀▀▀▀▀            ██ 
   ▀█████████▀ ▄████████████▄ ▀█████████▀
  ▄▄▄▄▄▄▄▄▄▄▄▄███  ██  ██  ███▄▄▄▄▄▄▄▄▄▄▄▄
 ██████████████████████████████████████████
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█  ▄▀▄             █▀▀█▀▄▄
█  █▀█             █  ▐  ▐▌
█       ▄██▄       █  ▌  █
█     ▄██████▄     █  ▌ ▐▌
█    ██████████    █ ▐  █
█   ▐██████████▌   █ ▐ ▐▌
█    ▀▀██████▀▀    █ ▌ █
█     ▄▄▄██▄▄▄     █ ▌▐▌
█                  █▐ █
█                  █▐▐▌
█                  █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█
▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀       ▐█▌       ▀█▄
██         ▐█▌         ██
████▄     ▄█████▄     ▄████
████████▄███████████▄████████
███▀    █████████████    ▀███
██       ███████████       ██
▀█▄       █████████       ▄█▀
▀█▄    ▄██▀▀▀▀▀▀▀██▄  ▄▄▄█▀
▀███████         ███████▀
▀█████▄       ▄█████▀
▀▀▀███▄▄▄███▀▀▀
..PLAY NOW..
newalias
Copper Member
Member
**
Offline Offline

Activity: 143
Merit: 85


View Profile
July 07, 2022, 07:48:46 PM
 #42

According to https://bitcointalk.org/index.php?action=helpadmin;help=secret_why_blank the feature is disabled if you set a question without setting an answer, right?

Maybe, but question and form to answer is shown
Welsh
Staff
Legendary
*
Offline Offline

Activity: 3318
Merit: 4116


View Profile
July 07, 2022, 08:04:16 PM
Last edit: July 07, 2022, 08:16:55 PM by Welsh
Merited by vapourminer (1)
 #43

Yeah, it was the wording of the personal message that was tripping me up. Might have been a better option to contact the admins, and say you're aware of someone's security question, they could've possibly checked, and then forced the security question to be disabled, rather than forcibly locking an account. Maybe, the admins could've messaged only those with security questions enabled, I'm not sure of the best way of going about this.

Also, not a fan of talking about the specifics of a certain users security question as that could potentially be a further security/privacy issue.

However, I think the point has been made, and hopefully this highlights the issues of a security question. Personally, I'd prefer it to be removed, but at the very least hopefully this wakes up some users to discontinue using it.

For those that are unaware; Security questions are designed in such a way, that it encourages you to ask a question, and then directly answer that question, therefore it's no longer random. We've talked about random for ages now, and how it's important to generation of passwords. So, the mere fact you come up with the question, and the answer usually means you either reduce the randomness or completely remove it. You could say you'll have a answer that's not something that's related to the question, but it likely is as we as people aren't very good at thinking randomly.

I was about to conclude that the message was only sent to high ranking members only, I just found out that DT members were the only target, I am just wondering what exactly this user is trying to achieve by this
You're much more likely to make a point, if you make it to the higher ranked users of the forum, as the point hits closer to home, than doing this to someone who is of a lower rank. The user has proven that security questions are ridiculously stupid, which we kind of knew anyway, but has highlighted that to those that don't know it.

I do feel left out that I didn't receive one of these messages.  I guess because I have no security questions (that I'm aware of)
Maybe check it, and amend it if so.
nullius
Copper Member
Hero Member
*****
Offline Offline

Activity: 630
Merit: 2614


If you don’t do PGP, you don’t do crypto!


View Profile WWW
July 07, 2022, 08:11:35 PM
 #44

How else could this point have been made?
By creating a thread in Meta.

IIRC, I have made various suggestions in Meta for improving account security.  IIRC, so has OgNasty.  So have others...

The response is always either silence, or “new forum software” vapourware which has only been in development for, what, about seven or eight years?

[ANN] Nulltalk, the new new forum software

Everything on this forum makes me rage nowadays

Me, too.  Let’s do something constructive about it.

I propose that I myself should indeed write the new new forum software.  As aforesaid, I will write it in C, then rewrite it in Rust; if I need to take more time, then along the way, I may also rewrite the code in Java, C#, Go, Javascript, Python, C++ with Boost, C++ without Boost, COBOL, MUMPS, Solidity, Visual BASIC, LISP, FORTRAN, and/or Brainfuck.  I don’t know many of these languages; thus, the schedule slippage will be spectacular as I spend time learning.  My proposed schedule is to deliver a feature-incomplete pre-alpha demo by the 2028 Halving, a beta before BIP 42 becomes economically relevant, and the official 1.0 release before the heat death of the universe—maybe.  I’m so slick!

The project is called Nulltalk, because its distinguishing innovation shall be that it autobans all users, and stores all posts in the /dev/null NoSQL database.  Thus, there shall be no talk.  Silence!  Hey—if John Cage could sell records this way, why can’t I build a forum that forbids all discussion?  Also, I shall integrate the zero-dimensional graph-theoretic /dev/null NoSQL cloud database with Blockchain, because Blockchain has maximal synergies with buzzwords in Enterprise NoSQL Cloud Blockchain.

Because it auto-bans all users, Nulltalk’s user accounts shall be totally unhackable.  Purr-fect security. 😼

Smartvirus
Legendary
*
Offline Offline

Activity: 1624
Merit: 1152


Playbet.io - Crypto Casino and Sportsbook


View Profile
July 07, 2022, 08:12:56 PM
 #45

Likely, by asking you to get back to them how you secured your account after removing it, is likely a way to get more information.
That's the point I've been looking at as opposed to Jackg's speculation earlier to have have just a friendly advice. It's far from anything friendly with the way I see it. This could be a possible tip-off on where to start the hack and what tricks he or she could use. Else, why would the user need a feedback on if you hackened to his/her advice or not.
By the user being aware of a security question to have been activated on the account, it simply means there have possibly been att.epts on hacking the account and that was some of the recovery options presented. Hence, having it set up doenst guarantee much safety as, a signed address could aid a lot in the course of forgotten details and getting your account back at any point.

Am not a DT just yet neither have I gotten the pm making rounds but am sure this user isn't done yet and would be trying his luck on other accounts.

███████████████
█████████████████████
██████▄▄███████████████
██████▐████▄▄████████████
██████▐██▀▀▀██▄▄█████████
████████▌█████▀██▄▄██████
██████████████████▌█████
█████████████▀▄██▀▀██████
██████▐██▄▄█▌███████████
██████▐████▀█████████████
██████▀▀███████████████
█████████████████████
███████████████

.... ..Playbet.io..Casino & Sportsbook.....Grab up to  BTC + 800 Free Spins........
████████████████████████████████████████
██████████████████████████████████████████████
██████▄▄████████████████████████████████████████
██████▐████▄▄█████████████████████████████████████
██████▐██▀▀▀██▄▄██████████████████████████████████
████████▌█████▀██▄▄█████▄███▄███▄███▄█████████████
██████████████████▌████▀░░██▌██▄▄▄██████████████
█████████████▀▄██▀▀█████▄░░██▌██▄░░▄▄████▄███████
██████▐██▄▄█▌██████████▀███▀███▀███▀███▀█████████
██████▐████▀██████████████████████████████████████
██████▀▀████████████████████████████████████████
██████████████████████████████████████████████
████████████████████████████████████████
Welsh
Staff
Legendary
*
Offline Offline

Activity: 3318
Merit: 4116


View Profile
July 07, 2022, 08:18:25 PM
 #46

That's the point I've been looking at as opposed to Jackg's speculation earlier to have have just a friendly advice. It's far from anything friendly with the way I see it. This could be a possible tip-off on where to start the hack and what tricks he or she could use.
Yeah, mprep summed it up nicely. Don't communicate, at least with any detail in relation to security with users that might do this sort of thing, as it could lead to a social engineering attempt.

I think most suspicions came from how the personal message was worded, but also we're a rather suspicious community as a whole. Which, neither helps when combined. I do think things could've been handled a bit better, but the actions have already been taken.

Like I said, I was somewhat suspicious to how the personal message was worded, but I wasn't ready to get the pitchfork out yet.
Rizzrack
Copper Member
Hero Member
*****
Offline Offline

Activity: 784
Merit: 710


Defend Bitcoin and its PoW: bitcoincleanup.com


View Profile WWW
July 07, 2022, 08:29:00 PM
Merited by vapourminer (1), nullius (1)
 #47

According to https://bitcointalk.org/index.php?action=helpadmin;help=secret_why_blank the feature is disabled if you set a question without setting an answer, right?

Don't be naive and just delete that damn question already !


newalias
Copper Member
Member
**
Offline Offline

Activity: 143
Merit: 85


View Profile
July 07, 2022, 08:36:59 PM
Merited by vapourminer (1), ABCbits (1), Rizzrack (1), Nestade (1)
 #48

Don't be naive and just delete that damn question already !

If an empty answer would allow you to set a question without having any correct answer, that would be interesting to steal time and resources of an attacker (without wasting own time). However, a long random string should have the same result. But I feel uncomfortable with having any security question active.
willi9974
Legendary
*
Offline Offline

Activity: 3626
Merit: 2900


Enjoy 500% bonus + 70 FS


View Profile
July 07, 2022, 09:10:54 PM
 #49

Negative trust removed, thanks for the clarification


█████████████████████████▄▄▄
████████████████████████▐███▌
█████████████████████████▀▀▀
██▄▄██▄████████████████████████▄███▄
▐██████▐█▌████▌███▌▐███▐███▀▀████▌
▀▀███▌██▌▐████▌▐███
█████▌███▌██████▌
██▐██████████████████▐███▐██████▐███
█████▌████████▐██████████▌███▌██████▌
███▀▀████▀▀████▀▀▀█████▀▀███▀▀█████▀▀


▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
▄▄█████████████████▄▄
███████████████████████
██████████▀▀▀▀▀██████████
███████▀░▄█████▄░▀███████
██████░▄█▀░░▄░░▀█▄░██████
█████░██░░▄███▄░░██░█████
█████░██░███████░██░█████
█████░██░░▀▀█▀▀░░██░█████
██████░▀█▄░▀▀▀░▄█▀░██████
███████▄░▀█████▀░▄███████
██████████▄▄▄▄▄██████████
███████████████████████
▀▀█████████████████▀▀
 
LICENSED CRYPTO
CASINO & SPORTS
|
▄▄█████████████████▄▄
███████████████████████
█████████████████████████
███████████████▀▀████████
███████████▀▀█████▐█████
███████▀▀████▄▄▀█████████
█████▄▄██▄▄██▀████▐██████
███████████▀█████████████
██████████▄▄███▐███████
███████████████▄████████
█████████████████████████
███████████████████████
▀▀█████████████████▀▀
 
TELEGRAM
APP
|
..WELCOME BONUS..
500% + 70 FS
 
.
..PLAY NOW..
nullius
Copper Member
Hero Member
*****
Offline Offline

Activity: 630
Merit: 2614


If you don’t do PGP, you don’t do crypto!


View Profile WWW
July 07, 2022, 09:24:35 PM
 #50

Negative trust removed, thanks for the clarification

~willi9974 removed; my neutral feedback “This user is too trigger-happy with negative trust feedback. ~willi9974” is deleted.  I will edit a relevant prior post accordingly, in case anyone reads it out of context.  [Done.]  Thanks for the correction.

My other recent trust actions will stay (modulo the need for some refinements and extensions).

logfiles
Copper Member
Legendary
*
Offline Offline

Activity: 2170
Merit: 1822


Top Crypto Casino


View Profile WWW
July 07, 2022, 09:55:00 PM
 #51

At least he understand the problem now.
I have a question.

If you really wanted the secret question option removed by admin. Why didn't you just opt for the Security bounties option?
I think it would have been a quicker way of getting his attention.

Some people are very sensitive when they realize someone tried to gain access to their account, regardless of your motive.

███████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████

███████████████████████
.
BC.GAME
▄▄▀▀▀▀▀▀▀▄▄
▄▀▀░▄██▀░▀██▄░▀▀▄
▄▀░▐▀▄░▀░░▀░░▀░▄▀▌░▀▄
▄▀▄█▐░▀▄▀▀▀▀▀▄▀░▌█▄▀▄
▄▀░▀░░█░▄███████▄░█░░▀░▀▄
█░█░▀░█████████████░▀░█░█
█░██░▀█▀▀█▄▄█▀▀█▀░██░█
█░█▀██░█▀▀██▀▀█░██▀█░█
▀▄▀██░░░▀▀▄▌▐▄▀▀░░░██▀▄▀
▀▄▀██░░▄░▀▄█▄▀░▄░░██▀▄▀
▀▄░▀█░▄▄▄░▀░▄▄▄░█▀░▄▀
▀▄▄▀▀███▄███▀▀▄▄▀
██████▄▄▄▄▄▄▄██████
.
..CASINO....SPORTS....RACING..


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
Rizzrack
Copper Member
Hero Member
*****
Offline Offline

Activity: 784
Merit: 710


Defend Bitcoin and its PoW: bitcoincleanup.com


View Profile WWW
July 07, 2022, 10:14:39 PM
Merited by LoyceV (6), Welsh (4), ABCbits (2)
 #52

If you really wanted the secret question option removed by admin. Why didn't you just opt for the Security bounties option?

Because filling in the secret question and answer is a security risk. The bounty is for security vulnerabilities.

Copying your seed and password in a notepad is a major security risk, but Electrum will not pay you if you mention it's a common practice of their users...  Wink

philipma1957 (OP)
Legendary
*
Offline Offline

Activity: 4312
Merit: 8873


'The right to privacy matters'


View Profile WWW
July 07, 2022, 10:21:17 PM
 #53

Yeah, it was the wording of the personal message that was tripping me up. Might have been a better option to contact the admins, and say you're aware of someone's security question, they could've possibly checked, and then forced the security question to be disabled, rather than forcibly locking an account. Maybe, the admins could've messaged only those with security questions enabled, I'm not sure of the best way of going about this.

Also, not a fan of talking about the specifics of a certain users security question as that could potentially be a further security/privacy issue.

However, I think the point has been made, and hopefully this highlights the issues of a security question. Personally, I'd prefer it to be removed, but at the very least hopefully this wakes up some users to discontinue using it.

For those that are unaware; Security questions are designed in such a way, that it encourages you to ask a question, and then directly answer that question, therefore it's no longer random. We've talked about random for ages now, and how it's important to generation of passwords. So, the mere fact you come up with the question, and the answer usually means you either reduce the randomness or completely remove it. You could say you'll have a answer that's not something that's related to the question, but it likely is as we as people aren't very good at thinking randomly.

I was about to conclude that the message was only sent to high ranking members only, I just found out that DT members were the only target, I am just wondering what exactly this user is trying to achieve by this
You're much more likely to make a point, if you make it to the higher ranked users of the forum, as the point hits closer to home, than doing this to someone who is of a lower rank. The user has proven that security questions are ridiculously stupid, which we kind of knew anyway, but has highlighted that to those that don't know it.

I do feel left out that I didn't receive one of these messages.  I guess because I have no security questions (that I'm aware of)
Maybe check it, and amend it if so.


I think he deserves the neg trust. As I stated my question was there but was already in a disabled state. So it is far superior then no question at all. Since a hacker would spend all eternity and get no where trying to answer the question.

It was what is the name of my wife's father.

A hacker could have tried every name ever written in the human race and have no answer.

Since I knew I my secret question was disabled but listed I had created a time waster trap for hacker's which this moron fucked up with his clever hacking bs.

So frankly his so called well intended deed fucking helps hackers since they now know security question can be disabled and thus un answerable.

▄▄███████▄▄
▄██████████████▄
▄██████████████████▄
▄████▀▀▀▀███▀▀▀▀█████▄
▄█████████████▄█▀████▄
███████████▄███████████
██████████▄█▀███████████
██████████▀████████████
▀█████▄█▀█████████████▀
▀████▄▄▄▄███▄▄▄▄████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀
.
 MΞTAWIN  THE FIRST WEB3 CASINO   
.
.. PLAY NOW ..
tweetious
Sr. Member
****
Offline Offline

Activity: 2079
Merit: 406


Cryptoshi Blockomoto


View Profile
July 07, 2022, 10:24:43 PM
Last edit: July 07, 2022, 10:55:13 PM by tweetious
Merited by 1miau (4), vapourminer (3), philipma1957 (2), DireWolfM14 (1)
 #54

uelque and tweetious giving bad security advice in negative trust feedback shows judgment at least as bad as greenplastic leaving a tag that says, FUCK THESE FUCKING FUCKERS!! HA!  Oh, yes.  That user is currently in DT.  No wonder I love DT so very much.

tweetious called a purported intent to communicate with theymos about insecure accounts a “threat”.  If that’s a threat, then threatening people is a virtue.  He also sneers in negative trust feedback at what was actually good security advice—the same advice given in the forum’s profile UI!

Since my name was mentioned here, followed by allegations that I am giving bad security advice, and being a serial "trigger-happy with negative trust feedback" (as mentioned in the trust feedback that I received), I thought of chipping in and explaining the reasoning behind I providing such feedback.

Generally speaking, when someone (with purely good intentions) are contacting me, letting me know of possible security breaches, and providing me with advice and optional solutions to overcome a possible threat, I am thankful.

What happened here is completely different though. I received a PM from a user that I didn't know & never interacted before with. The topic of the PM was "(No subject)" & was sent to "(Undisclosed recipients)", hence not directed explicitly to me (it was not intended for only me, but to unknown recipients)

In the beginning, there was a short introduction about a "potential" forum security issue, and a mention of their achievement that they have already frozen a user account because the user didn't follow their security standards. (ie they took the law into their hands, and executed it accordingly leaving the user with a locked/frozen account -just because they could-, instead of informing a moderator about the situation and letting them handle it in the most appropriate way).

Then, things started getting a bit more interesting. This user demanded me not only to change my security settings but to also report back to them (secretly via PMs) stating how I improved my account security (ie providing them details about my security settings and the way I "improved" them - ie changed them). Not only that, but they also threaten me that if I do not comply and they do not get a reply back from me, they will report me to the board administration "for our all safety"

Hence, in my point of view, someone was sending PM's acting as forum police, making demands and threats, without even having the authority of doing so, having as an excuse a very critical forum security issue (security question in place).

This PM's didn't come from a high-ranked user, a moderator, or from a highly trusted member. In the contrary, it came from a low-ranked member that has only negative feedback on their trust (both given & taken). If what I said is not clear, this user since 2019 has only provided negative feedback to other users, and not a single positive one (+ the negative feedback that have received so far).
Furthermore, there is a warning on their trust feedback page, that "This user's email address was changed recently."

The reason for leaving negative trust feedback was not to hurt newalias reputation but to warn potential receivers of those PM's that it is a bad tactic and "bad security advice" (what nullius is accusing me that I provide) to reply to unknown senders PM's and providing sensitive security information about their account (specifically when someone is actually demanding about them, and letting them know that they will get reported if not doing so). Especially, coming from a user that claims that they have hacked/breached/tricked (whatever the right word is) the forums Captcha security system.

@newalias I have nothing against you, and I do not want to turn this into a drama. You might have the purest intentions, however, it was so badly executed that your PM actually turned into a security concern (instead of the security issue that you were forcing other users to comply with)

@nullius I disagree with you that I am a serial "trigger-happy with negative trust feedback". If you still believe so, I totally respect your opinion and have no hard feelings at all. (you can leave your trust feedback as is). My trust feedback history is open to everyone to see, hence everyone could end up to conclusions whenever I misuse the trust feedback by providing negative feedback without reasoning.
Yes, I agree that using "neutral" feedback instead of negative might have been an option. However (as said) due to the amount and the combination of all those red flags together, I wanted to do my best of triggering PM receivers (by reading my text in red), so as not to fall into a potential phishing scam attempt.

Here is the PM that I received. I have indicated in bold, all those segments that support my above elaboration.

Edit: just to be crystal clear, I do not disagree that having a security question in place, might be a security issue for your account.

Quote
Hi there,

you are member of DefaultTrust. Therefore, the security of your account is crucial.

However, you have a security question in place, what often means lower entropy than a secure password and maybe being easier to guess. Simplest thing I have seen in DefaultTrust was "1+1" with answer "2" was correct - I have frozen it for security. Easy questions ask for an age (try 0-99) or a birth year (try 1940-2022) or lower case initials (try aa-zz). Many questions ask for a city or a make of first car - brute force can help. And there are loads of questions for names of wife, birth names, pet names and so on. These are things that may be shared even in a post or require only your real name! The better people know the account owner, the better they know the answer!

Recommended action to take is to remove security question at all. Please get back to me stating how you improved account security. If I do not get a reply, I need to inform board administration for our all safety.

I started with whole DefaultTrust as I think the base of community should be secured first. Later, I will go for more users. Captcha is useless as I use some trick I will only discuss with theymos.

Thank you!
kawetsriyanto
Legendary
*
Offline Offline

Activity: 2422
Merit: 1139


duelbits.com


View Profile
July 07, 2022, 10:57:08 PM
 #55

Luckily I'm not a DT member, so that damn user didn't target me for that weird PM.  Cheesy
I have not received the PM yet which means I am not in DT too 😉? My bet, the user is targeting people with some other criteria not just a DT.
Agree. He should have criteria, I assume he is likely to target high-rank accounts.
He may start with DT members, then he will target random members.

In my opinion, that account only tried to make chaos since he won't succeed if he targeted DT members. DT members won't be easily trapped by that weird PM, only careless members can be the victims.

By the way, it is a bit strange why he did this. He must know if he won't have a chance to succeed, but he did it. If he really wants to make chaos or suspicion among the members, what his goals exactly?  Huh



I also got that weird PM.


███████████████████████████
███████▄████████████▄██████
████████▄████████▄████████
███▀█████▀▄███▄▀█████▀███
█████▀█▀▄██▀▀▀██▄▀█▀█████
███████▄███████████▄███████
███████████████████████████
███████▀███████████▀███████
████▄██▄▀██▄▄▄██▀▄██▄████
████▄████▄▀███▀▄████▄████
██▄███▀▀█▀██████▀█▀███▄███
██▀█▀████████████████▀█▀███
███████████████████████████
 
 Duelbits 
██
██
██
██
██
██
██
██

██

██

██

██

██
TRY OUR UNIQUE GAMES!
    ◥ DICE  ◥ MINES  ◥ PLINKO  ◥ DUEL POKER  ◥ DICE DUELS   
█▀▀











█▄▄
 
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
 
███
▀▀▀

███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
 
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
 
███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
███
▀▀▀
 
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
 KENONEW 
 
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀█











▄▄█
10,000x
 
MULTIPLIER
██
██
██
██
██
██
██
██

██

██

██

██

██
 
NEARLY
UP TO
50%
REWARDS
██
██
██
██
██
██
██
██

██

██

██

██

██
[/tabl
newalias
Copper Member
Member
**
Offline Offline

Activity: 143
Merit: 85


View Profile
July 07, 2022, 11:28:12 PM
 #56

Luckily I'm not a DT member, so that damn user didn't target me for that weird PM.  Cheesy
I have not received the PM yet which means I am not in DT too 😉? My bet, the user is targeting people with some other criteria not just a DT.
Agree. He should have criteria, I assume he is likely to target high-rank accounts.
He may start with DT members, then he will target random members.

In my opinion, that account only tried to make chaos since he won't succeed if he targeted DT members. DT members won't be easily trapped by that weird PM, only careless members can be the victims.

By the way, it is a bit strange why he did this. He must know if he won't have a chance to succeed, but he did it. If he really wants to make chaos or suspicion among the members, what his goals exactly?  Huh



I also got that weird PM.



How do you define success? If you think success is hijacking your account you are wrong.
kawetsriyanto
Legendary
*
Offline Offline

Activity: 2422
Merit: 1139


duelbits.com


View Profile
July 08, 2022, 12:16:36 AM
Last edit: July 08, 2022, 09:59:36 PM by kawetsriyanto
 #57

How do you define success? If you think success is hijacking your account you are wrong.
Okay, seems to make sense to me.
I actually have said above, that it should be a small chance if you are trying to hijack DT member accounts.
I guess you understand it, right?



Don't misunderstand or judge too early!!


███████████████████████████
███████▄████████████▄██████
████████▄████████▄████████
███▀█████▀▄███▄▀█████▀███
█████▀█▀▄██▀▀▀██▄▀█▀█████
███████▄███████████▄███████
███████████████████████████
███████▀███████████▀███████
████▄██▄▀██▄▄▄██▀▄██▄████
████▄████▄▀███▀▄████▄████
██▄███▀▀█▀██████▀█▀███▄███
██▀█▀████████████████▀█▀███
███████████████████████████
 
 Duelbits 
██
██
██
██
██
██
██
██

██

██

██

██

██
TRY OUR UNIQUE GAMES!
    ◥ DICE  ◥ MINES  ◥ PLINKO  ◥ DUEL POKER  ◥ DICE DUELS   
█▀▀











█▄▄
 
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
 
███
▀▀▀

███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
 
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
 
███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
███
▀▀▀
 
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
 KENONEW 
 
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀█











▄▄█
10,000x
 
MULTIPLIER
██
██
██
██
██
██
██
██

██

██

██

██

██
 
NEARLY
UP TO
50%
REWARDS
██
██
██
██
██
██
██
██

██

██

██

██

██
[/tabl
dansus021
Copper Member
Legendary
*
Offline Offline

Activity: 2198
Merit: 1013


Part of AOBT - English Translator to Indonesia


View Profile WWW
July 08, 2022, 01:40:19 AM
 #58

hahha i receive the PM yesterday and I ask to him

are u trying sell security program but he said that I must delete the security question in my account  Grin Grin I think this person DM high ranking member

███████████████████████████
███████▄████████████▄██████
████████▄████████▄████████
███▀█████▀▄███▄▀█████▀███
█████▀█▀▄██▀▀▀██▄▀█▀█████
███████▄███████████▄███████
███████████████████████████
███████▀███████████▀███████
████▄██▄▀██▄▄▄██▀▄██▄████
████▄████▄▀███▀▄████▄████
██▄███▀▀█▀██████▀█▀███▄███
██▀█▀████████████████▀█▀███
███████████████████████████
.
.Duelbits.
..........UNLEASH..........
THE ULTIMATE
GAMING EXPERIENCE
DUELBITS
FANTASY
SPORTS
████▄▄█████▄▄
░▄████
███████████▄
▐███
███████████████▄
███
████████████████
███
████████████████▌
███
██████████████████
████████████████▀▀▀
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀
.
▬▬
VS
▬▬
████▄▄▄█████▄▄▄
░▄████████████████▄
▐██████████████████▄
████████████████████
████████████████████▌
█████████████████████
███████████████████
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀
/// PLAY FOR  FREE  ///
WIN FOR REAL
..PLAY NOW..
nullius
Copper Member
Hero Member
*****
Offline Offline

Activity: 630
Merit: 2614


If you don’t do PGP, you don’t do crypto!


View Profile WWW
July 08, 2022, 01:53:45 AM
 #59

I think he deserves the neg trust. As I stated my question was there but was already in a disabled state. So it is far superior then no question at all. Since a hacker would spend all eternity and get no where trying to answer the question.

It was what is the name of my wife's father.

A hacker could have tried every name ever written in the human race and have no answer.

Since I knew I my secret question was disabled but listed I had created a time waster trap for hacker's which this moron fucked up with his clever hacking bs.

So frankly his so called well intended deed fucking helps hackers since they now know security question can be disabled and thus un answerable.

Non sequitur.  Nothing that you said indicates that the user deserves negative trust feedback, or speaks to his trustworthiness in any way.  Beyond that:

First of all, you are creatively rewriting history.  Look back to the beginning of the thread.  You were so scared that you had been hacked, you self-quoted from another account to preserve your post.

Zeroth of all, you have now passed beyond the realm of security theatre into Rube Goldberg style security.  Guess what:  My Bitcoin wallet has “no [secret] question at all” (of this type).  Would it be made “far superior”, if a ridiculously weak insecurity misfeature were added, and then misused in a way that’s less weak?  Please advise:  I am considering the possibility that I may write my own Bitcoin wallet software.

Reductio ad absurdum, would my wallet “fucking help hackers” by only using poor, weak little Bitcoin public keys, without a “secret question” insecurity mechanism?  Should I draft a BIP to add a consensus feature that lets people somehow add coin recovery questions on the blockchain, if they can leave it blank as you describe?  Would that improve Bitcoin’s security to be “far superior” to what it now is? Roll Eyes

I think that you and some others still don’t understand that the whole “secret question” feature is strictly a negative to security, with no security benefits whatsoever.  It was originally an account recovery mechanism:  A per-account backdoor to gain access to an account, without knowing the password.  As mprep informed us, it was changed in 2015 to be “only” a way to lock an account without the password.

I have no “secret question” set on any of my Bitcoin Forum accounts.  My accounts are surely more secure than yours.  You still believe that you can nonsensically add security with a misfeature designed to undermine security; that indicates to me that you do not know how to secure an account.


This PM's didn't come from a high-ranked user, a moderator, or from a highly trusted member. In the contrary, it came from a low-ranked member that has only negative feedback on their trust (both given & taken). If what I said is not clear, this user since 2019 has only provided negative feedback to other users, and not a single positive one (+ the negative feedback that have received so far).
Furthermore, there is a warning on their trust feedback page, that "This user's email address was changed recently."

When I first checked his account after this thread began, he had only one received feedback of any kind:  willi9974’s negative dated 2022-07-07, now removed.  As of early yesterday, he did not have any negative feedbacks not pertaining to this incident.

I don’t know why you think that sent feedback is relevant.  I myself have only rarely sent positive feedback.  In my case, that is intentional and well-considered.  I have written essays as to why—even posted a policy noting this.
General note:  I am extremely conservative in matters of trust.  I do not trust easily; and most of all, I do not vouch lightly.
Anyway, I don’t see why you would issue negative feedback partly on the basis that someone does not trust anyone here.

Generally speaking, when someone (with purely good intentions) are contacting me, letting me know of possible security breaches, and providing me with advice and optional solutions to overcome a possible threat, I am thankful.

What happened here is completely different though. I received a PM from a user that I didn't know & never interacted before with. The topic of the PM was "(No subject)" & was sent to "(Undisclosed recipients)", hence not directed explicitly to me (it was not intended for only me, but to unknown recipients)

In the beginning, there was a short introduction about a "potential" forum security issue, and a mention of their achievement that they have already frozen a user account because the user didn't follow their security standards. (ie they took the law into their hands, and executed it accordingly leaving the user with a locked/frozen account -just because they could-, instead of informing a moderator about the situation and letting them handle it in the most appropriate way).

Then, things started getting a bit more interesting. This user demanded me not only to change my security settings but to also report back to them (secretly via PMs) stating how I improved my account security (ie providing them details about my security settings and the way I "improved" them - ie changed them). Not only that, but they also threaten me that if I do not comply and they do not get a reply back from me, they will report me to the board administration "for our all safety"

Hence, in my point of view, someone was sending PM's acting as forum police, making demands and threats, without even having the authority of doing so, having as an excuse a very critical forum security issue (security question in place).

As I indicated in my initial post on this thread, I thought it was clumsy and naïve.  I think it’s likely that newalias did not foresee the nature of many people’s reactions.  I have seen it before in security contexts:  Someone tries to be helpful, in a way that inadvertently incites suspicions—even panic.

Pending investigation, a precautionary negative feedback may arguably have been warranted.  Well, I do not agree with it; but I also don’t think it necessarily shows poor judgment.  willi9974’s tag said said he received a suspicious PM.  In my opinion, it was hasty; but it was not so unreasonable, in the circumstance.

You and uelque both gave bad security advice in your feedback—as if the “secret question” misfeature were beneficial to security.  You both also jumped to conclusions about a malicious hack.  In my opinion, that shows poor judgment.  I do not want such tags above the fold in my view of trust pages.

greenplastic’s tag was beyond the pale:  A string of all-caps profanities, with no explanation.  That shows extremely poor judgment.

I also disagree with your interpretation of the PM’s wording—with how you read it.

But thank you for explaining; I am glad better to understand your thought process.  I hope you better understand my own thought process from this post.

For my part:  I just saw this thread and thought, “Oh, no.  This fellow is about to be mobbed.”  I do not know newalias, and could not vouch for his intentions; caution was indicated.  But I strongly disagreed with how it seemed that everyone else thus far was jumping to conclusions.  It looked to me more likely than not that he was attempting to improve forum security—maybe going about it in a misguided way, liable to be misunderstood.  I have always detested that stupid “secret question”—thus the strength of my reaction here.

buwaytress
Legendary
*
Offline Offline

Activity: 2996
Merit: 3702


Join the world-leading crypto sportsbook NOW!


View Profile
July 08, 2022, 04:19:18 AM
Merited by BitcoinGirl.Club (1)
 #60

Oh hey, so I am spending now more time in Meta the past 2 weeks than in my entire bitcointalk lifetime, seem to be crawling down rabbit holes from user posts and ending up here.

So just also realised now I had a completely different reaction to most posts in here -- I replied to newalias actually and explained why I felt my confidence in my answer (a language method I also use for some seed phrases). He actually agreed, though said I shouldn't have given clues to my method. I still think explaining it doesn't help anyone with any software, my answer is as good as a long random string (I believe).

Despite that, I deleted my security question.

Had no idea the whole event already generated a thread here until I looked up his profile now.

Thought to mention here, some small realisation afforded to me because English was my third language (though now practically my first) -- I almost can understand the true "intent" of people in different types of English heh. Reading his PM, I felt no shade of bad behaviour at all, somehow I even understood the meaning behind his "frozen" claim (which he seems to have proven now).

I don't think he was naive though, I do think he comes off as having a slight dick attitude. Personally never found anything wrong with that, and now I see he's German, I totally get it, and I'm not trying to be offensive, many Southeast Asians will find the German's English deliberately dickish heh.

newalias, you've done the forum a favour, hopefully. But you know, you can't always equate a lack of good security behaviour with being dumb. Intelligence, self-awareness and wisdom aren't always on the same page and sometimes live in the same room as recklessness.

As nullius also pointed out, you didn't remove the red trust so you're not infallible yourself.

Now there. I hope not to post in Meta again so soon. I don't know how to act in here.

██
██
██
██
██
██
██
██
██
██
██
██
██
... LIVECASINO.io    Play Live Games with up to 20% cashback!...██
██
██
██
██
██
██
██
██
██
██
██
██
Pages: « 1 2 [3] 4 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!