What is going on???

[AlttAdmn]

Passwords are encrypted on Altt : https://www.altcoinstalks.com/index.php?topic=316088.0

Passwords can not be decrypted they are hashed one way.

[LoyceV]

Passwords are encrypted on Altt : https://www.altcoinstalks.com/index.php?topic=316088.0

Passwords can not be decrypted they are hashed one way.

That doesn't mean anything. If the site owner wants, he can store all passwords and the users won't know about it.

[Smartvirus]

I was perplexed based on how the OP has presented the case of no possible email or password change and yet, we have claims of user’s account making loan requests but having no idea of these actions been taken by whom is thought to be the owner of the account.

One of the possible interpretations would have been that these were accounts that have changed hands but it’s hardly the case as, these are well known reputable users that have built a name behind there accounts still. Also, these are accounts that spans through 2017 - date and there haven’t been any serious attacks on the forum that I know of that could have result in account compromise. Hence, it’s easy to rule that off.

The possibility of a friend or siblings, I don’t know but, it’s hard to have this sort of fowl play.

Teleporting an account from Bitcointalk to Altcoinstalks, and using a same password. It breaks an important principle, don't reuse password on different platforms.

I recently teleported my account in altcoinstalks. I was required to put the same username there too. So I used the same password there as well.

No requirement to use the same password for the process!

I don't know it is a reason or just a fake one, used by the user to fool us but let's say, reuse password is bad practice.

This brings to light a security risk that might have been undermined on password and email usage on other platforms. It then means, you should identify risk when making associations on a testing platform and that which you have deemed important.

Like you’ve said @tranthidung, just maybe but,
This also brings to light a means to loan approval that could clear doubt which is, signing message from a current address and it becomes reassuring on whom.

[Vod]

That's a weird excuse to install compromised software. I only use open source software and nobody can ban that as long as I have an internet connection.

If you are in an authoritative country, they absolutely can you.  DNS and VPN restrictions.

[AlttAdmn]

Passwords are encrypted on Altt : https://www.altcoinstalks.com/index.php?topic=316088.0

Passwords can not be decrypted they are hashed one way.

That doesn't mean anything. If the site owner wants, he can store all passwords and the users won't know about it.

dude, the software is exactly the same as this forum, even newer version, the answer you got in the link, official statement, passwords are encrypted.
can the software be modified to store unencrypted passwords, probably possible, but then again everything is possible, statoshi being trump is also possible.

I am not going to even entertain stupid insinuations. just because you dislike altcoinstalks, it does not make it suspicious.
Either way, a message is being displayed to all teleported members now on altt to have a different password.

And as i mentioned previously, altt admin does not need the money, altt admin distributes few hundred dollars monthly, every week there is at least a giveaway or raffle or revenue share ...

cheers, and have a nice day.

[Vod]

dude, the software is exactly the same as this forum, even newer version, the answer you got in the link, official statement, passwords are encrypted.
can the software be modified to store unencrypted passwords, probably possible, but then again everything is possible, statoshi being trump is also possible.

It's literally one line of code to store the original password before hashing it.    For all we know, the bitcointalk hack was just another way Theymos scammed; selling the unhashed passwords under a pseudonym.   (Edit:  probably not though, he scammed much more coin pretending to develop bitcoin)

You, on the other hand, copied this forum so I'd be more likely to believe you have unsalted passwords as well.

[LoyceV]

dude

Dude!

the software is exactly the same as this forum, even newer version

None of that is relevant. When it comes to handling passwords, it comes to trusting the forum owner does what he says he does. Your "evidence" is a link to your own site, that doesn't prove anything. And it's impossible to prove.

can the software be modified to store unencrypted passwords, probably possible, but then again everything is possible, statoshi being trump is also possible.

You're turning a serious thing into something ridiculous. Is that to distract the reader?

I am not going to even entertain stupid insinuations.

I've seen it many times: wannabe scammers respond to serious concerns with name calling. Honest people would do all they can to convince readers with facts.

just because you dislike altcoinstalks, it does not make it suspicious.

Of course it's suspicious! Just like altcoins, ICOs, NFTs, DeFi and Ordinals, your forum is also created to make money for the creator. And like many others, you need Bitcointalk to promote your little scheme.
Let's try the other way: the fact that I don't like your forum doesn't mean it should be trusted.

Either way, a message is being displayed to all teleported members now on altt to have a different password.

Why? Are you assuming your users are that dumb? Everyone knows by now not to reuse passwords, and reading it again won't make the people who do it change their ways.

And as i mentioned previously, altt admin does not need the money, altt admin distributes few hundred dollars monthly, every week there is at least a giveaway or raffle or revenue share ...

Revenue without needing the money. Right.

[AlttAdmn]

dude, the software is exactly the same as this forum, even newer version, the answer you got in the link, official statement, passwords are encrypted.
can the software be modified to store unencrypted passwords, probably possible, but then again everything is possible, statoshi being trump is also possible.

It's literally one line of code to store the original password before hashing it.    For all we know, the bitcointalk hack was just another way Theymos scammed; selling the unhashed passwords under a pseudonym.   (Edit:  probably not though, he scammed much more coin pretending to develop bitcoin)

You, on the other hand, copied this forum so I'd be more likely to believe you have unsalted passwords as well.

there are something called software, both these forums rely on open sourced software, this software used by thousands of forums, thus "copied" is a bit too much ...
anyway, altt forum exists since 2017, that's almost 7 years, with thousands of members. You guys just to argument for argument sake ...

Of course it's suspicious! Just like altcoins, ICOs, NFTs, DeFi and Ordinals, your forum is also created to make money for the creator. And like many others, you need Bitcointalk to promote your little scheme.

you have trust issues bro
you admit also distrusting ethereum, bnb, xrp ...

from altt perspective, users are asked to use unique passwords, these passwords are encrypted , if you believe the admin or not, it does not matter.
- i am not gonna reply, enough time wasted on too far fetched arguments.

cheers and have a nice day




[moderator's note: consecutive posts merged]

[LoyceV]

you have trust issues bro
you admit also distrusting ethereum, bnb, xrp ...

It's funny how you mention 3 centrally controlled shitcoins and then say I'm the one with issues. Is that the best argument you have?

[FatFork]

Thank you for the valuable advice.

After the harsh experience, I decided to use only open source software and install Linux on a bootable flash drive
I think it's the best way to avoid running into this problem again.

Perhaps a somewhat late decision, but it is better late than never.

To add to everything that LoyceV suggested, a dual boot setup seems like a solid idea here too. With that, you'd have Windows and Linux both installed on your computer, and when booting up, you'd just select which one you feel like going with that time.  This lets you benefit from the software options of Windows and the security of Linux in the same machine. Dual boot gives flexibility if you ever find yourself needing something only one OS provides, and is generally a more optimized solution compared to VM, because it requires less resources.

[LoyceV]

This lets you benefit from the software options of Windows and the security of Linux in the same machine.

With this setup, malware installed on Windows can still access your Linux partition. I have no idea how likely this is (but I wouldn't want Windows to ever touch my partitions).

[examplens]

Either way, a message is being displayed to all teleported members now on altt to have a different password.

Why? Are you assuming your users are that dumb? Everyone knows by now not to reuse passwords, and reading it again won't make the people who do it change their ways.

The direction in which this thread went, shows that not everyone knows that it is not a good idea to use the same passwords on different forums. It is obvious that this mantra should be repeated everywhere and always, like the one "Not your keys, not your coins". No matter how many times it is repeated, there will be those who make such a mistake again.

[LoyceV]

The direction in which this thread went, shows that not everyone knows that it is not a good idea to use the same passwords on different forums. It is obvious that this mantra should be repeated everywhere and always, like the one "Not your keys, not your coins". No matter how many times it is repeated, there will be those who make such a mistake again.

Of course they know, they just don't care. And even if they use different passwords, chances are they're very alike anyway. Password1234 and Password4321 for instance. It would be more useful to promote a password manager, because most people have more accounts than they can remember.
And even if they use different passwords, chances are they forget which one belongs to which site. To enter, they "try" all passwords they know, thereby compromising all of them

[Vod]

With this setup, malware installed on Windows can still access your Linux partition.

Not if Linux is using one of it's proprietary file systems, like ext4.

That would be like Jeff Goldblum writing a virus to take over the mother ship. 

[LoyceV]

Not if Linux is using one of it's proprietary file systems, like ext4.

Ext4 can be mounted on Windows. I was more thinking about encrypting the entire filesystem to avoid accessing it.

I've never seen the word "proprietary" used for an open source filesystem.

[Vod]

I've never seen the word "proprietary" used for an open source filesystem.

First for everything!   I'm wrong, though. 

[Gormicsta]

Thank you for the valuable advice.

After the harsh experience, I decided to use only open source software and install Linux on a bootable flash drive
I think it's the best way to avoid running into this problem again.

Perhaps a somewhat late decision, but it is better late than never.

To add to everything that LoyceV suggested, a dual boot setup seems like a solid idea here too. With that, you'd have Windows and Linux both installed on your computer, and when booting up, you'd just select which one you feel like going with that time.  This lets you benefit from the software options of Windows and the security of Linux in the same machine. Dual boot gives flexibility if you ever find yourself needing something only one OS provides, and is generally a more optimized solution compared to VM, because it requires less resources.

From an interesting point of view, dual booting is a fantastic choice for anyone who wish to combine the security of Linux with the software variety of Windows. For those who are unfamiliar with Linux and would like to learn more about it, this is an excellent option because they can easily switch back to Windows if necessary. Although dual booting does involve a little additional preparation, the flexibility and optimization it offers usually make it worthwhile.

[SamReomo]

With this setup, malware installed on Windows can still access your Linux partition. I have no idea how likely this is (but I wouldn't want Windows to ever touch my partitions).

Then it's better to have Linux as main operating system and install Windows as a guest machine on that system using a software like Virtual box. We really need some features of the Windows and some of the applications are mainly created for Windows OS and that's why we need to have Windows operating system installed on a virtual machine to perform those task.

I think that way we and our files are safe even if Windows operating system gets infected with malware. I'm very sure that it would be a tough task for malware developers to access the files of the host system when their malware is installed in the guest system.

[Stalker22]

With this setup, malware installed on Windows can still access your Linux partition. I have no idea how likely this is (but I wouldn't want Windows to ever touch my partitions).

Then it's better to have Linux as main operating system and install Windows as a guest machine on that system using a software like Virtual box. We really need some features of the Windows and some of the applications are mainly created for Windows OS and that's why we need to have Windows operating system installed on a virtual machine to perform those task.

I think that way we and our files are safe even if Windows operating system gets infected with malware. I'm very sure that it would be a tough task for malware developers to access the files of the host system when their malware is installed in the guest system.

It is still possible for malware to infect your host system, if you transfer infected files directly between the guest and host operating systems or use shared folders.

My main worry with using virtual machines and sandboxes to execute suspicious software is that it can give a false sense of security.  An increasing number of malwares can identify whether they are running inside a VM or sandbox and keep their malicious payloads from executing and  this implies you may run compromised software in a VM and without even knowing, but when you run it on your main system, it could unleash its full potential. 

[Vod]

this software used by thousands of forums, thus "copied" is a bit too much ...
anyway, altt forum exists since 2017, that's almost 7 years, with thousands of members. You guys just to argument for argument sake ...

Sorry AlttAdmn, I confused your forum with another.  Your forum obviously is different from this one, and I take back my copied comment.