|
Keninishna (OP)
|
 |
January 25, 2012, 01:16:01 PM |
|
I need a 8 BTC loan.
I can pay back 10 BTC in 5 days.
my bitcoin address is : 1KRESt175G6Ny13bH6A5g21vKLHcCdsfpG
|
|
|
|
|
|
|
|
|
|
|
|
Even in the event that an attacker gains more than 50% of the network's
computational power, only transactions sent by the attacker could be
reversed or double-spent. The network would not be destroyed.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
dollartrader
|
|
January 25, 2012, 01:26:04 PM |
|
Loan sent. Return to 14cJemNEQh7sj7PKndqRxsiuFCPVcuUkfx
|
|
|
|
|
|
|
|
Keninishna (OP)
|
|
January 27, 2012, 08:54:52 AM |
|
holy crap I did not make this post, who has been hijacking my account damnit.
|
|
|
|
|
|
Keninishna (OP)
|
|
January 27, 2012, 09:00:51 AM |
|
I'll just send you 8 btc back now so my forum credit isnt ruined.
fuck I changed my password too. 175836c669c44941ca47d71dcbec6d6e536a60db58c017d14656109712b87e5f
|
|
|
|
|
|
PatrickHarnett
|
|
January 27, 2012, 09:09:28 AM |
|
Something odd going on - obviously someone or ones is targeting lending. Confirmations by pm's recommended. Nice that you were able to cover the debt, but yu shouldn't have had to.
|
|
|
|
|
|
dollartrader
|
|
January 27, 2012, 09:12:11 AM |
|
I agree with Patrick, I took the risk here. Sending PM.
|
|
|
|
|
|
Keninishna (OP)
|
|
January 27, 2012, 09:21:54 AM |
|
well this has taught me to start using a pgp key or something.
|
|
|
|
|
farfiman
Legendary
 Offline
Activity: 1449
Merit: 1001
|
|
January 27, 2012, 11:19:16 AM |
|
Something odd going on - obviously someone or ones is targeting lending. Confirmations by pm's recommended. Nice that you were able to cover the debt, but yu shouldn't have had to.
How does Pm's help ? If the fake user answers the pm its the same shit... unless you know some secret information of his ( grandmas maiden name...) and ask him I guess the 5% a day interest should have been a big warning... |
"We are just fools. We insanely believe that we can replace one politician with another and something will really change. The ONLY possible way to achieve change is to change the very system of how government functions. Until we are prepared to do that, suck it up for your future belongs to the madness and corruption of politicians."
Martin Armstrong
|
|
|
Kluge
Donator
Legendary
Offline
Activity: 1218
Merit: 1015
|
|
January 27, 2012, 11:26:01 AM
Last edit: January 28, 2012, 02:06:34 AM by Kluge |
|
Something odd going on - obviously someone or ones is targeting lending. Confirmations by pm's recommended. Nice that you were able to cover the debt, but yu shouldn't have had to.
How does Pm's help ? If the fake user answers the pm its the same shit... unless you know some secret information of his ( grandmas maiden name...) and ask him I guess the 5% a day interest should have been a big warning... Even a five-minute delay could prevent the kind of fraud which occurred in the OP. Most users have PMs sent to their email account. If user is online, and is notified of emails, it's possible he could intervene to prevent similar fraud. It's unlikely to help, but it's a very easy way to help prevent similar problems. Though, I'm curious as to how the OP had his account hijacked. ETA: Also worth noting many loans aren't funded for a good few hours, sometimes days. Real owner may have control of the account again, perhaps've contacted the admin. However, it appears this situation was due to poor password management.... we're over-reacting a bit, I think, unless something like what happened in OP becomes more frequent. |
|
|
|
|
farfiman
Legendary
Offline
Activity: 1449
Merit: 1001
|
|
January 27, 2012, 11:58:04 AM |
|
Maybe this thread should be stickied as a warning to lenders ( and lendees....)
|
"We are just fools. We insanely believe that we can replace one politician with another and something will really change. The ONLY possible way to achieve change is to change the very system of how government functions. Until we are prepared to do that, suck it up for your future belongs to the madness and corruption of politicians."
Martin Armstrong
|
|
|
|
dollartrader
|
|
January 27, 2012, 12:12:02 PM |
|
Would be a good idea to sticky something.
If an account is hacked, any of the info or settings could be changed so I'll definitely tread a little more carefully in the future. Lesson learned, thankfully a small one.
|
|
|
|
|
|
Keninishna (OP)
|
|
January 27, 2012, 09:42:36 PM |
|
well you can check my signature line now. If you go to that link in it to my external site that has my btc address signed via gpg. So if any more loan requests come from me only send it to that address or to an address signed by me.
|
|
|
|
|
copumpkin
Donator
Sr. Member
Offline
Activity: 266
Merit: 252
I'm actually a pineapple
|
|
January 27, 2012, 09:45:05 PM |
|
well you can check my signature line now. If you go to that link in it to my external site that has my btc address signed via gpg. So if any more loan requests come from me only send it to that address or to an address signed by me.
That's no use. If someone can post under your name, they can change your signature. We should ask theymos what's going on here. |
|
|
|
|
|
someone703
|
|
January 27, 2012, 09:48:49 PM |
|
Yup, sig thing won't be much good either like copumpkin mentioned.
Would be a pain, but maybe you should reformat your computer, install an anti-virus on it right away, then sign in and change your password and stuff up.
|
|
|
|
JusticeForYou
VIP
Sr. Member
Offline
Activity: 490
Merit: 271
|
|
January 27, 2012, 09:51:12 PM |
|
well this has taught me to start using a pgp key or something.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 May I suggest signing your requests with a gpg signature. Then at least they will need to steal your forum password, your computer, your passphrase, and understand how to use gpg. -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.orgiQIcBAEBAgAGBQJPIxwyAAoJEB2k6OhXVIbD9OgP/1YuJkhHQt3dcvgexzh3XRcj zQCz3xMy38pB1OgnSSkX5SfSJn7cIoTadGdRmB+bUXm0dv5uGZbKGSpd1JtvQAkO 4XgmwRpP9LePKf4/vIwsMgX3JtF97l9rJByJarxAbCyElLVfht7xaPrue6jYkOE2 VGHXlDCscJxMgNnB5kSUuPoae291gZWSDCGpB4BiuU38EJmRV2+PKhBkmI1KDSWj Ddw9JhYOE9olm5Y5L5bHQF3bgRLRTBSFn973QKmFbGJicLwnIrrHoA3wTqtqBfGd 6/JJ+qnRPH96gFzZuVob784aZo81EIB8SrXqirDMzj1B3ap3P+yl4sG/rpdlRnyR BtgNn7k5E6IeSZ6EQGQWpoY42UUZRV5/N6xK0T9mS7T2lTmEMKkg/ED9cKbb3Tad urCTk7IIkHRPbHiEO73PX0EIeT2lbchjuFKuLkWrBpuKLykgDTp8ttiAyczCG2J2 xaeWYopEg0Rj7O/yYChCHJpz5BOr631jOnZc0oLrfZEAM3YjAepF1+DEAyo46kiB DiFlbMW+hsoRQ+qRB8OPYtrohc1eUHD6FjOWj/pLQeKdnY/9gq4kRDTaqv4nrOMt gr+79UoyDjjdD0VYRQ6PglfFHFuoToxP+6p3zJO2bkeTjtFQOxnTLHdilLLbsjFY MXkl+jNhCbk60nwKhNlB =2AV+ -----END PGP SIGNATURE----- |
|
|
|
|
|
.
..1xBit.com Super Six.. | ▄█████████████▄
████████████▀▀▀
█████████████▄
█████████▌▀████
██████████ ▀██
██████████▌ ▀
████████████▄▄
███████████████
███████████████
███████████████
███████████████
███████████████
▀██████████████ | ███████████████
█████████████▀
█████▀▀
███▀ ▄███ ▄
██▄▄████▌ ▄█
████████
████████▌
█████████ ▐█
██████████ ▐█
███████▀▀ ▄██
███▀ ▄▄▄█████
███ ▄██████████
███████████████ | ███████████████
███████████████
███████████████
███████████████
███████████████
███████████▀▀▀█
██████████
███████████▄▄▄█
███████████████
███████████████
███████████████
███████████████
███████████████ | ▄█████
▄██████
▄███████
▄████████
▄█████████
▄██████████
▄███████████
▄████████████
▄█████████████
▄██████████████
▀▀███████████
▀▀███████
▀▀██▀ | ▄▄██▌
▄▄███████
█████████▀
▄██▄▄▀▀██▀▀
▄██████ ▄▄▄
███████ ▄█▄ ▄
▀██████ █ ▀█
▀▀▀ ▄ ▀▄▄█▀
▄▄█████▄ ▀▀▀
▀████████
▀█████▀ ████
▀▀▀ █████
█████ | ▄ █▄▄ █ ▄
▀▄██▀▀▀▀▀▀▀▀
▀ ▄▄█████▄█▄▄
▄ ▄███▀ ▀▀ ▀▀▄
▄██▄███▄ ▀▀▀▀▄ ▄▄
▄████████▄▄▄▄▄█▄▄▄██
████████████▀▀ █ ▐█
██████████████▄ ▄▄▀██▄██
▐██████████████ ▄███
████▀████████████▄███▀
▀█▀ ▐█████████████▀
▐████████████▀
▀█████▀▀▀ █▀ | .
Premier League
LaLiga
Serie A | .
Bundesliga
Ligue 1
Primeira Liga | | .
..TAKE PART.. |
|
|
|
|
|
|
Keninishna (OP)
|
|
January 27, 2012, 09:53:33 PM |
|
exactly well this has taught me to start using a pgp key or something.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 May I suggest signing your requests with a gpg signature. Then at least they will need to steal your forum password, your computer, your passphrase, and understand how to use gpg. -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.orgiQIcBAEBAgAGBQJPIxwyAAoJEB2k6OhXVIbD9OgP/1YuJkhHQt3dcvgexzh3XRcj zQCz3xMy38pB1OgnSSkX5SfSJn7cIoTadGdRmB+bUXm0dv5uGZbKGSpd1JtvQAkO 4XgmwRpP9LePKf4/vIwsMgX3JtF97l9rJByJarxAbCyElLVfht7xaPrue6jYkOE2 VGHXlDCscJxMgNnB5kSUuPoae291gZWSDCGpB4BiuU38EJmRV2+PKhBkmI1KDSWj Ddw9JhYOE9olm5Y5L5bHQF3bgRLRTBSFn973QKmFbGJicLwnIrrHoA3wTqtqBfGd 6/JJ+qnRPH96gFzZuVob784aZo81EIB8SrXqirDMzj1B3ap3P+yl4sG/rpdlRnyR BtgNn7k5E6IeSZ6EQGQWpoY42UUZRV5/N6xK0T9mS7T2lTmEMKkg/ED9cKbb3Tad urCTk7IIkHRPbHiEO73PX0EIeT2lbchjuFKuLkWrBpuKLykgDTp8ttiAyczCG2J2 xaeWYopEg0Rj7O/yYChCHJpz5BOr631jOnZc0oLrfZEAM3YjAepF1+DEAyo46kiB DiFlbMW+hsoRQ+qRB8OPYtrohc1eUHD6FjOWj/pLQeKdnY/9gq4kRDTaqv4nrOMt gr+79UoyDjjdD0VYRQ6PglfFHFuoToxP+6p3zJO2bkeTjtFQOxnTLHdilLLbsjFY MXkl+jNhCbk60nwKhNlB =2AV+ -----END PGP SIGNATURE----- |
|
|
|
|
copumpkin
Donator
Sr. Member
Offline
Activity: 266
Merit: 252
I'm actually a pineapple
|
|
January 27, 2012, 09:54:07 PM |
|
well this has taught me to start using a pgp key or something.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 May I suggest signing your requests with a gpg signature. Then at least they will need to steal your forum password, your computer, your passphrase, and understand how to use gpg. -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.orgiQIcBAEBAgAGBQJPIxwyAAoJEB2k6OhXVIbD9OgP/1YuJkhHQt3dcvgexzh3XRcj zQCz3xMy38pB1OgnSSkX5SfSJn7cIoTadGdRmB+bUXm0dv5uGZbKGSpd1JtvQAkO 4XgmwRpP9LePKf4/vIwsMgX3JtF97l9rJByJarxAbCyElLVfht7xaPrue6jYkOE2 VGHXlDCscJxMgNnB5kSUuPoae291gZWSDCGpB4BiuU38EJmRV2+PKhBkmI1KDSWj Ddw9JhYOE9olm5Y5L5bHQF3bgRLRTBSFn973QKmFbGJicLwnIrrHoA3wTqtqBfGd 6/JJ+qnRPH96gFzZuVob784aZo81EIB8SrXqirDMzj1B3ap3P+yl4sG/rpdlRnyR BtgNn7k5E6IeSZ6EQGQWpoY42UUZRV5/N6xK0T9mS7T2lTmEMKkg/ED9cKbb3Tad urCTk7IIkHRPbHiEO73PX0EIeT2lbchjuFKuLkWrBpuKLykgDTp8ttiAyczCG2J2 xaeWYopEg0Rj7O/yYChCHJpz5BOr631jOnZc0oLrfZEAM3YjAepF1+DEAyo46kiB DiFlbMW+hsoRQ+qRB8OPYtrohc1eUHD6FjOWj/pLQeKdnY/9gq4kRDTaqv4nrOMt gr+79UoyDjjdD0VYRQ6PglfFHFuoToxP+6p3zJO2bkeTjtFQOxnTLHdilLLbsjFY MXkl+jNhCbk60nwKhNlB =2AV+ -----END PGP SIGNATURE----- Well, the issue there is that there's no strong connection between someone's GPG identity and their forum identity. A scammer could easily generate a new key and sign messages with that. There need to be write-once fields in one's forum profile to set a key identity so nobody can change it after taking control of your account  Of course, depending on how badly compromised the forum gets, they could just change the field in the database and we'd be screwed either way. This is why we need a strong crypto-based decentralized loan/reputation system |
|
|
|
|
copumpkin
Donator
Sr. Member
Offline
Activity: 266
Merit: 252
I'm actually a pineapple
|
|
January 27, 2012, 09:54:57 PM |
|
My point is that the attacker can change your sig to point to another key on the same external site that's under his control, instead of yours. Or he could just change your sig to not point to a key at, and I doubt anyone would notice. |
|
|
|
|
|
Keninishna (OP)
|
|
January 27, 2012, 09:55:18 PM |
|
For an example loan request:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I need a loan for 8 btc
send to: 1QFgyRpGW2oX1JJHZvuaigW4ByDDVSbZVp
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
iQEcBAEBAgAGBQJPIx0fAAoJEKHSMtujN58ELa4H/2oiIfvKLB7s/huM6/PsU8SR
PA86AWofv52xMb6L3iFnvEF+iaotmL43M8Py1FnJPHIQeA6q1xJFHBKVQzR3c1rJ
n2JiuyeZ6h9qtJg5WYeyhpuWZCxbOjyO/fmmhdCzF0pQoHHjKcwtqaR3HqDeYMnP
YK82bNXSMbl2BzHymDdC3Uymu/6/mPd6kcwkvk6E+548WPf2zadlvKvFaeffBJtJ
srxDoXv8fYmT+9pmAmbKVrwQqpMEAPkSmRhJwcLDpOs9Z0Cq2bPiHXFWiAZezB9U
+0cVAU5i2VPzcJrS6hMGM54iEjFaXU30rjKYqqV5PImSfMw11vhEM5BzT4Iwmhg=
=IFlf
-----END PGP SIGNATURE-----
|
|
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5180
Merit: 12900
|
|
January 27, 2012, 09:58:21 PM |
|
How was your account compromised? Did you have a very weak password?
A few other users claim to have had their accounts compromised today, though these users were just posting useless garbage, not scamming. The attacker seems to come from 83.167.240.*.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
copumpkin
Donator
Sr. Member
Offline
Activity: 266
Merit: 252
I'm actually a pineapple
|
|
January 27, 2012, 10:02:28 PM |
|
How was your account compromised? Did you have a very weak password?
A few other users claim to have had their accounts compromised today, though these users were just posting useless garbage, not scamming. The attacker seems to come from 83.167.240.*.
I'm not sure if this is legit or not, but this guy also hadn't posted in ages and then suddenly asked for a loan (and got one, sadly, and doesn't seem to have bothered giving any responses to questions after the loan request): https://bitcointalk.org/index.php?action=profile;u=7110;sa=showPosts |
|
|
|
|
JusticeForYou
VIP
Sr. Member
Offline
Activity: 490
Merit: 271
|
|
January 27, 2012, 10:09:28 PM |
|
well this has taught me to start using a pgp key or something.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 May I suggest signing your requests with a gpg signature. Then at least they will need to steal your forum password, your computer, your passphrase, and understand how to use gpg. -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.orgiQIcBAEBAgAGBQJPIxwyAAoJEB2k6OhXVIbD9OgP/1YuJkhHQt3dcvgexzh3XRcj zQCz3xMy38pB1OgnSSkX5SfSJn7cIoTadGdRmB+bUXm0dv5uGZbKGSpd1JtvQAkO 4XgmwRpP9LePKf4/vIwsMgX3JtF97l9rJByJarxAbCyElLVfht7xaPrue6jYkOE2 VGHXlDCscJxMgNnB5kSUuPoae291gZWSDCGpB4BiuU38EJmRV2+PKhBkmI1KDSWj Ddw9JhYOE9olm5Y5L5bHQF3bgRLRTBSFn973QKmFbGJicLwnIrrHoA3wTqtqBfGd 6/JJ+qnRPH96gFzZuVob784aZo81EIB8SrXqirDMzj1B3ap3P+yl4sG/rpdlRnyR BtgNn7k5E6IeSZ6EQGQWpoY42UUZRV5/N6xK0T9mS7T2lTmEMKkg/ED9cKbb3Tad urCTk7IIkHRPbHiEO73PX0EIeT2lbchjuFKuLkWrBpuKLykgDTp8ttiAyczCG2J2 xaeWYopEg0Rj7O/yYChCHJpz5BOr631jOnZc0oLrfZEAM3YjAepF1+DEAyo46kiB DiFlbMW+hsoRQ+qRB8OPYtrohc1eUHD6FjOWj/pLQeKdnY/9gq4kRDTaqv4nrOMt gr+79UoyDjjdD0VYRQ6PglfFHFuoToxP+6p3zJO2bkeTjtFQOxnTLHdilLLbsjFY MXkl+jNhCbk60nwKhNlB =2AV+ -----END PGP SIGNATURE----- Well, the issue there is that there's no strong connection between someone's GPG identity and their forum identity. A scammer could easily generate a new key and sign messages with that. There need to be write-once fields in one's forum profile to set a key identity so nobody can change it after taking control of your account Of course, depending on how badly compromised the forum gets, they could just change the field in the database and we'd be screwed either way. This is why we need a strong crypto-based decentralized loan/reputation system Copumpkin, Correct, I falsely assumed they would have a WoT correlation. Which if they didn't, I wouldn't 'loan' to them. |
|
|
|
|
|
.
..1xBit.com Super Six.. | ▄█████████████▄
████████████▀▀▀
█████████████▄
█████████▌▀████
██████████ ▀██
██████████▌ ▀
████████████▄▄
███████████████
███████████████
███████████████
███████████████
███████████████
▀██████████████ | ███████████████
█████████████▀
█████▀▀
███▀ ▄███ ▄
██▄▄████▌ ▄█
████████
████████▌
█████████ ▐█
██████████ ▐█
███████▀▀ ▄██
███▀ ▄▄▄█████
███ ▄██████████
███████████████ | ███████████████
███████████████
███████████████
███████████████
███████████████
███████████▀▀▀█
██████████
███████████▄▄▄█
███████████████
███████████████
███████████████
███████████████
███████████████ | ▄█████
▄██████
▄███████
▄████████
▄█████████
▄██████████
▄███████████
▄████████████
▄█████████████
▄██████████████
▀▀███████████
▀▀███████
▀▀██▀ | ▄▄██▌
▄▄███████
█████████▀
▄██▄▄▀▀██▀▀
▄██████ ▄▄▄
███████ ▄█▄ ▄
▀██████ █ ▀█
▀▀▀ ▄ ▀▄▄█▀
▄▄█████▄ ▀▀▀
▀████████
▀█████▀ ████
▀▀▀ █████
█████ | ▄ █▄▄ █ ▄
▀▄██▀▀▀▀▀▀▀▀
▀ ▄▄█████▄█▄▄
▄ ▄███▀ ▀▀ ▀▀▄
▄██▄███▄ ▀▀▀▀▄ ▄▄
▄████████▄▄▄▄▄█▄▄▄██
████████████▀▀ █ ▐█
██████████████▄ ▄▄▀██▄██
▐██████████████ ▄███
████▀████████████▄███▀
▀█▀ ▐█████████████▀
▐████████████▀
▀█████▀▀▀ █▀ | .
Premier League
LaLiga
Serie A | .
Bundesliga
Ligue 1
Primeira Liga | | .
..TAKE PART.. |
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5180
Merit: 12900
|
|
January 27, 2012, 10:19:48 PM |
|
I'm pretty sure these accounts were compromised, so I've marked them all as scammers: bitbetter Gluskab brunoshady killer2021 kuba_10 Sjalq madload It looks like the attacker is just trying a few super common passwords on a bunch of user accounts. He's using very different IP ranges, at least. |
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
bitlane
Internet detective
Sr. Member
Offline
Activity: 462
Merit: 250
I heart thebaron
|
|
January 27, 2012, 11:12:50 PM |
|
I'm pretty sure these accounts were compromised, so I've marked them all as scammers: bitbetter Gluskab brunoshady killer2021 kuba_10 Sjalq madload It looks like the attacker is just trying a few super common passwords on a bunch of user accounts. He's using very different IP ranges, at least. ...further 'revenge' of the Mt.Gox email/password list again/still ? |
|
|
|
|
Keninishna (OP)
|
|
January 28, 2012, 12:17:58 AM |
|
How was your account compromised? Did you have a very weak password?
A few other users claim to have had their accounts compromised today, though these users were just posting useless garbage, not scamming. The attacker seems to come from 83.167.240.*.
My password was probably medium strength but I haven't changed it since I registered on the forum. So its possible one of the forum leaks had compromised it. |
|
|
|
|
|
|
dree12
Legendary
Offline
Activity: 1246
Merit: 1077
|
|
January 28, 2012, 01:07:40 AM |
|
My password is NTFS encryped and stored on my HD, only accessed when I need to log in. I don't see how LastPass will make this any better. |
|
|
|
|
BadBear
v2.0
Legendary
Offline
Activity: 1652
Merit: 1127
|
|
January 28, 2012, 01:50:59 AM |
|
My password is NTFS encryped and stored on my HD, only accessed when I need to log in. I don't see how LastPass will make this any better. Then you aren't the target audience for the post  |
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5180
Merit: 12900
|
|
January 28, 2012, 06:12:22 AM |
|
You were right about epii. I found another IP and set of users taken by the attacker:
50.30.33.111
darvil, epii, Clarithium, borito4, tachi641, pharno, Iyeman
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
|
PatrickHarnett
|
|
January 28, 2012, 06:16:19 AM |
|
You were right about epii. I found another IP and set of users taken by the attacker:
50.30.33.111
darvil, epii, Clarithium, borito4, tachi641, pharno, Iyeman
Thanks Theymos. |
|
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5180
Merit: 12900
|
|
January 28, 2012, 06:44:09 AM |
|
Two of the people with compromised accounts report that they were using the same password they used on MtGox, so it seems likely that the MtGox list is the source.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
|
jake262144
|
|
January 28, 2012, 12:57:32 PM
Last edit: January 28, 2012, 01:09:18 PM by jake262144 |
|
That's an awsome job sieving out the compromised accounts, Theymos. Thumbs up! Do you think we can we make a warning sticky out of this thread in a more visible place than Meta? All I can say is, don't re-purpose passwords, damn it!  At the very least add a pseudo-random suffix to the "core password" if you really can do no better: 1dJpoorpassword
bB4poorpassword
UxTpoorpassword
...
This approach will save you against a leaked password list being tested across multiple servers. Only three additional characters to remember in this example. Also, it's not prudent to use the same username everywhere. Not only does this greatly simplify password attacks but it is also a hazard to your internet privacy. Try adding some variation here as well, k? E.g. That significantly raises the bar for any attacker trying to track you across different servers. |
|
|
|
|
|
