Bitcoin Forum
December 05, 2016, 02:39:18 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 »  All
  Print  
Author Topic: Bitscalper passwords have been leaked  (Read 6880 times)
cablepair
Hero Member
*****
Offline Offline

Activity: 854


https://btc-republic.com/index.php?ref=cablepair


View Profile WWW
February 13, 2012, 01:14:24 PM
 #21

damn, I knew this was too good to be true. This is the reason I only deposited 5 btc

(grew to 5.3532907242433 within a couple weeks)

Luckily I have been using separate passwords on every single site since MTGox got hacked back in june.

1480905558
Hero Member
*
Offline Offline

Posts: 1480905558

View Profile Personal Message (Offline)

Ignore
1480905558
Reply with quote  #2

1480905558
Report to moderator
1480905558
Hero Member
*
Offline Offline

Posts: 1480905558

View Profile Personal Message (Offline)

Ignore
1480905558
Reply with quote  #2

1480905558
Report to moderator
1480905558
Hero Member
*
Offline Offline

Posts: 1480905558

View Profile Personal Message (Offline)

Ignore
1480905558
Reply with quote  #2

1480905558
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480905558
Hero Member
*
Offline Offline

Posts: 1480905558

View Profile Personal Message (Offline)

Ignore
1480905558
Reply with quote  #2

1480905558
Report to moderator
1480905558
Hero Member
*
Offline Offline

Posts: 1480905558

View Profile Personal Message (Offline)

Ignore
1480905558
Reply with quote  #2

1480905558
Report to moderator
vampire
Hero Member
*****
Offline Offline

Activity: 574



View Profile
February 13, 2012, 01:32:32 PM
 #22

I use separate password for everything, thanks to last pass. I am a bit paranoid, so my main banking account has its own password that I don't store anywhere and a RSA key that is locked in a safe.

Use last pass or similar website to manage your passwords.
Ente
Legendary
*
Offline Offline

Activity: 1834



View Profile
February 13, 2012, 02:57:26 PM
 #23

Being paranoid: Please trust (your local) keepass (keepassx in linux) instead of a website.. We just saw what you may get in trusting an external entity ;-)

Ente
Matoking
Sr. Member
****
Offline Offline

Activity: 352

Firstbits: 1m8xa


View Profile WWW
February 13, 2012, 03:21:28 PM
 #24

Plaintext passwords? Seriously?

BTC : 1CcpmVDLvR7DgA5deFGScoNhiEtiJnh6H4 - LTC : LYTnoXAHNsemMB2jhCSi1znQqnfupdRkSy
Bitcoin-otc
BitBin - earn bitcoins with your pastes!
splatster
Full Member
***
Offline Offline

Activity: 175



View Profile
February 13, 2012, 04:31:17 PM
 #25

People should have seen this comming.
By now, the coins are probably already gone.

S² Capital Management | #bitcoin-otc ratings | 1M5j2g4iz4mSwkngrYkqtcmKNGmyDAQzk2
alan2here
Sr. Member
****
Offline Offline

Activity: 331


View Profile
February 13, 2012, 09:26:46 PM
 #26

Didn't gox have a similar thing occur once?
M4v3R
Hero Member
*****
Offline Offline

Activity: 607



View Profile
February 13, 2012, 10:04:31 PM
 #27

Didn't gox have a similar thing occur once?

No, they used md5 hashed passwords, but they were unsalted, so weak passwords got cracked when the db leaked.
Littleshop
Legendary
*
Offline Offline

Activity: 1316



View Profile WWW
February 13, 2012, 10:08:20 PM
 #28

Didn't gox have a similar thing occur once?

No, they used md5 hashed passwords, but they were unsalted, so weak passwords got cracked when the db leaked.
While I have changed my password, had a unique one for that site and withdrew (though it has not arrived), how well would a 11 char password hold up?

M4v3R
Hero Member
*****
Offline Offline

Activity: 607



View Profile
February 13, 2012, 10:13:02 PM
 #29

Bitscalper didn't use any hashing, so every password got out. As for Mt. Gox back then, try this link: How secure is my password?
Littleshop
Legendary
*
Offline Offline

Activity: 1316



View Profile WWW
February 13, 2012, 10:15:23 PM
 #30

Bitscalper didn't use any hashing, so every password got out. As for Mt. Gox back then, try this link: How secure is my password?

Wow.  Glad it was unique.  It says years so I guess it was not too bad.  Thanks, good link

Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
February 14, 2012, 12:02:57 AM
 #31

I call bullshit on this one...

Theymos, have you seen the leaked logins or are you just spreading FUD?

PS: I have no bitcoin on bitscalper, but I made an account there and got some profits out a while back.

theymos
Administrator
Legendary
*
Offline Offline

Activity: 2492


View Profile
February 14, 2012, 12:29:38 AM
 #32

Theymos, have you seen the leaked logins or are you just spreading FUD?

I have the logins. I'll release technical details once it's fixed.

Here's me logged into the admin account (you can see I tried to withdraw his 851 BTC -- still pending):
http://i.imgur.com/l92H3.png

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
February 14, 2012, 12:35:58 AM
 #33

Theymos, have you seen the leaked logins or are you just spreading FUD?

I have the logins. I'll release technical details once it's fixed.

Here's me logged into the admin account (you can see I tried to withdraw his 851 BTC -- still pending):
http://i.imgur.com/l92H3.png

 Shocked

And btc-e was also compromised https://bitcointalk.org/index.php?topic=63767.msg747080#msg747080

jothan
Full Member
***
Offline Offline

Activity: 184


Feel the coffee, be the coffee.


View Profile
February 14, 2012, 02:14:23 AM
 #34

Here is what I posted when I checked out Bitscalper a little while ago.

I'm not putting a password on that website. There is no https.

I highly suggest that he invest in an SSL certificate.

He did not even hash his passwords. I'm glad I did not sign-up !

Bitcoin: the only currency you can store directly into your brain.

What this planet needs is a good 0.0005 BTC US nickel.
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
February 14, 2012, 02:18:56 AM
 #35

Here is what I posted when I checked out Bitscalper a little while ago.

I'm not putting a password on that website. There is no https.

I highly suggest that he invest in an SSL certificate.

He did not even hash his passwords. I'm glad I did not sign-up !
Why, do you use the same password for everything? Tongue

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
jothan
Full Member
***
Offline Offline

Activity: 184


Feel the coffee, be the coffee.


View Profile
February 14, 2012, 02:21:51 AM
 #36

Here is what I posted when I checked out Bitscalper a little while ago.

I'm not putting a password on that website. There is no https.

I highly suggest that he invest in an SSL certificate.

He did not even hash his passwords. I'm glad I did not sign-up !
Why, do you use the same password for everything? Tongue

No, I use a password manager for everything valuable.

No SSL for inputting passwords is a very bad omen in my book. I work in email security, so I am generally paranoid.

Bitcoin: the only currency you can store directly into your brain.

What this planet needs is a good 0.0005 BTC US nickel.
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
February 14, 2012, 02:30:05 AM
 #37

No SSL for inputting passwords is a very bad omen in my book. I work in email security, so I am generally paranoid.
Too true Sad It amazes me that it is still impossible to send email in anything but unsecured form. Sure you can have SSL between the client and server on both ends, but in the middle its still unencrypted.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
mb300sd
Legendary
*
Offline Offline

Activity: 1232

Drunk Posts


View Profile WWW
February 14, 2012, 02:35:55 AM
 #38

No SSL for inputting passwords is a very bad omen in my book. I work in email security, so I am generally paranoid.
Too true Sad It amazes me that it is still impossible to send email in anything but unsecured form. Sure you can have SSL between the client and server on both ends, but in the middle its still unencrypted.

There is PGP. But you do have to set it up yourself. I guess the main reason it hasn't taken off is because most secure email is within a single organization or between trusted organizations. I'm a MS Exchange admin, and you definitely can configure encrypted server-server links, but both ends have to be set up for it.

1D7FJWRzeKa4SLmTznd3JpeNU13L1ErEco
jothan
Full Member
***
Offline Offline

Activity: 184


Feel the coffee, be the coffee.


View Profile
February 14, 2012, 02:40:21 AM
 #39

No SSL for inputting passwords is a very bad omen in my book. I work in email security, so I am generally paranoid.
Too true Sad It amazes me that it is still impossible to send email in anything but unsecured form. Sure you can have SSL between the client and server on both ends, but in the middle its still unencrypted.

There is PGP. But you do have to set it up yourself. I guess the main reason it hasn't taken off is because most secure email is within a single organization or between trusted organizations. I'm a MS Exchange admin, and you definitely can configure encrypted server-server links, but both ends have to be set up for it.

End-to-end encryption and security is the way to go, but it needs user involvement and education.

For passwords, something like SRP over HTTPS would be just about bulletproof, except for the untrustable javascript crypto implementation.

See http://www.matasano.com/articles/javascript-cryptography/ for a full discussion of javascript cryptography.

Bitcoin: the only currency you can store directly into your brain.

What this planet needs is a good 0.0005 BTC US nickel.
markio
Jr. Member
*
Offline Offline

Activity: 38


markio snow


View Profile
February 14, 2012, 03:36:46 AM
 #40

Theymos is the Hero of Winterfell...

hello
Pages: « 1 [2] 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!