AGD
Legendary
 Offline
Activity: 2070
Merit: 1164
Keeper of the Private Key
|
 |
September 14, 2014, 05:55:36 AM |
|
I believe that post when he stated "I am not Dorian" is from SN. From the logs of the emails that were posted, the hacker just received access right before he sent the email to theymos. So, I believe that earlier post is legit...
Why didn't he sign that message to proof it was legit? |
|
|
|
|
wasserman99
|
|
September 14, 2014, 07:02:27 AM |
|
I believe that post when he stated "I am not Dorian" is from SN. From the logs of the emails that were posted, the hacker just received access right before he sent the email to theymos. So, I believe that earlier post is legit...
Why didn't he sign that message to proof it was legit? No one questioned if the post was legit or not. It was assumed by the community that it was. |
|
|
|
AGD
Legendary
Offline
Activity: 2070
Merit: 1164
Keeper of the Private Key
|
|
September 14, 2014, 08:49:39 AM |
|
I believe that post when he stated "I am not Dorian" is from SN. From the logs of the emails that were posted, the hacker just received access right before he sent the email to theymos. So, I believe that earlier post is legit...
Why didn't he sign that message to proof it was legit? No one questioned if the post was legit or not. It was assumed by the community that it was. Not true. Some people need proof before they classify a message as "legit". Satoshi would not forget to sign it if he wanted everybody to believe it was him without a doubt. He found it important enough to break his silence after years to post this strange message, but forgot to sign it to proof it was legit? No way... |
|
|
|
|
|
itod
Legendary
Offline
Activity: 1974
Merit: 1077
^ Will code for Bitcoins
|
|
September 14, 2014, 11:08:39 AM |
|
Interesting comment in those emails regarding the reusing of addresses: Address book labels for receiving addresses is confusing but I'm not sure what else to do. Anyone using it for more than just simple purposes would need to create different receiving addresses for each payer so they could tell who's paying them. That concept doesn't have much analogy in the real world.
Satoshi |
|
|
|
|
proofofarat
Newbie
Offline
Activity: 21
Merit: 0
|
|
September 14, 2014, 04:37:12 PM |
|
Looking at GMX's password recovery process, to recover an account it looks like they will either send an email to s***@v*****.com
or they will let you enter your birthdate. Perhaps somebody exploited one of these two options?
reddit formatting markdown fucked up the email address characters, but it looks like S followed by 6 stars @ V followed by 8 stars
entering birth date is rate limited to 3 attempts per 24 hrs. So probably wasn't accessed through this unless the attacker had narrowed down the range a bit
|
|
|
|
|
Skinnyman
Member
Offline
Activity: 61
Merit: 10
|
|
September 14, 2014, 04:39:54 PM |
|
Looking at GMX's password recovery process, to recover an account it looks like they will either send an email to s***@v*****.com
or they will let you enter your birthdate. Perhaps somebody exploited one of these two options?
reddit formatting markdown fucked up the email address characters, but it looks like S followed by 6 stars @ V followed by 8 stars
entering birth date is rate limited to 3 attempts per 24 hrs. So probably wasn't accessed through this unless the attacker had narrowed down the range a bit
This has already been discussed and is likely how he gained access. Think someone said it would take max a year to guess the birthdate by bruteforce. |
|
|
|
|
|
wasserman99
|
|
September 14, 2014, 06:42:41 PM |
|
Looking at GMX's password recovery process, to recover an account it looks like they will either send an email to s***@v*****.com
or they will let you enter your birthdate. Perhaps somebody exploited one of these two options?
reddit formatting markdown fucked up the email address characters, but it looks like S followed by 6 stars @ V followed by 8 stars
entering birth date is rate limited to 3 attempts per 24 hrs. So probably wasn't accessed through this unless the attacker had narrowed down the range a bit
This has already been discussed and is likely how he gained access. Think someone said it would take max a year to guess the birthdate by bruteforce. I would think that the hacker likely changed the password reset questions once he gained access to the account. I would not be surprised if some hacker was able to exploit some kind of vulnerability at gmx (and potentially sold this information on some dark web site). |
|
|
|
FloodZone
Newbie
Offline
Activity: 62
Merit: 0
|
|
September 14, 2014, 06:55:54 PM |
|
Looking at GMX's password recovery process, to recover an account it looks like they will either send an email to s***@v*****.com
or they will let you enter your birthdate. Perhaps somebody exploited one of these two options?
reddit formatting markdown fucked up the email address characters, but it looks like S followed by 6 stars @ V followed by 8 stars
entering birth date is rate limited to 3 attempts per 24 hrs. So probably wasn't accessed through this unless the attacker had narrowed down the range a bit
Would take 4 months max to crack the birth date.. So it's quite possible. |
|
|
|
|
jabo38
Legendary
Offline
Activity: 1232
Merit: 1001
mining is so 2012-2013
|
|
September 14, 2014, 08:02:02 PM |
|
Looking at GMX's password recovery process, to recover an account it looks like they will either send an email to s***@v*****.com
or they will let you enter your birthdate. Perhaps somebody exploited one of these two options?
reddit formatting markdown fucked up the email address characters, but it looks like S followed by 6 stars @ V followed by 8 stars
entering birth date is rate limited to 3 attempts per 24 hrs. So probably wasn't accessed through this unless the attacker had narrowed down the range a bit
Would take 4 months max to crack the birth date.. So it's quite possible. If somebody knew the exact calendar year, that's true. But do we really really know exactly what year he was born? |
|
|
|
Buge
Newbie
Offline
Activity: 2
Merit: 0
|
|
September 14, 2014, 09:21:51 PM |
|
Looking at GMX's password recovery process, to recover an account it looks like they will either send an email to s***@v*****.com
or they will let you enter your birthdate. Perhaps somebody exploited one of these two options?
reddit formatting markdown fucked up the email address characters, but it looks like S followed by 6 stars @ V followed by 8 stars
entering birth date is rate limited to 3 attempts per 24 hrs. So probably wasn't accessed through this unless the attacker had narrowed down the range a bit
People in this thread have already said that even though it claims to limit you to 3 tries per 24 hours, it actually doesn't limit you. |
|
|
|
|
|
ALXBOB
|
|
September 14, 2014, 09:22:03 PM |
|
|
|
|
|
|
TsuyokuNaritai
|
|
September 14, 2014, 10:22:24 PM |
|
Why does everyone keep reposting this as if it's still news? |
|
|
|
|
giveBTCpls
|
|
September 14, 2014, 11:08:21 PM |
|
Why does everyone keep reposting this as if it's still news? Lol. Hasn't it proved already the "hacker" was a dumb kid that got doxed? OP should update the thread with the info so people dont keep asking or something. |
|
|
|
|
|
Bill Bisco
Member
Offline
Activity: 109
Merit: 10
|
|
September 14, 2014, 11:52:11 PM |
|
It would have been nice if the hacker released Satoshi's old emails foe posterity. It's a real shame we had such an idiot hacker.
|
BTC: 1PVqE4eM8uBJ7Xb9rCsCLajp5YSi6p8oQ6
"Real Sharpness Comes Without Effort"
|
|
|
AGD
Legendary
Offline
Activity: 2070
Merit: 1164
Keeper of the Private Key
|
|
September 15, 2014, 06:47:43 AM |
|
I don't believe in this "idiot hacker" story at all.
|
|
|
|
|
DubFX
|
|
September 15, 2014, 07:34:07 AM |
|
There are lots of sites where you can send mail under fake e-mail address, it's simple.
|
|
|
|
|
UsernameBitcoin
Sr. Member
Offline
Activity: 530
Merit: 250
CryptoTalk.Org - Get Paid for every Post!
|
|
September 15, 2014, 07:55:10 AM |
|
Looking at GMX's password recovery process, to recover an account it looks like they will either send an email to s***@v*****.com
or they will let you enter your birthdate. Perhaps somebody exploited one of these two options?
reddit formatting markdown fucked up the email address characters, but it looks like S followed by 6 stars @ V followed by 8 stars
entering birth date is rate limited to 3 attempts per 24 hrs. So probably wasn't accessed through this unless the attacker had narrowed down the range a bit
Would take 4 months max to crack the birth date.. So it's quite possible. If somebody knew the exact calendar year, that's true. But do we really really know exactly what year he was born? If Satoshi is only one person and not a group, just try the birth dates of Nick Szabo, Wei Dai, David Chaum, John Nash, Adam Back, Tatsuaki Okamoto, Hal Finney, Neal King, Vladimir Oksman, Charles Bry, Michael Weber, Shinichi Mochizuki, Robert A. Hettinga, Gavin Andresen, and Ray Dillinger and you have your Satoshi. |
|
|
|
marcus_of_augustus
Legendary
Offline
Activity: 3920
Merit: 2349
Eadem mutata resurgo
|
|
September 15, 2014, 09:05:40 AM |
|
Looking at GMX's password recovery process, to recover an account it looks like they will either send an email to s***@v*****.com
or they will let you enter your birthdate. Perhaps somebody exploited one of these two options?
reddit formatting markdown fucked up the email address characters, but it looks like S followed by 6 stars @ V followed by 8 stars
entering birth date is rate limited to 3 attempts per 24 hrs. So probably wasn't accessed through this unless the attacker had narrowed down the range a bit
Would take 4 months max to crack the birth date.. So it's quite possible. If somebody knew the exact calendar year, that's true. But do we really really know exactly what year he was born? If Satoshi is only one person and not a group, just try the birth dates of Nick Szabo, Wei Dai, David Chaum, John Nash, Adam Back, Tatsuaki Okamoto, Hal Finney, Neal King, Vladimir Oksman, Charles Bry, Michael Weber, Shinichi Mochizuki, Robert A. Hettinga, Gavin Andresen, and Ray Dillinger and you have your Satoshi. ... it is common practice for pseudonyms to use cryptic yet significant dates, numerology or the like. 1/1/1971, 2/8/82, etc ... |
|
|
|
|
