|
Blazr
|
 |
January 11, 2015, 02:49:33 PM |
|
(...)
I received the same PM , however welcome back @Spekulatius. ( I hope you're not coming to use again GMX or web.de). I simple gmail address with the 2FA it's the better solution and obviously secure .
It is better when you have your own Mailserver  For example with autoban (Try it out on my Server if you want, try 2 times to login - then you get banned for 1 Year: Admin@Dice-Win.com) Best regards It locks you out for a year after only 2 failed attempts?! How are you able to login when you are drunk?  |
|
|
|
|
Christian1998
|
|
January 11, 2015, 02:55:07 PM |
|
(...)
I received the same PM , however welcome back @Spekulatius. ( I hope you're not coming to use again GMX or web.de). I simple gmail address with the 2FA it's the better solution and obviously secure .
It is better when you have your own Mailserver For example with autoban (Try it out on my Server if you want, try 2 times to login - then you get banned for 1 Year: Admin@Dice-Win.com) Best regards It locks you out for a year after only 2 failed attempts?! How are you able to login when you are drunk? Yes it does. I can remove the ban manually Because i dont need to login with my password You can test it if you want - its my server, i allow it to test it. Best regards Christian |
|
|
|
|
Spekulatius
Legendary
 Offline
Activity: 1022
Merit: 1000
|
|
January 12, 2015, 03:12:08 AM |
|
I figured I should post there here. Per the message I received from Spekulatius the hacker used the below email and IP address -snip- The attacker used the email screams@live.com and the IP 73.166.140.216. -snip- I received the same PM , however welcome back @Spekulatius. ( I hope you're not coming to use again GMX or web.de). I simple gmail address with the 2FA it's the better solution and obviously secure . Ok, changed it to a yahoo.de account. Hope thats secure enough  Feels good to be back |
|
|
|
|
Quickseller (OP)
Copper Member
Legendary
Offline
Activity: 2996
Merit: 2374
|
|
January 12, 2015, 03:14:38 AM |
|
I figured I should post there here. Per the message I received from Spekulatius the hacker used the below email and IP address -snip- The attacker used the email screams@live.com and the IP 73.166.140.216. -snip- I received the same PM , however welcome back @Spekulatius. ( I hope you're not coming to use again GMX or web.de). I simple gmail address with the 2FA it's the better solution and obviously secure . Ok, changed it to a yahoo.de account. Hope thats secure enough Feels good to be back That may work, however the most secure email would be one that cannot possibly exist (IDK why the forum does not allow the option of simply not having an email at all). What I recommend using is [username]@bitcointalk.org, since the forum does not offer email services it would not be possible to hack/create that email address (although you would be somewhat out of luck if you forgot your password) |
|
|
|
hilariousandco
Global Moderator
Legendary
Offline
Activity: 3990
Merit: 2717
Join the world-leading crypto sportsbook NOW!
|
|
January 12, 2015, 06:02:20 AM |
|
Ok, changed it to a yahoo.de account. Hope thats secure enough Depends how secure you made it. Hope you didn't use some of the basic security questions that are easily guessable. That may work, however the most secure email would be one that cannot possibly exist (IDK why the forum does not allow the option of simply not having an email at all). What I recommend using is [username]@bitcointalk.org, since the forum does not offer email services it would not be possible to hack/create that email address (although you would be somewhat out of luck if you forgot your password)
Couldn't theymos or possibly BadBear create those emails and steal the accounts? |
|
|
|
Quickseller (OP)
Copper Member
Legendary
Offline
Activity: 2996
Merit: 2374
|
|
January 12, 2015, 06:04:31 AM |
|
That may work, however the most secure email would be one that cannot possibly exist (IDK why the forum does not allow the option of simply not having an email at all). What I recommend using is [username]@bitcointalk.org, since the forum does not offer email services it would not be possible to hack/create that email address (although you would be somewhat out of luck if you forgot your password)
Couldn't theymos or possibly BadBear create those emails and steal the accounts? If they wanted to do this they would simply reset the password to an email they control themselves. Or they could just change the password by editing the DB. |
|
|
|
|
MadZ
|
|
January 14, 2015, 06:32:12 AM |
|
I banned him and removed him from my trust list.
The real Akka should email me.
Shouldn't Akka be re-added to your trust list now that he has regained access to his account? I would've assumed he has PMed you by now, but perhaps he hasn't noticed he was removed since his trust ratings still look the same on his end. |
|
|
|
|
Akka
Legendary
Offline
Activity: 1232
Merit: 1001
|
|
January 14, 2015, 06:40:19 AM |
|
I banned him and removed him from my trust list.
The real Akka should email me.
Shouldn't Akka be re-added to your trust list now that he has regained access to his account? I would've assumed he has PMed you by now, but perhaps he hasn't noticed he was removed since his trust ratings still look the same on his end. It's honestly not so important for me to be readded, beeing a trusted User it's kinda nice, but that's already it for me. But I still appear as Akka in his list. I that means I'm somehow untrusted in his list, Yes it would be nice if that could be fixed. |
All previous versions of currency will no longer be supported as of this update
|
|
|
|
MadZ
|
|
January 14, 2015, 06:45:14 AM |
|
I banned him and removed him from my trust list.
The real Akka should email me.
Shouldn't Akka be re-added to your trust list now that he has regained access to his account? I would've assumed he has PMed you by now, but perhaps he hasn't noticed he was removed since his trust ratings still look the same on his end. It's honestly not so important for me to be readded, beeing a trusted User it's kinda nice, but that's already it for me. But I still appear as Akka in his list. I that means I'm somehow untrusted in his list, Yes it would be nice if that could be fixed. You should PM him, he only removed you because your account was hacked. Since you have regained access to your account and properly secured it, he should have no problems re-adding you, or at least removing you from his distrust list if that is all you care about. |
|
|
|
|
qwk
Donator
Legendary
Offline
Activity: 3542
Merit: 3413
Shitcoin Minimalist
|
|
January 14, 2015, 09:58:25 AM |
|
What I recommend using is [username]@bitcointalk.org, since the forum does not offer email services it would not be possible to hack/create that email address (although you would be somewhat out of luck if you forgot your password)
In the (unlikely) event of successful DNS poisoning, an attacker might be able to forge an MX record for bitcointalk.org and point it at his own mail server. It's difficult to estimate the likelihood of such an attack, but I personally would consider that more likely than an attack against a professional mail provider. |
Yeah, well, I'm gonna go build my own blockchain. With blackjack and hookers! In fact forget the blockchain.
|
|
|
Quickseller (OP)
Copper Member
Legendary
Offline
Activity: 2996
Merit: 2374
|
|
January 14, 2015, 12:28:23 PM |
|
What I recommend using is [username]@bitcointalk.org, since the forum does not offer email services it would not be possible to hack/create that email address (although you would be somewhat out of luck if you forgot your password)
In the (unlikely) event of successful DNS poisoning, an attacker might be able to forge an MX record for bitcointalk.org and point it at his own mail server. It's difficult to estimate the likelihood of such an attack, but I personally would consider that more likely than an attack against a professional mail provider. i thought GMX was a professional mail provider. This would also prevent any kind of social engineering attack, like using your security question to reset your password. |
|
|
|
|
Parazyd
|
|
January 14, 2015, 12:30:39 PM |
|
What I recommend using is [username]@bitcointalk.org, since the forum does not offer email services it would not be possible to hack/create that email address (although you would be somewhat out of luck if you forgot your password)
In the (unlikely) event of successful DNS poisoning, an attacker might be able to forge an MX record for bitcointalk.org and point it at his own mail server. It's difficult to estimate the likelihood of such an attack, but I personally would consider that more likely than an attack against a professional mail provider. i thought GMX was a professional mail provider. This would also prevent any kind of social engineering attack, like using your security question to reset your password. Epochtalk is coming soon, and there will be two-factor authentication. It's gonna make us feel super-safe  |
|
|
|
|
qwk
Donator
Legendary
Offline
Activity: 3542
Merit: 3413
Shitcoin Minimalist
|
|
January 14, 2015, 01:02:46 PM |
|
What I recommend using is [username]@bitcointalk.org, since the forum does not offer email services it would not be possible to hack/create that email address (although you would be somewhat out of luck if you forgot your password)
In the (unlikely) event of successful DNS poisoning, an attacker might be able to forge an MX record for bitcointalk.org and point it at his own mail server. It's difficult to estimate the likelihood of such an attack, but I personally would consider that more likely than an attack against a professional mail provider. i thought GMX was a professional mail provider. This would also prevent any kind of social engineering attack, like using your security question to reset your password. Yes, GMX is a professional mail provider. That's why I would consider DNS poisoning against them highly unlikely. If there's really an issue there, it's almost certainly something else. I just wanted to point out that using xxx@bitcointalk.org to counter password attacks against the forum is probably not such a good idea after all. |
Yeah, well, I'm gonna go build my own blockchain. With blackjack and hookers! In fact forget the blockchain.
|
|
|
molecular
Donator
Legendary
Offline
Activity: 2772
Merit: 1019
|
|
January 14, 2015, 07:38:52 PM |
|
my gmx pw got changed again. I think it's a different person. he took my twitter (forgot to change email), got it back. he requested password reset on bitstamp with IP: 198.237.119.18, but didn't log in probably because of lack 2nd factor. he posted this on twitter: https://twitter.com/cotta3/status/555443222793572354 I should really close the gmx account, but I'm afraid because maybe I missed to change email on some important account... |
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
|
Parazyd
|
|
January 14, 2015, 07:43:06 PM |
|
molecular: Check them all again, and change when needed. You shouldn't be lazy in a situation like this |
|
|
|
|
molecular
Donator
Legendary
Offline
Activity: 2772
Merit: 1019
|
|
January 14, 2015, 09:17:08 PM |
|
molecular: Check them all again, and change when needed. You shouldn't be lazy in a situation like this how to find which sites I used the email-address on, though? sift through 14270 emails (I copied to local)? look in my head? (done that) I hope there is a way to lock/deactivate the gmx account and keep others from registering that particular address for at least some time. |
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
|
Parazyd
|
|
January 14, 2015, 09:22:57 PM |
|
molecular: Check them all again, and change when needed. You shouldn't be lazy in a situation like this how to find which sites I used the email-address on, though? sift through 14270 emails (I copied to local)? look in my head? (done that) I hope there is a way to lock/deactivate the gmx account and keep others from registering that particular address for at least some time. You could filter the emails, Google your email or your username. |
|
|
|
|
|
