Bitcoin Forum
March 29, 2024, 05:52:05 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 [24] 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 ... 78 »
  Print  
Author Topic: [ANN] [LTC] [PPS] [OTP 2FA] [Stratum only] LTCMine PPS mining pool (3.3%)  (Read 227515 times)
Balthazar (OP)
Legendary
*
Offline Offline

Activity: 3108
Merit: 1358



View Profile
April 25, 2013, 08:39:38 AM
 #461

Everything seems OK for now.
1711691525
Hero Member
*
Offline Offline

Posts: 1711691525

View Profile Personal Message (Offline)

Ignore
1711691525
Reply with quote  #2

1711691525
Report to moderator
If you want to be a moderator, report many posts with accuracy. You will be noticed.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
Melfice
Newbie
*
Offline Offline

Activity: 40
Merit: 0



View Profile
April 25, 2013, 08:55:30 AM
Last edit: April 25, 2013, 09:13:32 AM by Melfice
 #462

Ceгoдня aвтoмaтичecкaя aвтopизaция пpeкpaтилacь (видимo пpoшлo 30 днeй) и никaк зaйти нe пoлyчaeтcя, пapoль никaк нe xoтeл пoдxoдить. Cдeлaл peзeт пapoля, нo нa пoчтy ничeгo нe пpиxoдит. Hик нa пyлe тaкoй жe.

Edit: пpoчитaл пpo cбpoc пapoлeй, тeпepь пoнятнo oт чeгo тaк. Пиcьмo пpишлo нaкoнeц.
YipYip
Hero Member
*****
Offline Offline

Activity: 574
Merit: 500



View Profile
April 25, 2013, 09:14:02 AM
 #463

Everything seems OK for now.

Have u got any details on your hack ??

My friend djdave from your security flaw has now lost over 25btc or $4000 from your fuck up !!

SO now we are waiting on btc-e to try and resolve but would be keen to find out what leads u have on your security breach .......


OBJECT NOT FOUND
Balthazar (OP)
Legendary
*
Offline Offline

Activity: 3108
Merit: 1358



View Profile
April 25, 2013, 09:40:47 AM
Last edit: April 25, 2013, 10:37:05 AM by Balthazar
 #464

I has no connection with btc-e development, you have chosen the wrong victim. And honestly, I got tired of it. I'm repeating for the last time - I have absolutely no idea about what's happening there.

So, you posted this message in the wrong thread.
ailikun
Sr. Member
****
Offline Offline

Activity: 406
Merit: 254



View Profile
April 25, 2013, 10:30:49 AM
 #465

Balthazar, im missing something around 40ltc on my account.
I guess they've been stolen, are you planning on returning those coins?

Komuto Herovato is definitely the chief engineer of bfl)
Balthazar (OP)
Legendary
*
Offline Offline

Activity: 3108
Merit: 1358



View Profile
April 25, 2013, 10:35:16 AM
Last edit: April 28, 2013, 04:40:14 PM by Balthazar
 #466

We are not obliged to do so, but we have a compensation plan.
ailikun
Sr. Member
****
Offline Offline

Activity: 406
Merit: 254



View Profile
April 25, 2013, 10:51:38 AM
 #467

Booбщe этo нe oчeнь пpaвильнo...
Кaк я пoнимaю, лaйткoв yкpaли нe тaк мнoгo.
Moжнo былo бы и кoмпeнcиpoвaть...

A кaкoгo poдa плaниpyeтcя кoмпeнcaция?

Komuto Herovato is definitely the chief engineer of bfl)
Balthazar (OP)
Legendary
*
Offline Offline

Activity: 3108
Merit: 1358



View Profile
April 25, 2013, 10:53:55 AM
Last edit: April 25, 2013, 11:08:00 AM by Balthazar
 #468

Previous post was updated.
Balthazar (OP)
Legendary
*
Offline Offline

Activity: 3108
Merit: 1358



View Profile
April 25, 2013, 11:43:12 AM
 #469

Stop taking this drugs, it's just an advice. Dumbass is already your middle name, your post has nothing connected with reality.

P.S. Our database wasn't compromised, so take care to explain your bullshit or get the fuck out of there.
stenkross
Sr. Member
****
Offline Offline

Activity: 330
Merit: 250



View Profile
April 25, 2013, 11:45:49 AM
 #470

how would u like 1400ltc stolen from you and all u get from teh person that caused all of this is "its not my problem " and "I am sick of listening to it"

Did your friend loose the money from ltcmine.ru or btc-e.com ?
YipYip
Hero Member
*****
Offline Offline

Activity: 574
Merit: 500



View Profile
April 25, 2013, 11:48:06 AM
 #471

how would u like 1400ltc stolen from you and all u get from teh person that caused all of this is "its not my problem " and "I am sick of listening to it"

Did your friend loose the money from ltcmine.ru or btc-e.com ?

btc-e ...only because ltcmine.ru gave them a complete list of user names and passwords to use to access btc-e  Angry


OBJECT NOT FOUND
Balthazar (OP)
Legendary
*
Offline Offline

Activity: 3108
Merit: 1358



View Profile
April 25, 2013, 11:51:26 AM
 #472

how would u like 1400ltc stolen from you and all u get from teh person that caused all of this is "its not my problem " and "I am sick of listening to it"

Did your friend loose the money from ltcmine.ru or btc-e.com ?

btc-e ...only because ltcmine.ru gave them a complete list of user names and passwords to use to access btc-e  Angry


I'm asking you again, take care to explain your bullshit.
YipYip
Hero Member
*****
Offline Offline

Activity: 574
Merit: 500



View Profile
April 25, 2013, 12:03:17 PM
 #473

how would u like 1400ltc stolen from you and all u get from teh person that caused all of this is "its not my problem " and "I am sick of listening to it"

Did your friend loose the money from ltcmine.ru or btc-e.com ?

btc-e ...only because ltcmine.ru gave them a complete list of user names and passwords to use to access btc-e  Angry


I'm asking you again, take care to explain your bullshit.

What do u want me to explain u got hacked....u gave the hackers a complete list of usernames and passwords

They used this list to access and steal $5k USD from my friends account

Thats it !!

OBJECT NOT FOUND
DaCash
Newbie
*
Offline Offline

Activity: 30
Merit: 0



View Profile
April 25, 2013, 12:11:34 PM
 #474

P.S. You don't need google account for this. You only need the authentication codes generator application.

I am trying to understand how it works here. You do not connect to google itself, right? All verification is done on the phone(client) using time and secret key generated on the web? It seems different from i.e. https://www.duosecurity.com/features .
What if i have (or will be using) google auth on my phone with existing google account - can keys from ltcmine.ru and google "coexist"?
Balthazar (OP)
Legendary
*
Offline Offline

Activity: 3108
Merit: 1358



View Profile
April 25, 2013, 12:18:09 PM
Last edit: April 25, 2013, 01:59:25 PM by Balthazar
 #475

If someone got a trojan, that isn't our fault. Try to think about it.

Quote
What do u want me to explain u got hacked....u gave the hackers a complete list of usernames and passwords
1) We are not hacked. Simply try to understand this.
2) We don't store passwords, only salted hashes.
3) All pool funds except for withdrawn from compromised accounts are still here.

That's all.
Balthazar (OP)
Legendary
*
Offline Offline

Activity: 3108
Merit: 1358



View Profile
April 25, 2013, 12:34:06 PM
Last edit: April 26, 2013, 06:03:23 PM by Balthazar
 #476

I am trying to understand how it works here. You do not connect to google itself, right?
We are using google OTP api. It's quite simple:

1) We are generating secret key, which then saved by our service and user.
2) System time of all sides syncronized from the same source.
3) User runs offline generation of OTP code using his copy of secret key and his own system time. Code will be valid for 60s since generation time.
4) User sends OTP code to us
5) We are calling OTP api method, which runs code validation
6) If it's returned true, code is valid and authentication is completed.

What if i have (or will be using) google auth on my phone with existing google account - can keys from ltcmine.ru and google "coexist"?
OTP api is completely independent from user accounts. It's used by google to implement authentication, but anyone also can use it for own services. And you can use any amount of secret keys simultaneously.
stenkross
Sr. Member
****
Offline Offline

Activity: 330
Merit: 250



View Profile
April 25, 2013, 01:06:12 PM
 #477

They used this list to access and steal $5k USD from my friends account

I'm new to ltcmine.ru, and new to bitcoin/litecoin community as a whole, so forgive my ignorance but, why store BTC/LTC worth $5k on a mining site (no offense Balthazar)?
I withdraw mine when I reach 10 LTC, because I trust noone but my own wallet.dat.
I can understand that does not work if you're a top miner, but even if you have 30MH/s, that would generate 80 LTC / day. If you generate that much I'd make sure to withdraw at least once / day or so.
DaCash
Newbie
*
Offline Offline

Activity: 30
Merit: 0



View Profile
April 25, 2013, 01:23:16 PM
 #478

Cпacибo,
I was misguided by this post http://evadeflow.com/2011/09/desktop-authenticator-for-google-2fa/ , it seemed like google role there was just generating secret code for the phone/java app and developing android application Smiley. I have seen hardware time-based tokens, and how they work i believe you generate private/public key pair, embed public part in hardware token and use it together with system time to generate OTPs
Balthazar (OP)
Legendary
*
Offline Offline

Activity: 3108
Merit: 1358



View Profile
April 25, 2013, 01:32:43 PM
 #479

Cпacибo,
I was misguided by this post http://evadeflow.com/2011/09/desktop-authenticator-for-google-2fa/ , it seemed like google role there was just generating secret code for the phone/java app and developing android application Smiley. I have seen hardware time-based tokens, and how they work i believe you generate private/public key pair, embed public part in hardware token and use it together with system time to generate OTPs
Currently used implementation described by RFC 2289.
Balthazar (OP)
Legendary
*
Offline Offline

Activity: 3108
Merit: 1358



View Profile
April 25, 2013, 02:13:46 PM
 #480

stenkross
Such messages are too difficult to understand by person like him. People like YipYip  are not capable to do anything useful. Submit piece of crap and run away (because they are afraid of responsibility for their own words and unable to apologize), that's all that they can do.

That's sad... I thought that YipYip was matured person.
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 [24] 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 ... 78 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!