BTC-E.COM NICE RECOVERY FROM THE HACK! =)

Bitcoin Forum

May 12, 2024, 08:35:07 PM

Welcome, Guest. Please login or register.

News: Latest Bitcoin Core release: 27.0 [Torrent]

Home

Help

Search

Login

Register

More

Bitcoin Forum > Economy > Marketplace > Service Discussion > BTC-E.COM NICE RECOVERY FROM THE HACK! =)

Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 [20] All

« previous topic next topic »

Author

Topic: BTC-E.COM NICE RECOVERY FROM THE HACK! =) (Read 50976 times)

ErebusBat

Hero Member

Offline

Offline

Activity: 560
Merit: 500

I am the one who knocks

Re: HOLY SHIT BTC-E.COM hit $40 per BTC!

August 02, 2012, 06:15:53 PM

#381

Quote from: dree12 on August 01, 2012, 09:13:33 PM

Quote from: ErebusBat on August 01, 2012, 02:03:56 PM

Quote from: runeks on July 31, 2012, 11:05:45 PM

Quote from: ErebusBat on July 31, 2012, 10:39:23 PM

Quote from: Energizer on July 31, 2012, 10:32:02 PM

It seems more like a Man-in-the-Middle attack, there would have been sniffing involved in uncovering the secret keys. It is also possible that a simple XSS "Cross-Site-Scripting" vulnerability been involved in revealing the secrets "it could be the account number field Wink

Wink

".

Except this API key shouldn't be doing anything that would be overly vulnerable to XSS. MiM is possible, but if LR isn't using HTTPS, or they were not verifying the certificate chain (entirely possible) then someone is an idiot.

I often hear man-in-the-middle attacks mentioned, but how do they work exactly? I mean, I know the attacker is able to position himself between the target and whatever server the target is trying to reach, but how on earth does he do this? By poisoning the DNS cache of the target? Or through some other means? I mean, I find it pretty hard to understand how I can connect to a site, and someone can somehow inject himself into the path between me and the site.

However the above scenario is HIGHLY unlikely, to the point I have a better chance of answering my door to find mila kunis there ready to be my sex slave AND my wife being ok with it.

What if Mila Kunis is your wife?

CHRISTMAS!

░▒▓█ Coinroll.it - 1% House Edge Dice Game █▓▒░ • Coinroll Thread • *FREE* 100 BTC Raffle

Signup for CEX.io BitFury exchange and get GHS Instantly! Don't wait for shipping, mine NOW!

1715546107

Hero Member

Offline

Offline

Posts: 1715546107

Personal Message (Offline)

Ignore

1715546107

1715546107

Reply with quote

#2

1715546107


	Report to moderator

1715546107

Hero Member

Offline

Offline

Posts: 1715546107

Personal Message (Offline)

Ignore

1715546107

1715546107

Reply with quote

#2

1715546107


	Report to moderator

The trust scores you see are subjective; they will change depending on who you have in your trust list.

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.

1715546107

Hero Member

Offline

Offline

Posts: 1715546107

Personal Message (Offline)

Ignore

1715546107

1715546107

Reply with quote

#2

1715546107


	Report to moderator

1715546107

Hero Member

Offline

Offline

Posts: 1715546107

Personal Message (Offline)

Ignore

1715546107

1715546107

Reply with quote

#2

1715546107


	Report to moderator

1715546107

Hero Member

Offline

Offline

Posts: 1715546107

Personal Message (Offline)

Ignore

1715546107

1715546107

Reply with quote

#2

1715546107


	Report to moderator

Matthew N. Wright

Untrustworthy
Hero Member

Offline

Offline

Activity: 588
Merit: 500

Hero VIP ultra official trusted super staff puppet

Re: HOLY SHIT BTC-E.COM hit $40 per BTC!

August 02, 2012, 07:32:13 PM

#382

Quote from: dree12 on August 01, 2012, 09:13:33 PM

Quote from: ErebusBat on August 01, 2012, 02:03:56 PM

Quote from: runeks on July 31, 2012, 11:05:45 PM

Quote from: ErebusBat on July 31, 2012, 10:39:23 PM

Quote from: Energizer on July 31, 2012, 10:32:02 PM

It seems more like a Man-in-the-Middle attack, there would have been sniffing involved in uncovering the secret keys. It is also possible that a simple XSS "Cross-Site-Scripting" vulnerability been involved in revealing the secrets "it could be the account number field Wink

Wink

".

Except this API key shouldn't be doing anything that would be overly vulnerable to XSS. MiM is possible, but if LR isn't using HTTPS, or they were not verifying the certificate chain (entirely possible) then someone is an idiot.

I often hear man-in-the-middle attacks mentioned, but how do they work exactly? I mean, I know the attacker is able to position himself between the target and whatever server the target is trying to reach, but how on earth does he do this? By poisoning the DNS cache of the target? Or through some other means? I mean, I find it pretty hard to understand how I can connect to a site, and someone can somehow inject himself into the path between me and the site.

However the above scenario is HIGHLY unlikely, to the point I have a better chance of answering my door to find mila kunis there ready to be my sex slave AND my wife being ok with it.

What if Mila Kunis is your wife?

I for one would never get on the forums again.

My transparent history + transaction-specific feedback thread

|

No e-begging! If you need money, work for it!

|

Bitcoin EU Convention 2013, Amsterdam, Sept 26~28

Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 [20] All

Bitcoin Forum > Economy > Marketplace > Service Discussion > BTC-E.COM NICE RECOVERY FROM THE HACK! =)

« previous topic next topic »

Jump to:

Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines