Pages:
Author

Topic: About the recent attack - page 4. (Read 14041 times)

hero member
Activity: 560
Merit: 500
I am the one who knocks
October 07, 2013, 01:51:29 PM
#47
In the reddit thread...
[snip]

Theymos says it was someone from SA, How does he know that? If he KNOWS who it was, why not tell us all?

[snip]


What's SA?
Something Awful, often abbreviated to SA, is a comedy website housing a variety of content, including blog entries, forums, feature articles, digitally edited pictures, and humorous media reviews.
legendary
Activity: 1456
Merit: 1081
I may write code in exchange for bitcoins.
October 07, 2013, 01:38:12 PM
#46
In the reddit thread...
[snip]

Theymos says it was someone from SA, How does he know that? If he KNOWS who it was, why not tell us all?

[snip]


What's SA?
legendary
Activity: 966
Merit: 1004
Keep it real
October 07, 2013, 12:54:54 PM
#45
that's funny, I used to be a hero member with something on the order of 1500 posts, i guess i've been reduced in rank for not liking ads?

Your rank is different because it's based off of activity now instead of post count.  Been like this for almost 4 months, see https://bitcointalksearch.org/topic/activity-new-membergroup-limits-237597
sr. member
Activity: 462
Merit: 250
It's all about the game, and how you play it
October 07, 2013, 12:52:21 PM
#44
You mean you've taken this opportunity to force ads on all of us(which are disabled by the actual SMF default theme) by defaulting to your custom theme.

Once you become a Hero Member in two weeks max, you'll be able to disable the ads in the profile settings.

https://bitcointalksearch.org/user/deslok-23737
and scroll down to "Disable ads".

I personally have them enabled, compared with other websites' solutions the ones here are rather unintrusive.

By keeping them disabled you also miss some of the interesting quotes:
https://bitcointalk.org/adrotate.php?adinfo


that's funny, I used to be a hero member with something on the order of 1500 posts, i guess i've been reduced in rank for not liking ads?(the other layout also included a few things not shown with the bitcointalk one that were nice to have on occasion) back on topic i'm glad the forum is back at least
legendary
Activity: 3472
Merit: 1722
October 07, 2013, 12:12:42 PM
#43
You mean you've taken this opportunity to force ads on all of us(which are disabled by the actual SMF default theme) by defaulting to your custom theme.

Once you become a Hero Member in two weeks max, you'll be able to disable the ads in the profile settings.

https://bitcointalksearch.org/user/deslok-23737
and scroll down to "Disable ads".

I personally have them enabled, compared with other websites' solutions the ones here are rather unintrusive.

By keeping them disabled you also miss some of the interesting quotes:
https://bitcointalk.org/adrotate.php?adinfo
full member
Activity: 121
Merit: 100
October 07, 2013, 11:14:05 AM
#42
Good to see it back up!

I'm trying to change my password, but it's confusing because whenever I log in, make changes, etc., I just get a completely blank page, so it's hard to know if it was even successful. Does this happen to anyone else or is it just my browser?
member
Activity: 84
Merit: 10
October 07, 2013, 10:44:32 AM
#41
Some things that should be done (but probably won't be done because Theymos would have to spend some of the money he collected)

-Use a reverse proxy service such as Cloudflare or Akami
-Run vulnerability scanners against the site such as HP web inspect.
-Develop a living risk matrix and list the mitigation steps for each vulnerability.
-Hire a company to do penetration testing.

Posting the code is not a good idea since it would be only for this site and it would not be an "open source" project.  It would be someone looking to get something for free when they should pay an expert. 

Web Inspect is rubbish, since you recommend hiring Pen Tester. It works out cheaper just using Pen Tester then getting Web Inspect.

Also consider using Tripwire, so you know when the code has been modified.
hero member
Activity: 952
Merit: 1009
October 07, 2013, 10:37:24 AM
#40

The forum is now on a new server inside of a virtual machine with many extra security precautions which will hopefully provide some security in depth in case there are more exploits or backdoors. Also, I have disabled much SMF functionality to provide less attack surface. In particular, non-default themes are disabled for now.



You mean you've taken this opportunity to force ads on all of us(which are disabled by the actual SMF default theme) by defaulting to your custom theme.

You need to see the ads. The forums need money to upgrade their security.
sr. member
Activity: 462
Merit: 250
It's all about the game, and how you play it
October 07, 2013, 10:33:21 AM
#39

The forum is now on a new server inside of a virtual machine with many extra security precautions which will hopefully provide some security in depth in case there are more exploits or backdoors. Also, I have disabled much SMF functionality to provide less attack surface. In particular, non-default themes are disabled for now.



You mean you've taken this opportunity to force ads on all of us(which are disabled by the actual SMF default theme) by defaulting to your custom theme.
sr. member
Activity: 390
Merit: 250
October 07, 2013, 09:48:45 AM
#38
Thanks Admin, Glad to see this forum is back again.
hero member
Activity: 495
Merit: 507
October 07, 2013, 09:08:54 AM
#37
Cloudflare was identified on our end as well.
administrator
Activity: 5222
Merit: 13032
October 07, 2013, 08:08:29 AM
#36
It is somewhat scary that admins can modify forum code from within the forum itself if I understand correctly.

That's how Satoshi set it up (maybe the SMF default), but I fixed it a while ago.
hero member
Activity: 495
Merit: 507
October 07, 2013, 07:54:16 AM
#35
In the reddit thread...

Theymos says it was someone from SA, How does he know that? If he KNOWS who it was, why not tell us all?

Because all the "zOMG FBI ARE WATCHING!!!" threads amuse him?
legendary
Activity: 1428
Merit: 1001
Okey Dokey Lokey
October 07, 2013, 07:49:46 AM
#34
In the reddit thread...

Theymos says it was someone from SA, How does he know that? If he KNOWS who it was, why not tell us all?

Aside from that little peice of wonder, IM HAPPY THE FORUMS ARE BACK! Grin
hero member
Activity: 495
Merit: 507
October 07, 2013, 07:43:27 AM
#33

I guess it means you guys shouldn't only screen cap the gibbis thread.

In case anyone missed it, here's a backup of the assets of the hack.

http://crymore.com/btc/

I guess I should mention that I didn't do it.
legendary
Activity: 1708
Merit: 1020
October 07, 2013, 07:43:10 AM
#32

Bounties for reporting future vulnerabilities would be nice.

It is somewhat scary that admins can modify forum code from within the forum itself if I understand correctly.


newbie
Activity: 14
Merit: 0
October 07, 2013, 07:34:34 AM
#31
Attackers never really get anything out of their efforts in the end.
Mhhh,... the only ones to know what they got are the attackers, I guess.
To say that they did not get anything is just speculation.
legendary
Activity: 1450
Merit: 1013
Cryptanalyst castrated by his government, 1952
October 07, 2013, 07:10:35 AM
#30
Great to see the site back up. While it was down there was a lot of media mischief to the effect that "BTC is dead and will never recover". (I won't dignify the FUD with sample links). With that in mind, for "next time", I'd suggest putting up a brb splash page of some kind during an outage. This time people could go to reddit if they knew how, but otherwise were left in the dark to be spun by the FUDsters.

Also, given the nature of some of the spin out there, is there an informed "official" position on the (lack of?) correlation between the forum attack and the SR takedown? Is there an "official" position on the absence of a major BTC price crash during the dark period?



b!z
legendary
Activity: 1582
Merit: 1010
October 07, 2013, 05:34:43 AM
#29
Thank you for the information, theymos. I'm glad the forum is back.
hero member
Activity: 798
Merit: 1000
October 07, 2013, 05:25:17 AM
#28
If only all those thousands of dollars in donations had actually been put to purpose hey  Roll Eyes
Pages:
Jump to: