Author

Topic: About the recent attack (Read 21517 times)

legendary
Activity: 1204
Merit: 1015
October 07, 2013, 05:00:49 PM
#2
Besides a password, a user profile also has a secret question that alone can be used to reset a password and takeover an account. Secret questions are also hashed; a simple or short answer may be easily obtained by a database leak from brute force cracking. Besides resetting passwords, users should also reset the secret question and ensure that it is as difficult in length and complexity as a secure password would be.

Users should reset their password on any other service where they may have reused the same password (and take the advice to not reuse passwords). Other information that cannot be guaranteed to be uncompromed includes email addresses associated with user names, or the contents of any PMs now or in the past. Understand that although not reported yet, a leak of email addresses may result in any number of attempts at phishing for information, scams, or computer infection by attachment or web links. Changing the email address associated with your user account will allow you to more easily discern scam attempts from legitimate forum communication and notices.

Of course best is if you had treated PMs as non-private to start with, along with using a unique email address and a unique forum password over 16 characters long...:

You should PM me an email address to send the private key, preferably one where you use pop3/smtp, not webmail. Having the private key means someone would have access to any bitcoins in that address, so you don't want them stored on a webmail or forum message database where curious eyes might snoop. Generating your own is even better than letting an internet stranger make you an address.

Of course, if you send me your pgp public key, I could encrypt the email too (or even post it anywhere and only you could decrypt the contents). Getting pgp or gnupg set up would be a good newbie task to learn about encryption...

(Thanks to deepceleron for this addition!)
legendary
Activity: 1204
Merit: 1015
October 07, 2013, 02:14:23 AM
#1
On October 3, it was discovered that an attacker inserted some JavaScript into forum pages. The forum was shut down soon afterward so that the issue could be investigated carefully. After investigation, I determined that the attacker most likely had the ability to execute arbitrary PHP code. Therefore, the attacker probably could have accessed personal messages, email addresses, and password hashes, though it is unknown whether he actually did so.

Passwords were hashed very strongly. Each password is hashed with 7500 rounds of sha256crypt and a 12-byte random salt (per password). Each password would need to be individually attacked in order to retrieve the password. However, even fairly strong passwords may be crackable after a long period of time, and weak passwords (especially ones composed of only a few dictionary words) may still be cracked quickly, so it is recommended that you change your password here and anywhere else you used the password.

The attacker may have modified posts, PMs, signatures, and registered Bitcoin addresses. It isn't practical for me to check all of these things for everyone, so you should double-check your own stuff and report any irregularities to me.

How the attack was done

I believe that this is how the attack was done: After the 2011 hack of the forum, the attacker inserted some backdoors. These were removed by Mark Karpelles in his post-hack code audit, but a short time later, the attacker used the password hashes he obtained from the database in order to take control of an admin account and insert the backdoors back in. (There is a flaw in stock SMF allowing you to login as someone using only their password hash. No bruteforcing is required. This was fixed on this forum when the password system was overhauled over a year ago.) The backdoors were in obscure locations, so they weren't noticed until I did a complete code audit yesterday.

After I found the backdoors, I saw that someone (presumably the attacker) independently posted about his attack method with matching details. So it seems very likely that this was the attack method.

Because the backdoors were first planted in late 2011, the database could have been secretly accessed any time since then.

It was initially suspected by many that the attack was done by exploiting a flaw in SMF which allows you to upload any file to the user avatars directory, and then using a misconfiguration in nginx to execute this file as a PHP script. However, this attack method seems impossible if PHP's security.limit_extensions is set.

The future

The forum is now on a new server inside of a virtual machine with many extra security precautions which will hopefully provide some security in depth in case there are more exploits or backdoors. Also, I have disabled much SMF functionality to provide less attack surface. In particular, non-default themes are disabled for now.

I'd like to publish the forum's current code so that it can be carefully reviewed and the disabled features can be re-enabled. SMF 1.x's license prohibits publishing the code, though, so I will have to either upgrade to 2.x, get a special copyright exception from SMF, or do the auditing myself. During this investigation, a few security disadvantages to 2.x were brought to my attention, so I don't know whether I want to upgrade if I can help it. (1.x is still supported by SMF.)

Special thanks to these people for their assistance in dealing with this issue:
- warren
- Private Internet Access
- nerta
- Joshua Rogers
- chaoztc
- phantomcircuit
- jpcaissy
- bluepostit
- All others who helped

Code:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

As of October 7 2013, the Bitcoin Forum has been restored to bitcointalk.org.
-----BEGIN PGP SIGNATURE-----

iF4EAREIAAYFAlJSRF8ACgkQxlVWk9q1keemWgD/WcvrsikPq6AHpEo20KGmQInp
FlyAWNbX74z65KJrsUEBAIcCzYnHZ7gAs49mlhSq1fR9o2LZCETV3BJveCTu7lAi
=b9Xb
-----END PGP SIGNATURE-----
Jump to: