Pages:
Author

Topic: About the recent server compromise - page 4. (Read 15385 times)

legendary
Activity: 1064
Merit: 1000
May 26, 2015, 10:20:27 PM
Thanks for the explanation theymos.  

On May 22 at 00:56 UTC, an attacker gained root access to the forum's server. He then proceeded to try to acquire a dump of the forum's database before I noticed this at around 1:08 and shut down the server. In the intervening time, it seems that he was able to collect some or all of the "members" table. You should assume that the following information about your account was leaked:

Does this mean that only people with the member rank were effected, or all forum members? Changing my password anyways, just curious.

Also, I found this interesting article: https://www.cryptocoinsnews.com/bitcoin-mining-figure-joshua-zipkin-responsible-bitcointalk-hack/

Opinions?
sr. member
Activity: 439
Merit: 288
May 26, 2015, 07:06:08 PM
Good job on getting this up again lads! Hope next time you'll be ready and fully armed! Wink This downtime looked like an eternity, lot of us missed you.
staff
Activity: 3304
Merit: 4115
May 26, 2015, 06:35:43 PM
Compromise notification email said reset question was less brute-force resistant, so I wanted to remove it. Is blanking QnA form (and save) enough to disable it?

You can always test it yourself by going to the "forgotten password" and selecting "Ask me my security question". It will tell you if it's not enabled on your account. That's if you want to double check.
member
Activity: 82
Merit: 26
May 26, 2015, 06:29:54 PM
Compromise notification email said reset question was less brute-force resistant, so I wanted to remove it. Is blanking QnA form (and save) enough to disable it?

Yes, make the secret question field empty.
full member
Activity: 168
Merit: 100
Yoohoo
May 26, 2015, 06:21:59 PM
Compromise notification email said reset question was less brute-force resistant, so I wanted to remove it. Is blanking QnA form (and save) enough to disable it?
sr. member
Activity: 327
Merit: 250
May 26, 2015, 05:31:04 PM
Passwords are hashed with 7500 rounds of sha256crypt. This is pretty good, but certainly not beyond attack. Note that even though SHA-256 is used here, sha256crypt is different enough from Bitcoin's SHA-256d PoW algorithm that Bitcoin mining ASICs almost certainly cannot be modified to crack forum passwords.

How much does the password need to be changed, whould it be enough to change a letter or two.
Or would it be better to make a brand new long and complicated password.
Reason I ask is that it take some time to memories a long complicated password,
if only added or removing something will the learning time for the new password decrease.

no, make a fresh, and new password.

if you have issues remembering all passwords - check out KeePass 2 - it's a open source password vault. you only need one master password

Are the passwords it generates by using mouse movements for additional entropy completely random? Does it only generate pseudo random passwords without using mouse movements or anything else to collect additional entropy?
hero member
Activity: 490
Merit: 500
Captain
May 26, 2015, 04:38:53 PM
Passwords are hashed with 7500 rounds of sha256crypt. This is pretty good, but certainly not beyond attack. Note that even though SHA-256 is used here, sha256crypt is different enough from Bitcoin's SHA-256d PoW algorithm that Bitcoin mining ASICs almost certainly cannot be modified to crack forum passwords.

How much does the password need to be changed, whould it be enough to change a letter or two.
Or would it be better to make a brand new long and complicated password.
Reason I ask is that it take some time to memories a long complicated password,
if only added or removing something will the learning time for the new password decrease.

no, make a fresh, and new password.

if you have issues remembering all passwords - check out KeePass 2 - it's a open source password vault. you only need one master password

Yes, you are proberly right....... I need a brand new one, adding 8 letters is not good enough.
I look at that KeePass 2, it looks pretty good, just not sure I can trust it.....
But thank you anyways Smiley
legendary
Activity: 1764
Merit: 1000
May 26, 2015, 04:27:56 PM
Passwords are hashed with 7500 rounds of sha256crypt. This is pretty good, but certainly not beyond attack. Note that even though SHA-256 is used here, sha256crypt is different enough from Bitcoin's SHA-256d PoW algorithm that Bitcoin mining ASICs almost certainly cannot be modified to crack forum passwords.

How much does the password need to be changed, whould it be enough to change a letter or two.
Or would it be better to make a brand new long and complicated password.
Reason I ask is that it take some time to memories a long complicated password,
if only added or removing something will the learning time for the new password decrease.

no, make a fresh, and new password.

if you have issues remembering all passwords - check out KeePass 2 - it's a open source password vault. you only need one master password
hero member
Activity: 490
Merit: 500
Captain
May 26, 2015, 04:23:58 PM
Passwords are hashed with 7500 rounds of sha256crypt. This is pretty good, but certainly not beyond attack. Note that even though SHA-256 is used here, sha256crypt is different enough from Bitcoin's SHA-256d PoW algorithm that Bitcoin mining ASICs almost certainly cannot be modified to crack forum passwords.

How much does the password need to be changed, whould it be enough to change a letter or two.
Or would it be better to make a brand new long and complicated password.
Reason I ask is that it take some time to memories a long complicated password,
if only added or removing something will the learning time for the new password decrease.
hero member
Activity: 714
Merit: 528
May 26, 2015, 03:51:32 PM
Thank you for keeping this site safe  Smiley
Maybe you could invest in some kind better security in the future? just in case something like this happening again
and im still trying to figure out what's the motive of the attacker to attack this site  Undecided

If they get an email/password combo figured out, they could have passed them self off as a well respected member and done deals where they get money and run. Or, just use the email/password to log into a bank account, or exchange account and withdraw the money. One of the main things is to use a unique password for each site. Lastpass.com is good for that, if anyone hasn't heard of them.
Luckily my btctalk password is different from my bank and paypal account.
When creating my password i used text randomizer and then save it onto my notepad and backed it up on gdrive
Very safe i must say  Cheesy
legendary
Activity: 1778
Merit: 1043
#Free market
May 26, 2015, 03:40:11 PM
It wasn't the forum's fault but the hosting.

Theymos claims it was the hosting. That's what you meant to say.
He openly states, in this very thread, that before any of the alleged social engineering took place,
"... The attacker was able to acquire KVM access credentials for the server. The investigation into how this was possible is still ongoing, so I don't know everything ..."

Not sure why everyone is acting like lax DC security is the issue,

The hoster denied beeing attacked with SE. It is still not clear how attacker gained access and why.

Where did you see this? People here are still under the impression it was Social Engineering....

I don't remember where it was. It was one of the crypto news sites. They wrote, they have called NFOrce about the incident and they denied beeing attacked with SE.

of course they would deny it. Social engineering is the worst PR for them, no one would trust them anymore

Exactly, I have started to think ....that with a simple thing you can ruin all the security that you have created. A soc. eng. attack is a simple concept but it is not simple to do, it brought me back to my mind the story of 'kevin mitnick".
legendary
Activity: 1764
Merit: 1000
May 26, 2015, 03:35:43 PM
It wasn't the forum's fault but the hosting.

Theymos claims it was the hosting. That's what you meant to say.
He openly states, in this very thread, that before any of the alleged social engineering took place,
"... The attacker was able to acquire KVM access credentials for the server. The investigation into how this was possible is still ongoing, so I don't know everything ..."

Not sure why everyone is acting like lax DC security is the issue,

The hoster denied beeing attacked with SE. It is still not clear how attacker gained access and why.

Where did you see this? People here are still under the impression it was Social Engineering....

I don't remember where it was. It was one of the crypto news sites. They wrote, they have called NFOrce about the incident and they denied beeing attacked with SE.

of course they would deny it. Social engineering is the worst PR for them, no one would trust them anymore
AGD
legendary
Activity: 2070
Merit: 1164
Keeper of the Private Key
May 26, 2015, 03:04:44 PM
It wasn't the forum's fault but the hosting.

Theymos claims it was the hosting. That's what you meant to say.
He openly states, in this very thread, that before any of the alleged social engineering took place,
"... The attacker was able to acquire KVM access credentials for the server. The investigation into how this was possible is still ongoing, so I don't know everything ..."

Not sure why everyone is acting like lax DC security is the issue,

The hoster denied beeing attacked with SE. It is still not clear how attacker gained access and why.

Where did you see this? People here are still under the impression it was Social Engineering....

I don't remember where it was. It was one of the crypto news sites. They wrote, they have called NFOrce about the incident and they denied beeing attacked with SE.
hero member
Activity: 504
Merit: 500
May 26, 2015, 12:24:59 PM
It wasn't the forum's fault but the hosting.

Theymos claims it was the hosting. That's what you meant to say.
He openly states, in this very thread, that before any of the alleged social engineering took place,
"... The attacker was able to acquire KVM access credentials for the server. The investigation into how this was possible is still ongoing, so I don't know everything ..."

Not sure why everyone is acting like lax DC security is the issue,

The hoster denied beeing attacked with SE. It is still not clear how attacker gained access and why.

Where did you see this? People here are still under the impression it was Social Engineering....
legendary
Activity: 1778
Merit: 1043
#Free market
May 26, 2015, 12:17:17 PM
If our account still gets compromised, are you still able to revert permissions back with a PGP btc address to confirm user?

Yes. I also have a database snapshot from a little before the attack which I can use to verify people by email if necessary.
I'm sorry, but has theymos actually confirmed his forum identity after the attack yet?  And also, is it just me or is the forum currently loading slower than normal?

Was running ok earlier but it's got a bit sluggish now, but that's to be expected as everyone tries logging on and resetting their passwords etc. Wouldn't surprise me if the forum will get ddosed as well.

ddosbtc is fucking around with his annoying booter.

Another hacked account  Grin, WTF ... welcome back Mt.Gox support !
legendary
Activity: 1652
Merit: 1128
May 26, 2015, 12:15:10 PM
Yes, empty means there isn't one. Double check and make sure it's actually empty, and that there aren't any white spaces (cursor there, backspace and then delete). 
sr. member
Activity: 455
Merit: 251
blockchain longa, vita brevis
May 26, 2015, 12:11:54 PM
Not sure if I missed it somewhere, but if the "secret question" field is blank, does this mean it is not set? I don't believe I ever set one in the past and want to make sure that is still the case.

Same question here, please let us know.
sr. member
Activity: 470
Merit: 250
May 26, 2015, 12:07:58 PM
Not sure if I missed it somewhere, but if the "secret question" field is blank, does this mean it is not set? I don't believe I ever set one in the past and want to make sure that is still the case.
hero member
Activity: 784
Merit: 1000
May 26, 2015, 10:26:35 AM
Just back after a long break and saw this, that explain why I can't access the forum recently.

Also I suddenly receive spam email from somewhere (mostly german or something), anyone got the same problem?
Was the email related to the forum or was it just someone trying to sell you some medicines or electronics?
I just hope the email was not for phishing.
Not related to forum I think atm because I can't understand the language, also I already deleted the other but I saw one of them like referral or something and another one linked with url shortener (I dont want to click the link) also like one of them impersonating a bitcoin services or something related.
sr. member
Activity: 280
Merit: 250
May 26, 2015, 10:10:41 AM
Just back after a long break and saw this, that explain why I can't access the forum recently.

Also I suddenly receive spam email from somewhere (mostly german or something), anyone got the same problem?
Was the email related to the forum or was it just someone trying to sell you some medicines or electronics?
I just hope the email was not for phishing.
Pages:
Jump to: