Bitcoin Forum>Other>Meta
Pages:
Author

Topic: Akka - Default trust account no longer hacked! (Read 6418 times)

Parazyd
hero member
Activity: 812
Merit: 587
Space Lord
Akka - Default trust account no longer hacked!
January 14, 2015, 05:22:57 PM
#97
Quote from: molecular on January 14, 2015, 05:17:08 PM
Quote from: Parazyd on January 14, 2015, 03:43:06 PM
molecular: Check them all again, and change when needed. You shouldn't be lazy in a situation like this Wink

how to find which sites I used the email-address on, though?

sift through 14270 emails (I copied to local)?

look in my head? (done that)

I hope there is a way to lock/deactivate the gmx account and keep others from registering that particular address for at least some time.


You could filter the emails, Google your email or your username.
molecular
donator
Activity: 2772
Merit: 1019
Re: Akka - Default trust account no longer hacked!
January 14, 2015, 05:17:08 PM
#96
Quote from: Parazyd on January 14, 2015, 03:43:06 PM
molecular: Check them all again, and change when needed. You shouldn't be lazy in a situation like this Wink

how to find which sites I used the email-address on, though?

sift through 14270 emails (I copied to local)?

look in my head? (done that)

I hope there is a way to lock/deactivate the gmx account and keep others from registering that particular address for at least some time.
Parazyd
hero member
Activity: 812
Merit: 587
Space Lord
Re: Akka - Default trust account no longer hacked!
January 14, 2015, 03:43:06 PM
#95
molecular: Check them all again, and change when needed. You shouldn't be lazy in a situation like this Wink
molecular
donator
Activity: 2772
Merit: 1019
Re: Akka - Default trust account no longer hacked!
January 14, 2015, 03:38:52 PM
#94
my gmx pw got changed again.

I think it's a different person.

he took my twitter (forgot to change email), got it back.

he requested password reset on bitstamp with IP: 198.237.119.18, but didn't log in probably because of lack 2nd factor.

he posted this on twitter:

https://twitter.com/cotta3/status/555443222793572354



I should really close the gmx account, but I'm afraid because maybe I missed to change email on some important account...
qwk
donator
Activity: 3542
Merit: 3413
Shitcoin Minimalist
Re: Akka - Default trust account no longer hacked!
January 14, 2015, 09:02:46 AM
#93
Quote from: Quickseller on January 14, 2015, 08:28:23 AM
Quote from: qwk on January 14, 2015, 05:58:25 AM
Quote from: Quickseller on January 11, 2015, 11:14:38 PM
What I recommend using is [username]@bitcointalk.org, since the forum does not offer email services it would not be possible to hack/create that email address (although you would be somewhat out of luck if you forgot your password)
In the (unlikely) event of successful DNS poisoning, an attacker might be able to forge an MX record for bitcointalk.org and point it at his own mail server.
It's difficult to estimate the likelihood of such an attack, but I personally would consider that more likely than an attack against a professional mail provider.
i thought GMX was a professional mail provider.

This would also prevent any kind of social engineering attack, like using your security question to reset your password.
Yes, GMX is a professional mail provider. That's why I would consider DNS poisoning against them highly unlikely.
If there's really an issue there, it's almost certainly something else.

I just wanted to point out that using [email protected] to counter password attacks against the forum is probably not such a good idea after all.
Parazyd
hero member
Activity: 812
Merit: 587
Space Lord
Re: Akka - Default trust account no longer hacked!
January 14, 2015, 08:30:39 AM
#92
Quote from: Quickseller on January 14, 2015, 08:28:23 AM
Quote from: qwk on January 14, 2015, 05:58:25 AM
Quote from: Quickseller on January 11, 2015, 11:14:38 PM
What I recommend using is [username]@bitcointalk.org, since the forum does not offer email services it would not be possible to hack/create that email address (although you would be somewhat out of luck if you forgot your password)
In the (unlikely) event of successful DNS poisoning, an attacker might be able to forge an MX record for bitcointalk.org and point it at his own mail server.
It's difficult to estimate the likelihood of such an attack, but I personally would consider that more likely than an attack against a professional mail provider.
i thought GMX was a professional mail provider.

This would also prevent any kind of social engineering attack, like using your security question to reset your password.

Epochtalk is coming soon, and there will be two-factor authentication.
It's gonna make us feel super-safe Cheesy
Quickseller
copper member
Activity: 2870
Merit: 2298
Re: Akka - Default trust account no longer hacked!
January 14, 2015, 08:28:23 AM
#91
Quote from: qwk on January 14, 2015, 05:58:25 AM
Quote from: Quickseller on January 11, 2015, 11:14:38 PM
What I recommend using is [username]@bitcointalk.org, since the forum does not offer email services it would not be possible to hack/create that email address (although you would be somewhat out of luck if you forgot your password)
In the (unlikely) event of successful DNS poisoning, an attacker might be able to forge an MX record for bitcointalk.org and point it at his own mail server.
It's difficult to estimate the likelihood of such an attack, but I personally would consider that more likely than an attack against a professional mail provider.
i thought GMX was a professional mail provider.

This would also prevent any kind of social engineering attack, like using your security question to reset your password.
qwk
donator
Activity: 3542
Merit: 3413
Shitcoin Minimalist
Re: Akka - Default trust account no longer hacked!
January 14, 2015, 05:58:25 AM
#90
Quote from: Quickseller on January 11, 2015, 11:14:38 PM
What I recommend using is [username]@bitcointalk.org, since the forum does not offer email services it would not be possible to hack/create that email address (although you would be somewhat out of luck if you forgot your password)
In the (unlikely) event of successful DNS poisoning, an attacker might be able to forge an MX record for bitcointalk.org and point it at his own mail server.
It's difficult to estimate the likelihood of such an attack, but I personally would consider that more likely than an attack against a professional mail provider.
MadZ
hero member
Activity: 908
Merit: 657
Re: Akka - Default trust account no longer hacked!
January 14, 2015, 02:45:14 AM
#89
Quote from: Akka on January 14, 2015, 02:40:19 AM
Quote from: MadZ on January 14, 2015, 02:32:12 AM
Quote from: theymos on January 07, 2015, 10:19:13 PM
I banned him and removed him from my trust list.

The real Akka should email me.

Shouldn't Akka be re-added to your trust list now that he has regained access to his account? I would've assumed he has PMed you by now, but perhaps he hasn't noticed he was removed since his trust ratings still look the same on his end.

It's honestly not so important for me to be readded, beeing a trusted User it's kinda nice, but that's already it for me. But I still appear as Akka in his list. I that means I'm somehow untrusted in his list, Yes it would be nice if that could be fixed.

You should PM him, he only removed you because your account was hacked. Since you have regained access to your account and properly secured it, he should have no problems re-adding you, or at least removing you from his distrust list if that is all you care about.
Akka
legendary
Activity: 1232
Merit: 1001
Re: Akka - Default trust account no longer hacked!
January 14, 2015, 02:40:19 AM
#88
Quote from: MadZ on January 14, 2015, 02:32:12 AM
Quote from: theymos on January 07, 2015, 10:19:13 PM
I banned him and removed him from my trust list.

The real Akka should email me.

Shouldn't Akka be re-added to your trust list now that he has regained access to his account? I would've assumed he has PMed you by now, but perhaps he hasn't noticed he was removed since his trust ratings still look the same on his end.

It's honestly not so important for me to be readded, beeing a trusted User it's kinda nice, but that's already it for me. But I still appear as Akka in his list. I that means I'm somehow untrusted in his list, Yes it would be nice if that could be fixed.
MadZ
hero member
Activity: 908
Merit: 657
Re: Akka - Default trust account no longer hacked!
January 14, 2015, 02:32:12 AM
#87
Quote from: theymos on January 07, 2015, 10:19:13 PM
I banned him and removed him from my trust list.

The real Akka should email me.

Shouldn't Akka be re-added to your trust list now that he has regained access to his account? I would've assumed he has PMed you by now, but perhaps he hasn't noticed he was removed since his trust ratings still look the same on his end.
Quickseller
copper member
Activity: 2870
Merit: 2298
Re: Akka - Default trust account no longer hacked!
January 12, 2015, 02:04:31 AM
#86
Quote from: hilariousandco on January 12, 2015, 02:02:20 AM
Quote from: Quickseller on January 11, 2015, 11:14:38 PM
That may work, however the most secure email would be one that cannot possibly exist (IDK why the forum does not allow the option of simply not having an email at all). What I recommend using is [username]@bitcointalk.org, since the forum does not offer email services it would not be possible to hack/create that email address (although you would be somewhat out of luck if you forgot your password)

Couldn't theymos or possibly BadBear create those emails and steal the accounts? Grin
If they wanted to do this they would simply reset the password to an email they control themselves. Or they could just change the password by editing the DB.
hilariousandco
global moderator
Activity: 3850
Merit: 2643
Join the world-leading crypto sportsbook NOW!
Re: Akka - Default trust account no longer hacked!
January 12, 2015, 02:02:20 AM
#85
Quote from: Spekulatius on January 11, 2015, 11:12:08 PM
Ok, changed it to a yahoo.de account. Hope thats secure enough Roll Eyes

Depends how secure you made it. Hope you didn't use some of the basic security questions that are easily guessable.

Quote from: Quickseller on January 11, 2015, 11:14:38 PM
That may work, however the most secure email would be one that cannot possibly exist (IDK why the forum does not allow the option of simply not having an email at all). What I recommend using is [username]@bitcointalk.org, since the forum does not offer email services it would not be possible to hack/create that email address (although you would be somewhat out of luck if you forgot your password)

Couldn't theymos or possibly BadBear create those emails and steal the accounts? Grin
Quickseller
copper member
Activity: 2870
Merit: 2298
Re: Akka - Default trust account no longer hacked!
January 11, 2015, 11:14:38 PM
#84
Quote from: Spekulatius on January 11, 2015, 11:12:08 PM
Quote from: redsn0w on January 11, 2015, 02:39:58 AM
Quote from: ?? on ??
I figured I should post there here. Per the message I received from Spekulatius the hacker used the below email and IP address

Quote
-snip-
The attacker used the email [email protected] and the IP 73.166.140.216.
-snip-


I received the same PM , however welcome back @Spekulatius.  ( I hope you're not coming to use again  GMX or web.de). I simple gmail address with the 2FA it's the better solution and obviously secure .

Ok, changed it to a yahoo.de account. Hope thats secure enough Roll Eyes

Feels good to be back
That may work, however the most secure email would be one that cannot possibly exist (IDK why the forum does not allow the option of simply not having an email at all). What I recommend using is [username]@bitcointalk.org, since the forum does not offer email services it would not be possible to hack/create that email address (although you would be somewhat out of luck if you forgot your password)
Spekulatius
legendary
Activity: 1022
Merit: 1000
Re: Akka - Default trust account no longer hacked!
January 11, 2015, 11:12:08 PM
#83
Quote from: redsn0w on January 11, 2015, 02:39:58 AM
Quote from: ?? on ??
I figured I should post there here. Per the message I received from Spekulatius the hacker used the below email and IP address

Quote
-snip-
The attacker used the email [email protected] and the IP 73.166.140.216.
-snip-


I received the same PM , however welcome back @Spekulatius.  ( I hope you're not coming to use again  GMX or web.de). I simple gmail address with the 2FA it's the better solution and obviously secure .

Ok, changed it to a yahoo.de account. Hope thats secure enough Roll Eyes

Feels good to be back
Christian1998
sr. member
Activity: 474
Merit: 500
Re: Akka - Default trust account no longer hacked!
January 11, 2015, 10:55:07 AM
#82
Quote from: Blazr on January 11, 2015, 10:49:33 AM
Quote from: Christian1998 on January 11, 2015, 03:11:57 AM
Quote from: redsn0w on January 11, 2015, 02:39:58 AM
(...)
I received the same PM , however welcome back @Spekulatius.  ( I hope you're not coming to use again  GMX or web.de). I simple gmail address with the 2FA it's the better solution and obviously secure .
It is better when you have your own Mailserver Wink For example with autoban (Try it out on my Server if you want, try 2 times to login - then you get banned for 1 Year: [email protected])
Best regards

It locks you out for a year after only 2 failed attempts?! How are you able to login when you are drunk?  Grin
Yes it does.
I can remove the ban manually Wink
Because i dont need to login with my password Wink
You can test it if you want - its my server, i allow it to test it.
Best regards
Christian
Blazr
hero member
Activity: 882
Merit: 1005
Re: Akka - Default trust account no longer hacked!
January 11, 2015, 10:49:33 AM
#81
Quote from: Christian1998 on January 11, 2015, 03:11:57 AM
Quote from: redsn0w on January 11, 2015, 02:39:58 AM
(...)
I received the same PM , however welcome back @Spekulatius.  ( I hope you're not coming to use again  GMX or web.de). I simple gmail address with the 2FA it's the better solution and obviously secure .
It is better when you have your own Mailserver Wink For example with autoban (Try it out on my Server if you want, try 2 times to login - then you get banned for 1 Year: [email protected])
Best regards

It locks you out for a year after only 2 failed attempts?! How are you able to login when you are drunk?  Grin
Christian1998
sr. member
Activity: 474
Merit: 500
Re: Akka - Default trust account no longer hacked!
January 11, 2015, 03:11:57 AM
#80
Quote from: redsn0w on January 11, 2015, 02:39:58 AM
(...)
I received the same PM , however welcome back @Spekulatius.  ( I hope you're not coming to use again  GMX or web.de). I simple gmail address with the 2FA it's the better solution and obviously secure .
It is better when you have your own Mailserver Wink For example with autoban (Try it out on my Server if you want, try 2 times to login - then you get banned for 1 Year: [email protected])
Best regards
redsn0w
legendary
Activity: 1778
Merit: 1042
#Free market
Re: Akka - Default trust account no longer hacked!
January 11, 2015, 02:39:58 AM
#79
Quote from: ?? on ??
I figured I should post there here. Per the message I received from Spekulatius the hacker used the below email and IP address

Quote
-snip-
The attacker used the email [email protected] and the IP 73.166.140.216.
-snip-


I received the same PM , however welcome back @Spekulatius.  ( I hope you're not coming to use again  GMX or web.de). I simple gmail address with the 2FA it's the better solution and obviously secure .
Quickseller
copper member
Activity: 2870
Merit: 2298
Re: Akka - Default trust account no longer hacked!
January 10, 2015, 09:37:27 PM
#78
Quote from: Spekulatius on January 10, 2015, 06:37:56 PM
My account is with web.de, which belongs, i think, to gmx. Is it safe if I have changed my password or should I move to another provider?
I am glad that you got your account back. Theymos really should give a warning to people not to use GMX and et el email addresses for their forum accounts.


I figured I should post there here. Per the message I received from Spekulatius the hacker used the below email and IP address

Quote
-snip-
The attacker used the email [email protected] and the IP 73.166.140.216.
-snip-
Pages:
Bitcoin Forum>Other>Meta
Jump to: