Pages:
Author

Topic: [ANN] [LTC] [PPS] [OTP 2FA] [Stratum only] LTCMine PPS mining pool (3.3%) - page 62. (Read 227582 times)

newbie
Activity: 23
Merit: 0
Would it be possible to make two-factor authentication optional?
Yes, but you will be unable to change withdrawal address during the SFA session. Only GA sessions will provide access to this feature.

P.S. 18/59

// 15 hours in the console... Will be AFK some time. Roll Eyes


Thanks, that sounds great!
legendary
Activity: 3108
Merit: 1359
It's obviously that we can't trust hacker's statements.

P.S. He said that it was "not exactly a pool". Not sure what does it mean.

Hacker has made public confession.

Quote
_bender_: john8888, этo нe coвceм пyл был
...
_bender_: Balthazar, пapoли юзepoв взяты чepeз пpocтyю sql-inj в oднoм мecтe, влaдeльцы pecypca нe пpичeм

According to this, _bender_@btc-e chat made passwords dump from unknown vulnerable site. He provided some proofs, i.e. login/password for btc-e account, which was used for stolen funds withdrawal.
legendary
Activity: 1484
Merit: 1005
Coinotron has confirmed it wasn't their pool.  Here are the other pools with which I was registered:

pool-x.eu
litecoinpool.org
Burnside's pool (ltc.kattare.com)
give-me-ltc.com
NuKingsMiningCo
legendary
Activity: 3108
Merit: 1359
Would it be possible to make two-factor authentication optional?
Yes, but you will be unable to change withdrawal address during the SFA session. Only GA sessions will provide access to this feature.

P.S. 18/59

// 15 hours in the console... Will be AFK some time. Roll Eyes
newbie
Activity: 23
Merit: 0
Would it be possible to make two-factor authentication optional instead of forced?
legendary
Activity: 3108
Merit: 1359
legendary
Activity: 3108
Merit: 1359
legendary
Activity: 3108
Merit: 1359
legendary
Activity: 3108
Merit: 1359
I'll back a hour later, and waiting for PMs and emails from compromised account owners. 12/59 isn't enough yet.
legendary
Activity: 3108
Merit: 1359
BBN
member
Activity: 77
Merit: 10
Just recovered my G account password  Grin
legendary
Activity: 3108
Merit: 1359
Balthazar, about the G Verification is that an sms thingy/recaptcha or smth similar?
It will be usual authentication using your google account. Maybe in addition to our login/password, to improve security.

11 accounts from 59 unlocked successfully. Waiting for another compromised account owners.
BBN
member
Activity: 77
Merit: 10
Balthazar, about the G Verification is that an sms thingy/recaptcha or smth similar?
legendary
Activity: 3108
Merit: 1359
Re-posting again:

Quote
If you see your account in this lists

https://bitcointalksearch.org/topic/m.1892862

you need PM me with your new withdrawal address and details about your account.

P.S. 10/59
legendary
Activity: 1484
Merit: 1005
I had about 10 LTC stolen. Sad

edit: Hot wallet address is okay, so no compromises there.  Looks like it was just taken from my ltcmine account.
legendary
Activity: 3108
Merit: 1359
I'll add "displayed name" feature soon. Anyway, with locked addresses there is no sense to brute force again anymore. Addresses will be unlocked after adding the google authentication, and only for GA sessions.

Quote
Did you find it funny that MinerG is part of the compromised accounts?
Of course.  Unfortunately, his account was banned before, so hacker was unable to withdraw anything.
member
Activity: 86
Merit: 10
The item that bothers me is the full usernames on the top miner and such stats. One can compile a list of usernames fairly easy to brute force.

Have you thought about obfuscating part of the usernames in the stats?

Another suggestion is a pin for withdrawal, changing the payout address, or even password changes. This way if someone does get logged in, they still can't make any changes without it.

Edit: Did you find it funny that MinerG is part of the compromised accounts?
legendary
Activity: 3108
Merit: 1359
If you see your account in this lists

https://bitcointalksearch.org/topic/m.1892862

you need PM me with your new withdrawal address and details about your account.
legendary
Activity: 3108
Merit: 1359
kha0s will perform security audit soon, don't know about others.

P.S. ETA for withdrawals is 1-1.5 hours approximately. I need to eat something...  Roll Eyes
sr. member
Activity: 308
Merit: 250
You are lucky man  Wink

Yea, well just trying to help find out the compromised site  Smiley
Pages:
Jump to: