Topic: BTC-e being hacked. Watch your account. (Read 5165 times)

Email is an important attack vector, but images are mainly blocked when they are loaded from external URLs (not embedded in emails) so that users can choose to avoid automated tracking of whether/when they open messages.  Each email can be created with a unique image URL.  When that "image" is fetched, the server sending it can then be pretty confident someone opened the email.

Another reason is to reduce the amount of data downloaded for messages that may well be spam anyway.  (But whitelisted senders' mails are often treated differently, with all images fetched & displayed.)

The shocking jpeg buffer overflow vulnerability dates mainly to 2004 and has been addressed by updated software but that's not to say any software can be fully trusted.

It does make good sense to block unnecessary online content and to use different computers (virtual computers, at least) for financial tasks!

That would make sense, as I pointed out 2 posts ago

It can come embedded in a jpeg that shows in an e-mail. That's why e-mail providers usually automatically block images.

Just read all that on wiki and have a few questions...

I haven't opened any strange links or downloaded anything lately, is there any other way that program could have found it's way into my laptop?

I ran a complete spy-ware and mal-ware program, nothing showed up. Would that confirm a Keystroke program is Not on my system?  ....none of my other accounts have been hacked.

You need to re-read that again. I didn't say, "my" security is set, I said, "Those of you on btc-e, make sure YOUR security is set".
btc-e is the only account I didn't have 2fa.
I don't get how all pages on btc-e are in English except for the 2fa page which is in Russian. My others sites/wallets have 2fa.

im noticing msot hacks are people without 2fa

http://bit.ly/tadhtb

That's why 2fa is so important. It changes every time.

http://en.wikipedia.org/wiki/Keystroke_logging

A program can record your keystrokes and send it to the person who designed it. If you have one of these,all your passwords may have been compromised. But,damn...

Not sure how you can say "your security is set" on btc-e if you don't have 2fa enabled. Without 2fa your risk of being hacked goes up considerably.

Keyloggers are also capable of capturing your screen... don't know if they can do it undetected though. Keyloggers are the only thing i fear on the internet. 

I lost a few coins but they were just my "trading coins" (still it hurt and is a lesson learned), I kept my load on an encrypted external. I am thanking my brother for talking me into that because I used to have them all online.

I tried to set up the 2key on btc-e, they are set up on my other accounts, but the page to do so on btc-e is in russian. It also asks for a once time code. I have no idea what that code is. I've kept all emails from them and scowered them word by word looking to see if it had been sent and it had not. I emailed them about it and never heard back.
My cell is linked to all and the others you have to verify through the cell, just not btc-e because I didn't have that code to set it up.

The guy who hacked had to do work because my password was scrambled letters, numbers and symbols. Years ago I had simple passwords... until my bother showed me how easy he could crack mine. He's computers and math and I'm history and science. We all have our strengths and weaknesses. Mine just happens to be understanding detailed info about computers.

Funny thing is... I read 3 ppl ranting about getting hacked in the trollbox the last two days and as I read it I said to myself, man, that sucks, hope it doesn't happen to me.
It did and it seems to be happening to others as well. Those of you on btc-e, make sure your security is set.

Not necessarily unfortunately. You get still get "session hijacked" via cookies if you have your account open and open something dodgy in the same browser. Use different browsers for your trading sites vs "normal browsing"

A key logger is a program that records your key strokes (password) and sends it to someone else.

Damn man sorry for you 

Time to get my coins on a paper wallet...

 

i hope you did not lose your shirt.

its really sad hearing stories like this, at cavirtex they check your browser ( you have to confirm via email if you try to access your account from another computer ) and also 2 factor auth.... i wish all exchanges had the same kind of security, with these security features i feel safer, but still....

let this thread be a lesson for you less paranoid folk and turn on 2 factor auth! setup a secure saving wallet (paper wallets) and a secure spending wallet.

in the beginning poeple were getting hacked left and right. wallet services would disappear with everyones coins... i'm glad those days are over but clearly much improvements can still be made. until then its up to the users to try and minimize risks by taking every security procation they can.

I'm a jafa     And you? I think we must be part of a very small group in little ol' NZ although there has been a bit more activity on BitNZ lately

wassup Keewee! join the club! where do you stay in New Zealand?

Hmmm oh well. 2FA FTW! 

I would say yes, some malware probably reads the clipboard too. I don't know of enough about particular keyloggers that might do this but at least strong passwords add an extra level of protection from account cracking and enable you to use a different long and complex password on every site you use