Pages:
Author

Topic: BTC-e being hacked. Watch your account. (Read 5205 times)

member
Activity: 60
Merit: 10
February 01, 2014, 10:15:38 AM
#45
It can come embedded in a jpeg that shows in an e-mail. That's why e-mail providers usually automatically block images.

Email is an important attack vector, but images are mainly blocked when they are loaded from external URLs (not embedded in emails) so that users can choose to avoid automated tracking of whether/when they open messages.  Each email can be created with a unique image URL.  When that "image" is fetched, the server sending it can then be pretty confident someone opened the email.

Another reason is to reduce the amount of data downloaded for messages that may well be spam anyway.  (But whitelisted senders' mails are often treated differently, with all images fetched & displayed.)

The shocking jpeg buffer overflow vulnerability dates mainly to 2004 and has been addressed by updated software but that's not to say any software can be fully trusted.

It does make good sense to block unnecessary online content and to use different computers (virtual computers, at least) for financial tasks!
hero member
Activity: 518
Merit: 500
February 01, 2014, 07:19:43 AM
#44
im noticing msot hacks are people without 2fa

That would make sense, as I pointed out 2 posts ago Smiley
full member
Activity: 798
Merit: 100
February 01, 2014, 06:53:11 AM
#43
It sounds like your password got stolen, not neccesarily btce itself hacked.

This is one department I'll admit that hodlors have a clear advantage.

Isn't stolen and hacked the same thing?

Uh, no.......................................

Sad

Quote from: outofservice on Today at 20:10:55


Quote from: BitcoinAshley on Today at 20:08:53

You probably have a keylogger. Sucks to be you! Don't keep more on an exchange than you can afford to lose.


What is a keylogger?

Oh boy..............................................



Thanks, your replies have been so helpful.

http://en.wikipedia.org/wiki/Keystroke_logging

A program can record your keystrokes and send it to the person who designed it. If you have one of these,all your passwords may have been compromised. But,damn...

Just read all that on wiki and have a few questions...

I haven't opened any strange links or downloaded anything lately, is there any other way that program could have found it's way into my laptop?

I ran a complete spy-ware and mal-ware program, nothing showed up. Would that confirm a Keystroke program is Not on my system?  ....none of my other accounts have been hacked.
It can come embedded in a jpeg that shows in an e-mail. That's why e-mail providers usually automatically block images.
member
Activity: 70
Merit: 11
February 01, 2014, 06:41:12 AM
#42
It sounds like your password got stolen, not neccesarily btce itself hacked.

This is one department I'll admit that hodlors have a clear advantage.

Isn't stolen and hacked the same thing?

Uh, no.......................................

Sad

Quote from: outofservice on Today at 20:10:55


Quote from: BitcoinAshley on Today at 20:08:53

You probably have a keylogger. Sucks to be you! Don't keep more on an exchange than you can afford to lose.


What is a keylogger?

Oh boy..............................................



Thanks, your replies have been so helpful.

http://en.wikipedia.org/wiki/Keystroke_logging

A program can record your keystrokes and send it to the person who designed it. If you have one of these,all your passwords may have been compromised. But,damn...

Just read all that on wiki and have a few questions...

I haven't opened any strange links or downloaded anything lately, is there any other way that program could have found it's way into my laptop?

I ran a complete spy-ware and mal-ware program, nothing showed up. Would that confirm a Keystroke program is Not on my system?  ....none of my other accounts have been hacked.
member
Activity: 70
Merit: 11
February 01, 2014, 06:25:35 AM
#41
I lost a few coins but they were just my "trading coins" (still it hurt and is a lesson learned), I kept my load on an encrypted external. I am thanking my brother for talking me into that because I used to have them all online.

I tried to set up the 2key on btc-e, they are set up on my other accounts, but the page to do so on btc-e is in russian. It also asks for a once time code. I have no idea what that code is. I've kept all emails from them and scowered them word by word looking to see if it had been sent and it had not. I emailed them about it and never heard back.
My cell is linked to all and the others you have to verify through the cell, just not btc-e because I didn't have that code to set it up.

The guy who hacked had to do work because my password was scrambled letters, numbers and symbols. Years ago I had simple passwords... until my bother showed me how easy he could crack mine. He's computers and math and I'm history and science. We all have our strengths and weaknesses. Mine just happens to be understanding detailed info about computers.

Funny thing is... I read 3 ppl ranting about getting hacked in the trollbox the last two days and as I read it I said to myself, man, that sucks, hope it doesn't happen to me.
It did and it seems to be happening to others as well. Those of you on btc-e, make sure your security is set.

Not sure how you can say "your security is set" on btc-e if you don't have 2fa enabled. Without 2fa your risk of being hacked goes up considerably.

You need to re-read that again. I didn't say, "my" security is set, I said, "Those of you on btc-e, make sure YOUR security is set".
btc-e is the only account I didn't have 2fa.
I don't get how all pages on btc-e are in English except for the 2fa page which is in Russian. My others sites/wallets have 2fa.
legendary
Activity: 1330
Merit: 1000
February 01, 2014, 06:12:18 AM
#40
im noticing msot hacks are people without 2fa
legendary
Activity: 1260
Merit: 1008
February 01, 2014, 05:38:43 AM
#39
You probably have a keylogger. Sucks to be you! Don't keep more on an exchange than you can afford to lose.

What is a keylogger?

http://bit.ly/tadhtb
hero member
Activity: 518
Merit: 500
February 01, 2014, 05:34:48 AM
#38
It sounds like your password got stolen, not neccesarily btce itself hacked.

This is one department I'll admit that hodlors have a clear advantage.

Isn't stolen and hacked the same thing?

Uh, no.......................................

Sad

Quote from: outofservice on Today at 20:10:55


Quote from: BitcoinAshley on Today at 20:08:53

You probably have a keylogger. Sucks to be you! Don't keep more on an exchange than you can afford to lose.


What is a keylogger?

Oh boy..............................................



Thanks, your replies have been so helpful.

http://en.wikipedia.org/wiki/Keystroke_logging

A program can record your keystrokes and send it to the person who designed it. If you have one of these,all your passwords may have been compromised. But,damn...

That's why 2fa is so important. It changes every time.
sr. member
Activity: 308
Merit: 250
February 01, 2014, 05:28:15 AM
#37
It sounds like your password got stolen, not neccesarily btce itself hacked.

This is one department I'll admit that hodlors have a clear advantage.

Isn't stolen and hacked the same thing?

Uh, no.......................................

Sad

Quote from: outofservice on Today at 20:10:55


Quote from: BitcoinAshley on Today at 20:08:53

You probably have a keylogger. Sucks to be you! Don't keep more on an exchange than you can afford to lose.


What is a keylogger?

Oh boy..............................................



Thanks, your replies have been so helpful.

http://en.wikipedia.org/wiki/Keystroke_logging

A program can record your keystrokes and send it to the person who designed it. If you have one of these,all your passwords may have been compromised. But,damn...
hero member
Activity: 518
Merit: 500
February 01, 2014, 05:25:31 AM
#36
I lost a few coins but they were just my "trading coins" (still it hurt and is a lesson learned), I kept my load on an encrypted external. I am thanking my brother for talking me into that because I used to have them all online.

I tried to set up the 2key on btc-e, they are set up on my other accounts, but the page to do so on btc-e is in russian. It also asks for a once time code. I have no idea what that code is. I've kept all emails from them and scowered them word by word looking to see if it had been sent and it had not. I emailed them about it and never heard back.
My cell is linked to all and the others you have to verify through the cell, just not btc-e because I didn't have that code to set it up.

The guy who hacked had to do work because my password was scrambled letters, numbers and symbols. Years ago I had simple passwords... until my bother showed me how easy he could crack mine. He's computers and math and I'm history and science. We all have our strengths and weaknesses. Mine just happens to be understanding detailed info about computers.

Funny thing is... I read 3 ppl ranting about getting hacked in the trollbox the last two days and as I read it I said to myself, man, that sucks, hope it doesn't happen to me.
It did and it seems to be happening to others as well. Those of you on btc-e, make sure your security is set.

Not sure how you can say "your security is set" on btc-e if you don't have 2fa enabled. Without 2fa your risk of being hacked goes up considerably.
full member
Activity: 798
Merit: 100
February 01, 2014, 04:54:13 AM
#35
Keyloggers are also capable of capturing your screen... don't know if they can do it undetected though. Keyloggers are the only thing i fear on the internet.  Sad
member
Activity: 70
Merit: 11
January 31, 2014, 11:03:31 PM
#34
I lost a few coins but they were just my "trading coins" (still it hurt and is a lesson learned), I kept my load on an encrypted external. I am thanking my brother for talking me into that because I used to have them all online.

I tried to set up the 2key on btc-e, they are set up on my other accounts, but the page to do so on btc-e is in russian. It also asks for a once time code. I have no idea what that code is. I've kept all emails from them and scowered them word by word looking to see if it had been sent and it had not. I emailed them about it and never heard back.
My cell is linked to all and the others you have to verify through the cell, just not btc-e because I didn't have that code to set it up.

The guy who hacked had to do work because my password was scrambled letters, numbers and symbols. Years ago I had simple passwords... until my bother showed me how easy he could crack mine. He's computers and math and I'm history and science. We all have our strengths and weaknesses. Mine just happens to be understanding detailed info about computers.

Funny thing is... I read 3 ppl ranting about getting hacked in the trollbox the last two days and as I read it I said to myself, man, that sucks, hope it doesn't happen to me.
It did and it seems to be happening to others as well. Those of you on btc-e, make sure your security is set.
hero member
Activity: 518
Merit: 500
January 31, 2014, 10:21:10 PM
#33
I have 2FA via Google Authenticator on my phone turned on for everything; logging in, transfering money, changing details, etc.
And it needs to be confirmed via e-mail, and my e-mail has a separate 2FA (SMS), and a different password.

I am safe from being hacked, right?  Undecided

Not necessarily unfortunately. You get still get "session hijacked" via cookies if you have your account open and open something dodgy in the same browser. Use different browsers for your trading sites vs "normal browsing"
legendary
Activity: 1442
Merit: 2282
Degenerate bull hatter & Bitcoin monotheist
January 31, 2014, 10:02:56 PM
#32
A key logger is a program that records your key strokes (password) and sends it to someone else.
legendary
Activity: 2184
Merit: 1213
January 31, 2014, 10:00:50 PM
#31
Damn man sorry for you  Undecided

Time to get my coins on a paper wallet...
legendary
Activity: 1904
Merit: 1037
Trusted Bitcoiner
January 31, 2014, 09:59:12 PM
#30
 Undecided

i hope you did not lose your shirt.

its really sad hearing stories like this, at cavirtex they check your browser ( you have to confirm via email if you try to access your account from another computer ) and also 2 factor auth.... i wish all exchanges had the same kind of security, with these security features i feel safer, but still....

let this thread be a lesson for you less paranoid folk and turn on 2 factor auth! setup a secure saving wallet (paper wallets) and a secure spending wallet.

in the beginning poeple were getting hacked left and right. wallet services would disappear with everyones coins... i'm glad those days are over but clearly much improvements can still be made. until then its up to the users to try and minimize risks by taking every security procation they can.
legendary
Activity: 1025
Merit: 1000
January 31, 2014, 09:28:30 PM
#29
Can one assume that a keylogger can be capable to read the clipboard data?

http://en.wikipedia.org/wiki/Keystroke_logging

Read it and weep!

"Software keyloggers may be augmented with features that capture user information without relying on keyboard key presses as the sole input. Some of these features include:

    Clipboard logging. Anything that has been copied to the clipboard can be captured by the program."

Wink

Hmmm oh well. 2FA FTW!  Smiley

wassup Keewee! join the club! where do you stay in New Zealand?

I'm a jafa  Smiley   And you? I think we must be part of a very small group in little ol' NZ although there has been a bit more activity on BitNZ lately
legendary
Activity: 924
Merit: 1001
January 31, 2014, 09:22:36 PM
#28
Can one assume that a keylogger can be capable to read the clipboard data?

http://en.wikipedia.org/wiki/Keystroke_logging

Read it and weep!

"Software keyloggers may be augmented with features that capture user information without relying on keyboard key presses as the sole input. Some of these features include:

    Clipboard logging. Anything that has been copied to the clipboard can be captured by the program."

Wink

Hmmm oh well. 2FA FTW!  Smiley

wassup Keewee! join the club! where do you stay in New Zealand?
legendary
Activity: 1025
Merit: 1000
January 31, 2014, 09:17:04 PM
#27
Can one assume that a keylogger can be capable to read the clipboard data?

http://en.wikipedia.org/wiki/Keystroke_logging

Read it and weep!

"Software keyloggers may be augmented with features that capture user information without relying on keyboard key presses as the sole input. Some of these features include:

    Clipboard logging. Anything that has been copied to the clipboard can be captured by the program."

Wink

Hmmm oh well. 2FA FTW!  Smiley
legendary
Activity: 1025
Merit: 1000
January 31, 2014, 09:16:19 PM
#26
Can one assume that a keylogger can be capable to read the clipboard data?

I would say yes, some malware probably reads the clipboard too. I don't know of enough about particular keyloggers that might do this but at least strong passwords add an extra level of protection from account cracking and enable you to use a different long and complex password on every site you use
Pages:
Jump to: