Author

Topic: Clarification as to the Reason why the Forum was down for ~5 Days (Read 1108 times)

legendary
Activity: 2088
Merit: 1015
maybe a global "change your password" message would be helpful

The news banner is probably disabled since it's suspect in whatever attack vector the hax0r used.
But it's not
Quote
News: Change your forum password
sr. member
Activity: 275
Merit: 250
It was the same person who did the CosbyCoin hack and they used the same exploit. . lol!  Guaranteed it will happen again, too.  What exactly has Theymos done with the tens of thousands of dollars donated to this forum?? ? ? ?
full member
Activity: 140
Merit: 100
"Don't worry. My career died after Batman, too."
No worries!

But that is a much longer time to tackle those PWs. Finally a reason to be glad I'm not one of the BTC-laden early adopters (target)
legendary
Activity: 1204
Merit: 1015


That being said, it's not worse than before. For the last several months, the hackers had access to any account they pleased.

Since 2011.
Some of us were still out of the loop  Undecided
full member
Activity: 140
Merit: 100
"Don't worry. My career died after Batman, too."


That being said, it's not worse than before. For the last several months, the hackers had access to any account they pleased.

Since 2011.
legendary
Activity: 1204
Merit: 1015
maybe a global "change your password" message would be helpful

if they can use people's passwords then it would be too late anyway..  you know they would be on watch for the board to be back up before 99% of the users would know
Not really. It will take awhile to crack the passwords, so they would start with the high-value targets.

That being said, it's not worse than before. For the last several months, the hackers had access to any account they pleased.
sr. member
Activity: 462
Merit: 250
maybe a global "change your password" message would be helpful

if they can use people's passwords then it would be too late anyway..  you know they would be on watch for the board to be back up before 99% of the users would know
legendary
Activity: 1554
Merit: 1222
brb keeping up with the Kardashians
maybe a global "change your password" message would be helpful

The news banner is probably disabled since it's suspect in whatever attack vector the hax0r used.
legendary
Activity: 1764
Merit: 1000
maybe a global "change your password" message would be helpful
sr. member
Activity: 462
Merit: 250
I am sure that I was not the only one suffering while it was unavailable.


lulz troll withdrawal is a terrible thing!!
sr. member
Activity: 386
Merit: 250
Theymos, it would be nice to hear an update as to:

1) Why it took this long of downtime to identify and fix the problem and what steps were needed to address all of the issues?

2) What protection have you implemented (or plan to implement) to prevent further such attacks in the future?

3) If, as you mentioned in the Reddit thread, the hack was caused by a vulnerability in the news section of this website, then maybe it would be better to remove the news section entirely?

I am glad that the BitcoinTalk forum is back up and I am sure that I was not the only one suffering while it was unavailable.


Also this was the email I received on 10/3/2013 after the forum was offline:
Subject: Bitcoin Forum Compromised
Quote
-----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA256

 Unfortunately, it was recently discovered that the Bitcoin Forum's server
 was compromised. It is currently believed that the attacker(s) *could* have
 accessed the database, but at this time it is unknown whether they actually did
 so. If they accessed the database, they would have had access to all
 personal messages, emails, and password hashes. To be safe, it is
 recommended that all Bitcoin Forum users consider any password used
 on the Bitcoin Forum in 2013 to be insecure: if you used this
 password on a different site, change it. When the Bitcoin Forum
 returns, change your password.

 Passwords on the Bitcoin Forum are hashed with 7500 rounds of
 sha256crypt. This is very strong. It may take years for
 reasonably-strong passwords to be cracked. Even so, it is best to
 assume that the attacker will be able to crack your passwords.

 The Bitcoin Forum will return within the next several days after a
 full investigation has been conducted and we are sure that this
 problem cannot recur.

 Check http://www.reddit.com/r/Bitcoin/ and #bitcoin on Freenode for
 more info as it develops.

 We apologize for the inconvenience.

 -----BEGIN PGP SIGNATURE-----

 iF4EAREIAAYFAlJNCE8ACgkQxlVWk9q1kecABgD9H5sbb0DopdLsODAmv6LWmIaW
 kgfyYTlh8GezYbYx7c8A/iTh0/DCwaXuNKK/qUWpewR/L6HEOuAqa/ML1D+K9mZc
 =1NYs
 -----END PGP SIGNATURE-----
Jump to: