maybe a global "change your password" message would be helpful
The news banner is probably disabled since it's suspect in whatever attack vector the hax0r used.
Quote
News: Change your forum password
Topic: Clarification as to the Reason why the Forum was down for ~5 Days (Read 1089 times)
The news banner is probably disabled since it's suspect in whatever attack vector the hax0r used.
October 07, 2013, 02:04:04 AM
It was the same person who did the CosbyCoin hack and they used the same exploit. . lol! Guaranteed it will happen again, too. What exactly has Theymos done with the tens of thousands of dollars donated to this forum?? ? ? ?
October 07, 2013, 01:47:24 AM
No worries!
But that is a much longer time to tackle those PWs. Finally a reason to be glad I'm not one of the BTC-laden early adopters (target)
But that is a much longer time to tackle those PWs. Finally a reason to be glad I'm not one of the BTC-laden early adopters (target)
October 07, 2013, 01:38:10 AM
That being said, it's not worse than before. For the last several months, the hackers had access to any account they pleased.
Since 2011.
October 07, 2013, 01:37:14 AM
That being said, it's not worse than before. For the last several months, the hackers had access to any account they pleased.
Since 2011.
October 07, 2013, 01:20:39 AM
maybe a global "change your password" message would be helpful
if they can use people's passwords then it would be too late anyway.. you know they would be on watch for the board to be back up before 99% of the users would know
That being said, it's not worse than before. For the last several months, the hackers had access to any account they pleased.
October 07, 2013, 01:14:43 AM
maybe a global "change your password" message would be helpful
if they can use people's passwords then it would be too late anyway.. you know they would be on watch for the board to be back up before 99% of the users would know
October 07, 2013, 01:10:54 AM
maybe a global "change your password" message would be helpful
The news banner is probably disabled since it's suspect in whatever attack vector the hax0r used.
October 07, 2013, 01:05:48 AM
maybe a global "change your password" message would be helpful
October 07, 2013, 12:51:22 AM
I am sure that I was not the only one suffering while it was unavailable.
lulz troll withdrawal is a terrible thing!!
October 07, 2013, 12:36:51 AM
Theymos, it would be nice to hear an update as to:
1) Why it took this long of downtime to identify and fix the problem and what steps were needed to address all of the issues?
2) What protection have you implemented (or plan to implement) to prevent further such attacks in the future?
3) If, as you mentioned in the Reddit thread, the hack was caused by a vulnerability in the news section of this website, then maybe it would be better to remove the news section entirely?
I am glad that the BitcoinTalk forum is back up and I am sure that I was not the only one suffering while it was unavailable.
Also this was the email I received on 10/3/2013 after the forum was offline:
Subject: Bitcoin Forum Compromised
1) Why it took this long of downtime to identify and fix the problem and what steps were needed to address all of the issues?
2) What protection have you implemented (or plan to implement) to prevent further such attacks in the future?
3) If, as you mentioned in the Reddit thread, the hack was caused by a vulnerability in the news section of this website, then maybe it would be better to remove the news section entirely?
I am glad that the BitcoinTalk forum is back up and I am sure that I was not the only one suffering while it was unavailable.
Also this was the email I received on 10/3/2013 after the forum was offline:
Subject: Bitcoin Forum Compromised
Quote
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Unfortunately, it was recently discovered that the Bitcoin Forum's server
was compromised. It is currently believed that the attacker(s) *could* have
accessed the database, but at this time it is unknown whether they actually did
so. If they accessed the database, they would have had access to all
personal messages, emails, and password hashes. To be safe, it is
recommended that all Bitcoin Forum users consider any password used
on the Bitcoin Forum in 2013 to be insecure: if you used this
password on a different site, change it. When the Bitcoin Forum
returns, change your password.
Passwords on the Bitcoin Forum are hashed with 7500 rounds of
sha256crypt. This is very strong. It may take years for
reasonably-strong passwords to be cracked. Even so, it is best to
assume that the attacker will be able to crack your passwords.
The Bitcoin Forum will return within the next several days after a
full investigation has been conducted and we are sure that this
problem cannot recur.
Check http://www.reddit.com/r/Bitcoin/ and #bitcoin on Freenode for
more info as it develops.
We apologize for the inconvenience.
-----BEGIN PGP SIGNATURE-----
iF4EAREIAAYFAlJNCE8ACgkQxlVWk9q1kecABgD9H5sbb0DopdLsODAmv6LWmIaW
kgfyYTlh8GezYbYx7c8A/iTh0/DCwaXuNKK/qUWpewR/L6HEOuAqa/ML1D+K9mZc
=1NYs
-----END PGP SIGNATURE-----
Hash: SHA256
Unfortunately, it was recently discovered that the Bitcoin Forum's server
was compromised. It is currently believed that the attacker(s) *could* have
accessed the database, but at this time it is unknown whether they actually did
so. If they accessed the database, they would have had access to all
personal messages, emails, and password hashes. To be safe, it is
recommended that all Bitcoin Forum users consider any password used
on the Bitcoin Forum in 2013 to be insecure: if you used this
password on a different site, change it. When the Bitcoin Forum
returns, change your password.
Passwords on the Bitcoin Forum are hashed with 7500 rounds of
sha256crypt. This is very strong. It may take years for
reasonably-strong passwords to be cracked. Even so, it is best to
assume that the attacker will be able to crack your passwords.
The Bitcoin Forum will return within the next several days after a
full investigation has been conducted and we are sure that this
problem cannot recur.
Check http://www.reddit.com/r/Bitcoin/ and #bitcoin on Freenode for
more info as it develops.
We apologize for the inconvenience.
-----BEGIN PGP SIGNATURE-----
iF4EAREIAAYFAlJNCE8ACgkQxlVWk9q1kecABgD9H5sbb0DopdLsODAmv6LWmIaW
kgfyYTlh8GezYbYx7c8A/iTh0/DCwaXuNKK/qUWpewR/L6HEOuAqa/ML1D+K9mZc
=1NYs
-----END PGP SIGNATURE-----
Jump to: