Pages:
Author

Topic: [Guide] Bitcointalk account security (Read 2432 times)

hero member
Activity: 536
Merit: 513
December 27, 2018, 09:52:42 AM
#43
Hi @sncc. I was wondering if you are planning to revise and adapt the content of your guide is sight of the resent procedure change, announced yesterday:
Recovering hacked/lost accounts.
Account recoveries are moving again.

Note: if you do, the forum recovery email changes over time, and @theymos indicated that it would be better to refer to the OP to retrieve the contact email each time: re:Account recoveries are moving again.

Yes I was editing the OP, you were quick!  For now I added a note with links and eventually plan to revise the OP more when I have sufficient time.  Anyhow this is a good news for people whose accounts were hacked or locked.
legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
December 27, 2018, 09:44:07 AM
#42
Bump.
Hi @sncc. I was wondering if you are planning to revise and adapt the content of your guide is sight of the resent procedure change, announced yesterday:
Recovering hacked/lost accounts.
Account recoveries are moving again.

Note: if you do, the forum recovery email changes over time, and @theymos indicated that it would be better to refer to the OP to retrieve the contact email each time: re:Account recoveries are moving again.
hero member
Activity: 536
Merit: 513
December 03, 2018, 08:41:46 AM
#41
<...>

Good point, it is worthwhile to emphasize it.  Added in the OP.

Quote
- Untrusted softwares include Bitcointalk unofficial apps, whose security is not guaranteed by the forum and in principle they can steal the password of your account.
legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
November 18, 2018, 12:34:35 PM
#40
Perhaps it would be interesting to add a warning in the OP in relation to Bitcointalk non-official apps that can be found either being promoted on this same forum, or on some online app stores such as Google Play. These apps are of potential high risk to one’s account credentials.
hero member
Activity: 536
Merit: 513
October 15, 2018, 10:59:15 AM
#39
All homograph attacks should be automatically replaced on all non-local boards. This means fake links can still be posted in (for instance) a Russian thread.
Good to know that, at least in the non-local board we do not have the issue.  However non-Cyrillic characters like

ą ç í î ị ň ṇ ö ó ọ ú

are not replaced and one needs to be careful about it.  They are actually different characters but still could be used for a similar kind of attack like the Binance phishing website, they are less dangerous than the previous ones though.  For example,

True https://bitcointalk.org/
Fake https://bitcoiṇtalk.org/ (link to google.com)

legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
October 06, 2018, 08:00:13 AM
#38
Now it seems that
- (some?) homograph attacks are automatically replaced, and
- fake link is automatically replaced
All homograph attacks should be automatically replaced on all non-local boards. This means fake links can still be posted in (for instance) a Russian thread.
hero member
Activity: 536
Merit: 513
October 06, 2018, 02:09:35 AM
#37
True https://bitcointalk.org/
Fake https://www.google.com/  (link to google.com)
Did you mean this:
True https://bitcointalk.org/
Fake https://www.google.com/  (link to google.com)

Theymos is smart Cheesy Fake links work in preview, but get fixed when posted.

However, a homograph attack can still be used to create a fake link:
True https://bitcointalk.org/
Fake https://www.google.com/  (link to google.com)
Now it seems that
- (some?) homograph attacks are automatically replaced, and
- fake link is automatically replaced

Hi,

I was able to recover my account as well here: https://bitcointalksearch.org/topic/peter0425-account-hacked-4497259
The method I used was similar to Swenna (probably the same hacker) but prior to him/her spilling the beans.. I just didn't put in Meta how I recovered my account because I don't want the hacker/s to have a idea how I did it. But since Swenna reveal the method, (she/he did it in good faith though),I confirmed that its the step I took to get back my account, just saying.
Yes I was aware of your story.  It is a difficult issue whether the method should be disclosed or not, as the hackers will notice it as well.  Added a note to the OP.

Also this applies to bounties who asks for registration to their websites, this could be attempt of stealing your details.
Honestly, I wouldn't trust half of them, and would be using a disposable email. But, that's just me.

I wouldn't also , if i have to I make new email to register with them.
I think that warning about this should be included in original post, since a lot of users do not know this or just haven't thought about this problem.
I think it is a little bit off-topic as it is not related to the security of the Bitcointalk account.  Also, the collection of email addresses and personal data always happens for any kind of registration, not only bounties.  Focusing on the registration of Bitcointalk, the OP already recommended to use new email address.  Having said that I understand your concern and added a remark as a related topic. 
member
Activity: 266
Merit: 26
October 05, 2018, 05:04:33 AM
#36
Also this applies to bounties who asks for registration to their websites, this could be attempt of stealing your details.
Honestly, I wouldn't trust half of them, and would be using a disposable email. But, that's just me.

I wouldn't also , if i have to I make new email to register with them.
I think that warning about this should be included in original post, since a lot of users do not know this or just haven't thought about this problem.
sr. member
Activity: 2618
Merit: 439
September 23, 2018, 04:01:41 PM
#35
Hi,

I was able to recover my account as well here: https://bitcointalksearch.org/topic/peter0425-account-hacked-4497259
The method I used was similar to Swenna (probably the same hacker) but prior to him/her spilling the beans.. I just didn't put in Meta how I recovered my account because I don't want the hacker/s to have a idea how I did it. But since Swenna reveal the method, (she/he did it in good faith though),I confirmed that its the step I took to get back my account, just saying.
staff
Activity: 3304
Merit: 4115
August 30, 2018, 05:32:56 AM
#34
Also this applies to bounties who asks for registration to their websites, this could be attempt of stealing your details.
This has happened in the past, and continues to happen today. These bounties are an easy way to collect data, because people are willing to put in anything for the promise of free coins. There's been numerous fake bounties in an attempt to farm user details from native users signing up to everything, and anything.

Honestly, I wouldn't trust half of them, and would be using a disposable email. But, that's just me.
member
Activity: 266
Merit: 26
August 30, 2018, 05:21:52 AM
#33
I just recently came across a possible security problem in this forum which seems not to be mentioned here and i believe should be.

Do not give out your frequently used email address to bounty managers , there are a lot managers who do not protect email addresses which they collect during bounty and they can be easily copied.

Also this applies to bounties who asks for registration to their websites, this could be attempt of stealing your details.
hero member
Activity: 536
Merit: 513
August 28, 2018, 10:05:27 AM
#32
Thanks for a great guide and yes, it should be on sticky threads i guess, and it will be great if it can be on every local board too.
As the account security is fundamental and important thing, it would be good to have more exposure.  I would appreciate if this thread is in the stickies and translated into other languages.

By the way, mind if i translate it for my local board??
Sure feel free to translate this thread.  

Although I appreciate the endorsements, I don't think it's very likely for a user to go from "foot soldier" to Admin Cheesy
You deserve the position, we'll see Smiley

Honestly I'm not sure, I cannot recall if I was victim of phishing by making click on some URL posted on the forum. However, I remember using the search engine of btctalk days before being hacked (which asked me to login). Fake site bitcointalk.to I don't think so because I never remember my credentials so password-managers take care of it.
I think it is normal that forum search requires you to login.  It should have not been a phishing site.

I always use different user names & random passwords on each site, also have several emails for different uses. The only thing that I regret is that my password wasn't that strong (12 characters) and after the 2015 data breach I changed the password by just adding a symbol. Also I should have done the homework of regularly changing all my password on January of this year but I didn't.
Even though, I still blame Admins because it could have been prevented just by being proactive.
It might have been a combination of data breach and brute force hacking if you added a symbol to the old password.  I think now we really need to be careful about the protection of our accounts.  
jr. member
Activity: 55
Merit: 15
August 27, 2018, 12:18:04 PM
#31
Thanks for tips, actually I was wondering why your account was hacked since you did these security measures?  If you have somehow identify the reason why your account was hacked and potential loophole of the above strategies that would be worthwhile to share.

Honestly I'm not sure, I cannot recall if I was victim of phishing by making click on some URL posted on the forum. However, I remember using the search engine of btctalk days before being hacked (which asked me to login). Fake site bitcointalk.to I don't think so because I never remember my credentials so password-managers take care of it.
I always use different user names & random passwords on each site, also have several emails for different uses. The only thing that I regret is that my password wasn't that strong (12 characters) and after the 2015 data breach I changed the password by just adding a symbol. Also I should have done the homework of regularly changing all my password on January of this year but I didn't.
Even though, I still blame Admins because it could have been prevented just by being proactive.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
August 26, 2018, 09:38:21 AM
#30
Although I appreciate the endorsements, I don't think it's very likely for a user to go from "foot soldier" to Admin Cheesy
sr. member
Activity: 476
Merit: 359
August 26, 2018, 09:11:59 AM
#29
I think this should be in the stickies, for better exposure. Wonder why it's not there yet.
It would be useful as the account security is a fundamental issue of the forum....

Thanks for a great guide and yes, it should be on sticky threads i guess, and it will be great if it can be on every local board too.

Theymos mentioned ....
hilariousandco would be one the most natural candidates....

I support hillariousandco and LoyceV to be one of the authority person to do some account recovery task. They are one of the oldest and best member in here and is active in Meta and want to spare their time for the sake of the forum. I believe there are more members like that but they are the most members i have seen since the day i joined the forum.

By the way, mind if i translate it for my local board??
hero member
Activity: 536
Merit: 513
August 25, 2018, 10:35:01 AM
#28
I think this should be in the stickies, for better exposure. Wonder why it's not there yet.
It would be useful as the account security is a fundamental issue of the forum.  Even if it is not going to be in the stickies, I plan to continue to bump the thread and hope more forum members become aware of how to improve their account security.

Theymos mentioned recently that he's not complete opposed to delegating more responsibilities onto others for account recoveries. I imagine he would have to make sure that they were capable of it, but I'm sure hilariousandco and the like would be more than capable of it.
hilariousandco would be one the most natural candidates.  He already has a permission to unlock accounts as well.  I am sure LoyceV is also capable of it as he has been helping recovery of hacked accounts and made key contributions for several cases to be resolved.
staff
Activity: 3304
Merit: 4115
August 22, 2018, 02:54:08 PM
#27
Theymos mentioned recently that he's not complete opposed to delegating more responsibilities onto others for account recoveries. I imagine he would have to make sure that they were capable of it, but I'm sure hilariousandco and the like would be more than capable of it.
legendary
Activity: 2240
Merit: 3150
₿uy / $ell ..oeleo ;(
August 22, 2018, 04:39:02 AM
#26
Bump.  Still see many accounts are hacked, hope more users learn the security.

I think this should be in the stickies, for better exposure. Wonder why it's not there yet.

sry, hilarious I could't resist it..



hero member
Activity: 536
Merit: 513
August 22, 2018, 04:27:01 AM
#25
Bump.  Still see many accounts are hacked, hope more users learn the security.
jr. member
Activity: 229
Merit: 3
EndChain - Complete Logistical Solution
August 20, 2018, 01:13:22 PM
#24
Thanks for taking time to put together this guide. I obtained some tips to make my password stronger from this.
Pages:
Jump to: