Pages:
Author

Topic: Info about the recent attack - page 12. (Read 52589 times)

hero member
Activity: 695
Merit: 502
PGP: 6EBEBCE1E0507C38
September 11, 2011, 02:32:35 AM
#34
so when an attacker finds that you have an extremely secure password, they can now guess that you have a password wallet somewhere, and go after that
newbie
Activity: 47
Merit: 0
September 11, 2011, 02:31:12 AM
#33
If he could run arbitrary PHP code, maybe it's not just the hashes he collected... He might have also injected some code BEFORE hashing, thus gaining plaintext. I don't know all the hack details, but does it sound possible to you?

Also, it took you a while to recover.
hero member
Activity: 616
Merit: 500
Firstbits.com/1fg4i :)
September 11, 2011, 02:27:56 AM
#32
They don't provide a way to convert the data to the new format or somthing like that?

Or you mean there are some addons you use that are essential that haven't been updated to be compatible with the latest version nor have equivalent alternatives made for the latest version?
administrator
Activity: 5222
Merit: 13032
September 11, 2011, 02:23:20 AM
#31
Why upgrading to the most recent version of SMF is worse than switching to a whole'nother forum backend? They didn't make it backward compatible?

There are many modifications that are incompatible.
hero member
Activity: 616
Merit: 500
Firstbits.com/1fg4i :)
September 11, 2011, 02:21:34 AM
#30
Why upgrading to the most recent version of SMF is worse than switching to a whole'nother forum backend? They didn't make it backward compatible?
hero member
Activity: 770
Merit: 502
September 11, 2011, 02:19:16 AM
#29
Online password stores are still a single point of failure, IMO.

A solution like lastpass is great for a few reasons.

You passwords are encrypted.
Quote
LastPass uses SSL exclusively for data transfer even though the vast majority of data you're sending is already encrypted with 256-bit AES and unusable to both LastPass and any party listening in to the network traffic

Lastpass has a backup method, securely and not securely. I use not securely and rar them password protected encrypted.

Quote
WinRAR offers you the benefit of industry strength archive encryption using AES (Advanced Encryption Standard) with a key of 128 bits.

My passwords are always accessible to me whether lastpass is offline or not.

hero member
Activity: 784
Merit: 1009
firstbits:1MinerQ
September 11, 2011, 02:14:50 AM
#28
I just tried changing my password and it says my current password is wrong.
So I cannot change to a new one now.

You have the same password that you had before the attack.
Hmnm. Well something has gone wrong. I use a pwd safe and call up and paste in my previous password and it rejects it. My password had 25 chars including letters, number, symbols. Unless the validity of symbols was changed at some point I don't know why it won't work now. I've probably only used it once when created as typically I'm "always logged on".

If your password had been changed I don't think you'd have still been logged into the forum when it came back online.
I'm pretty sure the password wouldn't matter.
Usually a session id is stored in the login cookie not a password.

I've used Keepassx on Ubuntu for years and never had it mis-remember a password. I guess I should go thru the "lost password" process now...
sr. member
Activity: 322
Merit: 251
September 11, 2011, 02:13:39 AM
#27
Everyone should use lastpass.com and generate the longest password a site will accept (or just 32 random characters/numbers is sufficient imo) plus save that on lastpass.com

It's too easy and there is no excuse not to do it.

Online password stores are still a single point of failure, IMO. Great idea, but use KeePass or some other local solution that you can back up and secure with ease.
legendary
Activity: 1199
Merit: 1012
September 11, 2011, 02:11:18 AM
#26
I'd like to see the file with leaked hashes
administrator
Activity: 5222
Merit: 13032
September 11, 2011, 02:09:58 AM
#25
Also, that "security advisory" is inaccurate. The security breach had nothing to do with Flash. That was misinformation spread by the attacker, probably. They used a fake quote purporting to be from Sirius.
administrator
Activity: 5222
Merit: 13032
September 11, 2011, 02:06:38 AM
#24
Mark Kapeles aka MagicalTux is part of Mt.Gox, right?

Yes.

Quote
Your statement sounds kind of different to this info:
http://bitcoinmedia.com/mt-gox-taking-over-bitcointalk-the-official-u

He is providing free hosting. He is not "taking over Bitcointalk". In that IRC excerpt I even say that Sirius will retain control of the DNS.
full member
Activity: 186
Merit: 100
September 11, 2011, 02:01:20 AM
#23
Change of hosting

Mark Karpeles is now hosting the forum's server. The forum is still owned by Sirius, as it has always been. There will be no policy changes.

Signed version of this message

Your statement sounds kind of different to this info:
http://bitcoinmedia.com/mt-gox-taking-over-bitcointalk-the-official-u

Mark Kapeles aka MagicalTux is part of Mt.Gox, right?
donator
Activity: 2772
Merit: 1019
September 11, 2011, 02:00:42 AM
#22
Everyone should use lastpass.com and generate the longest password a site will accept (or just 32 random characters/numbers is sufficient imo) plus save that on lastpass.com

It's too easy and there is no excuse not to do it.

+ 1

I started using lastpass.com (there are alternatives too, like keypass and others) after the mtgox incident. I have come to love it.
hero member
Activity: 868
Merit: 1000
September 11, 2011, 01:46:20 AM
#21
I just tried changing my password and it says my current password is wrong.
So I cannot change to a new one now.

You have the same password that you had before the attack.
Hmnm. Well something has gone wrong. I use a pwd safe and call up and paste in my previous password and it rejects it. My password had 25 chars including letters, number, symbols. Unless the validity of symbols was changed at some point I don't know why it won't work now. I've probably only used it once when created as typically I'm "always logged on".

If your password had been changed I don't think you'd have still been logged into the forum when it came back online.
full member
Activity: 140
Merit: 100
September 11, 2011, 01:45:37 AM
#20
Great Job Guys  Cool
administrator
Activity: 5222
Merit: 13032
September 11, 2011, 01:39:03 AM
#19
Hmnm. Well something has gone wrong. I use a pwd safe and call up and paste in my previous password and it rejects it. My password had 25 chars including letters, number, symbols. Unless the validity of symbols was changed at some point I don't know why it won't work now. I've probably only used it once when created as typically I'm "always logged on".

The name of the password field has changed. Maybe that affects it?
hero member
Activity: 784
Merit: 1009
firstbits:1MinerQ
September 11, 2011, 01:36:13 AM
#18
I just tried changing my password and it says my current password is wrong.
So I cannot change to a new one now.

You have the same password that you had before the attack.
Hmnm. Well something has gone wrong. I use a pwd safe and call up and paste in my previous password and it rejects it. My password had 25 chars including letters, number, symbols. Unless the validity of symbols was changed at some point I don't know why it won't work now. I've probably only used it once when created as typically I'm "always logged on".
donator
Activity: 1731
Merit: 1008
September 11, 2011, 01:29:21 AM
#17
I had some hope the forum would stay closed for longer,
To show people this place is is no way essential to the Bitcoin system.
It would have allowed people to look for alternative sources of information and would have stabilized/strengthened the value of BTC in the long run.

This place has become such a hell with noobs and the #1 target of fear mongering speculators.

Thanks for the day off Wink
hero member
Activity: 846
Merit: 1000
The One and Only
September 11, 2011, 01:28:15 AM
#16
Glad to see things are back up and running. Thanks for the update on what happened!
administrator
Activity: 5222
Merit: 13032
September 11, 2011, 01:22:28 AM
#15
I just tried changing my password and it says my current password is wrong.
So I cannot change to a new one now.

You have the same password that you had before the attack.
Pages:
Jump to: