Topic: Info about the recent attack - page 12. (Read 52527 times)
so when an attacker finds that you have an extremely secure password, they can now guess that you have a password wallet somewhere, and go after that
If he could run arbitrary PHP code, maybe it's not just the hashes he collected... He might have also injected some code BEFORE hashing, thus gaining plaintext. I don't know all the hack details, but does it sound possible to you?
Also, it took you a while to recover.
Also, it took you a while to recover.
They don't provide a way to convert the data to the new format or somthing like that?
Or you mean there are some addons you use that are essential that haven't been updated to be compatible with the latest version nor have equivalent alternatives made for the latest version?
Or you mean there are some addons you use that are essential that haven't been updated to be compatible with the latest version nor have equivalent alternatives made for the latest version?
Why upgrading to the most recent version of SMF is worse than switching to a whole'nother forum backend? They didn't make it backward compatible?
There are many modifications that are incompatible.
Why upgrading to the most recent version of SMF is worse than switching to a whole'nother forum backend? They didn't make it backward compatible?
Online password stores are still a single point of failure, IMO.
A solution like lastpass is great for a few reasons.
You passwords are encrypted.
Quote
LastPass uses SSL exclusively for data transfer even though the vast majority of data you're sending is already encrypted with 256-bit AES and unusable to both LastPass and any party listening in to the network traffic
Lastpass has a backup method, securely and not securely. I use not securely and rar them password protected encrypted.
Quote
WinRAR offers you the benefit of industry strength archive encryption using AES (Advanced Encryption Standard) with a key of 128 bits.
My passwords are always accessible to me whether lastpass is offline or not.
I just tried changing my password and it says my current password is wrong.
So I cannot change to a new one now.
So I cannot change to a new one now.
You have the same password that you had before the attack.
If your password had been changed I don't think you'd have still been logged into the forum when it came back online.
Usually a session id is stored in the login cookie not a password.
I've used Keepassx on Ubuntu for years and never had it mis-remember a password. I guess I should go thru the "lost password" process now...
Everyone should use lastpass.com and generate the longest password a site will accept (or just 32 random characters/numbers is sufficient imo) plus save that on lastpass.com
It's too easy and there is no excuse not to do it.
It's too easy and there is no excuse not to do it.
Online password stores are still a single point of failure, IMO. Great idea, but use KeePass or some other local solution that you can back up and secure with ease.
I'd like to see the file with leaked hashes
Also, that "security advisory" is inaccurate. The security breach had nothing to do with Flash. That was misinformation spread by the attacker, probably. They used a fake quote purporting to be from Sirius.
Mark Kapeles aka MagicalTux is part of Mt.Gox, right?
Yes.
Quote
Your statement sounds kind of different to this info:
http://bitcoinmedia.com/mt-gox-taking-over-bitcointalk-the-official-u
http://bitcoinmedia.com/mt-gox-taking-over-bitcointalk-the-official-u
He is providing free hosting. He is not "taking over Bitcointalk". In that IRC excerpt I even say that Sirius will retain control of the DNS.
Change of hosting
Mark Karpeles is now hosting the forum's server. The forum is still owned by Sirius, as it has always been. There will be no policy changes.
Signed version of this message
Mark Karpeles is now hosting the forum's server. The forum is still owned by Sirius, as it has always been. There will be no policy changes.
Signed version of this message
Your statement sounds kind of different to this info:
http://bitcoinmedia.com/mt-gox-taking-over-bitcointalk-the-official-u
Mark Kapeles aka MagicalTux is part of Mt.Gox, right?
Everyone should use lastpass.com and generate the longest password a site will accept (or just 32 random characters/numbers is sufficient imo) plus save that on lastpass.com
It's too easy and there is no excuse not to do it.
It's too easy and there is no excuse not to do it.
+ 1
I started using lastpass.com (there are alternatives too, like keypass and others) after the mtgox incident. I have come to love it.
I just tried changing my password and it says my current password is wrong.
So I cannot change to a new one now.
So I cannot change to a new one now.
You have the same password that you had before the attack.
If your password had been changed I don't think you'd have still been logged into the forum when it came back online.
Great Job Guys 
Hmnm. Well something has gone wrong. I use a pwd safe and call up and paste in my previous password and it rejects it. My password had 25 chars including letters, number, symbols. Unless the validity of symbols was changed at some point I don't know why it won't work now. I've probably only used it once when created as typically I'm "always logged on".
The name of the password field has changed. Maybe that affects it?
I just tried changing my password and it says my current password is wrong.
So I cannot change to a new one now.
So I cannot change to a new one now.
You have the same password that you had before the attack.
I had some hope the forum would stay closed for longer,
To show people this place is is no way essential to the Bitcoin system.
It would have allowed people to look for alternative sources of information and would have stabilized/strengthened the value of BTC in the long run.
This place has become such a hell with noobs and the #1 target of fear mongering speculators.
Thanks for the day off
To show people this place is is no way essential to the Bitcoin system.
It would have allowed people to look for alternative sources of information and would have stabilized/strengthened the value of BTC in the long run.
This place has become such a hell with noobs and the #1 target of fear mongering speculators.
Thanks for the day off
Glad to see things are back up and running. Thanks for the update on what happened!
I just tried changing my password and it says my current password is wrong.
So I cannot change to a new one now.
So I cannot change to a new one now.
You have the same password that you had before the attack.
Jump to: