mcx passwords - page 3. | Bitcointalksearch.org

K1773R

legendary

Activity: 1792

Merit: 1008

/dev/null

Quote from: usahero on August 18, 2013, 04:16:50 AM

Quote from: K1773R on August 18, 2013, 03:52:14 AM

Quote from: laughingbear on August 18, 2013, 03:11:01 AM

Quote from: DeathAndTaxes on August 17, 2013, 11:52:54 PM

Don't follow established practices just do anything you feel like no matter how stupid (and pointless).

like using a different password for every website? I know you guys have an agenda to push here, and need to make rs or the website look bad, but try harder.

if RS really stores the password in plain or any reversible format (ie, not hashing them probperly, md5 isnt probperly Tongue

) then he lost me, i havent seen any proof of this or did i miss it (due to ignore this usascum moron)?

He is storing them in reversible format. If you want to recover your password, he gives you your password and he sees your password. There is no "password recovery" form on the site, and I think only way to recover the password is:
1) message rs that you lost your password.
2) tell a part of your password/describe your password, so that he can confirm "it is really you" who is recovering
3) he returns you passwords as a string and in the process he sees your password. When I did this procedure, I was feeling like my privacy has been breached.

Now even if you think I am moron, you know something you didn't know before.

And if someone has done the procedure, please confirm it is really done this way, as I am not making this up.

i apologize if this really is true!

usahero

sr. member

Activity: 434

Merit: 250

Quote from: K1773R on August 18, 2013, 03:52:14 AM

Quote from: laughingbear on August 18, 2013, 03:11:01 AM

Quote from: DeathAndTaxes on August 17, 2013, 11:52:54 PM

Don't follow established practices just do anything you feel like no matter how stupid (and pointless).

like using a different password for every website? I know you guys have an agenda to push here, and need to make rs or the website look bad, but try harder.

if RS really stores the password in plain or any reversible format (ie, not hashing them probperly, md5 isnt probperly Tongue

) then he lost me, i havent seen any proof of this or did i miss it (due to ignore this usascum moron)?

He is storing them in reversible format. If you want to recover your password, he gives you your password and he sees your password. There is no "password recovery" form on the site, and I think only way to recover the password is:
1) message rs that you lost your password.
2) tell a part of your password/describe your password, so that he can confirm "it is really you" who is recovering
3) he returns you passwords as a string and in the process he sees your password. When I did this procedure, I was feeling like my privacy has been breached.

Now even if you think I am moron, you know something you didn't know before.

And if someone has done the procedure, please confirm it is really done this way, as I am not making this up.

usahero

sr. member

Activity: 434

Merit: 250

Quote from: ?? on ??

Quote from: usahero on August 18, 2013, 02:14:52 AM

This post was about security.

Yeah sure it was LOL....

Somehow I have hard time believing this isn't just another one of your five "I'm butt hurt because I got banned by RS threads".

You must be real special because as much as RS hates me and I do him, even after asking him in his troll box "If his first anal sex was with his mother or his father", he still didn't ban me.

Since I'm in a charitable mood, here's a free suggestion for you.

If you find his site so bad, don't use it!

~BCX~

I know this stuff. It is up to me whether I want to trade on that site or not. It is also up to me whether I want to share my opinion about it or not. I don't think there is much you can do about it.

All this "butthurt" talk would be done on mcxnow chat, if I wasn't banned there.

K1773R

legendary

Activity: 1792

Merit: 1008

/dev/null

Quote from: laughingbear on August 18, 2013, 03:11:01 AM

Quote from: DeathAndTaxes on August 17, 2013, 11:52:54 PM

Don't follow established practices just do anything you feel like no matter how stupid (and pointless).

like using a different password for every website? I know you guys have an agenda to push here, and need to make rs or the website look bad, but try harder.

if RS really stores the password in plain or any reversible format (ie, not hashing them probperly, md5 isnt probperly Tongue

) then he lost me, i havent seen any proof of this or did i miss it (due to ignore this usascum moron)?

Etlase2

hero member

Activity: 798

Merit: 1000

Quote from: laughingbear on August 18, 2013, 03:11:01 AM

Quote from: DeathAndTaxes on August 17, 2013, 11:52:54 PM

Don't follow established practices just do anything you feel like no matter how stupid (and pointless).

like using a different password for every website? I know you guys have an agenda to push here, and need to make rs or the website look bad, but try harder.

If anyone has an agenda to push, it's DeathAndTaxes. He is the hardcorest of hardcore bitcoin proponents and unequivocally biased, but he is totally, 100% correct here. Passwords, especially passwords that protect money, should not be stored in a reversible format. That is madness. (That is, of course, if actually true.)

usahero

sr. member

Activity: 434

Merit: 250

Quote from: laughingbear on August 18, 2013, 03:11:01 AM

Quote from: DeathAndTaxes on August 17, 2013, 11:52:54 PM

Don't follow established practices just do anything you feel like no matter how stupid (and pointless).

like using a different password for every website? I know you guys have an agenda to push here, and need to make rs or the website look bad, but try harder.

Its a waste of time.

The result of the project will be whatever will be whether I troll or not.

I just saw yesterday that someone reopened topic that should be forgotten, so I took time to respond.

I am certain RealSolid is working on the patch right now, because he is not wasting as much time on chat, so update will be soon around. The thing about "plain-text" password was problematic to me the time when I wanted to revive the password. I may be too paranoid, but I prefer to have my funds protected via 2FA - whether that is email confirmation, google auth or pin, anything is better than just password. Fortunately only-password was good enough so far...

laughingbear

hero member

Activity: 622

Merit: 500

www.cryptobetfair.com

Quote from: DeathAndTaxes on August 17, 2013, 11:52:54 PM

Don't follow established practices just do anything you feel like no matter how stupid (and pointless).

like using a different password for every website? I know you guys have an agenda to push here, and need to make rs or the website look bad, but try harder.

Wolf0

member

Activity: 81

Merit: 1002

It was only the wind.

Quote from: usahero on August 16, 2013, 12:05:06 PM

Quote from: ?? on ??

Quote from: drummerjdb666 on August 08, 2013, 02:40:50 PM

SOUNDS LIKE A BUTT HURT OH NO I WAS BANNED THREAD TO ME!!!

FUCK OFF HERO!!! GET OVER IT!!!

You know it's a strange day in the neighborhood when BitcoinEXpress is defending Coinhunter aka Real Sold aka rlh aka Notyep.

@usahero

1) For the sake of argument let's say RS is using plaint text passwords and can see them

So fucking what, if a person in the altcoin world is STUPID enough to use the same password on two different sites, they deserve to be ripped off. So basically by following password 101, all RS could do if see the password for his own site.

2) mcxNOW does not use plain text, this is straight up fud.

3) Coinhunter is telling the truth, he's banned only four people from mcxNOW and you're 25% of that population, that makes you special.

4) You are correct, CH/RS is a real piece of work, a meglomaniacal narcissistic POS, but what you're doing isn't promoting that idea, it's just making you look like a stupid fuck.

~BCX~

I care about your opinion. So far you have been active in every thread trying to "protect" your master. hahaha. so funny.

Anyway, if someone is "allowed" to spread lies about me, straight up FUD doesn't even sound that bad......

So I'll continue with straight up FUD if needed.

From what I hear, the beef between BCX and RS goes way back. Claiming RS is BCX's "master" isn't just stupid, it's insane. You're excluding everyone's reasonable opinions by labeling them as "with RS".

Quote from: laughingbear on August 17, 2013, 10:58:15 PM

Quote from: DeathAndTaxes on August 16, 2013, 11:30:30 AM

Quote from: Wolf0 on August 08, 2013, 05:46:31 PM

It's still pretty shitty of him to store passwords in a reversible format. If he gets hacked, an attacker can dump them. Of course he'd say it's absolutely impossible for his site to be hacked, but that's because he's seriously out of touch with reality.

This.

It shows a complete lack of understanding of basic password security. If he got this wrong what else did he get wrong.
Simple version: the website needs to be able to decrypt the password so it is like saying "no I keep my money locked up in that safe, the one with the key taped to the front of it".

Passwords are salted and hashed not encrypted for a reason. This was cutting edge computer science ... in 1970.

Step up then big guy. Hack it, steal all the coins on the exchange. Teach him a lesson. We will all wait with bated breath.

We're not saying the exchange is vulnerable. We're saying that if it was hacked, then the attacker could easily dump all the passwords. RS is good, he might be better than you or me, but you think RS is better than every hacker out there? I don't.

usahero

sr. member

Activity: 434

Merit: 250

Quote from: ?? on ??

Quote from: Wolf0 on August 17, 2013, 11:06:08 PM

From what I hear, the beef between BCX and RS goes way back. Claiming RS is BCX's "master" isn't just stupid, it's insane. You're excluding everyone's reasonable opinions by labeling them as "with RS".

You are correct, Coinhunter and I are old friends LOL

@usahero, claiming I'm a Coinhunter puppet is "Gold Certification" that

1) You're an idiot
2) Have no clue on RS/CH history
3) Butt Hurt over getting banned from a troll box LOL...

~BCX~

This post was about security. It was about the fact that mcxnow still has the worst 2fa security. Any other site you need more than password to hack it. Only on mcx, knowing password is enough to get your coins stolen.

I have some funds there so its something that matters to me.

I guess you are troll, but not from his team. I don't care enough about you to track your history with RS. I am troll too. So nice to meet you. And btw, everyone is free to think I am idiot. So I'll write it here: I AM IDIOT.

Now deal with it. Everyone is free to ignore me.

DeathAndTaxes

donator

Activity: 1218

Merit: 1079

Gerald Davis

Quote from: laughingbear on August 17, 2013, 10:58:15 PM

Quote from: DeathAndTaxes on August 16, 2013, 11:30:30 AM

Quote from: Wolf0 on August 08, 2013, 05:46:31 PM

It's still pretty shitty of him to store passwords in a reversible format. If he gets hacked, an attacker can dump them. Of course he'd say it's absolutely impossible for his site to be hacked, but that's because he's seriously out of touch with reality.

This.

It shows a complete lack of understanding of basic password security. If he got this wrong what else did he get wrong.
Simple version: the website needs to be able to decrypt the password so it is like saying "no I keep my money locked up in that safe, the one with the key taped to the front of it".

Passwords are salted and hashed not encrypted for a reason. This was cutting edge computer science ... in 1970.

Step up then big guy. Hack it, steal all the coins on the exchange. Teach him a lesson. We will all wait with bated breath.

Yes that is the standard for information security. Don't follow established practices just do anything you feel like no matter how stupid (and pointless). The fact that other sites (hundreds, thousands?) have made the same mistake and you can't undo it after the hack should just be ignored. The absence of a hack means you are secure right? That works right up until a hack does occur and then it is "oh well in hindsight who could have seen the hacker would decrypt the password list".

Your statement is like saying you leave your door unlocked with a sign saying "money inside". You haven't been robbed yet so it must be secure and anyone who says locking your door would be more secure should just try to rob you instead.

laughingbear

hero member

Activity: 622

Merit: 500

www.cryptobetfair.com

Quote from: DeathAndTaxes on August 16, 2013, 11:30:30 AM

Quote from: Wolf0 on August 08, 2013, 05:46:31 PM

It's still pretty shitty of him to store passwords in a reversible format. If he gets hacked, an attacker can dump them. Of course he'd say it's absolutely impossible for his site to be hacked, but that's because he's seriously out of touch with reality.

This.

It shows a complete lack of understanding of basic password security. If he got this wrong what else did he get wrong.
Simple version: the website needs to be able to decrypt the password so it is like saying "no I keep my money locked up in that safe, the one with the key taped to the front of it".

Passwords are salted and hashed not encrypted for a reason. This was cutting edge computer science ... in 1970.

Step up then big guy. Hack it, steal all the coins on the exchange. Teach him a lesson. We will all wait with bated breath.

usahero

sr. member

Activity: 434

Merit: 250

Quote from: ?? on ??

Damn USA let it go. It was just a chat ban. I mean really you claim the trollbox is racist hate filled evil (it really isn't), but YOU'RE one of the only ones to ever get chat banned there.

Did you get chat banned? Yep.
Did you deserve that ban? I dunno, I didn't see what happened.
Is 2FA coming to mcxNOW? "Soon."
Did RS steal your money before, or after, you were banned? Nope.
Do you still trade on the site? Probably... (and for good reason)

This post was obviously about 2fa, not abotu what you think about me. Get over it, i'm just internet anonymous. You shouldn't waste time with me.......

OHHHHHHH, you are protecting your fee-shares... Here we go

usahero

sr. member

Activity: 434

Merit: 250

Quote from: drummerjdb666 on August 08, 2013, 02:40:50 PM

SOUNDS LIKE A BUTT HURT OH NO I WAS BANNED THREAD TO ME!!!

FUCK OFF HERO!!! GET OVER IT!!!

If your dick was long enough, you could stick it in your a**

usahero

sr. member

Activity: 434

Merit: 250

Quote from: paulthetafy on August 08, 2013, 02:04:27 PM

Before everybody bashes RealSold and mcxNow, you might want to a) get some proof and b) give RS himself a chance to explain things rather than posting publicly.

Also remember that 2FA is coming soon (though not on Aug 10th AFAIK). Can I remind you that BTC-e only introduced 2FA fairly recently!!

Lastly, usahero, I know you're having some beef with RealSolid and mcxNow at the moment, but raising this post was really low of you.

- PTT

I gave chance to explain everything about fee-shares to rs. Instead of explaining me stuff about the shares, he started yelling at me, making outrageous claims and shittalking me.

So we are still waiting for 2FA. I'm sure he will deliver it on time.

And since you don't know circumstances around my beef with RealSolid, it is low from you to call it "low from me". Because you got no clue what happened.

usahero

sr. member

Activity: 434

Merit: 250

Quote from: ?? on ??

Quote from: drummerjdb666 on August 08, 2013, 02:40:50 PM

SOUNDS LIKE A BUTT HURT OH NO I WAS BANNED THREAD TO ME!!!

FUCK OFF HERO!!! GET OVER IT!!!

You know it's a strange day in the neighborhood when BitcoinEXpress is defending Coinhunter aka Real Sold aka rlh aka Notyep.

@usahero

1) For the sake of argument let's say RS is using plaint text passwords and can see them

So fucking what, if a person in the altcoin world is STUPID enough to use the same password on two different sites, they deserve to be ripped off. So basically by following password 101, all RS could do if see the password for his own site.

2) mcxNOW does not use plain text, this is straight up fud.

3) Coinhunter is telling the truth, he's banned only four people from mcxNOW and you're 25% of that population, that makes you special.

4) You are correct, CH/RS is a real piece of work, a meglomaniacal narcissistic POS, but what you're doing isn't promoting that idea, it's just making you look like a stupid fuck.

~BCX~

I care about your opinion. So far you have been active in every thread trying to "protect" your master. hahaha. so funny.

Anyway, if someone is "allowed" to spread lies about me, straight up FUD doesn't even sound that bad......

So I'll continue with straight up FUD if needed.

usahero

sr. member

Activity: 434

Merit: 250

This thread was never about what you (idiots) think about what I think about being banned on mcxnow. I gave an advice to realsolid and he is working hard on implementing 2FA.

Now if you idiots have problems with me, maybe thats because you are doubting your "investment"? If it is so good investment, you shouln't be afraid of one fud-troll, eh...?

Well, the list of people getting banned for stating facts on mcxnow is increasing. Enjoy your tiny fee-shares.. They will get lower after RealSolid decreases btc withdrawal fees from 0.005 to 0.001, as he promised... Cheesy

DeathAndTaxes

donator

Activity: 1218

Merit: 1079

Gerald Davis

Quote from: Wolf0 on August 08, 2013, 05:46:31 PM

It's still pretty shitty of him to store passwords in a reversible format. If he gets hacked, an attacker can dump them. Of course he'd say it's absolutely impossible for his site to be hacked, but that's because he's seriously out of touch with reality.

This.

It shows a complete lack of understanding of basic password security. If he got this wrong what else did he get wrong.
Simple version: the website needs to be able to decrypt the password so it is like saying "no I keep my money locked up in that safe, the one with the key taped to the front of it".

Passwords are salted and hashed not encrypted for a reason. This was cutting edge computer science ... in 1970.

Wolf0

member

Activity: 81

Merit: 1002

It was only the wind.

Quote from: ?? on ??

Quote from: Wolf0 on August 08, 2013, 05:46:31 PM

but that's because he's seriously out of touch with reality.

Now that's the RealSolid I know!

~BCX~

Yep, but for some reason, I still kind of like him.

ahmed_bodi

hero member

Activity: 518

Merit: 500

Bitrated user: ahmedbodi.

more reason why mcxnow should be avoided

[17:07] RealSolid: how many actual times have i insulted you?
[17:13] RealSolid: well^
[17:15] you think i count or care about such things?
[17:16] approximation, by my count like twice
[17:18] ok?
[17:18] never mind (facepalm)
[17:18] plz unban my account? no trolling or spamming Cheesy

[17:20] no you annoy me
[17:21] its probably worse because youre muslim
[17:21] troll!
[17:21] HAHAHA, and you guys call me a troll
[17:21] 1 sec let me put my bot here so it starts recording
[17:21] Tongue

[17:22] --> MainBot has joined this channel ([email protected]).
[17:22] haha
[17:22] *** ChanServ gives channel operator privileges to RealSolid.
[17:22] *** RealSolid sets a ban on *!*@host-212-159-185-14.static.as13285.net.
[17:22] *** You have been kicked from channel #mcxnow by RealSolid (ahmedbodi).
[17:23] [474] ahmedbodi #mcxnow Cannot join channel (+b) - you are banned
[17:23] [474] ahmedbodi #mcxnow Cannot join channel (+b) - you are banned

Wolf0

member

Activity: 81

Merit: 1002

It was only the wind.

Quote from: ?? on ??

Quote from: drummerjdb666 on August 08, 2013, 02:40:50 PM

SOUNDS LIKE A BUTT HURT OH NO I WAS BANNED THREAD TO ME!!!

FUCK OFF HERO!!! GET OVER IT!!!

You know it's a strange day in the neighborhood when BitcoinEXpress is defending Coinhunter aka Real Sold aka rlh aka Notyep.

@usahero

1) For the sake of argument let's say RS is using plaint text passwords and can see them

So fucking what, if a person in the altcoin world is STUPID enough to use the same password on two different sites, they deserve to be ripped off. So basically by following password 101, all RS could do if see the password for his own site.

2) mcxNOW does not use plain text, this is straight up fud.

3) Coinhunter is telling the truth, he's banned only four people from mcxNOW and you're 25% of that population, that makes you special.

4) You are correct, CH/RS is a real piece of work, a meglomaniacal narcissistic POS, but what you're doing isn't promoting that idea, it's just making you look like a stupid fuck.

~BCX~

It's still pretty shitty of him to store passwords in a reversible format. If he gets hacked, an attacker can dump them. Of course he'd say it's absolutely impossible for his site to be hacked, but that's because he's seriously out of touch with reality.

Topic: mcx passwords - page 3. (Read 4339 times)