Thank you, I'll be here all week. And the next, and the next...
Also, try the veal.
Topic: ! Mt. Gox PASSWORDS List Released - Your Password Could Be Here - Check ! (Read 8715 times)
June 26, 2011, 09:10:17 AM
June 26, 2011, 09:04:23 AM
Joe: "Hey Bob, is your password secure?"
Bob: "Why yes, yes it is!"
$1$h5rchLvM$GZ4qMJm3V45rJDdEMjjCf.:secure
Bob: "Why yes, yes it is!"
$1$h5rchLvM$GZ4qMJm3V45rJDdEMjjCf.:secure
June 26, 2011, 08:51:02 AM
Joe: "Hey Bob, is your password secure?"
Bob: "Why yes, yes it is!"
$1$h5rchLvM$GZ4qMJm3V45rJDdEMjjCf.:secure
Bob: "Why yes, yes it is!"
$1$h5rchLvM$GZ4qMJm3V45rJDdEMjjCf.:secure
June 26, 2011, 07:57:59 AM
From Reddit
Check to see if you are on the list. Keep different passwords for everything. I did a search and did not see this posted.
Password related threads to help you:
http://forum.bitcoin.org/index.php?topic=20004.0
http://forum.bitcoin.org/index.php?topic=20587.0
Quote
If you haven't changed your password on other sites from the MtGox debacle, you should.
I found this through IRC a few minutes ago, chances are it's already been passed around a bit before a public paste.
Edit: It looks like that amounts to about 14.5% of all the passwords available in the accounts.csv file.
I found this through IRC a few minutes ago, chances are it's already been passed around a bit before a public paste.
Edit: It looks like that amounts to about 14.5% of all the passwords available in the accounts.csv file.
Check to see if you are on the list. Keep different passwords for everything. I did a search and did not see this posted.
Password related threads to help you:
http://forum.bitcoin.org/index.php?topic=20004.0
http://forum.bitcoin.org/index.php?topic=20587.0
There are actually people who have not changed their password yet??? I changed and my PW is not even on MTGox. come on people, this is a no brainer, CHANGE IS GOOD!!
June 26, 2011, 06:41:13 AM
Fine - be happy. But take a little time to understand what you are being happy about.
then again.. maybe too much understanding is not a recipe for happiness...
As you were!
then again.. maybe too much understanding is not a recipe for happiness...
As you were!
I won't use Mt Gox again, they'll have to earn my trust back.
I've been jumping to my own wrong conclusions so I can't really talk.
June 26, 2011, 06:36:33 AM
ouch. That's potentially damning for the 'no sql injection attack occurred' line.
There are also some script tags in there that I didn't notice before.
Not really. The records with those names were inserted succesfully, which means that no succesful sql injection happened.There are also some script tags in there that I didn't notice before.
At least there...
June 26, 2011, 06:31:55 AM
My old password isn't there, I checked.
June 26, 2011, 06:28:10 AM
Moral of the story: length means nothing if your password is still easy to type
...
...
Uhm, then why are all cracked passwords in the list at most 12 characters long?
June 26, 2011, 06:01:28 AM
Lol
there are really interesting passwords among them:
- 12345
- aaaaaa
- bbbbb
- asdasd
ROFL
But the list also reveals the nerdy nature of bitcoin:
several times: mutter (german for mother)
several times: schach (german for chess)
Although I think it is quite possible that the same person opened more than one account and reused the password...but anyway
Could be Hollowitz from the big bang theory
there are really interesting passwords among them:
- 12345
- aaaaaa
- bbbbb
- asdasd
ROFL
But the list also reveals the nerdy nature of bitcoin:
several times: mutter (german for mother)
several times: schach (german for chess)
Although I think it is quite possible that the same person opened more than one account and reused the password...but anyway
Could be Hollowitz from the big bang theory
June 26, 2011, 05:22:22 AM
Fine - be happy. But take a little time to understand what you are being happy about.
then again.. maybe too much understanding is not a recipe for happiness...
As you were!
then again.. maybe too much understanding is not a recipe for happiness...
As you were!
I won't use Mt Gox again, they'll have to earn my trust back.
June 26, 2011, 05:07:31 AM
ouch. That's potentially damning for the 'no sql injection attack occurred' line.
There are also some script tags in there that I didn't notice before.
Not really. The records with those names were inserted succesfully, which means that no succesful sql injection happened.There are also some script tags in there that I didn't notice before.
At least there...
June 26, 2011, 05:02:31 AM
Quote
$1$R.8T.bLF$YhKX2D5dSpHvVVpzFrh850:simple
Quote
$1$o2kS4dDJ$qDn2qVH59DkTUBz07v/F30:123123
Quote
$1$NYu3SOH.$8psRMNTS948n1x1gJRtk90:password
Quote
$1$Y.cNDLc5$F2pvospitYK2yr10Q0Ktq.:computer
Hrmmm....you know.....I'm just gonna run out on to the street and leave a hundred dollars on a wall.....but it's okay as I can put this rock on top of it that means it won't be stolen!
FFS!
My life sucks......you know why my life sucks...because the ocd lil bitch that I am means a new username and password every time....if I walk away from something for more then a few months, que me trying to get my fucking head around what i typed at the time.....beats being raped I suppose
June 26, 2011, 04:49:45 AM
My favorite username and passwords were
Quote
UserID Username Email Password
12558 hehehe\' 0 0 0)waitfor delay\'0: $1$ldybUNj/$jZ5XJRWM8DsOTM3FU9TyN0
14250 & 39 union select 1 2 3 4 5 6
12558 hehehe\' 0 0 0)waitfor delay\'0: $1$ldybUNj/$jZ5XJRWM8DsOTM3FU9TyN0
14250 & 39 union select 1 2 3 4 5 6
ouch. That's potentially damning for the 'no sql injection attack occurred' line.
There are also some script tags in there that I didn't notice before.
June 26, 2011, 04:30:02 AM
My favorite username and passwords were
Quote
UserID Username Email Password
12558 hehehe\' 0 0 0)waitfor delay\'0: $1$ldybUNj/$jZ5XJRWM8DsOTM3FU9TyN0
14250 & 39 union select 1 2 3 4 5 6
12558 hehehe\' 0 0 0)waitfor delay\'0: $1$ldybUNj/$jZ5XJRWM8DsOTM3FU9TyN0
14250 & 39 union select 1 2 3 4 5 6
June 26, 2011, 03:46:48 AM
Quote
1q2w3e!Q@W#E
qwe123QWE!@#
qwe123QWE!@#
interesting that these got cracked, was it salted? looks like it would be more difficult to crack than a lot of the ones on that list
It is interesting.. but note that on a standard qwerty keyboard - it's a pattern of 6 keys at the top left.. first unshifted then shifted.
Perhaps some wannabe security guru recommended it to a bunch of suckers as an easy way to remember your complicated password?!
since the days of john the ripper, the config file for it allows you to put patterns that are commonly used. i assume other
password cracking tools are also configurable for such patterns. checking simple patterns on the keyboard are often the
first to fall since they are checked for that and dictionary way before the brute force takes place using a-z A-Z 1-0 shift1-0 etc....
June 26, 2011, 03:31:00 AM
June 26, 2011, 03:12:42 AM
Mine is not there.
June 26, 2011, 03:11:55 AM
Quote
1q2w3e!Q@W#E
qwe123QWE!@#
qwe123QWE!@#
interesting that these got cracked, was it salted? looks like it would be more difficult to crack than a lot of the ones on that list
It is interesting.. but note that on a standard qwerty keyboard - it's a pattern of 6 keys at the top left.. first unshifted then shifted.
Perhaps some wannabe security guru recommended it to a bunch of suckers as an easy way to remember your complicated password?!
June 26, 2011, 03:10:21 AM
that looks to only go up to 9000, I wouldn't expect it to be complete for a couple months. You also have to assume most of them are throwaway accounts.
June 26, 2011, 03:05:58 AM
They got hacked again?
No. *some* of the passwords have been extracted from the *previously* released list of (lightly) encrypted passwords.Everyone should have changed their mtgox passwords by now, and also on other services if they were silly enough to use the same password elsewhere.
This is just an interesting exercise in seeing what insecure passwords people tend to use.
The shorter, dictionary based passwords are easily cracked. The more complex ones will take time - if anyone can even be bothered.
I'm happy now that I withdrew all my remaining bitcoins from Mt Gox.
Fine - be happy. But take a little time to understand what you are being happy about.
then again.. maybe too much understanding is not a recipe for happiness...
As you were!
Jump to: