Topic: MTGOX claim site is up (Read 3047 times)

Removed mine.

  i cant believe that you guys just dox'ed that guy...... the poster who put up the original post edited the info out, but its still up in the posts where it was quoted....do the community a favor and erase the info out of the quoted posts as well....theres enough people getting hacked as-is.

and someone should inform kiba that he/she was dox'ed so they can change login info

lol... it's still not MtGox fault if users use weak passwords AND easy to guess security questions on other sites.

Nope, not yet.

Duran: It's not a challenge. Yes, it's true that most people's accounts, probably including mine, can easily be hacked. And, yes, you seem to have done this more often. Please stop publishing people's personal credentials here. While an interesting exercise, it doesn't really help the present discussion.

So, has anybody received any confirmations or replies to their claims?

LOLOLOL! YOUR SO CAUGHT ON PASSWORDS! YOU DONT NEED PASSWORDS! I JUST NEED YOUR OLDEST NIECES NAME!

searched your username on the database. got your email. went to sign in to your email. "oops forgot my password" security question one. some googling and whatnot. so blame people for weak passwords. but should we also blame your niece for saying how awesome her uncle "lefbi" is on her twitter?

Edit: also mr security expert, this is the same way people got into sarah palins email on the same email provider and everyone was like LULZ WHY YOU CONDUCT SUCH IMPORTANT STUFF ON CRAPPY EMAIL? of course dude went to jail for posting it on 4chan. also i didnt access your account. but you might not want to have such ">weak<" account recovery questions.

Nobody said it's impossible to crack unix_md5(). It's a matter of time and it's highly unlikely that if you use a secure password, that someone will crack it in a short time. Read up on bruteforce again, you have already shown your lack of knowledge about that topic in multiple threads now, so please stop talking about it.

Yes MtGox's database was leaked. But you can't blame them for lazy users who used a >weak< password and even worse used the very same weak password on multiple sites.

Def not threatening anyone. i removed the specifics from my original post. maybe a mod should fix the quotes. i mean the infos public but no reason to single anyone out. but you get the idea now. also sorry for cursing and not being more "adult"

MtGox, instead of Mt.Gox ??

I'm thinking hacker, again ?

Duran, I think you upset people because you basically just made threats along the lines of "You disagree with me? Well oh gee your family lives at 165 Lincoln Ave? It sure would be a pity if they all accidentally died."

You need a better password! I used some special characters in mine and it was pretty long... now I think I have forgotten it though! Doooh.

Has any1 got their account activated?
Mtgox's latest update says 10% accounts recovered.

No updates to my account still 

to the people saying im a troll and i should be banned, I would love to hear the reasoning behind this.

im a guy with quite a bit invested in mtgox. I am publicly pointing out security issues at the fault of mtgox, that could be used to find out the identities of users, their emails, take control of their finances, bank accounts, their forum account here, their facebook, whatever someone found useful. while mtgox leaves out the hacker had to of cracked the "impossible" salted password for the account that was hijacked and attempted to be emptied.

check it out. other then the coins and mtgoxusd i had in my account, i am not worried, ive changed and secured every account i have and i dont invest more then im willing to risk. so it sucks but my lifes not changing. other people tho. they may not of realized the severity of the database leak. this goes beyond just mtgox. im looking out for others not myself. so reconsider who needs banned, maybe mtgox who just profited off the community at the risk of all their users and totally comprised things bitcoin stands for like anonymity. ban mtgox. not me.

edit: new mtgox email, coincidence?

Now,  no matter what you put for a new password, claim page comes back with

The new password is not secure enough. Security tips include using special characters, make the password longer, etc...

I cant even get passed the first page

He makes some good points.  His delivery is just a little rough.  Md5 is broken, and everyone's hash,  username, and hash are out there.  Having bitcoins makes us all targets, and we need to take security seriously.  Unfortunately, I suspect this will lead to bitcoin banks who secure people's bitcoins for them.

Ban this guy already.

EDIT: EDIT TO REMOVE PASSWORDS/EMAIL FROM QUOTE.

ok check it if salted hashes are so hard to break and such a nonissue. think. hacker took database. took control of major bitcoin holders account. to do that, he needed the password, if i had 400k bitcoins best believe theyve been to the site in 2 months. so he cracked the password of his choosing. yeah cracking salts takes a while. but getting $xx,xxx is pretty motivating if u have an idea where to look.

for example. i know this is terrible of me to post but im sure hes been hit.

[deleted by poster] has more posts on this forum then anyone. safe to say he prolly does some shit with bitcoins right?
well i looked up his name in the now public db.

[deleted by poster]

a google seach of his email brings up this.
[deleted by poster]

i bet he used the same pw somewhere. best believe i wasnt the first person to think of this. i picked the highest profile person i could and theres his info. not salted. i didnt post the cracked password and hopefully hes changed everything. if not, hes screwed. mtgox's fault.

so since your not worried at all. i found your account. how many coins and mtgoxusd u got in there?
[deleted by poster]

is your dwolla, liberty reserve or bank accounts connected to your gmail? notice your address comes up in google searches? your billing address? your facebook connected? is your security question what color ur dog is with old sparky on your facebook?

have you guys filed your claims yet? I did, and both the claim status link or any other address in the mtgox.com domain seems completely unresponsive

surfing through other web pages is perfectly fine but the mtgox site doesn't seem to respond, anyone else observing this?

It's a good thing you're long-winded because otherwise you would win my "most fails per word" award...

Let's take these one at a time...

even lulzier is bitcoin is a community of people who mine by decoding hashes
No, we generate hashes until they fall below an arbitrary value, hashes cannot be "decoded" only recreated. This is similar to the way a brute force hash-collision attack works, but not quite the same.

someone with a killer mining set up could rainbow table the shit out of any encryption
Not every encryption schema is susceptible to rainbow tables. As a matter of fact, no one really uses rainbow tables for encryption because you'd have to have a sample for every possible plaintext encrypted with every possible key to do so, which would result in immeasurably large files. We use rainbow tables for hashing algorithms. Furthermore, aside from a handful of very old accounts, Mt. Gox did at least use salt with their MD5 which renders rainbow tables ineffective and requires time be spent to specifically brute force one password at a time. If you had a password of sufficient complexity, you would still be safe from this attack for a pretty reasonable period of time (measured in years).

So theyre going to dictate the price at 17.50 when the exchange comes back.  who values this shit at $17 right now?
No one does, not even Mt. Gox. The price is rolling back to $17.51 because that's what the top (most recent) transaction in their database was at when the attack occurred. When the system comes back online, it will be free to move in whatever direction the market is currently valuing BTC at. People will cancel their buy/sell orders and place them at more reasonable points surrounding the current trade value.

someone bought a fuckload for penny each. and were supposed to buy at $17.50
Yes, but it really only matters what someone was able to cash out after buying at $0.01. I don't have the post in front of me but "Kevin" claims to have been able to cash out ~600 BTC, worth around $8,000 at current market values. Still quite a bit of cash, but not the "fuckload" you claim or the 263,000 that were actually purchased before the rollback.

mtgox is a buncha fuckups who lost lots of people alot of money, set back a revolution and wont take responsibility for handing out the database to an auditor for reasons unknown. i know what auditors do, no reason for him to have emails and logins. fucking morons down at mtgox have fucked up big time.
Now I do at least agree with you a bit here. I might use more "grown-up" language to express my opinion of Mt. Gox but I do feel that they've managed to hurt the bitcoin economy and community via their poor security. I also agree that unless the "auditor" was actually a security auditor, he/she had no business in the login database. It might be the case that Mt. Gox stores their login data within a table in the same database as their trades, which would be one more security failure on their part in my humble opinion.

anyone who used the same password for their email could have the passwords to other accounts recovered to the email without knowing the original
Although you wrote this in the most convoluted way possible, I think I understand you to be saying "if people used the same passwords in multiple places, this could lead to the compromise of even more accounts" which would be true. Of course this is why we always say to never use the same password for multiple systems, not that anyone listens. This is one of the few places where the onus of security is placed squarely on the shoulders of the individual; Mt. Gox could have forced secure passwords upon their users, additional authentication factors, all kinds of things - but they can't force their users NOT to use their GMail password at the exchange.

Duran:
If you think you can do it better, open your own exchange site, run it with your real name and your real money. C'mon take the risk!
Also, the md5 stuff you have written is utter bs.

And this:

Duran,

Stop posting the same shit in multiple posts.   No one cares about your garbage trolling.