Pages:
Author

Topic: MtGox claim site online - page 2. (Read 4964 times)

full member
Activity: 168
Merit: 100
June 21, 2011, 04:45:11 PM
#24
Mt gox websites are not loading.......  Huh
newbie
Activity: 25
Merit: 0
June 21, 2011, 02:28:43 PM
#23
Is mtgox under dos attacks or are there simply too many of us trying to connect? Probably the latter because it doesn't actually work and many people try again and again (like me, in the morning). Last time I was able to try I was still getting

"The password for this account is invalid, or this account is not currently under claim process."

And I had a fairly long and good password, I doubt somebody had the time to crack it, and it was "salted" (not an idle account)
so what does or this account is not currently under claim process. mean, anyway??

member
Activity: 98
Merit: 10
June 21, 2011, 02:26:36 PM
#22
so because all the hashed passwords and emails were leaked. mtgox is going to authenticate accounts through emails...by entering the old password. and a new password...

soooo fucking stupid.
you realized that this was only step one, did you?
There is a second step where you have to provide further prove that you are the legit owner of the account you claim.


even lulzier is bitcoin is a community of people who mine by decoding hashes.
nobody is decoding hashes.

someone with a killer mining set up could rainbow table the shit out of any encryption.  md5 encryptions can be easily cracked by morons via sites like md5decrypter.co.uk and the freebsdmd5 hashes by process's like this http://hansatan.com/?d=jtrguide
good luck. the unsalted simple md5() from the leaked list are dead accounts, where nobody logged in for months.
also good luck for trying to crack the ~60000 unix_md5() hashes, with ~60000 different salts. that requires you to generate 60000 different rainbowtables...very effective, lol.
legendary
Activity: 1526
Merit: 1002
Waves | 3PHMaGNeTJfqFfD4xuctgKdoxLX188QM8na
June 21, 2011, 02:23:36 PM
#21
Hmm, I had no problems going trough the claim procedure...
Submitted my bank account #, name, IP and the balance of my account in BTC.

Should be enough info to reclaim my account.
legendary
Activity: 1974
Merit: 1029
June 21, 2011, 02:08:58 PM
#20
Yes, it looks like that: "Your account recovery request is pending review by our staff."

Interesting. I didn't get that, or any error—I was redirected to the same step 2/2 again. Actually submitted the form twice just in case...
legendary
Activity: 1134
Merit: 1005
June 21, 2011, 01:58:43 PM
#19
And now it says "The password for this account is invalid, or this account is not currently under claim process."
With no further instruction.
Are they forcing us to file case in small claims courts?
I really smell a huge lawsuit going their way.

Also, I've submitted a few support requests PRIOR to the attack, and NONE ever got a reply back.
So I guess I might be forced to file a suit
qed
full member
Activity: 196
Merit: 100
June 21, 2011, 01:56:53 PM
#18
what's even worse, i put in a new password, and it says it is not secure enough.
It contains number, lower case letter, upper case letter, symbol, special character.
Are they asking for arabic characters combined with korean and russian characters??

Same issue here.
legendary
Activity: 1134
Merit: 1005
June 21, 2011, 01:52:21 PM
#17
what's even worse, i put in a new password, and it says it is not secure enough.
It contains number, lower case letter, upper case letter, symbol, special character.
Are they asking for arabic characters combined with korean and russian characters??
kjj
legendary
Activity: 1302
Merit: 1026
June 21, 2011, 01:49:09 PM
#16
It rejected what I would consider a very strong password ... I hope they understand that making passwords harder just encourages people to write them down, which is actually less secure in the long run.  You figure since they took so long to fix it; they would at least do it right instead of going nuts. FAIL.

Someone can't look at a written password over the internet.

I actually encourage people to use strong passwords and write them down.  I just make sure that they understand that the proper place to store the paper with the password is with their other small, valuable pieces of paper, in their wallet.
They can with a keylogger.

This doesn't change the relative security of written vs. unwritten passwords.
qed
full member
Activity: 196
Merit: 100
June 21, 2011, 01:46:36 PM
#15
All the informations needed to claim the account are publicly available. This will be fun.
What??  Huh

The username, email and old hashed password has been posted on the forum and not deleted even if i contacted 3 times the admin.

EDIT: The second step is allowing you to submit a proof of the ownership.
sr. member
Activity: 252
Merit: 251
June 21, 2011, 01:45:08 PM
#14
All the informations needed to claim the account are publicly available. This will be fun.
What??  Huh

It's in the accounts list.
If someone was dumb enough to use a simple password on both their Mt. Gox and email account, then all the attacker needs is that info.

Add to that the fact gmail shows the last visible IP's, the attacker can just gain a local proxy in your country after a quick WHOIS search and obtain a higher probability of recovering your account.
newbie
Activity: 18
Merit: 0
June 21, 2011, 01:44:54 PM
#13
so because all the hashed passwords and emails were leaked. mtgox is going to authenticate accounts through emails...by entering the old password. and a new password...

soooo fucking stupid.

This goes far beyond, one account, a measly $1k, and a user database. this is means anyone who used the same password for their email could have the passwords to other accounts recovered to the email without knowing the original. so get access to the email. find where they have accounts. paypal, bitmarket, banks, this forum, their mining sites, dating sites, dwolla, liberty reserve, everything. they might of sent a an ecrypted zip of their wallet to themselves via their email. they might of had a very important conversation with someone. money pak numbers in emails. endless possibilities. amazon accounts, ebay, godaddy, ect ect ect. this spiderwebs out.

even lulzier is bitcoin is a community of people who mine by decoding hashes. someone with a killer mining set up could rainbow table the shit out of any encryption.  md5 encryptions can be easily cracked by morons via sites like md5decrypter.co.uk and the freebsdmd5 hashes by process's like this http://hansatan.com/?d=jtrguide

So theyre going to dictate the price at 17.50 when the exchange comes back.  who values this shit at $17 right now? someone bought a fuckload for penny each. and were supposed to buy at $17.50. i mean thats all fine and dandy for everyone getting out of bitcoins, but thats no good for the market in general.

mtgox is a buncha fuckups who lost lots of people alot of money, set back a revolution and wont take responsibility for handing out the database to an auditor for reasons unknown. i know what auditors do, no reason for him to have emails and logins. fucking morons down at mtgox have fucked up big time. They really need to pay for all damages and fuck off the internet.
newbie
Activity: 28
Merit: 0
June 21, 2011, 01:38:47 PM
#12
All the informations needed to claim the account are publicly available. This will be fun.
What??  Huh
qed
full member
Activity: 196
Merit: 100
June 21, 2011, 01:34:58 PM
#11
All the informations needed to claim the account are publicly available. This will be fun.
full member
Activity: 182
Merit: 101
June 21, 2011, 01:25:50 PM
#10
It rejected what I would consider a very strong password ... I hope they understand that making passwords harder just encourages people to write them down, which is actually less secure in the long run.  You figure since they took so long to fix it; they would at least do it right instead of going nuts. FAIL.

Someone can't look at a written password over the internet.

I actually encourage people to use strong passwords and write them down.  I just make sure that they understand that the proper place to store the paper with the password is with their other small, valuable pieces of paper, in their wallet.
They can with a keylogger.
kjj
legendary
Activity: 1302
Merit: 1026
June 21, 2011, 01:12:11 PM
#9
It rejected what I would consider a very strong password ... I hope they understand that making passwords harder just encourages people to write them down, which is actually less secure in the long run.  You figure since they took so long to fix it; they would at least do it right instead of going nuts. FAIL.

Someone can't look at a written password over the internet.

I actually encourage people to use strong passwords and write them down.  I just make sure that they understand that the proper place to store the paper with the password is with their other small, valuable pieces of paper, in their wallet.
hero member
Activity: 546
Merit: 500
June 21, 2011, 12:54:51 PM
#8
I claimed my account, but if MTGOX expects me to jump through any hoops, I'd request they close and delete my account (I never had a transaction anyway).

I am weary of them having access to ANY of my information (no offense to them, I just don't really want my day-to-day email spammed or worse).


newbie
Activity: 10
Merit: 0
June 21, 2011, 12:47:53 PM
#7
Seems that the MtGox staff will check every single account, oh boy.


Yes, it looks like that: "Your account recovery request is pending review by our staff."

With over 61,000 accounts that could take a while.

If they took only one minute to validate each account, that would be over 1000 man-hours, or over 42 days. Hopefully there is a team of workers or an automated system in development.
newbie
Activity: 28
Merit: 0
June 21, 2011, 12:16:51 PM
#6
Mine also said that until I remembered the right old password.
newbie
Activity: 25
Merit: 0
June 21, 2011, 12:14:27 PM
#5
mine also says "The password for this account is invalid, or this account is not currently under claim process."


I've been waiting since last night to log in, slept only 4 hours, WTF?
Pages:
Jump to: