TL;DR, as always, NEVER INVEST MORE THAN YOU CAN AFFORD TO LOSE.
Why do I have to keep repeating that every so often.
Why do I have to keep repeating that every so often.
Yes you shouldn't invest money you need for food. Full stop.
Topic: MTGOX really is affecting me being able to feed my family (Read 4447 times)
Yes you shouldn't invest money you need for food. Full stop.
TL;DR, as always, NEVER INVEST MORE THAN YOU CAN AFFORD TO LOSE.
Why do I have to keep repeating that every so often.
Why do I have to keep repeating that every so often.
Yes you shouldn't invest money you need for food. Full stop.
Woosh!
Yeah. I thought it was funny though. I guess you needed 66 or more posts to get it.
Woosh!
Just cracked this hash from D&T: 030b02c46b7c238cb21ac04a7aadd1d937c5c2e2
Unhashed: freeBFLSrofl!
Ass
Uhm... sha1("freeBFLSrofl!") = c23c4530a58dcb542c450bd411ca75ee8058f52a, so no. Unhashed: freeBFLSrofl!
Ass
Just cracked this hash from D&T: 030b02c46b7c238cb21ac04a7aadd1d937c5c2e2
Unhashed: freeBFLSrofl!
Ass
Unhashed: freeBFLSrofl!
Ass
Right!
Except most people will just enter their password there.
You can trust them all you want, but don't tell people to do it.
You can trust them all you want, but don't tell people to do it.
Right click > View Source. Hmm yup the javascript is hashing the password using SHA-1 function and the only data sent to the server is the SHA-1 hash.
Your point again?
By your logic nobody should use Bitcoin. While the source code is open and available unless someone has read it themselves every single line they should never recommend Bitcoin to anyone else and even if they do recommend it they should only do so to people who are capable of reading the entire source code line by line.
Which is why Bitcoin is only used by Satoshi and 3 guys from MIT with masters degrees in computer science and cryptography.
Right?
Did you bother opening the homepage before trying to fix it?
Yes. Did you read the words in the screenshot you just provided?
Quote
Just provide your password (which we hash with JavaScript; view source to verify) or a SHA-1 hash of your password below, and we'll check.
For example here is a hash of my LinkedIn password.
http://www.leakedin.org/?check=04858397aa974628e2f20f62661034dfa7dcd233
Have fund spending the next thousand years trying to brute force it.
SHA-1 may be degraded but having the hash only doesn't really give you anything useful.
Hell here is a SHA-1 hash of my MtGox password ee5f21d188bb765b74c315cf4cda472e50f55c02
and here is SHA-1 hash of my BitcoinTalk password 030b02c46b7c238cb21ac04a7aadd1d937c5c2e2
Congrats you just collected 3 SHA-1 hashes. That has got to be worth something.
Except most people will just enter their password there.
You can trust them all you want, but don't tell people to do it.
Did you bother opening the homepage before trying to fix it?
Yes. Did you read the words in the screenshot you just provided?
Quote
Just provide your password (which we hash with JavaScript; view source to verify) or a SHA-1 hash of your password below, and we'll check.
For example here is a hash of my LinkedIn password.
http://www.leakedin.org/?check=04858397aa974628e2f20f62661034dfa7dcd233
Have fund spending the next thousand years trying to brute force it.
SHA-1 may be degraded but having the hash only doesn't really give you anything useful.
Hell here is a SHA-1 hash of my MtGox password ee5f21d188bb765b74c315cf4cda472e50f55c02
and here is SHA-1 hash of my BitcoinTalk password 030b02c46b7c238cb21ac04a7aadd1d937c5c2e2
Congrats you just collected 3 SHA-1 hashes. That has got to be worth something.
Incidentally, Capri200 either wasn't used or hasn't been cracked yet.
- http://www.leakedin.org/?check=3d9ad3d4e34f82f0b0fd29de989d51acb737c1e8
- http://www.leakedin.org/?check=3d9ad3d4e34f82f0b0fd29de989d51acb737c1e8
Great
FYPFY.
Did you bother opening the homepage before trying to fix it?
Incidentally, Capri200 either wasn't used or hasn't been cracked yet.
- http://www.leakedin.org/?check=3d9ad3d4e34f82f0b0fd29de989d51acb737c1e8
- http://www.leakedin.org/?check=3d9ad3d4e34f82f0b0fd29de989d51acb737c1e8
Great
FYPFY.
This hacking crap WILL be the main thing that keeps bitcoin from going to the general population.Who besides software guru's & REAL puter nerds will understand how to secure either thier PC or logins to such an extreme level 
I doubt it. It will just require Bitcoin "providers" (wallet developers, ewallets, exchanges, etc) to take security more serious.
A couple examples:
a) MtGox could check passwords against weak/known password list and exclude them
b) MtGox could require 2nd factor authentication for accounts over certain value (my broker does).
c) MtGox could implement a delay with notification (you get notification BEFORE the withdrawal occurs
d) MtGox could limit withdrawals to a specific list of whitelisted addresses.
In time hardware secured local wallets can make Bitcoin theft from local wallets much more difficult even if the wallet exists on a system which is infected with malware.
Quote
Until there is a way to "backup" BTC like a bank does (reimburse for specific reasons),whether with insurance or something similar,BTC will be used mainly by launderers & drug dealers (Silk Road)................
That will simply never happen. Due to the nature of Bitcoin it is simply impossible to prove you didn't withdraw those coins to a new address. No insurance company would offer a policy to cover that.
Incidentally, Capri200 either wasn't used or hasn't been cracked yet.
- http://www.leakedin.org/?check=3d9ad3d4e34f82f0b0fd29de989d51acb737c1e8
- http://www.leakedin.org/?check=3d9ad3d4e34f82f0b0fd29de989d51acb737c1e8
Great password gathering website LOL
This hacking crap WILL be the main thing that keeps bitcoin from going to the general population.Who besides software guru's & REAL puter nerds will understand how to secure either thier PC or logins to such an extreme level
Well, I guess they won't be adding any LinkedIn connections either. Or looking for love on eHarmoney:
Another 1.5 million passwords leaked
- http://arstechnica.com/security/2012/06/eharmony-confirms-member-passwords-compromise/
80% of the american public (me included) is dumber than box of rocks & will never accept those extremes of security,on a personal level.
He has a point there. That's why (in the U.S.) when the banks have losses from identity theft they find it cheaper to either pass along the cost when they can (reverse transactions) or eat the remaining loss when they can't. That's cheaper than the cost of customer training and lost customer satisfaction when trying to impose security procedures like a Yubikey, for instance.
Well, let's see after this LinkedIn security breach if anything changes. 3.4 million passwords have been cracked so far, though if the perpetrator has the corresponding e-mail addresses that hasn't been leaked yet. But anyone in the list of 6 million with a password of 8 characters or less in length has probably had their LinkedIn password cracked by now, or will have before long. At some point this will force "extremes of security" such as strong password requirements.
My old PW was Capri200,kinda simple but I won't forget it.I'm not a software guru or crypto phreak.No I did not use that PW anywhere else ever.
Incidentally, Capri200 either wasn't used or hasn't been cracked yet.
- http://www.leakedin.org/?check=3d9ad3d4e34f82f0b0fd29de989d51acb737c1e8
Very interesting SG
I'll never keep ANY money or coin at any exchange ever again because of this.I don't trust anyone in bitcoin any farther than I can throw them anymore....................
Those coins I lost were earned by mining,so I didn't lose any "out of pocket" cash at least.
This hacking crap WILL be the main thing that keeps bitcoin from going to the general population.Who besides software guru's & REAL puter nerds will understand how to secure either thier PC or logins to such an extreme level
I'll still mine like crazy & reap those rewards,but as far letting any entity hold my earnings for any length of time,FORGET IT !!
Until there is a way to "backup" BTC like a bank does (reimburse for specific reasons),whether with insurance or something similar,BTC will be used mainly by launderers & drug dealers (Silk Road)................
80% of the american public (me included) is dumber than box of rocks & will never accept those extremes of security,on a personal level.
He has a point there. That's why (in the U.S.) when the banks have losses from identity theft they find it cheaper to either pass along the cost when they can (reverse transactions) or eat the remaining loss when they can't. That's cheaper than the cost of customer training and lost customer satisfaction when trying to impose security procedures like a Yubikey, for instance.
Well, let's see after this LinkedIn security breach if anything changes. 3.4 million passwords have been cracked so far, though if the perpetrator has the corresponding e-mail addresses that hasn't been leaked yet. But anyone in the list of 6 million with a password of 8 characters or less in length has probably had their LinkedIn password cracked by now, or will have before long. At some point this will force "extremes of security" such as strong password requirements.
My old PW was Capri200,kinda simple but I won't forget it.I'm not a software guru or crypto phreak.No I did not use that PW anywhere else ever.
Incidentally, Capri200 either wasn't used or hasn't been cracked yet.
- http://www.leakedin.org/?check=3d9ad3d4e34f82f0b0fd29de989d51acb737c1e8
80% of the american public (me included) is dumber than box of rocks & will never accept those extremes of security,on a personal level.
He has a point there. That's why (in the U.S.) when the banks have losses from identity theft they find it cheaper to either pass along the cost when they can (reverse transactions) or eat the remaining loss when they can't. That's cheaper than the cost of customer training and lost customer satisfaction when trying to impose security procedures like a Yubikey, for instance.
I don't know the solution. Now that there is Google authenticator on Mt. Gox, hopefully more people can secure their accounts. Right now it seems the password crackers are just shooting fish in the Mt. Gox barrel.
Thanks for the answers. The simple answer is that that is an extremely easy password that any dictionary cracking system would have found quickly. You may be interested in LastPass to generate secure passwords that are per-site and store them for you. However, LastPass is only as strong as your master password, unless you use it with a yubikey.
NPI just want to figure out WHY this is happening
Yes my PW might have been easy to break 
The answer can't be using yubikey(if you lose it,you lose anyhow) or lastpass or whatever.If everyone has to be that secure minded then BTC will NEVER go mainstream.80% of the american public (me included) is dumber than box of rocks & will never accept those extremes of security,on a personal level.There has to be a better way.............I know of 3 people that have been hacked on MTgox in the last week,not to mention how many have not been reported here on the forum.........Something is up & hope this community can help find it out.......
Thanks for the answers. The simple answer is that that is an extremely easy password that any dictionary cracking system would have found quickly. You may be interested in LastPass to generate secure passwords that are per-site and store them for you. However, LastPass is only as strong as your master password, unless you use it with a yubikey.
Jump to: