Pages:
Author

Topic: MTGOX really is affecting me being able to feed my family (Read 4495 times)

rjk
sr. member
Activity: 448
Merit: 250
1ngldh
TL;DR, as always, NEVER INVEST MORE THAN YOU CAN AFFORD TO LOSE.

Why do I have to keep repeating that every so often.

Yes you shouldn't invest money you need for food. Full stop.
Your habit of bumping old topics without adding much to the discussion is really annoying; please stop. Did you happen to notice the dates on the thread?
newbie
Activity: 42
Merit: 0
TL;DR, as always, NEVER INVEST MORE THAN YOU CAN AFFORD TO LOSE.

Why do I have to keep repeating that every so often.

Yes you shouldn't invest money you need for food. Full stop.
donator
Activity: 1218
Merit: 1079
Gerald Davis
Woosh!

Yeah.  I thought it was funny though.  I guess you needed 66 or more posts to get it.
legendary
Activity: 1260
Merit: 1000
legendary
Activity: 1176
Merit: 1011
Just cracked this hash from D&T: 030b02c46b7c238cb21ac04a7aadd1d937c5c2e2

Unhashed:  freeBFLSrofl!

Ass
Uhm... sha1("freeBFLSrofl!") = c23c4530a58dcb542c450bd411ca75ee8058f52a, so no.
legendary
Activity: 1260
Merit: 1000
Just cracked this hash from D&T: 030b02c46b7c238cb21ac04a7aadd1d937c5c2e2

Unhashed:  freeBFLSrofl!

Ass
legendary
Activity: 1358
Merit: 1002
donator
Activity: 1218
Merit: 1079
Gerald Davis
Except most people will just enter their password there.
You can trust them all you want, but don't tell people to do it.

Right click > View Source.  Hmm yup the javascript is hashing the password using SHA-1 function and the only data sent to the server is the SHA-1 hash.

Your point again?

By your logic nobody should use Bitcoin.  While the source code is open and available unless someone has read it themselves every single line they should never recommend Bitcoin to anyone else and even if they do recommend it they should only do so to people who are capable of reading the entire source code line by line.

Which is why Bitcoin is only used by Satoshi and 3 guys from MIT with masters degrees in computer science and cryptography.

Right?
legendary
Activity: 1358
Merit: 1002
Did you bother opening the homepage before trying to fix it?

Yes.  Did you read the words in the screenshot you just provided?

Quote
Just provide your password (which we hash with JavaScript; view source to verify) or a SHA-1 hash of your password below, and we'll check.

For example here is a hash of my LinkedIn password.
http://www.leakedin.org/?check=04858397aa974628e2f20f62661034dfa7dcd233

Have fund spending the next thousand years trying to brute force it.

SHA-1 may be degraded but having the hash only doesn't really give you anything useful.

Hell here is a SHA-1 hash of my MtGox password ee5f21d188bb765b74c315cf4cda472e50f55c02
and here is SHA-1 hash of my BitcoinTalk password 030b02c46b7c238cb21ac04a7aadd1d937c5c2e2

Congrats you just collected 3 SHA-1 hashes.  That has got to be worth something.


Except most people will just enter their password there.
You can trust them all you want, but don't tell people to do it.
donator
Activity: 1218
Merit: 1079
Gerald Davis
Did you bother opening the homepage before trying to fix it?

Yes.  Did you read the words in the screenshot you just provided?

Quote
Just provide your password (which we hash with JavaScript; view source to verify) or a SHA-1 hash of your password below, and we'll check.

For example here is a hash of my LinkedIn password.
http://www.leakedin.org/?check=04858397aa974628e2f20f62661034dfa7dcd233

Have fund spending the next thousand years trying to brute force it.

SHA-1 may be degraded but having the hash only doesn't really give you anything useful.

Hell here is a SHA-1 hash of my MtGox password ee5f21d188bb765b74c315cf4cda472e50f55c02
and here is SHA-1 hash of my BitcoinTalk password 030b02c46b7c238cb21ac04a7aadd1d937c5c2e2

Congrats you just collected 3 SHA-1 hashes.  That has got to be worth something.
legendary
Activity: 1358
Merit: 1002
Incidentally, Capri200 either wasn't used or hasn't been cracked yet.
 - http://www.leakedin.org/?check=3d9ad3d4e34f82f0b0fd29de989d51acb737c1e8

Great password useless SHA-256 hash of password gathering website LOL

FYPFY.

Did you bother opening the homepage before trying to fix it?



sr. member
Activity: 476
Merit: 250
Tangible Cryptography LLC
Incidentally, Capri200 either wasn't used or hasn't been cracked yet.
 - http://www.leakedin.org/?check=3d9ad3d4e34f82f0b0fd29de989d51acb737c1e8

Great password useless SHA-256 hash of password gathering website LOL

FYPFY.
sr. member
Activity: 476
Merit: 250
Tangible Cryptography LLC
This hacking crap WILL be the main thing that keeps bitcoin from going to the general population.Who besides software guru's & REAL puter nerds will understand how to secure either thier PC or logins to such an extreme level  Huh

I doubt it.  It will just require Bitcoin "providers" (wallet developers, ewallets, exchanges, etc) to take security more serious.


A couple examples:
a) MtGox could check passwords against weak/known password list and exclude them
b) MtGox could require 2nd factor authentication for accounts over certain value (my broker does).
c) MtGox could implement a delay with notification (you get notification BEFORE the withdrawal occurs
d) MtGox could limit withdrawals to a specific list of whitelisted addresses.

In time hardware secured local wallets can make Bitcoin theft from local wallets much more difficult even if the wallet exists on a system which is infected with malware.


Quote
Until there is a way to "backup" BTC like a bank does (reimburse for specific reasons),whether with insurance or something similar,BTC will be used mainly by launderers & drug dealers (Silk Road)................

That will simply never happen.   Due to the nature of Bitcoin it is simply impossible to prove you didn't withdraw those coins to a new address.  No insurance company would offer a policy to cover that. 
legendary
Activity: 1358
Merit: 1002
Incidentally, Capri200 either wasn't used or hasn't been cracked yet.
 - http://www.leakedin.org/?check=3d9ad3d4e34f82f0b0fd29de989d51acb737c1e8

Great password gathering website LOL
legendary
Activity: 2506
Merit: 1010
This hacking crap WILL be the main thing that keeps bitcoin from going to the general population.Who besides software guru's & REAL puter nerds will understand how to secure either thier PC or logins to such an extreme level  Huh

Well, I guess they won't be adding any LinkedIn connections either.  Or looking for love on eHarmoney:
Another 1.5 million passwords leaked
 - http://arstechnica.com/security/2012/06/eharmony-confirms-member-passwords-compromise/
legendary
Activity: 2212
Merit: 1001
80% of the american public (me included) is dumber than box of rocks & will never accept those extremes of security,on a personal level.

He has a point there.  That's why (in the U.S.) when the banks have losses from identity theft they find it cheaper to either pass along the cost when they can (reverse transactions) or eat the remaining loss when they can't.  That's cheaper than the cost of customer training and lost customer satisfaction when trying to impose security procedures like a Yubikey, for instance.

Well, let's see after this LinkedIn security breach if anything changes.  3.4 million passwords have been cracked so far, though if the perpetrator has the corresponding e-mail addresses that hasn't been leaked yet.  But anyone in the list of 6 million with a password of 8 characters or less in length has probably had their LinkedIn password cracked by now, or will have before long.  At some point this will force "extremes of security" such as strong password requirements.


My old PW was Capri200,kinda simple but I won't forget it.I'm not a software guru or crypto phreak.No I did not use that PW anywhere else ever.

Incidentally, Capri200 either wasn't used or hasn't been cracked yet.
 - http://www.leakedin.org/?check=3d9ad3d4e34f82f0b0fd29de989d51acb737c1e8

Very interesting SG  Wink

I'll never keep ANY money or coin at any exchange ever again because of this.I don't trust anyone in bitcoin any farther than I can throw them anymore....................

Those coins I lost were earned by mining,so I didn't lose any "out of pocket" cash at least.

This hacking crap WILL be the main thing that keeps bitcoin from going to the general population.Who besides software guru's & REAL puter nerds will understand how to secure either thier PC or logins to such an extreme level  Huh

I'll still mine like crazy & reap those rewards,but as far letting any entity hold my earnings for any length of time,FORGET IT !!

Until there is a way to "backup" BTC like a bank does (reimburse for specific reasons),whether with insurance or something similar,BTC will be used mainly by launderers & drug dealers (Silk Road)................
legendary
Activity: 2506
Merit: 1010
80% of the american public (me included) is dumber than box of rocks & will never accept those extremes of security,on a personal level.

He has a point there.  That's why (in the U.S.) when the banks have losses from identity theft they find it cheaper to either pass along the cost when they can (reverse transactions) or eat the remaining loss when they can't.  That's cheaper than the cost of customer training and lost customer satisfaction when trying to impose security procedures like a Yubikey, for instance.

Well, let's see after this LinkedIn security breach if anything changes.  3.4 million passwords have been cracked so far, though if the perpetrator has the corresponding e-mail addresses that hasn't been leaked yet.  But anyone in the list of 6 million with a password of 8 characters or less in length has probably had their LinkedIn password cracked by now, or will have before long.  At some point this will force "extremes of security" such as strong password requirements.


My old PW was Capri200,kinda simple but I won't forget it.I'm not a software guru or crypto phreak.No I did not use that PW anywhere else ever.

Incidentally, Capri200 either wasn't used or hasn't been cracked yet.
 - http://www.leakedin.org/?check=3d9ad3d4e34f82f0b0fd29de989d51acb737c1e8
legendary
Activity: 2506
Merit: 1010
80% of the american public (me included) is dumber than box of rocks & will never accept those extremes of security,on a personal level.

He has a point there.  That's why (in the U.S.) when the banks have losses from identity theft they find it cheaper to either pass along the cost when they can (reverse transactions) or eat the remaining loss when they can't.  That's cheaper than the cost of customer training and lost customer satisfaction when trying to impose security procedures like a Yubikey, for instance.

I don't know the solution.  Now that there is Google authenticator on Mt. Gox, hopefully more people can secure their accounts.  Right now it seems the password crackers are just shooting fish in the Mt. Gox barrel.
legendary
Activity: 2212
Merit: 1001
Thanks for the answers. The simple answer is that that is an extremely easy password that any dictionary cracking system would have found quickly. You may be interested in LastPass to generate secure passwords that are per-site and store them for you. However, LastPass is only as strong as your master password, unless you use it with a yubikey.

 Wink NP

I just want to figure out WHY this is happening Huh Yes my PW might have been easy to break  Sad

The answer can't be using yubikey(if you lose it,you lose anyhow) or lastpass or whatever.If everyone has to be that secure minded then BTC will NEVER go mainstream.80% of the american public (me included) is dumber than box of rocks & will never accept those extremes of security,on a personal level.There has to be a better way.............I know of 3 people that have been hacked on MTgox in the last week,not to mention how many have not been reported here on the forum.........Something is up & hope this community can help find it out.......
rjk
sr. member
Activity: 448
Merit: 250
1ngldh
Thanks for the answers. The simple answer is that that is an extremely easy password that any dictionary cracking system would have found quickly. You may be interested in LastPass to generate secure passwords that are per-site and store them for you. However, LastPass is only as strong as your master password, unless you use it with a yubikey.
Pages:
Jump to: