Author

Topic: My Bitcoin Forum account has been compromised!! (Read 859 times)

legendary
Activity: 1512
Merit: 1049
Death to enemies!
Say, does the session cookie need to be accessible through JavaScript? If not, we could make the cookies HttpOnly.
Java malware will steal the cookies through the browser's storage directories.
Malware can do anything. Don't run malware on your computer. Period.

Specify time to stay logged in when logging in. Log out your forum profile when leaving forum. Useless cookie is not delicious.
member
Activity: 112
Merit: 10
Say, does the session cookie need to be accessible through JavaScript? If not, we could make the cookies HttpOnly.
Java malware will steal the cookies through the browser's storage directories.
legendary
Activity: 1204
Merit: 1015
Say, does the session cookie need to be accessible through JavaScript? If not, we could make the cookies HttpOnly.
legendary
Activity: 1512
Merit: 1049
Death to enemies!
I have a 50 char password and only ever log in through encrypted VPN's. Hopefully that's enough protectiong.
VPN will make MITM attack easier by VPN operator. Bitcointalk already uses SSL to protect the contents of communication to Bitcointalk server, including specific urls and cookies.
hero member
Activity: 602
Merit: 500
R.I.P Silk Road 1.0
Damn. Well I do use Ghostery as well and have an app called cookie that also blocks cookies and deletes cookies every 5 minutes while browsing.
hero member
Activity: 770
Merit: 502
WOW a lot of bitcointalk accounts are getting compromised. Theymos 2FA is need!

I think that this attack involves stealing cookies using some weakness in Java, so two-factor authentication wouldn't help here.

Ekk, if this is the case, by damned people need to start locking down their browsers. Easy way for mozilla is cookie monster.

https://addons.mozilla.org/en-US/firefox/addon/cookie-monster/

I'm not being self centered, but my browser is a fortress. Nothing normally that usually gets through a default browser, mine is setup to block. Tons of about:config settings, cookies, noscript,requestpolicy,mvps hosts,adblock with malware blocking list and others, I've got a ton of crap to long to list in here and be ot. [edit]btw, as noted in the other thread, I've got java uninstalled too[/edit]

Need to get a point across to new comers & even old timers about browser security, some how. A browser can be a double doorway to your computer, letting things roll in then out.

Block cookies and only allow cookies you trust for a certain time.

Edit:
Seriously, need a security section here  Smiley
vip
Activity: 756
Merit: 503
I have a 50 char password and only ever log in through encrypted VPN's. Hopefully that's enough protectiong.
Useless against cookie stealing. Don't click any forum link.
hero member
Activity: 602
Merit: 500
R.I.P Silk Road 1.0
I have a 50 char password and only ever log in through encrypted VPN's. Hopefully that's enough protectiong.
legendary
Activity: 1078
Merit: 1003
Java seems to be the center of all hacking attempts related to Bitcoin.

So from now on, words to live by: just don't run Java on any website related to Bitcoin.
administrator
Activity: 5222
Merit: 13032
WOW a lot of bitcointalk accounts are getting compromised. Theymos 2FA is need!

I think that this attack involves stealing cookies using some weakness in Java, so two-factor authentication wouldn't help here.
legendary
Activity: 1288
Merit: 1227
Away on an extended break
I banned OP for the time being to stop the spam. I'll ask theymos to look into this, in the meantime CHANGE ALL YOUR PASSWORDS GODDAMNIT.
sr. member
Activity: 406
Merit: 286
Neptune, Scalable Privacy
This account seems to have been hacked. Please quote this in another thread so that the attacker cannot

I will update this thread if the attacker does not delete it :/

Do not make any deals with this account until I sign a message saying everything i OK.

WOW a lot of bitcointalk accounts are getting compromised. Theymos 2FA is need!
I got some emails from Yahoo saying my email had been accessed from Russia. And later I got some info about a verified btc-e transaction. All clues point to btc-e imho. Please quote OP in another thread Smiley
sr. member
Activity: 406
Merit: 286
Neptune, Scalable Privacy
This account seems to have been hacked. Please quote this in another thread so that the attacker cannot

I will update this thread if the attacker does not delete it :/

Do not make any deals with this account until I sign a message saying everything i OK.
Jump to: