Topic: Possible false alarm: MtGox break in - page 4. (Read 15376 times)

As Ive said in the past, I do not believe that they improve security.

i'm sure at his own expense too.  you should at least say thank you.

i'm sick and tired of ppl blaming mtgox and MagTux as some sort of lying crook.  if he were would he have done this?  as well as bailing out Bitomat and donating many btc to charity and btc businesses?

I notified MagicTux through his support email, and he sent back a useless form letter as a reply.


I consider this a smoking gun.

After a lengthy conversation with MagicTux, unless it does turn up that mtgox has been hacked, neither of us can figure out what happened. Its obviously not me and I didn't fall for a phishing expedition, and Im pretty sure its not on his end. His description of security on the new post-hack mtgox is pretty decent. Its not perfect, but he has gone to great lengths to prevent a repeat.

Even if they dumped the password database, the passwords are sufficiently salted and hashed that it is extremely unlikely they grabbed my password first.

I also do not think it is likely the recent DigiNotar or Globalsign break ins have produced SSL certs to attack mtgox with (which WOULD explain this) because mtgox uses EV certs and as far as I know none of the fake certs were for EV, but DigiNotar and Globalsign both DO issue EV certs. Although I am not ruling this out.

DigiNotar knew about the break in for months, and I obviously have logged in since then.

Tux has replaced the missing BTC.

After a lengthy conversation with MagicTux, unless it does turn up that mtgox has been hacked, neither of us can figure out what happened. Its obviously not me and I didn't fall for a phishing expedition, and Im pretty sure its not on his end. His description of security on the new post-hack mtgox is pretty decent. Its not perfect, but he has gone to great lengths to prevent a repeat.

Even if they dumped the password database, the passwords are sufficiently salted and hashed that it is extremely unlikely they grabbed my password first.

I also do not think it is likely the recent DigiNotar or Globalsign break ins have produced SSL certs to attack mtgox with (which WOULD explain this) because mtgox uses EV certs and as far as I know none of the fake certs were for EV, but DigiNotar and Globalsign both DO issue EV certs. Although I am not ruling this out.

DigiNotar knew about the break in for months, and I obviously have logged in since then.

Tux has replaced the missing BTC.

Asking once again. Do you use a Yubikey on Mt.Gox?

After a lengthy conversation with MagicTux, unless it does turn up that mtgox has been hacked, neither of us can figure out what happened. Its obviously not me and I didn't fall for a phishing expedition, and Im pretty sure its not on his end. His description of security on the new post-hack mtgox is pretty decent. Its not perfect, but he has gone to great lengths to prevent a repeat.

Even if they dumped the password database, the passwords are sufficiently salted and hashed that it is extremely unlikely they grabbed my password first.

I also do not think it is likely the recent DigiNotar or Globalsign break ins have produced SSL certs to attack mtgox with (which WOULD explain this) because mtgox uses EV certs and as far as I know none of the fake certs were for EV, but DigiNotar and Globalsign both DO issue EV certs. Although I am not ruling this out.

DigiNotar knew about the break in for months, and I obviously have logged in since then.

Tux has replaced the missing BTC.

-a third party is engaging in a cyberwar against bitcoin using man in the middle attacks.

what good is a poll, all that matters is what is, not what people think.

I notified MagicTux through his support email, and he sent back a useless form letter as a reply.


I consider this a smoking gun.

Perhaps we should take a poll?

So far I can come up with 5 possible scenarios:

-mtgox is compromised and are covering it up.
-mtgox deliberately messing with Diablo3Ds account.
-Diablo3Ds computer/account is compromised.
-Diablo3D is posting disinformation.
-a third party is engaging in a cyberwar against bitcoin using man in the middle attacks.
/tinfoilhat mode off

Long form birth certificate, please.

Having my forum account "hacked" (which theymos does not believe has happened to anyone because everyone changed their passwords too fast) cannot be related to mtgox getting hacked. I use two different passwords if the op post wasn't clear by the use of the word unique.

Hello,


Recently there has been a large increase in the number of “phishing” attacks that have been made against the users of Mt.Gox.

Phishing involves deceiving users through fake emails or websites into providing their user name and password to the phisher, who then uses this information to log into the account and withdraw as many funds as they are able into their own bank account.

Phishing is another form of Internet crime similar to hacking which has steadily become more prevalent with the increase of Internet banking, shopping and exchange services. We urge our users to be cautious of phishing attacks, not only when accessing Mt.Gox but when providing any personal information over the Internet.

While the following steps cannot protect users completely from phishing, they will ensure that any attempt to steal personal information is far less successful:

-Always check the URL in the address bar of your browser when logging into Mt.Gox. It should read “https://mtgox.com”.
-Never click on hyperlinks in emails to access Mt.Gox.
-If you are ever unsure of the veracity of an email’s contents, contact Mt.Gox Support. We will be more than happy to confirm whether or not the email you have received is authentic.
-Be aware that Mt.Gox will never contact you by email asking for your user name or password.
-Check the security certificate of the website you are logging into. In modern browsers, this can be done by looking at the address bar and checking whether or not a blue certificate appears to the left of the address.
-Mt.Gox will soon implement the VeriSign EV Authentication certificate, which will make the address bar turn green when you are accessing the real Mt.Gox website.
-Use anti-virus software at all times. A number of anti-virus programmes include anti-phishing features which will notify you when you are accessing a suspect website.

We sincerely apologize for the inconvenience our users have suffered at the hands of phishers, and are doing all that we can to prevent further attacks in the future.

Thanks,

MtGox.com Team