Pages:
Author

Topic: Reports of MtGox being hacked ARE REAL (Fixed) - page 5. (Read 41607 times)

kgo
hero member
Activity: 548
Merit: 500
So what this means...

If you go to another site with exploit code while you're logged into mtgox, this site can perform operations on your mtgox account.

To protect yourself, use a seperate browser for mtgox ONLY.

If you normally use firefox, install chrome and use that for mtgox.  If you use chrome, install firefox.

If you use both, install a seperate copy of firefox portable if you're on windows.
full member
Activity: 224
Merit: 100
I have identified an exploit in MtGox allowing an attacker to completely take over some users account.

I have been trying to contact MagicalTux for hours, but I feel that a general warning should go out to users.

All of the threads about MtGox accounts being hacked are REAL.

A strong password will not help you.  Anti Virus software WILL NOT HELP YOU.

This is not a trojan or a virus.

You can protect yourself by only visiting MtGox and then immediately logging out.


Hordes of panicky people seem to be fleeing Mt. Gox for some unknown reason.  Professor, without knowing precisely what the danger is, would you say it's time for our viewers to crack each other's heads open and feast on the goo inside?
sr. member
Activity: 337
Merit: 250
Tradehill has no reports of being hacked. If reports of Mtgox security breach is true I'm guessing they would liquidate their BTC. Be wary in the next coming weeks and months.
full member
Activity: 156
Merit: 102
Pardon my ignorance, but slush's pool would be vulnerable too? Is this something bitcoin platform wide..ie with the API's ?

It could be. It is a general security problem many websites have.
hero member
Activity: 574
Merit: 513
what is CSRF?
Cross-Site Request Forgery
legendary
Activity: 1764
Merit: 1002
I should mention it's a CSRF vulnerability. so people know what to do to protect themselves.

what is CSRF?
legendary
Activity: 3080
Merit: 1083
Pardon my ignorance, but slush's pool would be vulnerable too? Is this something bitcoin platform wide..ie with the API's ?
member
Activity: 88
Merit: 10
That would make sense, my account was hacked and the only places I used my password was mtgox, tradehill, and deepbit.
sr. member
Activity: 463
Merit: 252
I should mention it's a CSRF vulnerability. so people know what to do to protect themselves.
hero member
Activity: 574
Merit: 513
liek a surgeon general warning?

Code:
BITCOIN GENERAL'S WARNING: Trading
bitcoins Causes ____ ______, _____ _______,
_________ and May Complicate ________.
sr. member
Activity: 463
Merit: 252
This exploit is no longer active.

I have identified an exploit in MtGox allowing an attacker to completely take over some users account.

I have been trying to contact MagicalTux for hours, but I feel that a general warning should go out to users.

All of the threads about MtGox accounts being hacked are REAL.

A strong password will not help you.  Anti Virus software WILL NOT HELP YOU.

This is not a trojan or a virus.

You can protect yourself by only visiting MtGox and then immediately logging out.


workaround: logout from mtgox, use it in a separate browser or chrome's incognito mode

phantomcircuit: you should add that users check their email adresses in their mtgox profile. if they are incorrect they have to change their address + password
Pages:
Jump to: