So what this means...
If you go to another site with exploit code while you're logged into mtgox, this site can perform operations on your mtgox account.
To protect yourself, use a seperate browser for mtgox ONLY.
If you normally use firefox, install chrome and use that for mtgox. If you use chrome, install firefox.
If you use both, install a seperate copy of firefox portable if you're on windows.
Topic: Reports of MtGox being hacked ARE REAL (Fixed) - page 5. (Read 41582 times)
I have identified an exploit in MtGox allowing an attacker to completely take over some users account.
I have been trying to contact MagicalTux for hours, but I feel that a general warning should go out to users.
All of the threads about MtGox accounts being hacked are REAL.
A strong password will not help you. Anti Virus software WILL NOT HELP YOU.
This is not a trojan or a virus.
You can protect yourself by only visiting MtGox and then immediately logging out.
I have been trying to contact MagicalTux for hours, but I feel that a general warning should go out to users.
All of the threads about MtGox accounts being hacked are REAL.
A strong password will not help you. Anti Virus software WILL NOT HELP YOU.
This is not a trojan or a virus.
You can protect yourself by only visiting MtGox and then immediately logging out.
Hordes of panicky people seem to be fleeing Mt. Gox for some unknown reason. Professor, without knowing precisely what the danger is, would you say it's time for our viewers to crack each other's heads open and feast on the goo inside?
Tradehill has no reports of being hacked. If reports of Mtgox security breach is true I'm guessing they would liquidate their BTC. Be wary in the next coming weeks and months.
Pardon my ignorance, but slush's pool would be vulnerable too? Is this something bitcoin platform wide..ie with the API's ?
It could be. It is a general security problem many websites have.
what is CSRF?
Cross-Site Request Forgery 
I should mention it's a CSRF vulnerability. so people know what to do to protect themselves.
what is CSRF?
Pardon my ignorance, but slush's pool would be vulnerable too? Is this something bitcoin platform wide..ie with the API's ?
That would make sense, my account was hacked and the only places I used my password was mtgox, tradehill, and deepbit.
I should mention it's a CSRF vulnerability. so people know what to do to protect themselves.
liek a surgeon general warning?
Code:
BITCOIN GENERAL'S WARNING: Trading
bitcoins Causes ____ ______, _____ _______,
_________ and May Complicate ________.
bitcoins Causes ____ ______, _____ _______,
_________ and May Complicate ________.
This exploit is no longer active.
I have identified an exploit in MtGox allowing an attacker to completely take over some users account.
I have been trying to contact MagicalTux for hours, but I feel that a general warning should go out to users.
All of the threads about MtGox accounts being hacked are REAL.
A strong password will not help you. Anti Virus software WILL NOT HELP YOU.
This is not a trojan or a virus.
You can protect yourself by only visiting MtGox and then immediately logging out.
workaround: logout from mtgox, use it in a separate browser or chrome's incognito mode
phantomcircuit: you should add that users check their email adresses in their mtgox profile. if they are incorrect they have to change their address + password
I have identified an exploit in MtGox allowing an attacker to completely take over some users account.
I have been trying to contact MagicalTux for hours, but I feel that a general warning should go out to users.
All of the threads about MtGox accounts being hacked are REAL.
A strong password will not help you. Anti Virus software WILL NOT HELP YOU.
This is not a trojan or a virus.
You can protect yourself by only visiting MtGox and then immediately logging out.
Jump to: