weird pm received - page 4. | Bitcointalksearch.org

Welsh

staff

Activity: 3304

Merit: 4115

Quote from: nullius on July 07, 2022, 04:48:42 AM

Before jumping to conclusions and screaming “hack!”, has anyone even considered a potentially innocent explanation? I have a pessimistic view of human nature, but the paranoia in this thread is off the charts.

Yeah, I haven't ruled out that. However, the things that stand out to me is the comment about letting them know how you've secured your account, and the fact they claimed to have frozen accounts. The latter being a outright lie. That's not exactly good, if you're looking to do some white hat work.

Although, that might have been a way of trying to convince the user. I'm not going to get my pitchfork out, but I do believe users should be cautious dealing with this user in further message exchanges. Not that I distrust them entirely, but at the very least advise caution.

On a side note, I don't like that anyone can find out if a user has a security question or not. I'm not a fan of security questions in the first place, but probing like that just opens up those accounts for further attack. I kind of wish that the security question field popped up regardless of if a user has set one or not. If someone tries to guess the security question of one of these users, it simply just gives a non match, rather than indicating they don't have one set up.

nullius

copper member

Activity: 630

Merit: 2614

If you don’t do PGP, you don’t do crypto!

Before jumping to conclusions and screaming “hack!”, has anyone even considered a potentially innocent explanation? I have a pessimistic view of human nature, but the paranoia in this thread is off the charts.

This is good advice, in my opinion:

Quote from: philipma1957 on July 07, 2022, 12:12:16 AM

Quote from: newalias on July 07, 2022, 03:33:55 AM

The better people know the account owner, the better they know the answer!

Recommended action to take is to remove security question at all.

The forum officially agrees with newalias about that, and with me. Read the warning that the forum gives you, when you set up the ridiculously stupid insecurity misfeature of a so-called “secret question”:

Duh. Why does theymos even allow this?

I spot-checked this user’s post history. At a glance, it looks normal to me. I also noticed that he just received a red tag from someone in DT (fortunately outside my trust network; my trust network is infinitely superior to DT).

Now, this could be a bizarre beginning for a social engineering attack. And the PM also seems to indicate that newalias is probing something, somehow.

I will reach out to him, and politely ask just what he is trying to do. Meanwhile, I will add a neutral tag linking to this post—to be updated or removed, if or as appropriate. I request that someone in DT should do likewise.

Maybe, just maybe, this could simply be a very clumsy attempt at whitehat protection of the forum, from someone who needs to see the late Dan Kaminsky’s White Hat Hacker Flowchart:

Welsh

staff

Activity: 3304

Merit: 4115

Likely, by asking you to get back to them how you secured your account after removing it, is likely a way to get more information. They've already claimed that they've frozen accounts, which isn't really possible, unless they had some kind of database access, which would mean they'd be able to remove the security questions themselves if they really wanted too.

In other words, this user isn't to be trusted, and no reply is warranted. If they have information about security, they can contact theymos. Other than that, them finding out who has a security question, and who doesn't is fairly simple as LoyceV alluded to above.

I suspect, a further attack would've been launched if you replied to them. Smells of social engineering, where they attempt to gain your trust by offering you some semi valid advice, and then looking to exploit that further down the line.

The Sceptical Chymist

legendary

Activity: 3500

Merit: 6981

Top Crypto Casino

Quote from: jackg on July 07, 2022, 12:26:13 AM

so it's probably just an unsolicited piece of advice.

I don't know if we read the same PM, because it totally looks like some kind of phishing attempt to me--and a bad one at that, despite all the technical garbledegoo.

I haven't received any PMs like that, but I just started a thread in Reputation about being alerted via e-mail about someone trying to reset my password or some such thing. And not that it matters, but I recently got a PM from some guy who wanted to pay me for a review of some app. The devil was on my shoulder and I wanted to string him along for a bit, but I lost motivation after his second reply. I'm wondering if other DT members got that same PM, because I'm pretty sure I wasn't singled out for that one.

crwth

copper member

Activity: 2912

Merit: 1279

https://linktr.ee/crwthopia

Do you think that newalias tried to check every DT member who has security questions? Then PM-ed them accordingly? I don't have a security question for this so that's probably why I didn't receive a PM.

Quote from: NotATether on July 07, 2022, 03:11:21 AM

Attempting to answer the security questions will automatically lock your account, because they were leaked with the rest of the DB back in 2015.

Members after that time when it was leaked are safe? Is that correct?

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: lovesmayfamilis on July 07, 2022, 02:31:39 AM

I also received this PM. Probably, according to the one who poisoned these PMs, he sent such letters to all DT, and not necessarily whether they have control questions or not.

I haven't received that PM. So maybe the list he's using to determine DT users is not accurate.

Quote

If I'm not mistaken, having a security question hasn't been important for a long time, or does it still matter?

Attempting to answer the security questions will automatically lock your account, because they were leaked with the rest of the DB back in 2015.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: jackg on July 07, 2022, 12:26:13 AM

There's a recommendation that security questions are quite weak for keeping accounts safe

I usually enter random gibberish to those questions (but keep the random data, just in case). Dumb questions like the name of your first pet make social engineering very easy. SMS account recovery is also a big security risk.
I disable all of this whenever I can, including Bitcointalk. I'm not sure what newalias' angle is here, he seems to know that security questions can only lock an account, so it's in no way a security risk for DefaultTrust.

No PM for me, I feel left out Sad

Maybe that's because trying to restore my account through security questions shows:

Code:

Sorry, there is no secret question set for this member.

lovesmayfamilis

legendary

Activity: 2072

Merit: 4265

✿♥‿♥✿

I also received this PM. Probably, according to the one who poisoned these PMs, he sent such letters to all DT, and not necessarily whether they have control questions or not.

If I'm not mistaken, having a security question hasn't been important for a long time, or does it still matter?

joeperry

sr. member

Activity: 2282

Merit: 470

Telegram: @jperryC

Received the same thing from this user, not quite sure what's the goal of this guy. Trying a petty attempt to disable the user's security question so probably he could get easy link to change the password of the account? I think he sends all the DT user a personal message.

cabalism13

legendary

Activity: 1428

Merit: 1166

🤩Finally Married🤩

I am an inactive user here,...
First I thought this user was the one who hacked my google account just recently (already changed my password few days ago) so I checked the email regarding this...
So it seems it wasn't just me.

Quote from: philipma1957 on July 07, 2022, 12:22:35 AM

So I did check the pm out and the security question is disabled. So I am not sure why this person sent me the pm.

It implies he knows that I have a security question setup. Like I said my security question was in a disabled status.

@efs I reported it to admin.

note no password change has been made by me and my btc address is this:

https://www.blockchain.com/btc/address/1JdC6Xg3ajT3rge3FgPNSYYFpmf53Vbtje

someone please quote this.

I have it quoted somewhere else but just in case.

philipma1957

legendary

Activity: 4256

Merit: 8551

'The right to privacy matters'

Quote from: jackg on July 07, 2022, 12:26:13 AM

There's a recommendation that security questions are quite weak for keeping accounts safe (it's why most places have multiple and why a lot got replaced with multifactor authentication).

I had a brief skim through the seclog and haven't found much over the past week of many resets actually being done so it's probably just an unsolicited piece of advice.

Okay I had disabled the question a while back. but I guess it was showing as active to admin as this account had red type saying to delete it.

my alt had nothing.

as I said password was not altered. I will keep an eye out for issues with this account.

and

a1 Hashrate LLC2022

https://bitcointalksearch.org/user/a1-hashrate-llc2022-3482040

Summary - a1 Hashrate LLC2022   Picture/Text
Name:   a1 Hashrate LLC2022
Posts:   82
Activity:   42
Merit:   60
Position:   Jr. Member
Date Registered:   June 05, 2022, 04:38:14 PM
Last Active:   Today at 04:31:21 AM

is my current alt.

Please note I always have an active alt to protect the main account.

jackg

copper member

Activity: 2856

Merit: 3071

https://bit.ly/387FXHi lightning theory

There's a recommendation that security questions are quite weak for keeping accounts safe (it's why most places have multiple and why a lot got replaced with multifactor authentication).

I had a brief skim through the seclog and haven't found much over the past week of many resets actually being done so it's probably just an unsolicited piece of advice.

philipma1957

legendary

Activity: 4256

Merit: 8551

'The right to privacy matters'

So I did check the pm out and the security question is disabled. So I am not sure why this person sent me the pm.

It implies he knows that I have a security question setup. Like I said my security question was in a disabled status.

@efs I reported it to admin.

note no password change has been made by me and my btc address is this:

https://www.blockchain.com/btc/address/1JdC6Xg3ajT3rge3FgPNSYYFpmf53Vbtje

someone please quote this.

I have it quoted somewhere else but just in case.

EFS

staff

Activity: 3822

Merit: 2123

Crypto Swap Exchange

You are not the only one. Just "Report to Admin" the PM and they will take care of this.

a1 Hashrate LLC2022

member

Activity: 112

Merit: 83

quoted with my alt. edit quote is below:

Quote from: philipma1957 on July 07, 2022, 12:12:16 AM

here it is anyone else get this?

Quote from: newalias on July 07, 2022, 03:33:55 AM

Hi there,

you are member of DefaultTrust. Therefore, the security of your account is crucial.

However, you have a security question in place, what often means lower entropy than a secure password and maybe being easier to guess. Simplest thing I have seen in DefaultTrust was "1+1" with answer "2" was correct - I have frozen it for security. Easy questions ask for an age (try 0-99) or a birth year (try 1940-2022) or lower case initials (try aa-zz). Many questions ask for a city or a make of first car - brute force can help. And there are loads of questions for names of wife, birth names, pet names and so on. These are things that may be shared even in a post or require only your real name! The better people know the account owner, the better they know the answer!

Recommended action to take is to remove security question at all. Please get back to me stating how you improved account security. If I do not get a reply, I need to inform board administration for our all safety.

I started with whole DefaultTrust as I think the base of community should be secured first. Later, I will go for more users. Captcha is useless as I use some trick I will only discuss with theymos.

Thank you!

philipma1957

legendary

Activity: 4256

Merit: 8551

'The right to privacy matters'

here it is anyone else get this?

Quote from: newalias on July 07, 2022, 03:33:55 AM

Hi there,

you are member of DefaultTrust. Therefore, the security of your account is crucial.

However, you have a security question in place, what often means lower entropy than a secure password and maybe being easier to guess. Simplest thing I have seen in DefaultTrust was "1+1" with answer "2" was correct - I have frozen it for security. Easy questions ask for an age (try 0-99) or a birth year (try 1940-2022) or lower case initials (try aa-zz). Many questions ask for a city or a make of first car - brute force can help. And there are loads of questions for names of wife, birth names, pet names and so on. These are things that may be shared even in a post or require only your real name! The better people know the account owner, the better they know the answer!

Recommended action to take is to remove security question at all. Please get back to me stating how you improved account security. If I do not get a reply, I need to inform board administration for our all safety.

I started with whole DefaultTrust as I think the base of community should be secured first. Later, I will go for more users. Captcha is useless as I use some trick I will only discuss with theymos.

Thank you!

I will quote this with my alt as I am concerned this is a hack attempt .

Topic: weird pm received - page 4. (Read 1094 times)