Australian entrepreneur says he invented bitcoin Arjun Kharpal ArjunKharpal. Gosh I'm intellect old and obsolete Maybe Theymos should have used some of that ? Years of bitcointalk in investment and financing. Intellect another note the admin of Bitcointalk bitcointalk want to spend some of intellect donation coins on security measures so this doesn't happen again. So there are 4 possible solutions. Tierion bitcointalk launching a universal platform for data verification that operates at massive scale.
Here's what the db looks like: The forum software's validation probably looked at the file extension and said "okay it's an image". Please upvote this post for visibility The OP, not my post. I see no problem with this leak. I'm sending out a mass mailing to all Forum users about this. But it's also accepted as a form of payment by many companies, including Microsoft. Including my answers to all the above, and then some!
i got paid in bitcoins definition В»
That means generating the rainbow tables will take even more time, but if the attackers saved a copy of intellect users intellect, they can take several years and crack away at it which is why Bitcointalk mentioned it in the email notification. Correct, SMF only uses the cache files to cache them, it does not rely on them to restore information back to the database. Based on what CoinSheep said and intellect code I think I can say that there bitcointalk no malicious code in here. I have hard passwords for security because bitcointalk is real important. From reading comments around reddit, I gather there are at least 2 more active sites much bitcointalk SR.
bitcoin peer group supervision В»
In your example, you actually listed the 3rd way to address the issue: The wiki recommends to instead use an if statement within the PHP block, even though if's are evil in Nginx: And it notes that my first way of setting cgi.
So, the wiki's suggested Nginx config, which uses an if statement within the PHP block, is a 4th way. That's one of the ways. Personally, I think a good nginx config is a given.
But I'd also set php. Clearly, if this was the exploit, the hacker is aware of it, and I wouldn't mess around. I'd get it done with something I know works. Why is something like this enabled by default?
Why does this behavior exist at all? It seems like an enormous security hole to me, and it makes no sense for it to exist.
Regarding 2 , the php code probably existed inside EXIF headers so the image was very much valid. Neither validating the MIME type nor the extension will make any difference to the actual content of the file. A MIME type can be faked just as easily as an extension with a simple browser plugin or attack proxy.
To verify it's an image, you literally have to verify it's an image. And, preferably, re-write it since functions like "get image size" can be faked out by a clever attacker.
I had a silver bullion deal in progress in PMs. Yes it's down, upvoting for visibility, let's hope user accounts weren't compromised Seems likely that they are. Bitsyncom's messages might be of interest to the hackers as well. Maybe Theymos should have used some of that ? XBT bounty everyone sent him to get the site redesigned for like you know Your video is now on Youtube: I especially like the bit where "Major Kong" from Dr. Strangelove riding the atomic bomb is riding a bitcoin to its doom.
Yeah, it's good to poke fun at the community once in a while. We take ourselves way too seriously most of the time. There have been multiple people helping, can theymos update a timeframe for site live again yet? I'm starting to feel like the conference this weekend is going to be more of a bitcoin support group: Because they limit low karma accounts to prevent spammers from flooding reddit. Get some karma, and you won't be limited. I think theymos or sirius would be the only people that could bring it back up.
I'm not even sure if sirius still has server admin rights, but I'm sure that someone other than theymos does. Yeah, I can confirm that. I think Stefan has the server admin rights but I might be wrong though. I do not have server access. It is down now.
Immediately before it went down, I saw "Turn your volume up" in big bold letters on 2 pages. I kept reloading thinking it was a browser issue.
SMF is known as one of the most secure software packages out there with thorough coding and security checks. On top of that there have hardly been any very serious issues. I do not know where distortednet got his information from, it's innacurate as far as I know. Other community software scripts have had much more and more serious problems. Here is a list of video links collected from comments that redditors have made in response to this submission:.
Unfortunately, it was recently discovered that the Bitcoin Forum's server was compromised. It is currently believed that the attacker s could have accessed the database, but at this time it is unknown whether they actually did so. If they accessed the database, they would have had access to all personal messages, emails, and password hashes.
To be safe, it is recommended that all Bitcoin Forum users consider any password used on the Bitcoin Forum in to be insecure: When the Bitcoin Forum returns, change your password. Passwords on the Bitcoin Forum are hashed with rounds of shacrypt.
This is very strong. It may take years for reasonably-strong passwords to be cracked. Even so, it is best to assume that the attacker will be able to crack your passwords. The Bitcoin Forum will return within the next several days after a full investigation has been conducted and we are sure that this problem cannot recur.
Would it be possible to have a small static page visible at least? Lots of people don't know about Reddit or IRC Here it is the PGP signed email theymos sent to bitcointalk users to alert them of the hack: Apparently hacker did this for your PMs not for any passwords Now for several days you have no access to them, and the hacker can read them and use all information you have send Theymos, any estimates on this?
I think I do have the updated backups on my NAS back in my country though, but I'll need some time to stream this over. My BitcoinTalk account was hacked more than a year ago and consequently so was my Twitter account.
Security holes might go back quite a while. If this wasn't the government, I'm pretty sure I know who it was. I would look into everyone involved in Penny Coin. They not only know their way around forums, they know their way around code, and I know at least one of them has built their own forum. They also have such a large force that they can go to any website RIU, Shroomery, Facebook, etc and seem like friendly individuals, when really they are all malicious trolls and hackers. I know this because they follow me all the time RIU, Shroomery, Facebook, etc , and harass me and my family.
This is all assumption, but I can show you Facebook posts that point indirectly towards them wanting to do something like this today. This might be coincidence but this person has posted almost every piece of code today, or before today in the payload. One specific piece of comment stands out " will likely return zero and create a divide by zero bug which will set start to NaN".
I would contact him: We need to have a decentralized forum, as an encrypted torrent storing content and user information. After the 50 BTC bounty is paid out once you're convinced how the hack was done, what are you offering to have it fixed since that too would be beyond your skill set.
Surely, the site wouldn't go live again after the government shutdown is over, for that would be a very, very strange coincidence. I've put up some hopefully temporary! Theymos cracks me up. Whenever the forum is working, he limits the involvement of the community and dictates irrational policies let some scammmers scam, ban ones he can't make money off of.
Disclaimer, he banned me from the forums for posting exactly this kind of negative post against him. We're glad you enjoyed it. Sorry I couldn't make it, had to make a critical decision regarding immigration and couldn't afford to risk things by going. When I first came here I didn't know enough to get a multiple entry visa, so leaving would have required me to stay out of the country for 6 months. Full screen capture http: Note about password in database: If they had access to add a record - which they apparently did.
They could have easily read our passwords or the encrypted versions in database at least. This is why most password routines best used are 1 way encryptions where what a user enters has to be encrypted and then compared to encrypted copy in database to validate them.
If this type of security was used they would have to use brute force against said password list given the type of encryption basically using a vocab file etc and as long as users follow standard rules minimum 8 chars alpha numeric no standard words etc throw in some characts like! There is a reason your bank etc makes you use that really hard to remember combination of junk Encryption is two-way by definition, as they have inverse functions to decrypt an encrypted value to get the original value.
You are describing hashing, which by definition cannot be decrypted. It is only possible to find collisions input values that result in the same hash value. Sorry for being a pedant, but I hope this helps explain the fundamental difference: What was nginx version running on the server?
There was some exploits due to null byte attack: Don't hold your breath. Not sure where this fits in: I changed it and changed my pwd. I didn't report it because I needed to take some time to make sure it wasn't actually one of my old addresses.
At this point I am fairly certain that it was not one of my addresses and that somebody else must have changed it. Probably happened within the last week. Moderator monthly payments for helping moderate the forum are sent to BTC addresses in the forum profile. It is the beginning of the month and the payments are usually sent around this time.
Apart from this, I think most people usually don't receive anything beyond small tips to those addresses. We need a read-only version, in the meantime! My reference links are breaking left and right, today. Use of this site constitutes acceptance of our User Agreement and Privacy Policy. Log in or sign up in seconds. Submit link NOT about price. Submit text NOT about price. Bitcoin subscribe unsubscribe , readers 13, users here now Bitcoin is the currency of the Internet: You can also explore the Bitcoin Wiki: Only requests for donations to large, recognized charities are allowed, and only if there is good reason to believe that the person accepting bitcoins on behalf of the charity is trustworthy.
News articles that do not contain the word "Bitcoin" are usually off-topic. This subreddit is not about general financial news.
Submissions that are mostly about some other cryptocurrency belong elsewhere. Promotion of client software which attempts to alter the Bitcoin protocol without overwhelming consensus is not permitted.
No referral links in submissions. No compilations of free Bitcoin sites. Trades should usually not be advertised here. For example, submissions like "Buying BTC" or "Selling my computer for bitcoins" do not belong here.
New merchants are welcome to announce their services for Bitcoin, but after those have been announced they are no longer news and should not be re-posted. Aside from new merchant announcements, those interested in advertising to our audience should consider Reddit's self-serve advertising system.
Do not post your Bitcoin address unless someone explicitly asks you to. Be aware that Twitter, etc. Related communities Sorted roughly by decreasing popularity. Welcome to Reddit, the front page of the internet. Become a Redditor and subscribe to one of thousands of communities. This is an archived post. You won't be able to vote or comment.
Want to add to the discussion? It's my guess at this point. Don't worry, I'm not trying to influence you or control the SMF team or anything. The problem section usually looks like this: Options for avoiding this are: This causes the PHP interpreter to only try the literal path given and to stop processing if the file is not found.
Ensure that Nginx only passes specific PHP files for execution. Specifically disable the execution of PHP files in any directory containing user uploads. Bytom is an interactive protocol of multiple byte assets. Heterogeneous byte-assets indigenous digital currency, digital assets that operate in different forms on the Bytom Blockchain and atomic assets warrants, securities, dividends, bonds, intelligence information, forecasting information and other information that exist in the physical world can be registered, exchanged, gambled and engaged in other more complicated and contract-based interoperations via Bytom.
Founder of 8btc who has been working to popularize the usage of blockchain technology in China. A well-known sci-fi writer who won Galaxy Award three times. One of the writers of Bitcoin: In May, , he joined 8BTC.
System engineer at Alipay from to Joined 8btc in to develop a bitcoin data-centered system, Blockmeta. Joined 8btc in as COO, chief operating officer. One of the writers of Digital Currency Development Report in Years of experience in investment and financing. Contributed code to Parity Ethereum client.
Let's hope the Bitcoin Savings And Loan retroactive prosecution of running a Ponzi scheme sets a precedent and scares some would be scammers straight. Tell that to the Congress we made our presentation at in Brussels Belgium, and our happy member's forum growing daily http: The definition of cloud mining?
We're looking for long answers that provide some explanation and context. Don't just give a one-line answer; explain why your answer is right, ideally with citations. Answers that don't include explanations may be removed. Questions Tags Users Badges Unanswered. Bitcoin Stack Exchange is a question and answer site for Bitcoin crypto-currency enthusiasts. Join them; it only takes a minute: Here's how it works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top.
Is Cointellect a scam? I have some questions: Is the software a scam? Has anyone gained real money from this software? Kort Ria 26 1 4. The solution is for free miners to unite. Without looking at the site Yeah is a scam. Check your pc for malware is reformat and never use this PC or anything connected for bitcoin wallets.
Much of the evidence presented so far is weak. Company name similar to banking conglomerate but not that company I'm not sure what banking conglomerate you're referring to, but that's probably a coincidence. You insult and make legal threats against anyone who characterizes you as scammers.
What are you supposed to do, not insult them? It turns out it was a scam after all. Yes, Cointellect is a scam. Scott 1 6 This is undoubtedly yet another scam. It's intent is the only question.
Virus analysis of software SSL certificate owned by unknown Company name similar to banking conglomerate but not that company Take this info as you like. Wizard Of Ozzie 3, 15 I make cointellect is not scam.