Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Pools
Re: [8500 GH/s] Slush's Pool (mining.bitcoin.cz); TX FEES + UserDiff; ASIC tested
by
phazedoubt
on 24/04/2013, 00:29:17 UTC
Quote from: TiborB on April 24, 2013, 12:21:48 AM
Quote from: gbx on April 24, 2013, 12:16:56 AM
Quote from: slush on April 24, 2013, 12:08:43 AM
Quote from: phazedoubt on April 24, 2013, 12:05:05 AM
Also, just as an FYI, i do network security in a completely different sector, but the attacks are usually the same.  The "sneak forwarding" is a common targeted attack.

I cross-checked my mailbox setup and no forwarding is configured here. For now I fully blame OVH for this issue.

Interesting analysis.  Is it possible that the algo for the OTP is "known" ?  So the attacker would simply have to know what the next OTP password is once it's been submitted?

I'd guess he is using a vasco or rsa token with appropriate key size...

Nothing so elaborate.  You'd be amazed at the power that an administrator can wield.  Your server security is only as strong as those that have physical access to them honoring their word.  Occam's razor applies greatly when it comes to hacking.