Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Pools
Re: [8500 GH/s] Slush's Pool (mining.bitcoin.cz); TX FEES + UserDiff; ASIC tested
by
dg2010
on 24/04/2013, 15:24:23 UTC
Quote from: p0rkbelly on April 24, 2013, 03:08:51 PM
Quote from: phelix on April 24, 2013, 03:03:02 PM
Quote from: nybbler905 on April 24, 2013, 06:43:31 AM
Quote from: phelix on April 24, 2013, 06:26:36 AM
Quote from: slush on April 24, 2013, 01:33:55 AM
Quote from: gbx on April 24, 2013, 01:24:28 AM
What about the user database?  Was it compromised?  I'd hate to see bitcoins sent to the wrong address.

I have a database snapshot taken before bad guys overtook the database. So there's no reason to think payout addresses have been modified. Any change of wallet on pool profile requires email confirmation by account owner so I think we're on safe side here.

Unfortunately the user database can be considered as compromised, so the attacker knows user's emails :-(.
How were the passwords hashed?
never answer that!!!

let me rephrase: were the passwords securely hashed?

And salted?

Not to preach to you, but this is a perfect example why everyone should use unique passwords on every website.

I personally use 20+ character randomly generated passwords thanks to LastPass.  Makes secure password management so easy.

I am assuming the worst that they wore not hashed and salted. No word on the matter suggests that is possibly the case? I'd like to know either way. Embarrassing as it may be.