Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Beginners & Help
Re: If your Mt. Gox account has been compromised, PLEASE READ.
by
joepie91
on 18/06/2011, 21:15:11 UTC
Quote from: osborn_20 on June 18, 2011, 09:01:49 PM
sht this looks bad. This is could diminish the trust on the system on the long run.

Maybe at this point we need security companies getting involved in bitcoins security and banking. A lot of people wouldn't mind paying extra, knowing that their account is not gonna get hacked, or somebody is gonna rob their computer and lose everything.

Also doesn't anybody think is suspicious that all this attacks are happening at the same time?.



Bitcoin has had a lot of attention lately. Of course there will be attacks from every side. People who just want to earn a buck from it in less elegant ways, and people who want to see Bitcoin vanish off the earth.

Quote from: CamelToeBob on June 18, 2011, 09:13:00 PM
Quote from: joepie91 on June 18, 2011, 09:39:08 AM
I will list some of the found (potential) attack vectors here and their relation to my own account (I can only speak for myself):

* CSRF vulnerability - not applicable to my account, the BTC were transfered at a time I could not access Mt. Gox at all, let alone be logged in.
* CSS history vulnerability - not applicable to my account, unfeasible for non-dictionary passwords over 6 characters (mine was randomized 20)
* Android app - not applicable to my account, I do not have an Android phone nor have I ever touched the app, I have also never entered my Mt. Gox details anywhere but on Mt. Gox itself
* Malware/keylogger/etc - almost certainly not applicable to my account, I turned my entire computer upside down with manual analysis (something I already do regularly) and haven't been able to find anything
* Distributed bruteforce (using a botnet) - possibly applicable to my account, but unlikely due to password length... it IS a possibility however, with a large enough botnet it's feasible.

Now the question is, what is the cause for my account (and potentially others)? I believe there's a mix of different attacks being used here.

The message from mtgox makes it sound like some type of XSS.
How exactly would an XSS work in this case? I have never followed any links to Mt. Gox from external sites, and my account was broken into at a point where I couldn't even access Mt. Gox (probably due to the DDoS attacks).