Silk Road forums

Discussion => Security => Topic started by: experimental333 on January 25, 2012, 01:42 pm

Title: MtGOX WTF?? Serious security flaw!
Post by: experimental333 on January 25, 2012, 01:42 pm
I don;t know if you noticed, but when you login to mtgox.com your access details including username and password are displayed in the adress bar in PLAIN TEXT!
Anyone who has access to your browsing history can now clean your mtgox account.
Even the SSL connection doesn;t help, because if someone is sniffing in your network, he will know what URL you visited and he'll have your login and pass.
Fuck them.
Title: Re: MtGOX WTF?? Serious security flaw!
Post by: experimental333 on January 25, 2012, 06:13 pm
yes, just checked and it's gone. at least they react fast.
Title: Re: MtGOX WTF?? Serious security flaw!
Post by: kmfkewm on January 25, 2012, 06:18 pm
SSL encrypts url
Title: Re: MtGOX WTF?? Serious security flaw!
Post by: TravellingWithoutMoving on January 25, 2012, 10:35 pm
why is it not possible to logon to mtgox via Tor?

 >:(
Title: Re: MtGOX WTF?? Serious security flaw!
Post by: chronicpain on January 25, 2012, 10:42 pm
thats why I have a yubi key...worth the 30 bucks or so... (even though I think they should give them for  free) the only bone that I have with mt. gox is that you (the customer) has to keep good records of all incoming and outgoing money/bitcoins. They dont seem to be able to catch their own errors.  the last month, I would have lost 3k dollars had i not kept good record and let them know that my money never made it to dwolla.

I guarantee they collect a lot of money by unsespecting customers. Keep good records and tell them asap when you notice a discrepancy... I dont trust them as far as i can throw them, lol.. So far, they have fixed all their "mistakes"..
Title: Re: MtGOX WTF?? Serious security flaw!
Post by: davidd on January 26, 2012, 03:32 am
thats why I have a yubi key...worth the 30 bucks or so... (even though I think they should give them for  free) the only bone that I have with mt. gox is that you (the customer) has to keep good records of all incoming and outgoing money/bitcoins. They dont seem to be able to catch their own errors.  the last month, I would have lost 3k dollars had i not kept good record and let them know that my money never made it to dwolla.

I guarantee they collect a lot of money by unsespecting customers. Keep good records and tell them asap when you notice a discrepancy... I dont trust them as far as i can throw them, lol.. So far, they have fixed all their "mistakes"..

I have also had to get on them multiple times about dwolla xfers that take a long time (48hrs+). They have taken care of the problem each time though.

I got offered one of those key things... I didn't even feel like it was worth my time, even though it was free. What do you think about it?
Title: Re: MtGOX WTF?? Serious security flaw!
Post by: randomOVDB#2 on January 26, 2012, 10:54 am
I'm also interested what you guys think about the YubiKey (in general, not just for MtGOX)
Title: Re: MtGOX WTF?? Serious security flaw!
Post by: jimvisa on January 26, 2012, 10:07 pm
yubikeys are fucking solid

a virtual USB keyboard that creates long AES one time passwords for secure two factor authentication merely by plugging it in
and then it has pretty nice APIs and OATH support and shit making it really easy for a website to add yubikey support (say, mtgox and lastpass)

i'm sure good smaller business sysadmins love the heck out of it, great easy way to add multifactor authentication to your openVPN server or anything else
i wonder if there are GPG or truecrypt builds with added yubikey support, because if somebody felt like they wanted to i see no reason why it couldn't be done


you can also use it to automatically enter a static gigantic high entropy overkill password for say your fully encrypted laptop drive with client information on it, or your wireless, or anything else really, although this doesn't really provide any additional security over a quality memorable password, but it can add convenience