BitShares Forum
Main => General Discussion => Topic started by: liondani on November 09, 2014, 03:18:54 pm
-
POSSIBLE FISHING! (?)
Anybody that has already gave the password should change passwords for other applications/sites/wallets if they are identical !!!
What the hell do bitsapphire security wise on the forum? Is it acceptable to happen???
I want them to make a statement ASAP !!!! FIX SECURITY leaks on the forum !!!!
When I try to see my messages I see this!!! Don't give your personal details (username/password)
(http://3.bp.blogspot.com/-daZEuINZIrE/VF-DeAlS0VI/AAAAAAAADOc/LrSleh5ZkaA/s1600/authentication_forum.png)
-
I keep getting it. I just click cancel and things work OK.
-
I have removed the attacking user account.
Admins - I shouldn't be the one first to respond to this kind of thing.
-
bytemaster,
Infected accounts are displaying the exploit in their signatures. For example, member 'Akado':
https://bitsharestalk.org/index.php?topic=11056.0
This exploit should be taken care of, no '.php' files should be allowed between [ img ] tags
-
On it at the moment. It seems that user wmap exploited an smf bug to upload PHP scripts as photos. This is most likely as a result of us upgrading to a dedicated server with our hosting provider, and hence making it possible to execute non-smf related scripts.
We are working on resolving this issue asap.
Meanwhile, If anybody gets a similar prompt please notify us.
-
I have removed the attacking user account.
Admins - I shouldn't be the one first to respond to this kind of thing.
+5% +5% +5%
-
On it at the moment. It seems that user wmap exploited an smf bug to upload PHP scripts as photos. This is most likely as a result of us upgrading to a dedicated server with our hosting provider, and hence making it possible to execute non-smf related scripts.
We are working on resolving this issue asap.
Meanwhile, If anybody gets a similar prompt please notify us.
could we be at risk even if we haven't gave our info? Is it like a virus loaded on memory or only a phishing attempt?
Sent from my ALCATEL ONE TOUCH 997D
-
official bitssaphire statement here:
https://bitsharestalk.org/index.php?topic=11163.0
Sent from my ALCATEL ONE TOUCH 997D
-
POSSIBLE FISHING! (?)
Anybody that has already gave the password should change passwords for other applications/sites/wallets if they are identical !!!
What the hell do bitsapphire security wise on the forum? Is it acceptable to happen???
I want them to make a statement ASAP !!!! FIX SECURITY leaks on the forum !!!!
When I try to see my messages I see this!!! Don't give your personal details (username/password)
(http://3.bp.blogspot.com/-daZEuINZIrE/VF-DeAlS0VI/AAAAAAAADOc/LrSleh5ZkaA/s1600/authentication_forum.png)
It gets worse. As the market cap rises there will be much more targeted spear phishing. This is why as the market cap increases you also wan't a diverse group of owners. Centralized ownership with a high market cap is a liability in some ways.
-
I have removed the attacking user account.
Admins - I shouldn't be the one first to respond to this kind of thing.
I was looking at this at like 7AM.
Hook me up with some admin status BM-- I have had admin status on peercointalk for a long time (although I haven't been going there much lately).
-
I have removed the attacking user account.
Admins - I shouldn't be the one first to respond to this kind of thing.
I was looking at this at like 7AM.
Hook me up with some admin status BM-- I have had admin status on peercointalk for a long time (although I haven't been going there much lately).
Me, too, please. It's always daytime somewhere, where one of us is on the forum. If a number of us are vigilant, we can knock it out before it bothers too many users.
-
when can bts's keyid login function avaible& forum support it?
-
The suspicious member sent a private message to several members here... check the screen shot if you are included...
Hope nobody gave him more information's about your habits...
I think we where his potential priority targets...Thoughts?
(http://2.bp.blogspot.com/-HM7XYSaX2ik/VGC-F9dH4uI/AAAAAAAADOs/FiaCg4U0N9k/s1600/wmap.png)
-
I have removed the attacking user account.
Admins - I shouldn't be the one first to respond to this kind of thing.
+100%