-comment overwritten-
To /u/lobali - can you answer something for me please?
-comment overwritten-
[5 Points] MedicalCookie:
[2 Points] None:
[deleted]
[1 Points] InfinitelyOutThere:
Just goes to show that maybe your opinions about us are wrong, we have clearly explained it further in the thread
[1 Points] MLP_is_my_OPSEC:
I'm going to take a stab in the dark here and say it's because she doesn't want the SE scam to be known before /u/alpha02 fixes it. I hope I don't have to explain why.
However, I would like to touch on the subject of the moderator hate. There is a lot of behind-the-scenes work that we do that nobody else sees. I can say from experience that moderating a subreddit is much more difficult than moderating a traditional forum. It requires a lot of effort to stay on top of things, monitor threads, and look out for potential problems. reddit is a social platform and requires the effort of the moderators and community to keep things in line.
Hating on the moderators is fine, we're obviously used to it. I have a dislike towards authority figures as much as anyone else here. What we don't like is the people that tend to do nothing but bitch about us while not offering suggestions on how we can make things better. We're humans, we have lives outside of this subreddit. The caveat of being human is we do tend to make mistakes, anyone that says they're faultless and flawless is an outright liar.
Here is the cool part -- humans are social creatures. All of us moderators are more than willing to talk things out in a calm and polite manner. If someone bitches at us about something, we'll reply in kind. Anger begets anger, kindness begets kindness. If everyone could just act like mature adults we would all be a lot happier.
[1 Points] Jay-__:
Following scenario:
The hacker knows your ID/PW already, but doesn't know your 2FA.
The hacker then acts like a total PGP-noob, reaching out to the victim to help him. To get sure he [the hacker] "understood PGP and to ensure he's using it correctly" he proceeds to send the possible victim the PGP-message that the market is prompting when trying to access the account, and tells him [the victim] to reply with the decoded message, just "to get sure it was really decrypt-able and all" additionally "because vendor-xy couldn't decrypt my address".
Now if it's a market like Agora, the victim will decode it, read "Ag-....." and instantly know what's up - but if it's a market like Evo was (if I'm remembering right), where it's just random numbers and letters, the victim may wouldn't notice it actually is the solved PGP-login, copypasta it and tada, hacker is logged in.
Would that actually work? I can't see any problem why it wouldn't.
[1 Points] -lobali:
Assuming you're asking about the person who claimed that alpha bay stole their coins, I asked them for copies of all conversations between them and the vendor both on and off market. They were sketchy about it at first then said nevermind then.
Some dude claimed that they'd phished them somehow and tried the username and password on alpha and it worked. And there were coins. He didn't have the withdrawal pin, so he made a vendor account, made a purchase, finalized, and withdrew the coins.
I can't remember if alpha posted any proof of that transaction, but since the OP wouldn't give me any information at all and the other stories lined up, I believe I said I didn't think it was a market issue, I thought in this case it was social engineering or phishing.
Also assuming you redacted your question, I assume you found the thread. I don't claim to be a security expert but my opinion was the guy claiming to have gotten OP's login and tested it on alpha, found coins, etc, and OP refusing to give me ANY more info and said something about "lesson learned" I just couldn't see how that incident was actually alphas fault.
Although I also believe I said it's strange that a zero bond market would allow a zero-history vendor to make an account, sale, finalize, and withdraw on the same day. Seems markets should have at least a short withdrawal wait for brand new vendors since so many scams are set up that way.
Anyone else think that whole thread is sketchy? Some dude loses $1000 and the "hacker" just happens to show up and explain the whole thing to /u/alpha02.
I've seen some horseshit posted on this sub before but this really takes the cake.