Silk Road forums
Discussion => Security => Topic started by: experimental333 on January 25, 2012, 01:42 pm
-
I don;t know if you noticed, but when you login to mtgox.com your access details including username and password are displayed in the adress bar in PLAIN TEXT!
Anyone who has access to your browsing history can now clean your mtgox account.
Even the SSL connection doesn;t help, because if someone is sniffing in your network, he will know what URL you visited and he'll have your login and pass.
Fuck them.
-
yes, just checked and it's gone. at least they react fast.
-
SSL encrypts url
-
why is it not possible to logon to mtgox via Tor?
>:(
-
thats why I have a yubi key...worth the 30 bucks or so... (even though I think they should give them for free) the only bone that I have with mt. gox is that you (the customer) has to keep good records of all incoming and outgoing money/bitcoins. They dont seem to be able to catch their own errors. the last month, I would have lost 3k dollars had i not kept good record and let them know that my money never made it to dwolla.
I guarantee they collect a lot of money by unsespecting customers. Keep good records and tell them asap when you notice a discrepancy... I dont trust them as far as i can throw them, lol.. So far, they have fixed all their "mistakes"..
-
thats why I have a yubi key...worth the 30 bucks or so... (even though I think they should give them for free) the only bone that I have with mt. gox is that you (the customer) has to keep good records of all incoming and outgoing money/bitcoins. They dont seem to be able to catch their own errors. the last month, I would have lost 3k dollars had i not kept good record and let them know that my money never made it to dwolla.
I guarantee they collect a lot of money by unsespecting customers. Keep good records and tell them asap when you notice a discrepancy... I dont trust them as far as i can throw them, lol.. So far, they have fixed all their "mistakes"..
I have also had to get on them multiple times about dwolla xfers that take a long time (48hrs+). They have taken care of the problem each time though.
I got offered one of those key things... I didn't even feel like it was worth my time, even though it was free. What do you think about it?
-
I'm also interested what you guys think about the YubiKey (in general, not just for MtGOX)
-
yubikeys are fucking solid
a virtual USB keyboard that creates long AES one time passwords for secure two factor authentication merely by plugging it in
and then it has pretty nice APIs and OATH support and shit making it really easy for a website to add yubikey support (say, mtgox and lastpass)
i'm sure good smaller business sysadmins love the heck out of it, great easy way to add multifactor authentication to your openVPN server or anything else
i wonder if there are GPG or truecrypt builds with added yubikey support, because if somebody felt like they wanted to i see no reason why it couldn't be done
you can also use it to automatically enter a static gigantic high entropy overkill password for say your fully encrypted laptop drive with client information on it, or your wireless, or anything else really, although this doesn't really provide any additional security over a quality memorable password, but it can add convenience