Sunday, September 11, 2011

Bitcoin Forums Restored - Sirius Still In Charge

Well, after a long day full of checking to see if the Bitcoin Talk Forums were back up, they are. Bitcoin Talk administrator, theymos, urges all users to promptly change their passwords immediately, it is unclear at this point how much private data was proliferated. In this post, theymos explains what has been discovered about the hack, and what is known about the perpetrator. Here are the cliffnotes:
  • Forum software was compromised using a 0day exploit in SMF. Perpetrator had administrative access since September 3rd, which went unnoticed until September 9th, when they inserted the CosbyCoin defacement JavaScript.
  • It is not known for sure that the attacker copied any password hashes, but it should be assumed that he did.
  • No forum data is known to be damaged or maliciously altered, Bitcoin Talk has made the decision to proceed forward with the most recently active database.
  • The attacker first paid for a donator account so he could change his displayed username. The displayed username field is not escaped properly, so he was able to inject SQL from there. He took over Satoshi's account, and from Satoshi's administrative interface he was able to inject arbitrary PHP code by modifying the style template.
The Bitcoin Talk forums are now being hosted by Mark Karpeles (AKA MagicalTux) however the ownership remains with Sirius, and no policy change will come into effect at this time. Needless to say this has stirred the rumor mill with talks of a Mt. Gox takeover. While that remains untrue, we will have to wait and see what the future holds. Information on the Bitcoin Talk forums attack.

No comments:

Post a Comment