Moments ago I changed the owner/active/posting/memo keys of ~500 Steem accounts. I changed their keys to Steemit's key so Steemit can allow these users to regain access via the recovery mechanism they established. I was able to do this because I was able to guess these account's passwords. I was able to guess their passwords because of what I would argue is a flaw in Steem's UI. Specifically, it currently allows users-chosen passwords by default. In most applications user-chosen password are not problematic. However, they are problematic in this use-case because a scrambled form of each user's password must be stored on Steem's public blockchain meaning anyone with a copy of the blockchain can mount a large-scale offline dictionary attack to recover them. Research as well as real-world precedent has repeatedly shown that a non-trivial fraction of users are incapable of choosing passwords resistent to offline-attack even when password complexity requirements are enforced. Forcing machine-generated passwords in the UI for owner/active keys would be one possible step towards mitigation. I'm aware of the usability counter-argument to this suggestion. However, consider that my effort expended ~1 USD of computing resources and ended up recovering the credentials of accounts with liquid assets valued in the thousands and semi-liquid assets (SP) in the tens of thousands. Given this fact, it would be hopelessly naive to assume offline attacks will not be attempted in the future at much greater scale and by totally bad actors. I invite others with constructive mitigation ideas to share them. One futher point, unless explicitly invited by Steemit, I will not attempt any future white hat shenanigans. My motivation was to alert this community to a genuine danger and do so in manner that hopefully leaves a more lasting impression than yet another "how to pick a strong password" snorefest post. [![12345](http://media-cache-ec0.pinimg.com/736x/ff/96/13/ff96133faab0e386e5c27819638a2172.jpg)](https://www.youtube.com/watch?v=a6iW-8xPw3k)
post_id | 132,630 |
---|---|
author | robinhood |
permlink | offline-attack-on-steem-user-credentials |
category | steem |
json_metadata | "{"links": ["http://media-cache-ec0.pinimg.com/736x/ff/96/13/ff96133faab0e386e5c27819638a2172.jpg)](https://www.youtube.com/watch?v=a6iW-8xPw3k"], "tags": ["steem", "steemit", "security", "passwords"]}" |
created | 2016-07-19 05:56:00 |
last_update | 2016-07-19 05:56:00 |
depth | 0 |
children | 71 |
net_rshares | 130,226,634,576,617 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 5,818.194 SBD |
curator_payout_value | 1,936.618 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 2,077 |
author_reputation | 2,616,843,664,428 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
dantheman | 0 | 21,446,638,788,652 | 100% | ||
mr11acdee | 0 | 801,185,829,696 | 100% | ||
rainman | 0 | 16,572,834,721,891 | 100% | ||
summon | 0 | 14,591,789,932,101 | 100% | ||
riverhead | 0 | 6,022,455,921,949 | 100% | ||
wackou | 0 | 5,582,272,318,735 | 100% | ||
pharesim | 0 | 8,467,008,860,209 | 100% | ||
lafona-miner | 0 | 3,102,734,122,426 | 100% | ||
samupaha | 0 | 2,219,826,987,187 | 100% | ||
lafona | 0 | 366,276,407,398 | 100% | ||
kushed | 0 | 4,865,004,056,422 | 100% | ||
svk | 0 | 168,286,221,948 | 100% | ||
abit | 0 | 5,569,116,107,321 | 100% | ||
liondani | 0 | 852,120,423,655 | 100% | ||
lafona5 | 0 | 307,076,639,723 | 100% | ||
roadscape | 0 | 5,805,121,479,001 | 100% | ||
steemit200 | 0 | 6,749,440,740,192 | 100% | ||
xeroc | 0 | 1,193,546,703,182 | 100% | ||
complexring | 0 | 3,972,684,228,513 | 100% | ||
arhag | 0 | 5,423,585,534,231 | 100% | ||
ajvest | 0 | 425,089,621,511 | 100% | ||
witness.svk | 0 | 4,850,574,518,266 | 100% | ||
aizensou | 0 | 12,142,470,960 | 100% | ||
boombastic | 0 | 1,044,015,871,003 | 100% | ||
pairmike | 0 | 149,017,385,529 | 100% | ||
cass | 0 | 430,517,939,403 | 100% | ||
pheonike | 0 | 226,917,783,388 | 100% | ||
proctologic | 0 | 20,970,217,771 | 100% | ||
tuck-fheman | 0 | 696,436,864,296 | 100% | ||
fbsvk | 0 | 8,703,544,826 | 100% | ||
jwest40 | 0 | 78,089,556,018 | 100% | ||
jchch | 0 | 94,746,095,590 | 100% | ||
fusan | 0 | 796,441,119 | 100% | ||
coindup | 0 | 73,282,347,672 | 100% | ||
patrice | 0 | 3,222,239,233 | 100% | ||
nikolai | 0 | 18,098,676,292 | 100% | ||
brindleswan | 0 | 13,565,955,037 | 100% | ||
gregory-f | 0 | 12,474,906,620 | 100% | ||
chryspano | 0 | 421,678,122,203 | 100% | ||
craig-grant | 0 | 88,014,174,080 | 100% | ||
sandwich | 0 | 14,196,284,650 | 100% | ||
shawnjoseph | 0 | 10,105,838,230 | 100% | ||
cyan91 | 0 | 534,740,973 | 100% | ||
jamtaylor | 0 | 98,228,778,172 | 100% | ||
cryptorune | 0 | 6,182,714,743 | 100% | ||
bleepcoin | 0 | 147,016,955,759 | 100% | ||
gavvet | 0 | 284,534,364,186 | 100% | ||
hbhades | 0 | 1,222,451,802 | 100% | ||
ereismatias | 0 | 470,812,875 | 100% | ||
thedarkestplum | 0 | 21,686,802,084 | 100% | ||
mranderson | 0 | 1,167,468,762 | 100% | ||
cryptogee | 0 | 647,469,058,525 | 100% | ||
ingenesist | 0 | 65,824,273,044 | 100% | ||
gekko | 0 | 302,105,686 | 100% | ||
cryptoctopus | 0 | 1,115,815,218,113 | 100% | ||
tad-auker | 0 | 456,630,497 | 100% | ||
daycrypter | 0 | 1,876,600,396 | 100% | ||
canhazlulz | 0 | 15,981,918,435 | 100% | ||
walkingmage | 0 | 639,921,128 | 100% | ||
sonarous | 0 | 40,453,262,445 | 100% | ||
nasato | 0 | 434,748,504 | 100% | ||
hannixx42 | 0 | 47,886,118,442 | 100% | ||
tosch | 0 | 6,641,246,125 | 100% | ||
klye | 0 | 1,732,991,489 | 100% | ||
mughat | 0 | 19,150,527,843 | 100% | ||
calamus056 | 0 | 246,646,060 | 100% | ||
dmitry | 0 | 1,276,317,147 | 100% | ||
apparobotnik | 0 | 404,567,974 | 100% | ||
steemdollars | 0 | 2,798,589,468 | 100% | ||
framelalife | 0 | 3,013,896,860 | 100% | ||
blakemiles84 | 0 | 273,929,931,739 | 100% | ||
tinfoilfedora | 0 | 73,968,892,507 | 100% | ||
oholiab | 0 | 14,088,405,124 | 100% | ||
leprechaun | 0 | 390,119,372 | 100% | ||
windsok | 0 | 53,816,708,555 | 100% | ||
ranko-k | 0 | 46,731,930,823 | 100% | ||
akaninyene-etuk | 0 | 231,878,315 | 100% | ||
pixellated | 0 | 44,740,041,961 | 100% | ||
java1959 | 0 | 206,244,382,452 | 100% | ||
billbutler | 0 | 165,747,762,904 | 100% | ||
judyhopps | 0 | 11,337,787,764 | 100% | ||
thecryptofiend | 0 | 10,262,503,590 | 100% | ||
justtryme90 | 0 | 21,604,228,865 | 100% | ||
zebbra2014 | 0 | 5,866,582,057 | 100% | ||
eric-boucher | 0 | 73,663,031,579 | 100% | ||
taoteh1221 | 0 | 122,272,674,796 | 100% | ||
applecrisp | 0 | 345,523,317 | 100% | ||
brennanhm | 0 | 30,480,855,167 | 100% | ||
the-alien | 0 | 334,575,294,399 | 100% | ||
wingz | 0 | 150,417,843,774 | 100% | ||
pangur-ban | 0 | 2,659,537,716 | 100% | ||
a48 | 0 | 74,924,229,188 | 100% | ||
wongshiying | 0 | 27,093,999,574 | 100% | ||
faddat | 0 | 57,504,255,868 | 100% | ||
kaylinart | 0 | 205,826,484,758 | 100% | ||
infovore | 0 | 213,695,543,617 | 100% | ||
brandonp | 0 | 44,479,317,828 | 100% | ||
stormbringer | 0 | 442,502,403 | 100% | ||
benthegameboy | 0 | 1,332,098,788 | 100% | ||
raff-delfin | 0 | 3,976,928,386 | 100% | ||
lyubovnam | 0 | 122,699,265 | 100% | ||
menace.coin | 0 | 639,626,471 | 100% | ||
magdalena | 0 | 389,399,990 | 100% | ||
schro | 0 | 122,177,151,138 | 100% | ||
michaelx | 0 | 7,237,567,679 | 100% | ||
thedashguy | 0 | 71,136,031,411 | 100% | ||
dasher | 0 | 18,866,314,681 | 100% | ||
dtbahoney | 0 | 331,182,784 | 100% | ||
ozzy-vega | 0 | 2,723,384,368 | 100% | ||
knopki | 0 | 193,766,862 | 100% | ||
geoffrey | 0 | 16,196,819,312 | 100% | ||
vollumc | 0 | 119,967,507,115 | 100% | ||
andrew-bernbeck | 0 | 290,676,345 | 100% | ||
lukestokes | 0 | 140,845,437,043 | 100% | ||
honeythief | 0 | 12,752,585,930 | 100% | ||
ben99 | 0 | 143,925,777 | 100% | ||
jparty | 0 | 11,813,037,702 | 100% | ||
mauricemikkers | 0 | 221,734,635,249 | 100% | ||
erik-prestinary | 0 | 309,738,418 | 100% | ||
carlgetalada | 0 | 280,250,815 | 100% | ||
fullsteemahead | 0 | 279,351,905 | 100% | ||
cotough | 0 | 6,476,834,708 | 100% | ||
superfreek | 0 | 726,712,076 | 100% | ||
fyrstikken | 0 | 157,424,369,470 | 100% | ||
mrhankeh | 0 | 221,414,208 | 100% | ||
blackmask | 0 | 15,138,197,064 | 100% | ||
clement | 0 | 17,350,749,966 | 100% | ||
isteemit | 0 | 5,698,354,345 | 100% | ||
skapaneas | 0 | 717,524,118 | 100% | ||
greatguardian100 | 0 | 1,556,135,225 | 100% | ||
akado | 0 | 7,131,711,924 | 100% | ||
gerber | 0 | 108,626,436 | 100% | ||
norbu | 0 | 41,055,445,507 | 100% | ||
grey580 | 0 | 17,441,543,893 | 100% | ||
glongsword | 0 | 252,860,625 | 100% | ||
oluss | 0 | 226,829,071 | 100% | ||
metropolit | 0 | 306,377,778 | 100% | ||
venuspcs | 0 | 3,323,639,191 | 100% | ||
michaellamden68 | 0 | 223,299,732 | 100% | ||
dtsddace | 0 | 1,380,301,602 | 100% | ||
cannav | 0 | 6,224,558,418 | 100% | ||
stupidteenboy | 0 | 1,102,117,469 | 100% | ||
ydm6669 | 0 | 1,782,341,027 | 100% | ||
freeflowbc | 0 | 1,398,933,733 | 100% | ||
juansgalt | 0 | 2,440,979,237 | 100% | ||
betterthanever | 0 | 962,296,404 | 100% | ||
good-karma | 0 | 2,355,603,501 | 100% | ||
roelandp | 0 | 163,900,291,995 | 100% | ||
romanskv | 0 | 1,435,849,374 | 100% | ||
lobo86 | 0 | 1,174,673,503 | 100% | ||
garik100 | 0 | 245,155,126 | 100% | ||
discombobulated | 0 | 50,316,051,273 | 100% | ||
robrigo | 0 | 36,065,587,205 | 100% | ||
rambogoham | 0 | 1,258,625,358 | 100% | ||
haquto | 0 | 238,988,011 | 100% | ||
dany | 0 | 24,224,204,106 | 100% | ||
fabio | 0 | 41,277,847,790 | 100% | ||
aleks1970 | 0 | 237,997,854 | 100% | ||
basicstepnetwork | 0 | 963,752,411 | 100% | ||
zerohero | 0 | 216,910,500 | 100% | ||
doesntmatter | 0 | 226,165,341 | 100% | ||
r4fken | 0 | 9,515,884,732 | 100% | ||
randywinata | 0 | 240,256,118 | 100% | ||
ztl | 0 | 80,833,804 | 100% | ||
aaronfisher | 0 | 287,799,055 | 100% | ||
alexcount | 0 | 5,053,262,720 | 100% | ||
ketchash | 0 | 3,727,154,618 | 100% | ||
mazainderan | 0 | 1,842,326,310 | 100% | ||
endgame | 0 | 929,203,822 | 100% | ||
katz | 0 | 155,021,026 | 100% | ||
seanmchughart | 0 | 4,775,255,248 | 100% | ||
thebodyshape.com | 0 | 241,920,859 | 100% | ||
busser | 0 | 223,535,346 | 100% | ||
owdy | 0 | 2,132,972,984 | 100% | ||
ghozia | 0 | 231,817,640 | 100% | ||
lukewarm | 0 | 226,115,224 | 100% | ||
gazm | 0 | 1,667,113,483 | 100% | ||
sigmajin | 0 | 6,004,729,082 | 100% | ||
jacor | 0 | 2,975,543,136 | 100% | ||
nioctib | 0 | 1,515,516,460 | 100% | ||
warplat | 0 | 145,619,018 | 100% | ||
shoraibit | 0 | 6,440,064,602 | 100% | ||
freeyourmind | 0 | 2,182,160,807 | 100% | ||
murderistic | 0 | 221,655,195 | 100% | ||
vkoreshkoff | 0 | 69,959,705 | 100% | ||
ashold882015 | 0 | 16,932,034,668 | 100% | ||
rdwn | 0 | 150,288,816 | 100% | ||
asim | 0 | 293,791,614 | 100% | ||
youkaicountry | 0 | 877,296,133 | 100% | ||
agente | 0 | 207,920,346 | 100% | ||
w4lterwyte | 0 | 652,424,669 | 0% | ||
perwest | 0 | 3,286,025,262 | 100% | ||
radioogaga | 0 | 232,927,299 | 100% | ||
niquebs | 0 | 1,989,581,489 | 100% | ||
yuridan | 0 | 142,487,369 | 100% | ||
astralbat | 0 | 242,151,454 | 100% | ||
bdavid | 0 | 780,316,354 | 100% | ||
paco | 0 | 34,052,337,564 | 100% | ||
aaseb | 0 | 5,253,185,686 | 100% | ||
d3v667 | 0 | 232,068,410 | 100% | ||
senseiteekay | 0 | 5,728,091,069 | 100% | ||
mjgrae | 0 | 1,853,766,389 | 100% | ||
illuminatidude | 0 | 246,860,121 | 100% | ||
icaro | 0 | 2,221,767,315 | 100% | ||
dwinblood | 0 | 2,024,900,272 | 100% | ||
jrfantasma | 0 | 242,789,188 | 100% | ||
billyl | 0 | 236,699,496 | 100% | ||
kaneen74 | 0 | 3,077,393,881 | 100% | ||
igster | 0 | 14,698,773,251 | 100% | ||
sephiroth | 0 | 21,971,903,847 | 100% | ||
cryptosi | 0 | 6,014,072,290 | 100% | ||
bansky | 0 | 226,787,392 | 100% | ||
valen55 | 0 | 25,341,074,279 | 100% | ||
juvyjabian | 0 | 160,535,318 | 100% | ||
domavila | 0 | 3,344,908,419 | 100% | ||
mianeri | 0 | 107,029,785 | 100% | ||
danroseman | 0 | 252,768,965 | 100% | ||
dmacshady | 0 | 157,197,459 | 100% | ||
jc151515 | 0 | 654,297,742 | 100% | ||
mun | 0 | 446,131,579 | 100% | ||
eliab | 0 | 231,113,895 | 100% | ||
alexoz | 0 | 231,113,764 | 100% | ||
xavier1 | 0 | 4,989,611 | 0% | ||
creationlayer | 0 | 555,836,105 | 100% | ||
stephencurry | 0 | 5,577,787,453 | 100% | ||
doctorstrange | 0 | 365,360,990 | 100% | ||
m4dgoat | 0 | 226,240,088 | 100% | ||
splatterhaus | 0 | 733,976,263 | 100% | ||
breathe3000 | 0 | 195,720,619 | 100% | ||
anduweb | 0 | 338,053,080 | 100% | ||
kevinpham20 | 0 | 66,757,984,516 | 100% | ||
criticalproof | 0 | 4,234,439,177 | 100% | ||
khenchring | 0 | 231,284,922 | 100% | ||
artific | 0 | 976,172,463 | 100% | ||
hastla | 0 | 143,572,501 | 100% | ||
poolam | 0 | 225,739,446 | 100% | ||
kubiiktop | 0 | 230,463,444 | 100% | ||
creemej | 0 | 3,144,712,959 | 100% | ||
s0jeris | 0 | 240,527,301 | 100% | ||
demotruk | 0 | 16,976,431,536 | 100% | ||
micden | 0 | 216,204,081 | 100% | ||
starlord | 0 | 253,557,399 | 100% | ||
rom1379 | 0 | 206,718,504 | 100% | ||
dimon14 | 0 | 58,679,625 | 100% | ||
ykchai | 0 | 225,479,190 | 100% | ||
martin1 | 0 | 14,358,230,491 | 100% | ||
m34ndy0u | 0 | 169,490,680 | 100% | ||
natali22 | 0 | 135,879,250 | 100% | ||
pierregi | 0 | 986,982,103 | 100% | ||
gullik7 | 0 | 192,348,415 | 100% | ||
delik | 0 | 23,454,840 | 100% | ||
conda | 0 | 7,865,603,507 | 100% | ||
mix68 | 0 | 228,340,014 | 100% | ||
nippel66 | 0 | 314,989,335 | 100% | ||
imp3 | 0 | 1,345,601,878 | 100% | ||
mememagicisreal | 0 | 230,427,626 | 100% | ||
yanulyarus | 0 | 193,780,307 | 100% | ||
lenar79 | 0 | 382,689,734 | 100% | ||
bugadu96 | 0 | 178,768,298 | 100% | ||
willytrader | 0 | 188,174,467 | 100% | ||
ranajit | 0 | 240,549,187 | 100% | ||
sgnsteems | 0 | 227,448,331 | 100% | ||
blueorgy | 0 | 98,233,343,141 | 100% | ||
coininstant | 0 | 16,763,763,133 | 100% | ||
theemperor | 0 | 112,430,172 | 100% | ||
meouw | 0 | 93,674,574 | 100% | ||
mustafaomar | 0 | 1,621,314,648 | 100% | ||
seelemonsonline | 0 | 1,621,858,991 | 100% | ||
akc | 0 | 114,615,278 | 100% | ||
syre7 | 0 | 491,029,635 | 100% | ||
ubg | 0 | 15,676,030,389 | 100% | ||
shawndos3 | 0 | 107,637,672 | 100% | ||
steemydino | 0 | 243,584,651,059 | 100% | ||
geronimo | 0 | 526,473,333 | 100% | ||
bones | 0 | 110,918,892 | 100% | ||
akronte | 0 | 42,049,282 | 100% | ||
csrolex | 0 | 104,026,799 | 100% | ||
substance | 0 | 9,430,696,248 | 100% | ||
xcachemoney | 0 | 119,058,446 | 100% | ||
gabbans | 0 | 149,075,840,493 | 100% | ||
stephenhnilica | 0 | 155,340,035 | 100% | ||
joshuanboles | 0 | 5,060,806,235 | 100% | ||
nagap | 0 | 883,821,815 | 100% | ||
gagecolton | 0 | 10,825,694,045 | 100% | ||
fintechrecruiter | 0 | 118,191,448 | 100% | ||
skyzalimit | 0 | 114,307,669 | 100% | ||
rev | 0 | 533,984,064 | 100% | ||
artificial | 0 | 116,566,623 | 100% | ||
coolemperor | 0 | 107,220,339 | 100% | ||
skorss | 0 | 952,750,405 | 100% | ||
lhl | 0 | 116,455,676 | 100% | ||
ellamaeamor | 0 | 116,449,827 | 100% | ||
karawalla | 0 | 107,139,150 | 100% | ||
cryptohustlin | 0 | 96,147,219 | 100% | ||
baronofbitcoin | 0 | 158,196,052,246 | 100% | ||
biletskiy | 0 | 2,551,076,602 | 100% | ||
graciah | 0 | 107,979,484 | 100% | ||
bento | 0 | 113,960,332 | 100% | ||
munchmunch | 0 | 111,589,282 | 100% | ||
nbogdan | 0 | 84,206,334 | 100% | ||
grxcii | 0 | 99,913,408 | 100% | ||
bitlord | 0 | 51,373,654 | 100% | ||
mexfogel | 0 | 118,435,555 | 100% | ||
ramblin-bob | 0 | 713,453,017 | 100% | ||
pandawabright | 0 | 151,233,005 | 100% | ||
mynewsteemit | 0 | 18,617,682,284 | 100% | ||
qonq99 | 0 | 28,273,742 | 100% | ||
ask-not-please | 0 | 193,542,408 | 100% | ||
cryptocurrency1 | 0 | 116,879,512 | 100% | ||
neroru | 0 | 700,598,553 | 100% | ||
rd7783 | 0 | 137,805,670 | 100% | ||
xand | 0 | 99,676,020 | 100% | ||
navydude | 0 | 159,385,590 | 100% | ||
maurizio | 0 | 86,140,603 | 100% | ||
sergey22 | 0 | 39,319,247 | 100% | ||
parlament | 0 | 115,431,495 | 100% | ||
groovy | 0 | 17,635,716,145 | 100% | ||
anhtu | 0 | 739,364,006 | 100% | ||
raymonjohnstone | 0 | 117,655,737 | 100% | ||
masterinvestor | 0 | 2,704,331,082 | 100% | ||
alisha | 0 | 158,451,007 | 100% | ||
makgorn | 0 | 104,594,720 | 100% | ||
jchubitnet | 0 | 60,315,308 | 100% | ||
sarancha80 | 0 | 34,564,476 | 100% | ||
punchplump | 0 | 113,142,713 | 100% | ||
rizkypramudyacj | 0 | 101,359,958 | 100% | ||
charbelnamm | 0 | 117,465,430 | 100% | ||
mikeoleksyuk | 0 | 125,908,239 | 100% | ||
fishborne | 0 | 266,977,124 | 100% | ||
kindmorning | 0 | 96,694,287 | 100% | ||
tehran | 0 | 129,586,890 | 100% | ||
bristolchris72 | 0 | 3,631,319,619 | 100% | ||
mysteem | 0 | 101,653,773 | 100% | ||
deanero | 0 | 7,238,026,345 | 100% | ||
ladypenelope1 | 0 | 138,883,057 | 100% | ||
orestespaz | 0 | 66,605,359 | 100% | ||
jefferi | 0 | 110,233,829 | 100% | ||
tony.jennings | 0 | 425,029,835 | 100% | ||
johnsmith | 0 | 77,327,943,596 | 100% | ||
marius19 | 0 | 100,925,668 | 100% | ||
funcal | 0 | 115,116,387 | 100% | ||
cybernetic | 0 | 148,953,661 | 100% | ||
hptjpanime13 | 0 | 89,267,688 | 100% | ||
worathi | 0 | 111,841,353 | 100% | ||
clonewarz | 0 | 24,967,337 | 100% | ||
powerage | 0 | 94,519,478 | 100% | ||
cire81 | 0 | 73,690,588 | 100% | ||
gerka23 | 0 | 113,929,141 | 100% | ||
neonartist | 0 | 262,059,012 | 100% | ||
jess-anderson | 0 | 218,337,833 | 100% | ||
bosss | 0 | 191,279,735 | 100% | ||
fatboy | 0 | 35,305,519,261 | 100% | ||
bahar | 0 | 158,364,059 | 100% | ||
resus | 0 | 223,841,923 | 100% | ||
dubraman | 0 | 221,244,540 | 100% | ||
lurker1 | 0 | 242,608,725 | 100% | ||
dremlin | 0 | 202,775,417 | 100% | ||
shaemish1888 | 0 | 153,238,497 | 100% | ||
kukuy | 0 | 42,783,149 | 100% | ||
hofman386 | 0 | 631,847,013 | 100% | ||
alphabeta | 0 | 49,473,498 | 100% | ||
moneykicks | 0 | 112,314,590 | 100% | ||
rznag | 0 | 108,245,746 | 100% | ||
sajid024 | 0 | 114,888,570 | 100% | ||
pavelwhite | 0 | 76,335,628 | 100% | ||
redex | 0 | 98,780,029 | 100% | ||
sharingtheworld | 0 | 113,446,226 | 100% | ||
dimitarj | 0 | 74,052,510 | 100% | ||
redexi | 0 | 89,729,928 | 100% | ||
eztechwin | 0 | 114,346,027 | 100% | ||
iraniansteem | 0 | 82,998,818 | 100% | ||
steemster1 | 0 | 42,610,408 | 100% | ||
mikeinfla | 0 | 207,470,123 | 100% | ||
oldman | 0 | 4,570,294,922 | 100% | ||
olga4226 | 0 | 44,486,883 | 100% | ||
odyssey28 | 0 | 29,309,517 | 100% | ||
hipsterjesus | 0 | 84,493,516 | 100% | ||
gripenfire | 0 | 113,369,084 | 100% | ||
nigroll | 0 | 113,477,178 | 100% | ||
sulev | 0 | 109,156,138 | 100% | ||
jillstein2016 | 0 | 57,896,601 | 100% | ||
dybbz | 0 | 106,598,152 | 100% | ||
emule | 0 | 108,810,678 | 100% | ||
grz | 0 | 114,965,968 | 100% | ||
demko12 | 0 | 110,929,087 | 100% | ||
rapp | 0 | 123,160,038 | 100% | ||
enkaptor | 0 | 113,078,165 | 100% | ||
mattyfu | 0 | 110,763,152 | 100% | ||
chachean84 | 0 | 744,079,167 | 100% | ||
robinhood | 0 | 112,922,959 | 100% | ||
pseudonymouse | 0 | 982,500,905 | 100% | ||
neowenyuan27 | 0 | 110,655,047 | 100% | ||
appalachia | 0 | 112,781,124 | 100% | ||
rogue91 | 0 | 1,741,669,087 | 100% | ||
choccy | 0 | 194,614,650 | 100% | ||
malaiandrueth | 0 | 45,593,205,329 | 100% | ||
luikonaissa | 0 | 819,680,869 | 100% | ||
alaysor | 0 | 108,299,590 | 100% | ||
belkins | 0 | 108,513,410 | 100% | ||
williambanks | 0 | 110,958,902 | 100% | ||
candy49 | 0 | 110,474,257 | 100% | ||
iwonttell | 0 | 102,921,903 | 100% | ||
dracosoo | 0 | 112,624,936 | 100% | ||
diethylamide18 | 0 | 112,616,021 | 100% | ||
kk3000 | 0 | 108,158,153 | 100% | ||
novagirl | 0 | 101,511,221 | 100% | ||
aleksg | 0 | 110,337,778 | 100% | ||
bish | 0 | 108,111,830 | 100% | ||
spookypooky | 0 | 108,066,661 | 100% | ||
bergy | 0 | 122,254,852 | 100% | ||
carlosf | 0 | 77,186,845 | 100% | ||
deedee | 0 | -110,249,437 | -100% | ||
timelord | 0 | 90,399,064 | 100% | ||
twod | 0 | 110,233,632 | 100% | ||
nroc101 | 0 | 105,822,900 | 100% | ||
freebsie | 0 | 112,429,241 | 100% | ||
ericmaranga | 0 | 110,221,700 | 100% | ||
dinosaurie | 0 | 92,562,673 | 100% | ||
windoff | 0 | 154,082,640 | 100% | ||
nixonnox | 0 | 784,374,759 | 100% | ||
brucy | 0 | 5,791,725 | 100% | ||
stardust | 0 | 0 | 100% | ||
baseline | 0 | 0 | 100% |
Yup, this is exactly what I have been shouting about for weeks now and expected would eventually happen. I am happy that you are a white hat and didn't take control of the accounts for yourself to profit from. I believe it is better to push away new users with less user friendly registration (that forces them to use a randomly generated key that they must store securely and use password managers to manage) than to bring them aboard easily only to completely piss them off when their account or funds are stolen [1]. It is our job to make it as user-friendly as possible and to provide great resources educating users how to generate and manage random high-entropy passwords. But I don't agree with compromising their security because it is "too hard" and we don't want to lose them as new users. [1] Although the new recovery feature allows them to get their account back. Most funds are usually locked in the time-locked Steem Power, so hopefully not too much financial damage would be done by the time they recover their account. And there are plans for a user opt-in and configurable time-locked savings account to even protect their more liquid STEEM and Steem Dollar funds from being stolen by hackers assuming they recover their account in a few days.
post_id | 135,200 |
---|---|
author | arhag |
permlink | re-robinhood-offline-attack-on-steem-user-credentials-20160719t104218144z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-19 10:42:18 |
last_update | 2016-07-19 10:42:18 |
depth | 1 |
children | 14 |
net_rshares | 36,990,417,460,332 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 504.762 SBD |
curator_payout_value | 168.181 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 1,263 |
author_reputation | 52,480,746,024,977 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
steempty | 0 | 6,840,735,443,856 | 100% | ||
summon | 0 | 14,293,998,300,834 | 100% | ||
wackou | 0 | 5,728,193,570,611 | 100% | ||
pharesim | 0 | 8,294,212,761,021 | 100% | ||
ajvest | 0 | 425,089,621,511 | 100% | ||
lovejoy | 0 | 156,411,016,397 | 100% | ||
jason | 0 | 61,714,229,983 | 100% | ||
cass | 0 | 430,517,939,403 | 100% | ||
pheonike | 0 | 226,917,783,388 | 100% | ||
proctologic | 0 | 20,970,217,771 | 100% | ||
nikolai | 0 | 18,098,676,292 | 100% | ||
mranderson | 0 | 2,345,159,469 | 100% | ||
calamus056 | 0 | 246,646,060 | 100% | ||
tinfoilfedora | 0 | 73,968,892,507 | 100% | ||
java1959 | 0 | 206,244,382,452 | 100% | ||
judyhopps | 0 | 11,337,787,764 | 100% | ||
eric-boucher | 0 | 73,663,031,579 | 100% | ||
brennanhm | 0 | 30,480,855,167 | 100% | ||
karnal | 0 | 20,518,482,069 | 100% | ||
dtsddace | 0 | 1,380,301,602 | 100% | ||
cannav | 0 | 6,537,527,742 | 100% | ||
robrigo | 0 | 36,065,587,205 | 100% | ||
mazainderan | 0 | 1,806,202,264 | 100% | ||
toddl984 | 0 | 295,123,834 | 100% | ||
radioogaga | 0 | 237,680,918 | 100% | ||
illuminatidude | 0 | 242,019,726 | 100% | ||
mianeri | 0 | 124,886,470 | 100% | ||
oneyesoneno | 0 | 366,152,409 | 100% | ||
alecsinspace | 0 | 1,132,129,259 | 100% | ||
artific | 0 | 976,172,463 | 100% | ||
coininstant | 0 | 17,099,038,396 | 100% | ||
artificial | 0 | 118,897,955 | 100% | ||
satch | 0 | 116,590,124 | 100% | ||
zozian | 0 | 116,226,685 | 100% | ||
cathou009 | 0 | 325,493,566 | 100% | ||
masterinvestor | 0 | 2,704,331,082 | 100% | ||
funcal | 0 | 115,116,387 | 100% | ||
ma3 | 0 | 4,091,692,088 | 100% | ||
alphabeta | 0 | 49,473,498 | 100% | ||
papa-smurf | 0 | 111,281,597 | 100% | ||
mikeinfla | 0 | 207,470,123 | 100% | ||
emule | 0 | 108,810,678 | 100% | ||
cybercodetwins | 0 | 200,981,398 | 100% | ||
robinhood | 0 | 112,922,959 | 100% | ||
pastemaster | 0 | 110,551,770 | 100% |
… we are in needs of a bug bounty program with high rewards, that people are happy to publish the flaws, instead of misusing them for the own profit in the short run! **Thank you for being honest and alarming the devs and community - and not run with the money** …! # Chapeau !
post_id | 147,229 |
---|---|
author | cass |
permlink | re-arhag-re-robinhood-offline-attack-on-steem-user-credentials-20160719t225759748z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-19 22:58:00 |
last_update | 2016-07-19 22:58:00 |
depth | 2 |
children | 6 |
net_rshares | 18,064,825,530,140 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 132.492 SBD |
curator_payout_value | 44.103 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 279 |
author_reputation | 87,543,160,636,924 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
summon | 0 | 14,293,998,300,834 | 100% | ||
liondani | 0 | 869,872,932,481 | 100% | ||
ajvest | 0 | 415,428,493,749 | 100% | ||
lovejoy | 0 | 152,066,265,942 | 100% | ||
bonapartist | 0 | 105,941,139,164 | 100% | ||
pfunk | 0 | 545,535,075,865 | 100% | ||
cass | 0 | 326,208,015,948 | 100% | ||
proctologic | 0 | 20,470,926,872 | 100% | ||
tuck-fheman | 0 | 696,436,864,296 | 100% | ||
bitacer | 0 | 410,214,739,355 | 100% | ||
eric-boucher | 0 | 73,663,031,579 | 100% | ||
thedashguy | 0 | 68,683,064,810 | 100% | ||
cannav | 0 | 6,693,183,164 | 100% | ||
robrigo | 0 | 35,314,220,805 | 100% | ||
alexcount | 0 | 4,954,179,137 | 100% | ||
mazainderan | 0 | 1,806,202,264 | 100% | ||
endgame | 0 | 902,655,142 | 100% | ||
sigmajin | 0 | 7,251,747,384 | 100% | ||
johnnydollar | 0 | 232,509,742 | 100% | ||
senseiteekay | 0 | 5,728,124,998 | 100% | ||
mianeri | 0 | 124,886,470 | 100% | ||
stephencurry | 0 | 3,719,582,654 | 100% | ||
hastla | 0 | 143,572,501 | 100% | ||
geronimo | 0 | 526,473,333 | 100% | ||
funcal | 0 | 112,814,059 | 100% | ||
alphabeta | 0 | 49,473,498 | 100% | ||
robinhood | 0 | 18,514,247,472 | 100% | ||
pastemaster | 0 | 110,551,770 | 100% | ||
bergy | 0 | 122,254,852 | 100% |
and tipping is always an option as well - *thx again*!
post_id | 149,056 |
---|---|
author | cass |
permlink | re-cass-re-arhag-re-robinhood-offline-attack-on-steem-user-credentials-20160720t004555546z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-20 00:45:57 |
last_update | 2016-07-20 00:45:57 |
depth | 3 |
children | 0 |
net_rshares | 14,952,715,546,515 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 94.350 SBD |
curator_payout_value | 31.426 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 55 |
author_reputation | 87,543,160,636,924 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
summon | 0 | 13,698,415,038,299 | 100% | ||
ajvest | 0 | 415,428,493,749 | 100% | ||
cass | 0 | 326,208,015,948 | 100% | ||
bitacer | 0 | 418,419,034,142 | 100% | ||
eric-boucher | 0 | 73,663,031,579 | 100% | ||
cannav | 0 | 6,693,183,164 | 100% | ||
sigmajin | 0 | 7,251,747,384 | 100% | ||
johnnydollar | 0 | 237,254,839 | 100% | ||
senseiteekay | 0 | 5,728,124,998 | 100% | ||
mianeri | 0 | 124,886,470 | 100% | ||
geronimo | 0 | 526,473,333 | 100% | ||
alphabeta | 0 | 20,262,610 | 100% |
I WILL donate/contribute my rewards gotten out of my comments here @robinhood as well, and **you guys here** should considering to do this as well...if everybody here WILL doing this i'd double the **comment** payment amount to donate out of my pockets again!
post_id | 158,511 |
---|---|
author | cass |
permlink | re-cass-re-arhag-re-robinhood-offline-attack-on-steem-user-credentials-20160720t124910967z |
category | steem |
json_metadata | "{"users": ["robinhood"], "tags": ["steem"]}" |
created | 2016-07-20 12:49:09 |
last_update | 2016-07-20 15:55:42 |
depth | 3 |
children | 0 |
net_rshares | 14,867,402,568,490 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 96.396 SBD |
curator_payout_value | 28.100 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 260 |
author_reputation | 87,543,160,636,924 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
summon | 0 | 13,996,206,669,567 | 100% | ||
ajvest | 0 | 415,428,493,749 | 100% | ||
cass | 0 | 339,256,336,586 | 100% | ||
mranderson | 0 | 1,167,468,762 | 100% | ||
eric-boucher | 0 | 71,821,455,790 | 100% | ||
robrigo | 0 | 35,314,404,420 | 100% | ||
sigmajin | 0 | 7,097,454,887 | 100% | ||
radioogaga | 0 | 237,680,918 | 100% | ||
mianeri | 0 | 124,886,470 | 100% | ||
geronimo | 0 | 526,473,333 | 100% | ||
alphabeta | 0 | 20,262,610 | 100% | ||
cybercodetwins | 0 | 200,981,398 | 100% |
Happy to introduce anyone to Jacob at Cobalt - best bug bounties with a specialization in cryptocurrency companies.
post_id | 164,548 |
---|---|
author | itsjoeco |
permlink | re-cass-re-arhag-re-robinhood-offline-attack-on-steem-user-credentials-20160720t191400093z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-20 19:13:57 |
last_update | 2016-07-20 19:13:57 |
depth | 3 |
children | 0 |
net_rshares | 0 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 115 |
author_reputation | 3,302,850,291,836 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
@cass - the largest flaw now in my opinion is that overgrowing "tag-spamming" people do. When you have for example in top 12 of "marijuana" topic just 3 related ones the platform has a massive problem. This get worse hour by our and people tag nearly all their posts wrong.
post_id | 165,113 |
---|---|
author | hastla |
permlink | re-cass-re-arhag-re-robinhood-offline-attack-on-steem-user-credentials-20160720t194323327z |
category | steem |
json_metadata | "{"users": ["cass"], "tags": ["steem"]}" |
created | 2016-07-20 19:43:27 |
last_update | 2016-07-20 19:43:27 |
depth | 3 |
children | 1 |
net_rshares | 5,753,803,506,316 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 18.682 SBD |
curator_payout_value | 6.221 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 274 |
author_reputation | 3,557,223,159,170 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
wackou | 0 | 5,746,212,082,219 | 100% | ||
sigmajin | 0 | 7,251,747,384 | 100% | ||
mianeri | 0 | 124,886,470 | 100% | ||
hastla | 0 | 194,527,633 | 100% | ||
alphabeta | 0 | 20,262,610 | 100% |
first official STEEM LOTTERY https://steemit.com/lottery/@willytrader/first-official-steem-lottery
post_id | 171,121 |
---|---|
author | willytrader |
permlink | re-cass-re-arhag-re-robinhood-offline-attack-on-steem-user-credentials-20160721t014800864z |
category | steem |
json_metadata | "{"links": ["https://steemit.com/lottery/@willytrader/first-official-steem-lottery"], "tags": ["steem"]}" |
created | 2016-07-21 01:49:21 |
last_update | 2016-07-21 01:49:21 |
depth | 3 |
children | 0 |
net_rshares | 0 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 99 |
author_reputation | -445,542,245,044 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
This is someting i'm really concerned about arhag, do you have any information i can use at the moment to protect myself further?
post_id | 147,977 |
---|---|
author | ma3 |
permlink | re-arhag-re-robinhood-offline-attack-on-steem-user-credentials-20160719t234313059z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-19 23:43:09 |
last_update | 2016-07-19 23:43:09 |
depth | 2 |
children | 3 |
net_rshares | 20,470,926,872 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.028 SBD |
curator_payout_value | 0.007 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 129 |
author_reputation | 1,456,576,615,524 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
proctologic | 0 | 20,470,926,872 | 100% |
I do actually. I just wrote [this post](https://steemit.com/steem/@arhag/can-you-remember-your-steemit-password-if-so-you-are-in-danger) about the importance of using password managers.
post_id | 149,151 |
---|---|
author | arhag |
permlink | re-ma3-re-arhag-re-robinhood-offline-attack-on-steem-user-credentials-20160720t005151515z |
category | steem |
json_metadata | "{"links": ["https://steemit.com/steem/@arhag/can-you-remember-your-steemit-password-if-so-you-are-in-danger"], "tags": ["steem"]}" |
created | 2016-07-20 00:51:51 |
last_update | 2016-07-20 00:51:51 |
depth | 3 |
children | 2 |
net_rshares | 356,686,422,342 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.494 SBD |
curator_payout_value | 0.160 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 185 |
author_reputation | 52,480,746,024,977 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
fury | 0 | 15,607,245,367 | 100% | ||
cass | 0 | 339,256,336,586 | 100% | ||
seelemonsonline | 0 | 1,621,858,991 | 100% | ||
cybercodetwins | 0 | 200,981,398 | 100% |
https://i.imgflip.com/17n89a.jpg
post_id | 156,611 |
---|---|
author | henchman |
permlink | re-arhag-re-robinhood-offline-attack-on-steem-user-credentials-20160720t102505197z |
category | steem |
json_metadata | "{"image": ["https://i.imgflip.com/17n89a.jpg"], "tags": ["steem"]}" |
created | 2016-07-20 10:25:00 |
last_update | 2016-07-20 10:25:00 |
depth | 2 |
children | 0 |
net_rshares | 112,645,773 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 32 |
author_reputation | 3,058,831,511 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
henchman | 0 | 112,645,773 | 100% |
hi @arhag, please check my latest post out. I wrote it to you and the other whales. Maybe you will agree with it :) https://steemit.com/steemit/@steemitpolitics/6rqxnc-to-the-whales-get-your-head-out-of-your-ass-and-vote-good-content-up-you-are-harming-steemit
post_id | 164,794 |
---|---|
author | steemitpolitics |
permlink | re-arhag-re-robinhood-offline-attack-on-steem-user-credentials-20160720t192711624z |
category | steem |
json_metadata | "{"users": ["arhag"], "links": ["https://steemit.com/steemit/@steemitpolitics/6rqxnc-to-the-whales-get-your-head-out-of-your-ass-and-vote-good-content-up-you-are-harming-steemit"], "tags": ["steem"]}" |
created | 2016-07-20 19:27:15 |
last_update | 2016-07-20 19:38:36 |
depth | 2 |
children | 0 |
net_rshares | 1,403,787,926 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 260 |
author_reputation | 2,435,940,447,292 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
steemitpolitics | 0 | 1,403,787,926 | 100% |
Amazing work and really making a difference in how we all move forward in the world.
post_id | 168,381 |
---|---|
author | mranderson |
permlink | re-arhag-re-robinhood-offline-attack-on-steem-user-credentials-20160720t223846247z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-20 22:38:45 |
last_update | 2016-07-20 22:38:45 |
depth | 2 |
children | 0 |
net_rshares | 2,345,159,469 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 84 |
author_reputation | 4,001,494,480,869 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
mranderson | 0 | 2,345,159,469 | 100% |
This is why I proposed 2FA. I understand 2FA is hard to implement on the blockchain but as the saying goes "when there is a will there is a way". I feel very unsafe on this platform without 2FA. Please read this https://steemit.com/steemit/@domavila/two-factor-authentication-and-why-we-need-it-now
post_id | 135,927 |
---|---|
author | domavila |
permlink | re-robinhood-offline-attack-on-steem-user-credentials-20160719t114515951z |
category | steem |
json_metadata | "{"links": ["https://steemit.com/steemit/@domavila/two-factor-authentication-and-why-we-need-it-now"], "tags": ["steem"]}" |
created | 2016-07-19 11:45:15 |
last_update | 2016-07-19 11:45:15 |
depth | 1 |
children | 0 |
net_rshares | 81,457,334,073 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.116 SBD |
curator_payout_value | 0.029 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 298 |
author_reputation | 3,811,633,288,089 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
nikolai | 0 | 18,098,676,292 | 100% | ||
steampunkpowered | 0 | 16,927,222,653 | 100% | ||
oholiab | 0 | 13,812,161,887 | 100% | ||
valen55 | 0 | 25,341,074,279 | 100% | ||
domavila | 0 | 3,344,908,419 | 100% | ||
artakan | 0 | 3,933,290,543 | 100% |
That's pretty terrifying, and it's a good job that you posted this... It hadn't occurred that *of course* hashed passwords are going to be freely available offline because in using a web UI you're used to the assumptions of a traditional web model. Good on you (assuming you did what you said) for just reassigning back to Steemit. Sounds like we do really need 2FA or generated only passwords... It's a shame that browser tooling around SSL client certs is so user unfriendly, having a client cert as a per-browser alternative to the generated password would be a good way of removing the usability barrier. Users would obviously still have to store their password but they could use the installed client cert for day-to-day auth and just use the password for requesting new certs for new devices.
post_id | 137,053 |
---|---|
author | oholiab |
permlink | re-robinhood-offline-attack-on-steem-user-credentials-20160719t131338826z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-19 13:13:36 |
last_update | 2016-07-19 13:13:36 |
depth | 1 |
children | 0 |
net_rshares | 165,747,762,904 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.229 SBD |
curator_payout_value | 0.076 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 799 |
author_reputation | 1,895,735,652,406 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
billbutler | 0 | 165,747,762,904 | 100% |
im actually kind of suprised. When they said that the hacker had private keys, i was thinking he could hashcat them to get passwords... but i figured with 16 characters that would take an unreasonable amount of time. I figured with a 16 digit password even the weakest passwords would be relatively hard to guess... though i do support 2FA
post_id | 141,166 |
---|---|
author | sigmajin |
permlink | re-robinhood-offline-attack-on-steem-user-credentials-20160719t172939451z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-19 17:29:36 |
last_update | 2016-07-19 17:32:15 |
depth | 1 |
children | 0 |
net_rshares | 0 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 342 |
author_reputation | 35,846,309,024,528 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
TBH, i think this is a pretty shitty thing to do. It definitely isnt ethical hacking, and one can only hope that the owners pursue legal measures if your claims are true. I agree with your point.. but i dont think you should be fucking with other peoples money to make it.
post_id | 141,385 |
---|---|
author | sigmajin |
permlink | re-robinhood-offline-attack-on-steem-user-credentials-20160719t174356207z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-19 17:43:54 |
last_update | 2016-07-19 17:43:54 |
depth | 1 |
children | 7 |
net_rshares | -108,959,783 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 273 |
author_reputation | 35,846,309,024,528 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
mrhankeh | 0 | -221,414,208 | -100% | ||
deedee | 0 | 112,454,425 | 100% |
Sigmajin, based on this comment and your last, I'm not sure you 100% understand the situation. 0. Regarding your first comment, I'm confused because if you can recover the private key you don't need the password. Also, you are correct in assuming 16 chars can't be brute-forced attacked but it can be *dictionary* attacked. If it was feasible to brute-force everyone would be screwed. 1. I didn't take these users money. I re-assigned control of these user's accounts to Steemit which has a mechanism allowing them to establish new (hopefully better) credentials. 2. I'm curious what you would have regarded as more ethical in this instance? Would doing nothing and watching these users get robbed be as ethical as merely burdening them with the inconvience of being forced to pick a password that can't be trivially guessed?
post_id | 142,115 |
---|---|
author | robinhood |
permlink | re-sigmajin-re-robinhood-offline-attack-on-steem-user-credentials-20160719t182327900z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-19 18:23:30 |
last_update | 2016-07-19 18:23:30 |
depth | 2 |
children | 2 |
net_rshares | 15,583,634,124,240 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 101.616 SBD |
curator_payout_value | 33.833 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 834 |
author_reputation | 2,616,843,664,428 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
summon | 0 | 13,271,844,575,992 | 100% | ||
cass | 0 | 430,517,939,403 | 100% | ||
tuck-fheman | 0 | 696,436,864,296 | 100% | ||
cryptogee | 0 | 647,469,058,525 | 100% | ||
billbutler | 0 | 165,747,762,904 | 100% | ||
wingz | 0 | 150,417,843,774 | 100% | ||
infovore | 0 | 213,695,543,617 | 100% | ||
mrhankeh | 0 | 221,414,208 | 100% | ||
sigmajin | 0 | 6,312,015,781 | 100% | ||
mianeri | 0 | 124,886,470 | 100% | ||
cryptohustlin | 0 | 96,147,219 | 100% | ||
neroru | 0 | 700,598,553 | 100% | ||
alphabeta | 0 | 49,473,498 | 100% |
OK, i was a little pissy bittrex is fucking with my money. anyway 1 yeah, i get that the private key obviates the need for the password here... my concern at the time was that after the users got their accounts back, the hacker could take the key, work their way backward to the users password, then use that password to attack other accounts. 2 SO what happens if the value of their assets decreases by 50% while theyre messing around with password recovery? 3 You could have proved your point by contacting tptb with the password list. Or upvoting this post.. or running some kind of script to make them all post horse pornography every few hours until they changed their password. I know if it happened to me, id be pissed (even though i dont keep a ton of money here)... i guess im not behind it but i realize it was well intentioned.
post_id | 142,490 |
---|---|
author | sigmajin |
permlink | re-robinhood-re-sigmajin-re-robinhood-offline-attack-on-steem-user-credentials-20160719t184706056z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-19 18:47:03 |
last_update | 2016-07-19 19:04:12 |
depth | 3 |
children | 1 |
net_rshares | 0 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 847 |
author_reputation | 35,846,309,024,528 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
Also 4. I'm not the hacker from 2015-07-14 (I was unclear from your reply if you grasped this). His/her attack vector was totally different.
post_id | 142,265 |
---|---|
author | robinhood |
permlink | re-sigmajin-re-robinhood-offline-attack-on-steem-user-credentials-20160719t183123000z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-19 18:31:27 |
last_update | 2016-07-19 18:31:27 |
depth | 2 |
children | 1 |
net_rshares | 430,517,939,403 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.634 SBD |
curator_payout_value | 0.211 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 143 |
author_reputation | 2,616,843,664,428 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
cass | 0 | 430,517,939,403 | 100% |
yeah, dk if you saw my post pointing it out but i think the 7-14 attack came from @goodgame... the script he was using is still in all of his posts if its him, and the domain it was pinging (steemit.uk) was regged that day. https://steemit.com/doyourpart/@sigmajin/um-this-guy-is-trying-to-do-something-bad-right
post_id | 142,743 |
---|---|
author | sigmajin |
permlink | re-robinhood-re-sigmajin-re-robinhood-offline-attack-on-steem-user-credentials-20160719t190231878z |
category | steem |
json_metadata | "{"links": ["https://steemit.com/doyourpart/@sigmajin/um-this-guy-is-trying-to-do-something-bad-right"], "tags": ["steem"]}" |
created | 2016-07-19 19:02:27 |
last_update | 2016-07-19 19:02:45 |
depth | 3 |
children | 0 |
net_rshares | 0 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 314 |
author_reputation | 35,846,309,024,528 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
I'm actually shocked by this. There is really no legal distinction between "white hats" and "black hats". Nobody gave "robinhood" permission to hack 500 Steemit accounts. "robinhood", in fact, did "take the money"... since only "robinhood" now has access to these funds.
post_id | 142,738 |
---|---|
author | deedee |
permlink | re-sigmajin-re-robinhood-offline-attack-on-steem-user-credentials-20160719t190217734z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-19 19:02:15 |
last_update | 2016-07-19 19:02:15 |
depth | 2 |
children | 1 |
net_rshares | -184,854,226 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 270 |
author_reputation | 2,531,240,049 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
decrypt | 0 | -184,854,226 | -100% |
> since only "robinhood" now has access to these funds. Incorrect, as I stated in my post, I updated these accounts to Steemit's key (not my key) so only Steemit has access to the funds. This fact can be verified by inspecting the blockchain.
post_id | 144,027 |
---|---|
author | robinhood |
permlink | re-deedee-re-sigmajin-re-robinhood-offline-attack-on-steem-user-credentials-20160719t201405100z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-19 20:14:12 |
last_update | 2016-07-19 20:14:12 |
depth | 3 |
children | 0 |
net_rshares | 1,011,225,009,341 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 1.692 SBD |
curator_payout_value | 0.554 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 244 |
author_reputation | 2,616,843,664,428 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
cass | 0 | 430,517,939,403 | 100% | ||
java1959 | 0 | 206,244,382,452 | 100% | ||
billbutler | 0 | 165,747,762,904 | 100% | ||
infovore | 0 | 208,607,554,483 | 100% | ||
alphabeta | 0 | 49,473,498 | 100% | ||
jillstein2016 | 0 | 57,896,601 | 100% |
robinhood, can you send me an email ned at steemit dot com
post_id | 145,450 |
---|---|
author | ned |
permlink | re-robinhood-offline-attack-on-steem-user-credentials-20160719t212321142z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-19 21:23:21 |
last_update | 2016-07-19 21:23:21 |
depth | 1 |
children | 1 |
net_rshares | 520,556,982,735 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.765 SBD |
curator_payout_value | 0.226 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 58 |
author_reputation | 94,526,930,487,415 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
fury | 0 | 15,960,899,589 | 100% | ||
liondani | 0 | 17,753,879,030 | 0% | ||
jason | 0 | 46,037,085,599 | 100% | ||
cass | 0 | 417,471,941,239 | 100% | ||
nikolai | 0 | 18,098,676,292 | 100% | ||
mranderson | 0 | 2,345,159,469 | 100% | ||
masterinvestor | 0 | 2,704,331,082 | 100% | ||
lurker1 | 0 | 185,010,435 | 100% |
Sure. Sent you a message a moment ago. May hit your spam folder since it just said "hi".
post_id | 146,304 |
---|---|
author | robinhood |
permlink | re-ned-re-robinhood-offline-attack-on-steem-user-credentials-20160719t220638400z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-19 22:06:39 |
last_update | 2016-07-19 22:06:39 |
depth | 2 |
children | 0 |
net_rshares | 208,607,554,483 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.290 SBD |
curator_payout_value | 0.094 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 90 |
author_reputation | 2,616,843,664,428 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
infovore | 0 | 208,607,554,483 | 100% |
Upvoting for visibility (and the Spaceballs reference), but not without much conflict. More people need to understand how serious password security is and the need for a good password manager. At the same time, I don't want to condone grey hat activity. There were other ways to handle this that would have been true white hat. You could have checked those 500~ passwords, verified them, and then contacted the Steemit team privately. I've been posting in the Slack channel about the need for a private bug bounty program like Bugcrowd for exactly that purpose. There should also be an easy to find ethical disclosure procedure. In this case, however, was it really Steemit's fault or a PEBKEC (Problem Exists Between Keyboard and Chair)? All attempts at creating idiot proof software fail as better idiots are produced. I hope you can work with the Steemit team in an ethical manner in the future. I know I'm coming across as judgemental here, and it's possible you actually saved a lot of people from a lot of trouble. It still just _feels_ wrong. Either way, I wouldn't want to get on your bad side. :)
post_id | 145,898 |
---|---|
author | lukestokes |
permlink | re-robinhood-offline-attack-on-steem-user-credentials-20160719t214459451z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-19 21:45:00 |
last_update | 2016-07-19 21:45:00 |
depth | 1 |
children | 2 |
net_rshares | 711,664,755,526 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 1.122 SBD |
curator_payout_value | 0.364 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 1,108 |
author_reputation | 395,063,281,398,324 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
billbutler | 0 | 165,747,762,904 | 100% | ||
lukestokes | 0 | 159,456,021,036 | 100% | ||
mianeri | 0 | 124,886,470 | 100% | ||
james212 | 0 | 386,288,860,414 | 100% | ||
alphabeta | 0 | 47,224,702 | 100% |
I don't fault the OP. This is a classic scenario where you don't fully comprehend the gravity unless it happens. I also like the fact that the OP is being financially compensated for his discovery. I hired my first CTO after he rooted our mail server!
post_id | 148,819 |
---|---|
author | billbutler |
permlink | re-lukestokes-re-robinhood-offline-attack-on-steem-user-credentials-20160720t003303825z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-20 00:33:03 |
last_update | 2016-07-20 00:33:03 |
depth | 2 |
children | 1 |
net_rshares | 161,012,470,617 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.294 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 251 |
author_reputation | 31,300,808,502,604 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
billbutler | 0 | 161,012,470,617 | 100% |
You might be right, Bill. I guess I'm just much more comfortable with white hat activities. We use BugCrowd for FoxyCart and have been very happy with the professionalism and ethics of those involved. When something is exposed (thankfully it's almost always some third party system outside of our PCI environment), it's hard not to take it very seriously. From what I've seen of the team here so far, I think they would have taken a white hat approach seriously also. But... maybe not. As I said, whether or not I like it, this approach may have saved quite a few people from even more frustration.
post_id | 149,186 |
---|---|
author | lukestokes |
permlink | re-billbutler-re-lukestokes-re-robinhood-offline-attack-on-steem-user-credentials-20160720t005339974z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-20 00:53:39 |
last_update | 2016-07-20 00:53:39 |
depth | 3 |
children | 0 |
net_rshares | 0 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 598 |
author_reputation | 395,063,281,398,324 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
wow! so basically you hacked 500 accounts and gave the keys back to steemit!? well good job!
post_id | 146,899 |
---|---|
author | aaseb |
permlink | re-robinhood-offline-attack-on-steem-user-credentials-20160719t223719968z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-19 22:37:24 |
last_update | 2016-07-19 22:37:24 |
depth | 1 |
children | 0 |
net_rshares | 5,253,185,686 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 92 |
author_reputation | 470,134,608,167 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
aaseb | 0 | 5,253,185,686 | 100% |
I think this is probably good to get such simple things done during the child life of a crypto less we have a dao scandal on steem in a year. lol
post_id | 147,626 |
---|---|
author | rogue91 |
permlink | re-robinhood-offline-attack-on-steem-user-credentials-20160719t232223218z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-19 23:22:24 |
last_update | 2016-07-19 23:22:24 |
depth | 1 |
children | 0 |
net_rshares | 0 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 145 |
author_reputation | 307,452,322,299 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
Very interesting, so is this just a problem with user-generated passwords? Thanks *CG*
post_id | 148,426 |
---|---|
author | cryptogee |
permlink | re-robinhood-offline-attack-on-steem-user-credentials-20160720t001003519z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-20 00:10:06 |
last_update | 2016-07-20 00:10:06 |
depth | 1 |
children | 3 |
net_rshares | 67,102,256,013 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.076 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 87 |
author_reputation | 371,535,229,097,172 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
ihash | 0 | 26,324,658,063 | 100% | ||
jason | 0 | 40,777,597,950 | 100% |
I dug into the code for the "suggest password" option Steem provides at signup and as far as I could tell the logic there was 100% kosher.
post_id | 148,568 |
---|---|
author | robinhood |
permlink | re-cryptogee-re-robinhood-offline-attack-on-steem-user-credentials-20160720t001847000z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-20 00:18:48 |
last_update | 2016-07-20 00:18:48 |
depth | 2 |
children | 2 |
net_rshares | 352,268,673,794 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.510 SBD |
curator_payout_value | 0.167 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 138 |
author_reputation | 2,616,843,664,428 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
cass | 0 | 352,268,673,794 | 100% |
what does that mean? Was it good?
post_id | 149,709 |
---|---|
author | liondani |
permlink | re-robinhood-re-cryptogee-re-robinhood-offline-attack-on-steem-user-credentials-20160720t012502032z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-20 01:25:03 |
last_update | 2016-07-20 01:25:03 |
depth | 3 |
children | 1 |
net_rshares | 0 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 33 |
author_reputation | 91,903,771,336,326 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
post_id | 148,607 |
---|---|
author | tuck-fheman |
permlink | re-robinhood-offline-attack-on-steem-user-credentials-20160720t002054622z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-20 00:20:57 |
last_update | 2016-07-20 00:20:57 |
depth | 1 |
children | 0 |
net_rshares | 406,358,632,134 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.567 SBD |
curator_payout_value | 0.160 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 20 |
author_reputation | 326,086,885,911,893 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
ihash | 0 | 26,324,658,063 | 100% | ||
jason | 0 | 40,777,637,485 | 100% | ||
cass | 0 | 339,256,336,586 | 100% |
I will upvote every White Hat hackers post that will help us secure more our platform! And I hope that will give them the motivation to continue working for our security!
post_id | 148,615 |
---|---|
author | liondani |
permlink | re-robinhood-offline-attack-on-steem-user-credentials-20160720t002119711z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-20 00:21:18 |
last_update | 2016-07-20 00:21:18 |
depth | 1 |
children | 0 |
net_rshares | 7,061,490,562,896 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 28.624 SBD |
curator_payout_value | 6.039 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 170 |
author_reputation | 91,903,771,336,326 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
wackou | 0 | 5,728,193,570,611 | 100% | ||
liondani | 0 | 852,120,423,655 | 100% | ||
cass | 0 | 404,443,064,468 | 100% | ||
eric-boucher | 0 | 71,821,455,790 | 100% | ||
mianeri | 0 | 124,886,470 | 100% | ||
ma3 | 0 | 4,624,784,562 | 100% | ||
alphabeta | 0 | 51,722,293 | 100% | ||
neowenyuan27 | 0 | 110,655,047 | 100% |
Its a cool concept, but I'm sorry, I call BS. I have looked at the code that handles hashing, salting and encrypting passwords before they are placed into the block chain and I can say with 99.5% certainty that you did not accomplish the hack you claim to have. In theory it is possible, but the computational complexity of uncovering even 1 of the passwords from the blockchain would be more difficult that mining the largest amount held by any user on the block chain. Sorry to hurt your feelings and call you out, but if you are to fool this community you are going to need to prove that you a. have the knowledge required to mount such a large scale offline attack, and b. you would have mentioned the actual difficulty of doing so.
post_id | 148,639 |
---|---|
author | belfordz |
permlink | re-robinhood-offline-attack-on-steem-user-credentials-20160720t002303037z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-20 00:22:57 |
last_update | 2016-07-20 00:22:57 |
depth | 1 |
children | 1 |
net_rshares | 0 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 740 |
author_reputation | 34,058,241,623 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
> anyone with a copy of the blockchain can mount a large-scale offline dictionary attack to recover them. Research as well as real-world precedent has repeatedly shown that a non-trivial fraction of users are incapable of choosing passwords resistent to offline-attack even when password complexity requirements are enforced They didn't claim to crack any hashing algorithm. A dictionary attack simply goes through a dictionary of possible passwords and tries each one until it finds a matching hash. Might want to reconsider that 0.5% chance.
post_id | 148,871 |
---|---|
author | lukestokes |
permlink | re-belfordz-re-robinhood-offline-attack-on-steem-user-credentials-20160720t003630552z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-20 00:36:30 |
last_update | 2016-07-20 00:36:30 |
depth | 2 |
children | 0 |
net_rshares | 12,986,583,202,202 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 73.434 SBD |
curator_payout_value | 24.471 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 544 |
author_reputation | 395,063,281,398,324 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
summon | 0 | 12,976,914,696,525 | 100% | ||
mianeri | 0 | 124,886,470 | 100% | ||
substance | 0 | 9,430,696,248 | 100% | ||
robinhood | 0 | 112,922,959 | 100% |
Thanks, I guess?
post_id | 148,928 |
---|---|
author | bergy |
permlink | re-robinhood-offline-attack-on-steem-user-credentials-20160720t003904626z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-20 00:39:06 |
last_update | 2016-07-20 00:39:06 |
depth | 1 |
children | 0 |
net_rshares | 0 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 16 |
author_reputation | 4,713,389,536,157 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
I can say nothing here except thank you! This really should be the most upvoted topic of the day. Here's an upvote from me!
post_id | 150,424 |
---|---|
author | williambanks |
permlink | re-robinhood-offline-attack-on-steem-user-credentials-20160720t021007790z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-20 02:10:09 |
last_update | 2016-07-20 02:10:09 |
depth | 1 |
children | 0 |
net_rshares | 417,493,850,561 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.612 SBD |
curator_payout_value | 0.204 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 125 |
author_reputation | 90,735,613,033,058 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
cass | 0 | 417,493,850,561 | 100% |
i changed it now
post_id | 151,776 |
---|---|
author | bleepcoin |
permlink | re-robinhood-offline-attack-on-steem-user-credentials-20160720t035804636z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-20 03:58:03 |
last_update | 2016-07-20 03:58:03 |
depth | 1 |
children | 0 |
net_rshares | 0 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 16 |
author_reputation | 29,587,693,495,256 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
Holy crap I'm glad you guys are a lot smarter than I am.
post_id | 152,716 |
---|---|
author | johnsmith |
permlink | re-robinhood-offline-attack-on-steem-user-credentials-20160720t051818954z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-20 05:18:15 |
last_update | 2016-07-20 05:18:15 |
depth | 1 |
children | 0 |
net_rshares | 0 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 56 |
author_reputation | 22,733,518,989,206 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
Thank for a great whitehat hack @robinhood People need to READ THIS AND TAKE SECURITY SERIOUSLY!!!! https://steemit.com/steemit/@fyrstikken/steemit-security-exchanges-and-why-by-a-guy-that-has-been-in-crypto-since-2009-new-people-read-this-now
post_id | 152,873 |
---|---|
author | fyrstikken |
permlink | re-robinhood-offline-attack-on-steem-user-credentials-20160720t053106955z |
category | steem |
json_metadata | "{"users": ["robinhood"], "links": ["https://steemit.com/steemit/@fyrstikken/steemit-security-exchanges-and-why-by-a-guy-that-has-been-in-crypto-since-2009-new-people-read-this-now"], "tags": ["steem"]}" |
created | 2016-07-20 05:31:06 |
last_update | 2016-07-20 05:31:06 |
depth | 1 |
children | 0 |
net_rshares | 229,395,502,593 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.400 SBD |
curator_payout_value | 0.029 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 247 |
author_reputation | 377,282,504,744,699 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
eric-boucher | 0 | 71,821,455,790 | 100% | ||
fyrstikken | 0 | 157,424,369,470 | 100% | ||
rdwn | 0 | 149,677,333 | 100% |
great to see someone getting on the topic and doing something about it, this was completely necessary
post_id | 152,992 |
---|---|
author | skorss |
permlink | re-robinhood-offline-attack-on-steem-user-credentials-20160720t053913488z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-20 05:39:18 |
last_update | 2016-07-20 05:39:18 |
depth | 1 |
children | 0 |
net_rshares | 0 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 101 |
author_reputation | 590,352,098,179 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
The hacker is a scumbag and should get his legs broken or worse. Quit treating him like a Knight in Shining armor.. He is nothing but lowlife gutter scum who caused a lot of people a lot of problems. Thou shall not steal. OP is nothing but an attention whore.
post_id | 153,679 |
---|---|
author | papa-pepper |
permlink | re-robinhood-offline-attack-on-steem-user-credentials-20160720t062859526z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-20 06:29:00 |
last_update | 2016-07-20 06:29:00 |
depth | 1 |
children | 0 |
net_rshares | -339,256,336,586 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 262 |
author_reputation | 1,441,746,443,905,746 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
cass | 0 | -339,256,336,586 | -100% |
http://keepass.info/
post_id | 153,739 |
---|---|
author | tosch |
permlink | re-robinhood-offline-attack-on-steem-user-credentials-20160720t063415807z |
category | steem |
json_metadata | "{"links": ["http://keepass.info/"], "tags": ["steem"]}" |
created | 2016-07-20 06:34:15 |
last_update | 2016-07-20 06:34:15 |
depth | 1 |
children | 0 |
net_rshares | 0 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 20 |
author_reputation | 3,146,138,068,696 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
WHY DON'T WE HAVE GOOGLE AUTHENTICATORS?
post_id | 155,309 |
---|---|
author | kingtylervvs |
permlink | re-robinhood-offline-attack-on-steem-user-credentials-20160720t084531629z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-20 08:45:30 |
last_update | 2016-07-20 08:45:30 |
depth | 1 |
children | 0 |
net_rshares | 245,094,337 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 40 |
author_reputation | 356,633,571,001 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
mixa | 0 | 245,094,337 | 100% |
Nice video lol thanks!
post_id | 157,253 |
---|---|
author | endgame |
permlink | re-robinhood-offline-attack-on-steem-user-credentials-20160720t111625716z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-20 11:16:27 |
last_update | 2016-07-20 11:16:27 |
depth | 1 |
children | 0 |
net_rshares | 0 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 22 |
author_reputation | -1,049,810,980,865 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
make sure everyone participates in the first steemit lottery https://i.imgflip.com/17okmb.jpg https://steemit.com/money/@nabilov/the-first-steem-lottery-hosted-by-member-nabilov#comments
post_id | 159,423 |
---|---|
author | nabilov |
permlink | re-robinhood-offline-attack-on-steem-user-credentials-20160720t135302661z |
category | steem |
json_metadata | "{"image": ["https://i.imgflip.com/17okmb.jpg"], "tags": ["steem"]}" |
created | 2016-07-20 13:53:06 |
last_update | 2016-07-20 13:53:06 |
depth | 1 |
children | 0 |
net_rshares | -898,766,189,380 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 186 |
author_reputation | 2,499,066,298,306 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
liondani | 0 | -898,766,189,380 | -100% |
Steemit will grow bigger as a community. And with monetary rewards involved, we should expect and, maybe even accept people with different views and beliefs and motives. From this post, it might just spell the beginning for many exciting things to happen here. Wherever exists blackhats, we just pray hard more whitehats appear. With the increasing popularity, this community will definitely grow, and perhaps its a good sign that @robinhood is here, helping us in his own ways. Even though, it indeed is wiser to leave the 'bad guys' to the 'cops'(devs), but i guess it doesn't suck if we have a @robinhood around that we can trust, as this community grows. To the whitehats around!
post_id | 159,905 |
---|---|
author | neowenyuan27 |
permlink | re-robinhood-offline-attack-on-steem-user-credentials-20160720t142728397z |
category | steem |
json_metadata | "{"users": ["robinhood"], "tags": ["steem"]}" |
created | 2016-07-20 14:27:33 |
last_update | 2016-07-20 14:27:33 |
depth | 1 |
children | 0 |
net_rshares | 0 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 690 |
author_reputation | 225,597,006,884 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
@robinhood : you are just awesome. I cannot think about how much the steem community and especially the developers need to thank you. You are incredible. Thanks for that.
post_id | 160,602 |
---|---|
author | geronimo |
permlink | re-robinhood-offline-attack-on-steem-user-credentials-20160720t151022753z |
category | steem |
json_metadata | "{"users": ["robinhood"], "tags": ["steem"]}" |
created | 2016-07-20 15:10:24 |
last_update | 2016-07-20 15:10:24 |
depth | 1 |
children | 0 |
net_rshares | 0 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 170 |
author_reputation | 2,921,161,415,347 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
Anyone have a recommended method of machine-generating a password?
post_id | 162,767 |
---|---|
author | faddat |
permlink | re-robinhood-offline-attack-on-steem-user-credentials-20160720t173131296z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-20 17:31:30 |
last_update | 2016-07-20 17:31:30 |
depth | 1 |
children | 0 |
net_rshares | 0 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 66 |
author_reputation | 36,587,550,369,900 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
Thanks a lot for the words of advice. Namaste :)
post_id | 164,124 |
---|---|
author | eric-boucher |
permlink | re-robinhood-offline-attack-on-steem-user-credentials-20160720t184937006z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-20 18:49:36 |
last_update | 2016-07-20 18:49:36 |
depth | 1 |
children | 0 |
net_rshares | 0 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 50 |
author_reputation | 68,478,707,640,592 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
The SpaceBalls is the my favorite movie :)
post_id | 164,662 |
---|---|
author | cyberdesire |
permlink | re-robinhood-offline-attack-on-steem-user-credentials-20160720t192002342z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-20 19:20:06 |
last_update | 2016-07-20 19:20:06 |
depth | 1 |
children | 0 |
net_rshares | 111,900,634 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 42 |
author_reputation | 470,134,608,167 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
cyberdesire | 0 | 111,900,634 | 100% |
Up vote for space balls photo
post_id | 164,708 |
---|---|
author | conda |
permlink | re-robinhood-offline-attack-on-steem-user-credentials-20160720t192254564z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-20 19:22:54 |
last_update | 2016-07-20 19:22:54 |
depth | 1 |
children | 0 |
net_rshares | 0 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 29 |
author_reputation | 222,160,409,195 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
Keep up the good work!!
post_id | 165,654 |
---|---|
author | seanmchughart |
permlink | re-robinhood-offline-attack-on-steem-user-credentials-20160720t201309489z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-20 20:13:09 |
last_update | 2016-07-20 20:13:09 |
depth | 1 |
children | 0 |
net_rshares | 0 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 23 |
author_reputation | 257,698,037,451 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
hopefully leaves a more lasting impression than yet another
post_id | 165,836 |
---|---|
author | rdwn |
permlink | re-robinhood-offline-attack-on-steem-user-credentials-20160720t202200134z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-20 20:22:00 |
last_update | 2016-07-20 20:22:00 |
depth | 1 |
children | 0 |
net_rshares | 150,288,816 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 59 |
author_reputation | -377,282,504,744 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
rdwn | 0 | 150,288,816 | 100% |
I'm glad you didn't do anything malicious with this great power. Key management when left to the general public is likely dangerous. Hopefully if they lose money once, they'll learn their lesson.
post_id | 166,080 |
---|---|
author | seelemonsonline |
permlink | re-robinhood-offline-attack-on-steem-user-credentials-20160720t203620348z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-20 20:36:18 |
last_update | 2016-07-20 20:36:18 |
depth | 1 |
children | 0 |
net_rshares | 0 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 195 |
author_reputation | 92,611,872,812 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
Do the new 32 chars password requirement will prevent any future dictionnary attack ?
post_id | 167,493 |
---|---|
author | pierregi |
permlink | re-robinhood-offline-attack-on-steem-user-credentials-20160720t215549716z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-20 21:55:48 |
last_update | 2016-07-20 21:55:48 |
depth | 1 |
children | 0 |
net_rshares | 0 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 85 |
author_reputation | 11,422,936,900 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
Hm. I vote that you continue to do this and make posts about how you did it, and what recommendations you made. I promise I will upvote you every time I see it :P You're the first white hat I've seeing doing these sorts of white hat things in crypto since I got in the game a year ago!
post_id | 167,747 |
---|---|
author | blakemiles84 |
permlink | re-robinhood-offline-attack-on-steem-user-credentials-20160720t220711091z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-20 22:07:12 |
last_update | 2016-07-20 22:07:12 |
depth | 1 |
children | 0 |
net_rshares | 273,929,931,739 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.516 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 289 |
author_reputation | 51,813,680,698,502 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
blakemiles84 | 0 | 273,929,931,739 | 100% |
Look at you, so young and carefree :-)
post_id | 172,195 |
---|---|
author | theemperor |
permlink | re-robinhood-offline-attack-on-steem-user-credentials-20160721t030851132z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-21 03:11:03 |
last_update | 2016-07-21 03:11:03 |
depth | 1 |
children | 0 |
net_rshares | 0 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 38 |
author_reputation | 8,731,947,403 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
Hopefully steemit will realize this is something of HIGH relevance and importance, since most of the people don't know how to pick passwords (and most of those also use the same password for many identities: mail, facebook, and more). Thanks for your post, very appreciated!
post_id | 172,653 |
---|---|
author | sharingtheworld |
permlink | re-robinhood-offline-attack-on-steem-user-credentials-20160721t034639588z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-21 03:46:39 |
last_update | 2016-07-21 03:46:39 |
depth | 1 |
children | 0 |
net_rshares | 102,101,603 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 274 |
author_reputation | 249,268,078,932 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
sharingtheworld | 0 | 102,101,603 | 100% |
thats a both sided sword. users either wont be able to registr or will loose keys and loose money anyways. the only way i see is 2FA, still complex but most frienldy from all of this
post_id | 172,929 |
---|---|
author | kingscrown |
permlink | re-robinhood-offline-attack-on-steem-user-credentials-20160721t041129960z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-21 04:11:30 |
last_update | 2016-07-21 04:11:30 |
depth | 1 |
children | 0 |
net_rshares | 9,421,624,673 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 183 |
author_reputation | 1,990,164,104,714,661 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
perky | 0 | 8,688,524,361 | 100% | ||
sillyfilthy | 0 | 733,100,312 | 100% |
Amazing work and really making a difference in how we all move forward in the world.
post_id | 173,578 |
---|---|
author | dony91 |
permlink | re-robinhood-offline-attack-on-steem-user-credentials-20160721t051123372z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-21 05:11:24 |
last_update | 2016-07-21 05:11:24 |
depth | 1 |
children | 0 |
net_rshares | 0 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 84 |
author_reputation | 3,379,783,558 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
upvote back the ones that upvote you
post_id | 175,657 |
---|---|
author | nioctib |
permlink | re-robinhood-offline-attack-on-steem-user-credentials-20160721t083545013z |
category | steem |
json_metadata | "{"tags": ["steem"]}" |
created | 2016-07-21 08:35:45 |
last_update | 2016-07-21 08:35:45 |
depth | 1 |
children | 0 |
net_rshares | 23,648,397 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 36 |
author_reputation | 85,113,803,820 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
sillyfilthy | 0 | 23,648,397 | 100% |
can you get in touch with me on the slack channel? (my name there is also liondani) It is about a steemit user they "lost" his owner key and needs desperately help @tonyson (lost owner key) now he posts under his new account @hien-tran read his post about the "hack" https://steemit.com/steemit/@hien-tran/i-wonder-if-you-could-help-me-with-my-account co-founder of steemit @ned encouraged him to get in touch with you and that was a great idea in my opinion (I don't know if the reached already to you,his English are poor) I will appreciate it very much if you helped him "recover" his keys.... It is obvious that the funds he has lost are significant for him (he lives with his little Son in Vietnam).... I can Imagine it will change his life if he can have access to his funds! Thanks in advance and please make a post about it so we can tip you for helping a dedicated community member. Thanks
post_id | 215,028 |
---|---|
author | liondani |
permlink | re-robinhood-offline-attack-on-steem-user-credentials-20160723t132937748z |
category | steem |
json_metadata | "{"users": ["tonyson", "hien-tran", "ned"], "links": ["https://steemit.com/steemit/@hien-tran/i-wonder-if-you-could-help-me-with-my-account"], "tags": ["steem"]}" |
created | 2016-07-23 13:29:39 |
last_update | 2016-07-23 13:31:54 |
depth | 1 |
children | 1 |
net_rshares | 916,741,513,168 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 1.412 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 902 |
author_reputation | 91,903,771,336,326 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
liondani | 0 | 916,741,513,168 | 100% |
Sorry but I can't help this user - I checked my logs and @tonyson was not one of the accounts that I updated. The accounts I updated had their keys changed to either `STM7kyb6WK6Sg9Eu4uu7WGqjYdqJzdBeKEWVDaDEKsgvhvESJZ1vM` or `STM65wH1LZ7BfSHcK69SShnqCAH5xdoSZpGkUjmzHJ5GCuxEK9V5G` which are the owner keys for @steemit and @steemit3 respectively.
post_id | 222,075 |
---|---|
author | robinhood |
permlink | re-liondani-re-robinhood-offline-attack-on-steem-user-credentials-20160723t212823000z |
category | steem |
json_metadata | "{"users": ["tonyson", "steemit", "steemit3"], "tags": ["steem"]}" |
created | 2016-07-23 21:28:03 |
last_update | 2016-07-23 21:28:03 |
depth | 2 |
children | 0 |
net_rshares | 0 |
last_payout | 2016-08-23 13:10:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 350 |
author_reputation | 2,616,843,664,428 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
Congratulations @robinhood! You received a personal award! <table><tr><td>https://steemitimages.com/70x70/http://steemitboard.com/@robinhood/birthday3.png</td><td>Happy Birthday! - You are on the Steem blockchain for 3 years!</td></tr></table> <sub>_You can view [your badges on your Steem Board](https://steemitboard.com/@robinhood) and compare to others on the [Steem Ranking](https://steemitboard.com/ranking/index.php?name=robinhood)_</sub> ###### [Vote for @Steemitboard as a witness](https://v2.steemconnect.com/sign/account-witness-vote?witness=steemitboard&approve=1) to get one more award and increased upvotes!
post_id | 78,103,242 |
---|---|
author | steemitboard |
permlink | steemitboard-notify-robinhood-20190719t040656000z |
category | steem |
json_metadata | {"image":["https:\/\/steemitboard.com\/img\/notify.png"]} |
created | 2019-07-19 04:06:57 |
last_update | 2019-07-19 04:06:57 |
depth | 1 |
children | 0 |
net_rshares | 0 |
last_payout | 2019-07-26 04:06:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 624 |
author_reputation | 38,705,954,145,809 |
root_title | "Offline Attack on Steem User Credentials" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |