RE: IMPORTANT !!! Vulnerability in password protection for accounts by furion

View this thread on steempeak.com

Viewing a response to: @smi/important-vulnerability-in-password-protection-for-accounts

vulnerability · @furion · (edited)
afaik, there is an email notification service in development that will address this and other cases.

Thank you for bringing it up.
👍  
properties (23)
post_id2,141,688
authorfurion
permlinkre-smi-important-vulnerability-in-password-protection-for-accounts-20170313t222508750z
categoryvulnerability
json_metadata"{"app": "steemit/0.1", "tags": ["vulnerability"]}"
created2017-03-13 22:25:09
last_update2017-03-13 22:27:42
depth1
children5
net_rshares161,484,243
last_payout2017-04-14 04:03:00
cashout_time1969-12-31 23:59:59
total_payout_value0.000 SBD
curator_payout_value0.000 SBD
pending_payout_value0.000 SBD
promoted0.000 SBD
body_length131
author_reputation116,591,440,117,983
root_title"IMPORTANT !!! Vulnerability in password protection for accounts"
beneficiaries[]
max_accepted_payout1,000,000.000 SBD
percent_steem_dollars10,000
author_curate_reward""
vote details (1)
@hanshotfirst · 
Hi. I am not sure how to tell if there is a problem. I went to "stolen account recovery". If all is well, what message will I see there?

Thank you
👍  ,
properties (23)
post_id2,141,715
authorhanshotfirst
permlinkre-furion-re-smi-important-vulnerability-in-password-protection-for-accounts-20170313t222852796z
categoryvulnerability
json_metadata"{"app": "steemit/0.1", "tags": ["vulnerability"]}"
created2017-03-13 22:28:51
last_update2017-03-13 22:28:51
depth2
children1
net_rshares340,757,731
last_payout2017-04-14 04:03:00
cashout_time1969-12-31 23:59:59
total_payout_value0.000 SBD
curator_payout_value0.000 SBD
pending_payout_value0.000 SBD
promoted0.000 SBD
body_length147
author_reputation503,758,308,712,084
root_title"IMPORTANT !!! Vulnerability in password protection for accounts"
beneficiaries[]
max_accepted_payout1,000,000.000 SBD
percent_steem_dollars10,000
author_curate_reward""
vote details (2)
@smi · 
Your Recovery account	- steem. All is well. https://steemd.com/@hanshotfirst
properties (22)
post_id2,141,772
authorsmi
permlinkre-hanshotfirst-re-furion-re-smi-important-vulnerability-in-password-protection-for-accounts-20170313t223612657z
categoryvulnerability
json_metadata"{"app": "steemit/0.1", "links": ["https://steemd.com/@hanshotfirst"], "tags": ["vulnerability"]}"
created2017-03-13 22:36:12
last_update2017-03-13 22:36:12
depth3
children0
net_rshares0
last_payout2017-04-14 04:03:00
cashout_time1969-12-31 23:59:59
total_payout_value0.000 SBD
curator_payout_value0.000 SBD
pending_payout_value0.000 SBD
promoted0.000 SBD
body_length76
author_reputation427,672,289,026
root_title"IMPORTANT !!! Vulnerability in password protection for accounts"
beneficiaries[]
max_accepted_payout1,000,000.000 SBD
percent_steem_dollars10,000
@pfunk · 
A message/alert on Steemit itself, in addition to an email, would be a good measure. I think a lot of people use application-specific email addresses to register on Steemit and probably don't check them often or at all.
👍  
properties (23)
post_id2,143,619
authorpfunk
permlinkre-furion-re-smi-important-vulnerability-in-password-protection-for-accounts-20170314t042721713z
categoryvulnerability
json_metadata"{"app": "steemit/0.1", "tags": ["vulnerability"]}"
created2017-03-14 04:27:24
last_update2017-03-14 04:27:24
depth2
children2
net_rshares161,484,243
last_payout2017-04-14 04:03:00
cashout_time1969-12-31 23:59:59
total_payout_value0.000 SBD
curator_payout_value0.000 SBD
pending_payout_value0.000 SBD
promoted0.000 SBD
body_length219
author_reputation208,395,764,935,287
root_title"IMPORTANT !!! Vulnerability in password protection for accounts"
beneficiaries[]
max_accepted_payout1,000,000.000 SBD
percent_steem_dollars10,000
author_curate_reward""
vote details (1)
@furion · 
Good point.
properties (22)
post_id2,144,528
authorfurion
permlinkre-pfunk-re-furion-re-smi-important-vulnerability-in-password-protection-for-accounts-20170314t081718981z
categoryvulnerability
json_metadata"{"app": "steemit/0.1", "tags": ["vulnerability"]}"
created2017-03-14 08:17:18
last_update2017-03-14 08:17:18
depth3
children0
net_rshares0
last_payout2017-04-14 04:03:00
cashout_time1969-12-31 23:59:59
total_payout_value0.000 SBD
curator_payout_value0.000 SBD
pending_payout_value0.000 SBD
promoted0.000 SBD
body_length11
author_reputation116,591,440,117,983
root_title"IMPORTANT !!! Vulnerability in password protection for accounts"
beneficiaries[]
max_accepted_payout1,000,000.000 SBD
percent_steem_dollars10,000
@renzoarg · 
E-mail is an already archaic technology. What about people that used disposable e-mails? (It turns out that cryptoenthusiasts are also fanatics of never disclosing personal data to anyone).

Perhaps using a signed message from another key could be used (a configurable bitcoin wallet, perhaps?)
<blockquote>To change (whatever), please sign this message with (BTC address; that should also require a signed message to be changed):<br />
<blockquote>"Change the data of my account: TIMESTAMP"</blockquote></blockquote>
properties (22)
post_id2,151,770
authorrenzoarg
permlinkre-pfunk-re-furion-re-smi-important-vulnerability-in-password-protection-for-accounts-20170315t071601388z
categoryvulnerability
json_metadata"{"app": "steemit/0.1", "tags": ["vulnerability"]}"
created2017-03-15 07:16:03
last_update2017-03-15 07:16:03
depth3
children0
net_rshares0
last_payout2017-04-14 04:03:00
cashout_time1969-12-31 23:59:59
total_payout_value0.000 SBD
curator_payout_value0.000 SBD
pending_payout_value0.000 SBD
promoted0.000 SBD
body_length517
author_reputation62,934,514,884,081
root_title"IMPORTANT !!! Vulnerability in password protection for accounts"
beneficiaries[]
max_accepted_payout1,000,000.000 SBD
percent_steem_dollars10,000
Help/Feedback