create account

SteemIt.com is to be hacked? Security advisory. by vl248

View this thread on: hive.blogpeakd.comecency.com
· @vl248 · (edited)
$601.01
SteemIt.com is to be hacked? Security advisory.
<html>
<p>Hi there, steemers. As we all know security matters. Much.</p>
<p><img src="http://i.imgsafe.org/69f359803f.png" width="669" height="268"/></p>
<p>As we can see steemit.com has been the fastest growing community lately. People of different countries, nations, languages and opinions join us every minute. I personally encountered two different serious errors on the website steemit.com today.</p>
<p><em>What does this say? That website steemit.com is not ready for this count of users.</em></p>
<p>My opinion it is not ready for hackers or spamers too. What if someone makes robots with a parser (on python or etc). Facebook accounts can be bought online. This is not a problem. So robots upvote each other, post random content and earn steems.</p>
<p>It is easy for a programmer. DDOS-ing steemit.com is even easier now. These are only two simple examples of intrusion that will influence comminuty. But I am sure there are more possibilites. <a href="http://www.wired.com/2016/06/50-million-hack-just-showed-dao-human/">Everybody remembers the DAO and what happened to it.&nbsp;</a></p>
<p><br></p>
<p><img src="http://i.imgsafe.org/69ee8a6fb7.png" width="644" height="249"/></p>
<p><strong>&nbsp;So what can we do?&nbsp;</strong></p>
<p>&nbsp;</p>
<p><em>First of all we can be more careful, and secure your personal steem.</em></p>
<p>How to do it is written here:</p>
<p>How to make a very secure owner key for cold storage: <a href=" https://steemit.com/steemit-guides/@pfunk/your-steem-account-is-worth-money-how-to-secure-it-with-a-new-owner-key-to-keep-it-yours-forever">Your Steem account is worth money! How to secure it with a new owner key to keep it yours forever</a></p>
<p>How to use or make a secure enough posting key and switch to using it to log in: <a href="https://steemit.com/steemit-guides/@pfunk/how-to-login-with-your-posting-key-and-why-this-is-important">How to login with your posting key (and why this is important)</a></p>
<p><br></p>
<p><em>Next advise is: do not give your passwords to anyone.</em></p>
<p><em>&nbsp;</em>Check the SSL sertificate for steemit.com (press green lock to the left of address now) and always check it to be like now BEFORE typing you password.</p>
<p><img src="http://i.imgsafe.org/69fa3cf7e8.png" width="264" height="72"/></p>
<p>Moving on. I think in the community there are many security specialists and we can ask them to try to hijack the steemit.com for good.</p>
<p><br></p>
<p><em>Report bugs.</em></p>
<p>How to do it is written here: &nbsp;<a href="https://steemit.com/steamit/@noisy/steem-bug-bounty-program-how-to-reports-bugs-and-new-ideas">STEEM Bug Bounty Program - How to reports bugs and new ideas</a></p>
<p><br></p>
<p>Also other services like <a href="https://steemit.com/telegram/@vl248/telegram-a-new-era-of-messaging">Telegram</a> provide a decent payment for those who can hack into their system for good. Maybe and here everyone should chip in 1 steem for a good case as a payout?&nbsp;</p>
<p>And if you notice something suspicious you should tell other users so we can notice it. If you're not being heard here, fell free to join <a href="https://steemit.com/telegram/@vl248/telegram-a-new-era-of-messaging">Telegram communities (links are at the end of this article)</a>. All questions get answers there.</p>
<p>Don't forget to check my <a href="https://steemit.com/steemit/@vl248/fraud-steemit-opportunuties">newer post where I reveal fraud schemes in SteemIt</a>.</p>
<p>&nbsp;What do you think? Post in comments.</p>
</html>
👍  , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , and 87 others
👎  ,
properties (23)
authorvl248
permlinksteemit-com-is-to-be-hacked-security-advisory
categorysteemit
json_metadata"{"tags":["steemit","steem","ru","telegram","security","hack","hackers","safety"],"image":["http://i.imgsafe.org/69f359803f.png","http://i.imgsafe.org/69ee8a6fb7.png","http://i.imgsafe.org/69fa3cf7e8.png"],"links":["http://www.wired.com/2016/06/50-million-hack-just-showed-dao-human/"," https://steemit.com/steemit-guides/@pfunk/your-steem-account-is-worth-money-how-to-secure-it-with-a-new-owner-key-to-keep-it-yours-forever","https://steemit.com/steemit-guides/@pfunk/how-to-login-with-your-posting-key-and-why-this-is-important","https://steemit.com/steamit/@noisy/steem-bug-bounty-program-how-to-reports-bugs-and-new-ideas","https://steemit.com/telegram/@vl248/telegram-a-new-era-of-messaging","https://steemit.com/steemit/@vl248/fraud-steemit-opportunuties"]}"
created2016-07-13 20:07:03
last_update2016-07-15 05:40:51
depth0
children13
last_payout2016-08-22 18:46:45
cashout_time1969-12-31 23:59:59
total_payout_value452.908 HBD
curator_payout_value148.103 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length3,527
author_reputation1,516,425,134,719
root_title"SteemIt.com is to be hacked? Security advisory."
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id100,077
net_rshares81,584,179,211,936
author_curate_reward""
vote details (153)
@ash ·
great tips, best thing is to only log in with you posting key. 

there's literally a $850k difference between logged in with owner or posting key
properties (22)
authorash
permlinkre-vl248-steemit-com-is-to-be-hacked-security-advisory-20160715t051835943z
categorysteemit
json_metadata{"tags":["steemit"]}
created2016-07-15 05:18:33
last_update2016-07-15 05:18:33
depth1
children0
last_payout2016-08-22 18:46:45
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length145
author_reputation286,803,743,324,398
root_title"SteemIt.com is to be hacked? Security advisory."
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id114,772
net_rshares0
@bubblyapple ·
@vl248, looks like you called it!
properties (22)
authorbubblyapple
permlinkre-vl248-steemit-com-is-to-be-hacked-security-advisory-20160714t220050470z
categorysteemit
json_metadata{"tags":["steemit"],"users":["vl248"]}
created2016-07-14 22:01:00
last_update2016-07-14 22:01:00
depth1
children1
last_payout2016-08-22 18:46:45
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length33
author_reputation14,965,839,576
root_title"SteemIt.com is to be hacked? Security advisory."
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id112,773
net_rshares0
@vl248 · (edited)
Yeah seems like it. @ned upvoted my post the day I posted so he read it and was prepared :D
Also better such a small hack at project early days then hack that will kill the project later.
I think this is only for good.
properties (22)
authorvl248
permlinkre-bubblyapple-re-vl248-steemit-com-is-to-be-hacked-security-advisory-20160715t053517910z
categorysteemit
json_metadata{"tags":["steemit"],"users":["ned"]}
created2016-07-15 05:35:21
last_update2016-07-15 05:35:48
depth2
children0
last_payout2016-08-22 18:46:45
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length218
author_reputation1,516,425,134,719
root_title"SteemIt.com is to be hacked? Security advisory."
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id114,932
net_rshares0
@hipster ·
$0.37
There is no problem with Facebook bots. To withdraw account should multiply SP by factor of 10.
👍  , ,
properties (23)
authorhipster
permlinkre-vl248-steemit-com-is-to-be-hacked-security-advisory-20160714t123737802z
categorysteemit
json_metadata{"tags":["steemit"]}
created2016-07-14 12:37:36
last_update2016-07-14 12:37:36
depth1
children0
last_payout2016-08-22 18:46:45
cashout_time1969-12-31 23:59:59
total_payout_value0.364 HBD
curator_payout_value0.004 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length95
author_reputation43,811,990,885,529
root_title"SteemIt.com is to be hacked? Security advisory."
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id109,707
net_rshares877,107,630,234
author_curate_reward""
vote details (3)
@lukestokes ·
You may also want to mention how [useful and important a password manager is](https://steemit.com/steemit/@lukestokes/upvote-if-you-changed-your-owner-password-active-password-posting-password-and-memo-password). Cold paper wallets are great, but most users will be fine with a computer using updated security patches, updated antivirus, and a good password manager. Using the browser plugin also protects against password phishing sites because they will not load in a password if the domain doesn't match.
properties (22)
authorlukestokes
permlinkre-vl248-steemit-com-is-to-be-hacked-security-advisory-20160715t055316802z
categorysteemit
json_metadata{"tags":["steemit"],"links":["https://steemit.com/steemit/@lukestokes/upvote-if-you-changed-your-owner-password-active-password-posting-password-and-memo-password"]}
created2016-07-15 05:53:15
last_update2016-07-15 05:53:15
depth1
children0
last_payout2016-08-22 18:46:45
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length507
author_reputation554,601,966,217,919
root_title"SteemIt.com is to be hacked? Security advisory."
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id115,116
net_rshares0
@magnebit ·
Thanks for some of this.  I was wondering about how secure the login process is.  The bandwidth occurrences are just a scaling process.
👍  
properties (23)
authormagnebit
permlinkre-vl248-steemit-com-is-to-be-hacked-security-advisory-20160714t020335604z
categorysteemit
json_metadata{"tags":["steemit"]}
created2016-07-14 02:03:33
last_update2016-07-14 02:03:33
depth1
children0
last_payout2016-08-22 18:46:45
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length135
author_reputation4,957,809,430,246
root_title"SteemIt.com is to be hacked? Security advisory."
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id103,923
net_rshares4,688,067,403
author_curate_reward""
vote details (1)
@noisy ·
$0.03
please report this on `steemit-bugs` tag, as was described here:

https://steemit.com/steamit/@noisy/steem-bug-bounty-program-how-to-reports-bugs-and-new-ideas
👍  , , , ,
properties (23)
authornoisy
permlinkre-vl248-steemit-com-is-to-be-hacked-security-advisory-20160713t202445927z
categorysteemit
json_metadata{"tags":["steemit"],"links":["https://steemit.com/steamit/@noisy/steem-bug-bounty-program-how-to-reports-bugs-and-new-ideas"]}
created2016-07-13 20:24:45
last_update2016-07-13 20:24:45
depth1
children2
last_payout2016-08-22 18:46:45
cashout_time1969-12-31 23:59:59
total_payout_value0.021 HBD
curator_payout_value0.006 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length159
author_reputation59,974,373,499,600
root_title"SteemIt.com is to be hacked? Security advisory."
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id100,284
net_rshares82,243,685,260
author_curate_reward""
vote details (5)
@vl248 ·
Wow, thanks, that's useful. I updated my post. 

Bugs I met seem to be gone and fixed. If I meet'em again I will report them.
👍  
properties (23)
authorvl248
permlinkre-noisy-re-vl248-steemit-com-is-to-be-hacked-security-advisory-20160713t204059956z
categorysteemit
json_metadata{"tags":["steemit"]}
created2016-07-13 20:41:00
last_update2016-07-13 20:41:00
depth2
children1
last_payout2016-08-22 18:46:45
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length125
author_reputation1,516,425,134,719
root_title"SteemIt.com is to be hacked? Security advisory."
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id100,468
net_rshares249,371,772
author_curate_reward""
vote details (1)
@noisy · (edited)
thanks for mentioning my post in yours. I have just noticed that! I am not sure, is it only for me or all links in your post are not clickable.
👍  
properties (23)
authornoisy
permlinkre-vl248-re-noisy-re-vl248-steemit-com-is-to-be-hacked-security-advisory-20160715t050047248z
categorysteemit
json_metadata{"tags":["steemit"]}
created2016-07-15 05:00:48
last_update2016-07-15 05:01:18
depth3
children0
last_payout2016-08-22 18:46:45
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length143
author_reputation59,974,373,499,600
root_title"SteemIt.com is to be hacked? Security advisory."
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id114,620
net_rshares568,492,121
author_curate_reward""
vote details (1)
@on0tole ·
In addition to this post I want to discuss need add 2 FA to STEEMIT
https://steemit.com/security/@on0tole/on-the-need-add-2fa-to-steemit
👍  , , , , , ,
properties (23)
authoron0tole
permlinkre-vl248-steemit-com-is-to-be-hacked-security-advisory-20160715t003002352z
categorysteemit
json_metadata{"tags":["steemit"],"links":["https://steemit.com/security/@on0tole/on-the-need-add-2fa-to-steemit"]}
created2016-07-15 00:30:03
last_update2016-07-15 00:30:03
depth1
children0
last_payout2016-08-22 18:46:45
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length136
author_reputation951,865,524,120
root_title"SteemIt.com is to be hacked? Security advisory."
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id114,170
net_rshares4,203,757,241
author_curate_reward""
vote details (7)
@roelandp ·
Thanks for the advisory notes... 

I've just finished <b><a href="https://steemit.com/steem/@roelandp/steemstream-com-a-realtime-visualisation-of-all-activity-on-steemit">SteemStream.com</a></b> - a live peek on the realtime data on Streemit (posts, upvotes, money transfer, mining, new users, comments): 
<a href="https://steemit.com/steem/@roelandp/steemstream-com-a-realtime-visualisation-of-all-activity-on-steemit"><img src="https://s31.postimg.org/cor4mnfiz/steemstream.gif"></a>
👍  ,
properties (23)
authorroelandp
permlinkre-vl248-steemit-com-is-to-be-hacked-security-advisory-20160714t020541572z
categorysteemit
json_metadata{"tags":["steemit"],"image":["https://s31.postimg.org/cor4mnfiz/steemstream.gif"],"links":["https://steemit.com/steem/@roelandp/steemstream-com-a-realtime-visualisation-of-all-activity-on-steemit"]}
created2016-07-14 02:05:42
last_update2016-07-14 02:05:42
depth1
children0
last_payout2016-08-22 18:46:45
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length485
author_reputation662,936,810,561,284
root_title"SteemIt.com is to be hacked? Security advisory."
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id103,942
net_rshares1,848,950,467
author_curate_reward""
vote details (2)
@smolalit ·
"Все убытки пострадавшим от атаки пользователям будут возмещены в полном объеме" http://forklog.com/v-rezultate-ataki-na-steemit-ukradeno-okolo-85-000/
👍  ,
properties (23)
authorsmolalit
permlinkre-vl248-steemit-com-is-to-be-hacked-security-advisory-20160715t060452098z
categorysteemit
json_metadata{"tags":["steemit"],"links":["http://forklog.com/v-rezultate-ataki-na-steemit-ukradeno-okolo-85-000/"]}
created2016-07-15 06:04:18
last_update2016-07-15 06:04:18
depth1
children0
last_payout2016-08-22 18:46:45
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length151
author_reputation27,179,239,788,925
root_title"SteemIt.com is to be hacked? Security advisory."
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id115,238
net_rshares27,383,553,071
author_curate_reward""
vote details (2)
@vkoreshkoff ·
https://steemit.com/ru/@on0tole/soobshestvo-steem-v-telegram
👍  
properties (23)
authorvkoreshkoff
permlinkre-vl248-steemit-com-is-to-be-hacked-security-advisory-20160714t230640033z
categorysteemit
json_metadata{"tags":["steemit"],"links":["https://steemit.com/ru/@on0tole/soobshestvo-steem-v-telegram"]}
created2016-07-14 23:04:09
last_update2016-07-14 23:04:09
depth1
children0
last_payout2016-08-22 18:46:45
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length60
author_reputation216,392,531,645
root_title"SteemIt.com is to be hacked? Security advisory."
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id113,546
net_rshares1,809,280,907
author_curate_reward""
vote details (1)