IMPORTANT !!! Vulnerability in password protection for accounts

in vulnerability •  8 years ago  (edited)

It is necessary 30-day notice is required on the steemit.com website when the recovery-account is changed, for example, the red text in the profile "your recovery-account has been changed, if it was not you, then your password was compromised, change the password and change the recovery-account"

I think it's not difficult to do, do not even need to edit the blockchain.

Because if an attacker steals your password, he will change your recovery-account. You will not know about it. After 30 days, the attacker will steal the account. And you can never restore it. It's worse than on facebook.

I have already told golos.io about this vulnerability and it will be fixed.
I apologize for my bad English, my telegram @dikanevn

@abit @furion I do not know who else to note

vulnerability steem steemit security
8 years ago by

Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

  • Disagreement on rewards
  • Fraud or plagiarism
  • Hate speech or trolling
  • Miscategorized content or spam

Submit
$3.56
  • Promotion Cost $0.00
  • Past Payouts $3.56
  • - Author $2.75
  • - Curators $0.81
117 votes
8
Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  
  • Trending
    • [-]
      ·  8 years ago 

    Good point.

    Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

    • Disagreement on rewards
    • Fraud or plagiarism
    • Hate speech or trolling
    • Miscategorized content or spam

    Submit
    $0.02
    • Past Payouts $0.02
    • - Author $0.02
    • - Curators $0.00
    6 votes
    [-]
      ·  8 years ago (edited)

    What do you know. There is an active user behind the flags.

    Would you be willing to un-flag my posts please?

    Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

    • Disagreement on rewards
    • Fraud or plagiarism
    • Hate speech or trolling
    • Miscategorized content or spam

    Submit
    $0.00
      2 votes
      [-]
        ·  8 years ago (edited)

      afaik, there is an email notification service in development that will address this and other cases.

      Thank you for bringing it up.

      Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

      • Disagreement on rewards
      • Fraud or plagiarism
      • Hate speech or trolling
      • Miscategorized content or spam

      Submit
      $0.00
        1 vote
        [-]
          ·  8 years ago 

        Hi. I am not sure how to tell if there is a problem. I went to "stolen account recovery". If all is well, what message will I see there?

        Thank you

        Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

        • Disagreement on rewards
        • Fraud or plagiarism
        • Hate speech or trolling
        • Miscategorized content or spam

        Submit
        $0.00
          2 votes
          [-]
            ·  8 years ago 

          Your Recovery account - steem. All is well. https://steemd.com/@hanshotfirst

          Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

          • Disagreement on rewards
          • Fraud or plagiarism
          • Hate speech or trolling
          • Miscategorized content or spam

          Submit
          $0.00
            [-]
              ·  8 years ago 

            A message/alert on Steemit itself, in addition to an email, would be a good measure. I think a lot of people use application-specific email addresses to register on Steemit and probably don't check them often or at all.

            Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

            • Disagreement on rewards
            • Fraud or plagiarism
            • Hate speech or trolling
            • Miscategorized content or spam

            Submit
            $0.00
              1 vote
              [-]
                ·  8 years ago 

              Good point.

              Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

              • Disagreement on rewards
              • Fraud or plagiarism
              • Hate speech or trolling
              • Miscategorized content or spam

              Submit
              $0.00
                [-]
                  ·  8 years ago 

                E-mail is an already archaic technology. What about people that used disposable e-mails? (It turns out that cryptoenthusiasts are also fanatics of never disclosing personal data to anyone).

                Perhaps using a signed message from another key could be used (a configurable bitcoin wallet, perhaps?)

                To change (whatever), please sign this message with (BTC address; that should also require a signed message to be changed):
                "Change the data of my account: TIMESTAMP"

                Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

                • Disagreement on rewards
                • Fraud or plagiarism
                • Hate speech or trolling
                • Miscategorized content or spam

                Submit
                $0.00