Silk Road forums
Discussion => Silk Road discussion => Topic started by: acider on December 14, 2012, 08:59 pm
-
A warning for Asylum's customers.
From his vendor page:
"14.12.
I am Asylum's friend. Asylum has been arrested and his computer and drug-related equipment has been confiscated by Czech authorities. He is currently detained and it is unlikely he will be back. All records of buyer addresses and shipping-related info have been compromised."
http://silkroadvb5piz3r.onion/silkroad/user/c454ea9fd9
-
Not cool. :o Does anyone know (or keep track) how often this happens to our awesome vendors?
-
Well... fuck.
-
the vendor shouldn't have had any addresses if they were following SR rules.
-
Yes, because all of us here are SO good at following the rules... :P
-
Hmmm glade i never used him.. But the OP not saying its BS at all but he called you from jail gave you his SR account name and info to get on here to say that? Im not being sarcastic im just wondering why that would be his first worry to let ppl knw.. Unless he needs u to get his coins and bail/lawer for him.. IM just speculating. Dont mean nothing by it ..This sucks though,..
-
Yes, because all of us here are SO good at following the rules... :P
I'm a vendor at BMR and my customers' addresses don't exist one more second than they absolutely need to. After getting decrypted (inside a VM, with the VM's virtual hard drive inside a triple-encrypted TrueCrypt volume, secured with a 16-digit random password), and used, the addresses are overwritten ten times and then deleted ("shred -n 10 -u address.txt"). And I'm not a professional vendor (17 sales in the last six months), just spreading psychedelics so what I just described should be the absolute minimum for any professional vendor.
If the Czech police gets any useful data from his computer, it's his fault.
-
this sucks man :( I dont know who this vendor is but its a shity day for Silk Road, at least it teaches everyone involved from buyers to vendors and everyone in between that we need to take all precautions to be safe and insure the safety of our clients. I will say a prayer tonight for our fallen soldja.
-
this sucks man :( I dont know who this vendor is but its a shity day for Silk Road, at least it teaches everyone involved from buyers to vendors and everyone in between that we need to take all precautions to be safe and insure the safety of our clients. I will say a prayer tonight for our fallen soldja.
To all vendors who call us clients, not customers: may angels visit you this night and give you the best goddamn blowjob you've ever had. Just more polite, is all :D
-
Hmmm glade i never used him.. But the OP not saying its BS at all but he called you from jail gave you his SR account name and info to get on here to say that? Im not being sarcastic im just wondering why that would be his first worry to let ppl knw.. Unless he needs u to get his coins and bail/lawer for him.. IM just speculating. Dont mean nothing by it ..This sucks though,..
I am not the guy who changed his feedback obviously, I found out by checking his page.
-
Shit one.
-
Shit one.
Your door getting kicked in next Limetless?
-
Shit one.
Your door getting kicked in next Limetless?
I seriously doubt it and I also seriously doubt they have even the faintest idea where to look. :)
-
Shit one.
Your door getting kicked in next Limetless?
I seriously doubt it and I also seriously doubt they have even the faintest idea where to look. :)
wherever the mephedrone grows
-
Shit one.
Your door getting kicked in next Limetless?
I seriously doubt it and I also seriously doubt they have even the faintest idea where to look. :)
wherever the mephedrone grows
Hahahaha definitely not, I'm as far away from that as possible. :)
-
Shit one.
Your door getting kicked in next Limetless?
I seriously doubt it and I also seriously doubt they have even the faintest idea where to look. :)
wherever the mephedrone grows
Everyone knows that it is extracted from the Mephedra sinica, a plant that has been used in traditional British medicine for the treatment of boredom.
-
Shit one.
Your door getting kicked in next Limetless?
I seriously doubt it and I also seriously doubt they have even the faintest idea where to look. :)
wherever the mephedrone grows
Everyone knows that it is extracted from the Mephedra sinica, a plant that has been used in traditional British medicine for the treatment of boredom.
This is correct. :)
-
This sucks, don't the cops have any real criminals to track down?
-
This sucks, don't the cops have any real criminals to track down?
Yea, their just not good at their job really so they take what they can get...which is not usually who they should really be worried about...
-
Any details on how he got busted? Was she selling IRL too? Taking anything other than btc?
-
Shit one.
Your door getting kicked in next Limetless?
I seriously doubt it and I also seriously doubt they have even the faintest idea where to look. :)
A gogo bar on Soi Cowboy? ;)
-
i doubt limmy will ever get busted unless its for fucking some cops wife....:P
my addys r on a special 1 gig encrypted sticks that r erased - gutted 4 those of u who know
when the last finalization for that day is made.
if there is enough evidence to hold this guy its all on him !
it is sad - with all of the great posts in the security section made by the former members
of ovdb this kind of thing shouldn't even be an issue!!!!!!!!!!
-
There was another vendor, IIRC, that got pinched. His name was DavidD. He sold research chemicals like bk-MDMA. Good shit too.
-
Hmmm glade i never used him.. But the OP not saying its BS at all but he called you from jail gave you his SR account name and info to get on here to say that? Im not being sarcastic im just wondering why that would be his first worry to let ppl knw.. Unless he needs u to get his coins and bail/lawer for him.. IM just speculating. Dont mean nothing by it ..This sucks though,..
^^^
And lim, i'll shit two, just for you 8)
-
Shit one.
Your door getting kicked in next Limetless?
I seriously doubt it and I also seriously doubt they have even the faintest idea where to look. :)
wherever the mephedrone grows
lol. i've been getting some dark vibes from this subforum right now, i just cracked up
-
My account has been hacked!
The fucker didn't only steal coins that were laying there, he now tries to scam more!
Don't believe anything he claims or messages and don't send him anything.
I'm working on getting my SR account back with support. I don't know how to say how sorry I'm for that shit.
-
My account has been hacked!
The fucker didn't only steal coins that were laying there, he now tries to scam more!
Don't believe anything he claims or messages and don't send him anything.
I'm working on getting my SR account back with support. I don't know how to say how sorry I'm for that shit.
Good to know you haven't been busted. Good luck with getting your account back :)
-
If that's true I m happy you are not busted.
Change your forum password if you haven't already.
-
I knew something was off Asylum!! I said it in the first page it just seemed weird...I hope you didnt get too many coins taken// FUCK U SORRY FUCKS DOING THIS TO HARD WORKING VENDORS!!!
-
I'm doing what I can to get it back, messaging with SR support back and forth takes time though. Hopefully it's gonna be resolved ASAP.
He has stolen about 100 BTC laying there, but that's not the point. I'm really pissed that he now tries to message everyone and get more under my name.
Glad at least I was able to recover a forum account for now.
Of course none of the sensitive data is stored in the account. No customer's addresses etc. The most he could get a hold of are any addresses for orders made yesterday before he put my listings down - that's if they were not encrypted.
Besides, I don't store anything neither. Even if someone gets a hold of my computer, he won't find anything there.
-
Am soooo GLAD to hear you did not get busted !
Even though you are dealing with a first degree fucker right now : it beats the hell out of dealing with leo.
stay safe Asylum and may you get to have your way with the fucker who did this
-
My account has been hacked!
The fucker didn't only steal coins that were laying there, he now tries to scam more!
Don't believe anything he claims or messages and don't send him anything.
I'm working on getting my SR account back with support. I don't know how to say how sorry I'm for that shit.
Unless you start signing some of these statements with your GPG key I'd say your vendor account is DOA.
Why should anyone believe you're not LEO taking over a pinched vendors account?
-
i doubt limmy will ever get busted unless its for fucking some cops wife....:P
You always know what to say to make me smile Nugsy, again this is another sign we should get married. ;) 8)
-
My account has been hacked!
The fucker didn't only steal coins that were laying there, he now tries to scam more!
Don't believe anything he claims or messages and don't send him anything.
I'm working on getting my SR account back with support. I don't know how to say how sorry I'm for that shit.
Unless you start signing some of these statements with your GPG key I'd say your vendor account is DOA.
Why should anyone believe you're not LEO taking over a pinched vendors account?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Good point. It's me.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAEBAgAGBQJQzKfwAAoJENzDRG0l6WV1bWoIAMa5XSsRL6nX8N/NxWY7K3FZ
g9z3ufaMITC0MBJb56/GwAYYyn8nhJ3tPfXDCw2Rp7CU2Bs3BvVO9QcN3THYX8K0
S1K4YrW8MAJgbqSUYQ3BygYGDV4pVQXDb22ogZ8256el7HbD8mXrqP2w3CO7s7au
yRNy8iG6vLBG9XeMdXIIklO0SGzmSoqqSv0PP6PEKVDjBeF/xB73OGe8nnqgV8j3
WnQjFg12ZzDirriUwgM3Gumfx3kzk5dsPL11oRUb5ebOHTerFVtGh/kkNCjh2B2a
oXVitYpW1Sef6wpVdi96f+6cZwQTroYy2TF1cxQ4wyabs0e6e4FFAboOwaPzI08=
=fJAq
-----END PGP SIGNATURE-----
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.12 (GNU/Linux)
mQENBE/q09IBCAD6egaCUeTWIejCLu1psvfomW0jSry0e2NrRCxeOjVhH84qKWSd
0pwUm8Ty2rEggowWHLAvtxErKJhljRH1vI7QXUteJzwzIDPgBOOFq/PvaLVFL6ny
7/xDEwBvtTMhg8K5Vzojmf7QiQeWvd8ntz0ZOIJ64YdU9NDvtWoiY/DgKJiKoqk5
JUgYcCfuCHNq4qMHiV/icxpR4kk7KjPC8Rkm1ZHapKFZn63zArjQWDOOw2ui0coh
NLxQwb7BuWZBnoZGm80xqRu+18+PSLVlnxiAQi0n0EAx06WytaqYMWyF2eGecEyC
W7UcGupMNfL3tSN6aJ3BLSbqhzZHZ2C3k+shABEBAAG0G0FzeWx1bSA8YXN5bHVt
QHRvcm1haWwub3JnPokBOAQTAQIAIgUCT+rT0gIbAwYLCQgHAwIGFQgCCQoLBBYC
AwECHgECF4AACgkQ3MNEbSXpZXXsiwgAsF775Fwdy/TqBpf8KAYiRGyrbKCF/I+M
ZzHnhzsCBZTGSpRT7kO6f1vSp32J5rxtxS/TRe2iY8KoXEhgGMZrX9jWJr45E1ra
CqjkquxCUgu1yj2uCHwcvObOJkT3oliP8M0kehvh3zyePZrAgrZ4wskdvCJaxPSZ
9lnA713MeyqR1nunVw1cmLshMDH6p9VXNzJsGm6ZQ03YEiGbHbmaTaYRj3FpzJqY
zIT8GXRlTOJcIqX01RzN0C7QqthgaPc6fYjQ5/sKu0a/5ivNJnWcv9pNUozsgqZA
uJqqr3xaYcmpRhs/M1obNbf+sGp0/W0kiGpIbnEvJhfh4QOc+UvVP7kBDQRP6tPS
AQgAsa6wyx7euLkCok035HVSmIxqW3jS9ehN7w6bl9BH1KVs3xidFWtvZr8mRF6g
hjLDuv5bWYz/k29sfHRQF2xXTC+Ib7dDLcxbXh5o/Vh+HEvB8DAWvGDjdEQHqZUc
UhhFFI3lrjvGm9I5lFFruIMpvM49IyzF4vS0VzfQdOMxn587eZgBeJ0L00yGrhz2
IdbHEp6kJ6KYsykI/9h2rMIa1WtoYS0vFvEWkZHIpuw/AMB2+kID+fuF7wqXGIGG
xrzLLq5CAv2hpSVaEkhrov7GUHreeqxj9p0gD2m0jx4UbZzwtbWSeDad2Bygaq5s
Nd1cpQprL7KvlzU+4ORyMj9XYwARAQABiQEfBBgBAgAJBQJP6tPSAhsMAAoJENzD
RG0l6WV1qLAIAKZ6GtxhEw6niPLMQI2c3yV3Pusk7Pk2ZGpc4zcND9iSj6+JkaZs
uNqoksG0AwjJH4sn6XNMMos4q6Q6LxsHyneq5OW/4vBl+NIwBwg5bqr3xuG2SPtc
wt36Gkk4EUawe2/IB73V8GLUcTrMUtbXEIF2VA6R9TNd4D01IPJJkpby10qapZ2G
xuF68HMpd6Aijt7uVBgzXj7fEL2o2k+e8EfmBwXTYsaPZpAlwo/YpHWIxdFwFlA5
MeQc2w9ssz02KNb2gdq0FSWGyPCncL3KJ28MPTRdQSQXzC2kQxocp4KBzXG2XjPr
D2kR/WXq8bDW5Yvs9joJulyfp/WnFOeRAl0=
=ZMiZ
-----END PGP PUBLIC KEY BLOCK-----
-
My account has been hacked!
The fucker didn't only steal coins that were laying there, he now tries to scam more!
Don't believe anything he claims or messages and don't send him anything.
I'm working on getting my SR account back with support. I don't know how to say how sorry I'm for that shit.
Just two days ago there was a small discussion about some SR phishing sites.
I wonder if something like that came into play here.
Sorry to hear this terrible news happened to you. Especially a week and a half before Christmas.
I'd like to see the guilty party raped with corn on the cobs dipped in habenero sass.
-
My account has been hacked!
The fucker didn't only steal coins that were laying there, he now tries to scam more!
Don't believe anything he claims or messages and don't send him anything.
I'm working on getting my SR account back with support. I don't know how to say how sorry I'm for that shit.
Unless you start signing some of these statements with your GPG key I'd say your vendor account is DOA.
Why should anyone believe you're not LEO taking over a pinched vendors account?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Good point. It's me.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAEBAgAGBQJQzKfwAAoJENzDRG0l6WV1bWoIAMa5XSsRL6nX8N/NxWY7K3FZ
g9z3ufaMITC0MBJb56/GwAYYyn8nhJ3tPfXDCw2Rp7CU2Bs3BvVO9QcN3THYX8K0
S1K4YrW8MAJgbqSUYQ3BygYGDV4pVQXDb22ogZ8256el7HbD8mXrqP2w3CO7s7au
yRNy8iG6vLBG9XeMdXIIklO0SGzmSoqqSv0PP6PEKVDjBeF/xB73OGe8nnqgV8j3
WnQjFg12ZzDirriUwgM3Gumfx3kzk5dsPL11oRUb5ebOHTerFVtGh/kkNCjh2B2a
oXVitYpW1Sef6wpVdi96f+6cZwQTroYy2TF1cxQ4wyabs0e6e4FFAboOwaPzI08=
=fJAq
-----END PGP SIGNATURE-----
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.12 (GNU/Linux)
mQENBE/q09IBCAD6egaCUeTWIejCLu1psvfomW0jSry0e2NrRCxeOjVhH84qKWSd
0pwUm8Ty2rEggowWHLAvtxErKJhljRH1vI7QXUteJzwzIDPgBOOFq/PvaLVFL6ny
7/xDEwBvtTMhg8K5Vzojmf7QiQeWvd8ntz0ZOIJ64YdU9NDvtWoiY/DgKJiKoqk5
JUgYcCfuCHNq4qMHiV/icxpR4kk7KjPC8Rkm1ZHapKFZn63zArjQWDOOw2ui0coh
NLxQwb7BuWZBnoZGm80xqRu+18+PSLVlnxiAQi0n0EAx06WytaqYMWyF2eGecEyC
W7UcGupMNfL3tSN6aJ3BLSbqhzZHZ2C3k+shABEBAAG0G0FzeWx1bSA8YXN5bHVt
QHRvcm1haWwub3JnPokBOAQTAQIAIgUCT+rT0gIbAwYLCQgHAwIGFQgCCQoLBBYC
AwECHgECF4AACgkQ3MNEbSXpZXXsiwgAsF775Fwdy/TqBpf8KAYiRGyrbKCF/I+M
ZzHnhzsCBZTGSpRT7kO6f1vSp32J5rxtxS/TRe2iY8KoXEhgGMZrX9jWJr45E1ra
CqjkquxCUgu1yj2uCHwcvObOJkT3oliP8M0kehvh3zyePZrAgrZ4wskdvCJaxPSZ
9lnA713MeyqR1nunVw1cmLshMDH6p9VXNzJsGm6ZQ03YEiGbHbmaTaYRj3FpzJqY
zIT8GXRlTOJcIqX01RzN0C7QqthgaPc6fYjQ5/sKu0a/5ivNJnWcv9pNUozsgqZA
uJqqr3xaYcmpRhs/M1obNbf+sGp0/W0kiGpIbnEvJhfh4QOc+UvVP7kBDQRP6tPS
AQgAsa6wyx7euLkCok035HVSmIxqW3jS9ehN7w6bl9BH1KVs3xidFWtvZr8mRF6g
hjLDuv5bWYz/k29sfHRQF2xXTC+Ib7dDLcxbXh5o/Vh+HEvB8DAWvGDjdEQHqZUc
UhhFFI3lrjvGm9I5lFFruIMpvM49IyzF4vS0VzfQdOMxn587eZgBeJ0L00yGrhz2
IdbHEp6kJ6KYsykI/9h2rMIa1WtoYS0vFvEWkZHIpuw/AMB2+kID+fuF7wqXGIGG
xrzLLq5CAv2hpSVaEkhrov7GUHreeqxj9p0gD2m0jx4UbZzwtbWSeDad2Bygaq5s
Nd1cpQprL7KvlzU+4ORyMj9XYwARAQABiQEfBBgBAgAJBQJP6tPSAhsMAAoJENzD
RG0l6WV1qLAIAKZ6GtxhEw6niPLMQI2c3yV3Pusk7Pk2ZGpc4zcND9iSj6+JkaZs
uNqoksG0AwjJH4sn6XNMMos4q6Q6LxsHyneq5OW/4vBl+NIwBwg5bqr3xuG2SPtc
wt36Gkk4EUawe2/IB73V8GLUcTrMUtbXEIF2VA6R9TNd4D01IPJJkpby10qapZ2G
xuF68HMpd6Aijt7uVBgzXj7fEL2o2k+e8EfmBwXTYsaPZpAlwo/YpHWIxdFwFlA5
MeQc2w9ssz02KNb2gdq0FSWGyPCncL3KJ28MPTRdQSQXzC2kQxocp4KBzXG2XjPr
D2kR/WXq8bDW5Yvs9joJulyfp/WnFOeRAl0=
=ZMiZ
-----END PGP PUBLIC KEY BLOCK-----
Same public key as posted on your vendor profile and the signature is valid. Ok I'm satisfied.
Sorry nothing personal, just helps to be skeptical around here.
I see the hacker posted a plea for donations on your profile and according to blockchain.info:
http://blockchain.info/address/1CfhQC2sDofgDBrBsY2G1JwUT5NEwV1dCv
the cocksucker already got $500 in donations.
Has to be a targeted attack asylum, if he got both your password AND your PIN. I'd be seriously auditing whatever computer your using right about now.
-
You know, Eddie, I'm really beginning to think rather highly of your security measures.
He's got an excellent point -- that really does need to be addressed. It's a possibility. If you use persistent storage like a regular OS install on a hard drive and not a live CD, at least.
-
SS, unfortunately I've suffered the consequences of being careless before.
-
My account has been hacked!
The fucker didn't only steal coins that were laying there, he now tries to scam more!
Don't believe anything he claims or messages and don't send him anything.
I'm working on getting my SR account back with support. I don't know how to say how sorry I'm for that shit.
Unless you start signing some of these statements with your GPG key I'd say your vendor account is DOA.
Why should anyone believe you're not LEO taking over a pinched vendors account?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Good point. It's me.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAEBAgAGBQJQzKfwAAoJENzDRG0l6WV1bWoIAMa5XSsRL6nX8N/NxWY7K3FZ
g9z3ufaMITC0MBJb56/GwAYYyn8nhJ3tPfXDCw2Rp7CU2Bs3BvVO9QcN3THYX8K0
S1K4YrW8MAJgbqSUYQ3BygYGDV4pVQXDb22ogZ8256el7HbD8mXrqP2w3CO7s7au
yRNy8iG6vLBG9XeMdXIIklO0SGzmSoqqSv0PP6PEKVDjBeF/xB73OGe8nnqgV8j3
WnQjFg12ZzDirriUwgM3Gumfx3kzk5dsPL11oRUb5ebOHTerFVtGh/kkNCjh2B2a
oXVitYpW1Sef6wpVdi96f+6cZwQTroYy2TF1cxQ4wyabs0e6e4FFAboOwaPzI08=
=fJAq
-----END PGP SIGNATURE-----
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.12 (GNU/Linux)
mQENBE/q09IBCAD6egaCUeTWIejCLu1psvfomW0jSry0e2NrRCxeOjVhH84qKWSd
0pwUm8Ty2rEggowWHLAvtxErKJhljRH1vI7QXUteJzwzIDPgBOOFq/PvaLVFL6ny
7/xDEwBvtTMhg8K5Vzojmf7QiQeWvd8ntz0ZOIJ64YdU9NDvtWoiY/DgKJiKoqk5
JUgYcCfuCHNq4qMHiV/icxpR4kk7KjPC8Rkm1ZHapKFZn63zArjQWDOOw2ui0coh
NLxQwb7BuWZBnoZGm80xqRu+18+PSLVlnxiAQi0n0EAx06WytaqYMWyF2eGecEyC
W7UcGupMNfL3tSN6aJ3BLSbqhzZHZ2C3k+shABEBAAG0G0FzeWx1bSA8YXN5bHVt
QHRvcm1haWwub3JnPokBOAQTAQIAIgUCT+rT0gIbAwYLCQgHAwIGFQgCCQoLBBYC
AwECHgECF4AACgkQ3MNEbSXpZXXsiwgAsF775Fwdy/TqBpf8KAYiRGyrbKCF/I+M
ZzHnhzsCBZTGSpRT7kO6f1vSp32J5rxtxS/TRe2iY8KoXEhgGMZrX9jWJr45E1ra
CqjkquxCUgu1yj2uCHwcvObOJkT3oliP8M0kehvh3zyePZrAgrZ4wskdvCJaxPSZ
9lnA713MeyqR1nunVw1cmLshMDH6p9VXNzJsGm6ZQ03YEiGbHbmaTaYRj3FpzJqY
zIT8GXRlTOJcIqX01RzN0C7QqthgaPc6fYjQ5/sKu0a/5ivNJnWcv9pNUozsgqZA
uJqqr3xaYcmpRhs/M1obNbf+sGp0/W0kiGpIbnEvJhfh4QOc+UvVP7kBDQRP6tPS
AQgAsa6wyx7euLkCok035HVSmIxqW3jS9ehN7w6bl9BH1KVs3xidFWtvZr8mRF6g
hjLDuv5bWYz/k29sfHRQF2xXTC+Ib7dDLcxbXh5o/Vh+HEvB8DAWvGDjdEQHqZUc
UhhFFI3lrjvGm9I5lFFruIMpvM49IyzF4vS0VzfQdOMxn587eZgBeJ0L00yGrhz2
IdbHEp6kJ6KYsykI/9h2rMIa1WtoYS0vFvEWkZHIpuw/AMB2+kID+fuF7wqXGIGG
xrzLLq5CAv2hpSVaEkhrov7GUHreeqxj9p0gD2m0jx4UbZzwtbWSeDad2Bygaq5s
Nd1cpQprL7KvlzU+4ORyMj9XYwARAQABiQEfBBgBAgAJBQJP6tPSAhsMAAoJENzD
RG0l6WV1qLAIAKZ6GtxhEw6niPLMQI2c3yV3Pusk7Pk2ZGpc4zcND9iSj6+JkaZs
uNqoksG0AwjJH4sn6XNMMos4q6Q6LxsHyneq5OW/4vBl+NIwBwg5bqr3xuG2SPtc
wt36Gkk4EUawe2/IB73V8GLUcTrMUtbXEIF2VA6R9TNd4D01IPJJkpby10qapZ2G
xuF68HMpd6Aijt7uVBgzXj7fEL2o2k+e8EfmBwXTYsaPZpAlwo/YpHWIxdFwFlA5
MeQc2w9ssz02KNb2gdq0FSWGyPCncL3KJ28MPTRdQSQXzC2kQxocp4KBzXG2XjPr
D2kR/WXq8bDW5Yvs9joJulyfp/WnFOeRAl0=
=ZMiZ
-----END PGP PUBLIC KEY BLOCK-----
Same public key as posted on your vendor profile and the signature is valid. Ok I'm satisfied.
Sorry nothing personal, just helps to be skeptical around here.
I see the hacker posted a plea for donations on your profile and according to blockchain.info:
http://blockchain.info/address/1CfhQC2sDofgDBrBsY2G1JwUT5NEwV1dCv
the cocksucker already got $500 in donations.
Has to be a targeted attack asylum, if he got both your password AND your PIN. I'd be seriously auditing whatever computer your using right about now.
That's why it's important to publish your PGP key as widely as possible; if you publish it only on your vendor page, then an attacker could replace the PGP there with one of his own. Now, while some of your previous customers _may_ notice the change in PGP keys, many likely will not.
One point that needs to be stressed here is that anything used for verification has to be taken from one or more channel(s) over which the attacker presumably has no control. If the key was posted in the thread established for this here in the Forum, then both the Forum as well as the vendor account would need to be compromised to successfully substitute a PGP key of the attacker's own choosing -- this makes an attacker's job considerably harder.
The fly in the ointment here is that anyone wanting to check the vendor's bona-fides, has to be aware of this possibility -- most people, seeing a key on the vendor's page, will simply assume that it is correct, even after the page has been compromised -- that is a dangerous, even fatal, assumption to make.
NC
-
Just two days ago there was a small discussion about some SR phishing sites.
I wonder if something like that came into play here.
I wouldn't be surprised. There used to be dozens of then listed on Hidden Wiki.
-
That's why it's important to publish your PGP key as widely as possible; if you publish it only on your vendor page, then an attacker could replace the PGP there with one of his own.
I agree. All vendors should use an out of band mechanism to publish their PGP keys. It could be as simple as Pastebin or qPaste.
If the SR site was compromised, they could replace vendor keys with their own. When vendors viewed their own profiles, they would see their real keys. Everyone else would see the attacker's keys. Then when you PGP encrypt your address, you're really encrypting it to the attacker. They decrypt and get your address. Then they reencrypt it with the vendor's real key, so nobody would suspect a thing.
-
Shit one.
Your door getting kicked in next Limetless?
I seriously doubt it and I also seriously doubt they have even the faintest idea where to look. :)
The UK would be a start
-
I recommend keeping a secure, hidden database of important PGP keys. Once you have a vendor's key saved, just use the local copy rather than pasting it from SR every time.
-
we always delete buyers info after shipment its standard practice.
-
we always delete buyers info after shipment its standard practice.
I not only delete it, I shred it (e.g. "shred -u -n 10 info.txt").
-
I feel for ya mate, hope you can somehow recover your account.. I can vouch - Asylum is 1 of the good guys 8)