Silk Road forums
Discussion => Silk Road discussion => Topic started by: CaptainJohnny on August 31, 2011, 04:08 pm
-
Before you login, make sure you came here from a trusted link and are at the official Silk Road .onion url and not some password phishing clone. If you suspect you have ever logged in through a phishing site, you should change your password asap.
Really?
If I were a phisher, I'd just add in:
Before you login, make sure you came here from a trusted link and are at the official Silk Road .onion url (which is http://1234567890abcdef.onion[.com] and not some password phishing clone. If you suspect you have ever logged in through a phishing site, you should change your password asap.
Someone dumb enough to fall for phishing is far more than dumb enough to fall for a falsified warning message, too. So how does it help? I come to SR exclusively via bookmark.
People stupid enough to fall for phishing deserve what they get. That's just absolutely fucking retarded. How the hell is someone that stupid even alive? If you're that dumb, you can't be safe to do business with. How do you use GPG? How do you keep your wallet safe? Is your drive encrypted? How do you use TOR? Are all your passwords on PostIt notes on the edge of your monitor, too? Can you walk and chew gum at the same time?
If someone needs to be told to check for phishing on this site, then they are likely doing a great many other things wrong as well. If anything, I want a list of names who suspect being phished so I know never, ever to do business with them.
I realize SR is trying to appeal to, and be usable by, the largest number of people possible. Not everyone knows how to computer very well. But, in this business, being stupid is dangerous. Being outrageously stupid is not something we should hand a crutch to. SR should present enough motivation that people learn and make an effort to stop being dumb as shit. Catering to it will only get us fucked. This isn't Wal Mart, our asses are on the line.
-
Someone dumb enough to fall for phishing is far more than dumb enough to fall for a falsified warning message, too. So how does it help? I come to SR exclusively via bookmark.
While phishing works good with usual regular dns names, where you can mispell one or several letters, with Tor hidden service at present moment it's impossible to phish site, cause
"ianxz6zefk72ulzz" is hash value from PGP public key as I remember and it's unique.
For example you wanted to phish and instead of "ianxz6zefk72uIzz" for this you will need to make reverse operation what PGP key has such hash, and this task is impossible at present moment and probably some quite time in the future.
-
One could make this URL:
http://dkn255hz262ypmii.onion.com
My point being, I saw this warning when logging into SR. It makes no sense. If someone is trying to do business on SR and they're stupid enough to fall for phishing in such an obvious manner; they really, really, really do not belong here. They are most likely doing many other dangerously stupid things, too. I don't know any Vendor who wants to be exposed to someone that stupid. It's dangerous.
-
I think you're being a bit harsh. After this place got mentioned in Wired and Gawker, there are stupid people here. Let's help them become as clever as you and me rather than leaving them to the sharks.
Also a phished account could potentially present more security risks than a few stolen coins. Best to warn people there are phishing clone sites out there.
-
There's even mirror sites.
-
"With experience comes knowledge."
Let's be as helpful as possible...I know sometimes threads are made under the influence of different substances and different states of mind, but let's stay a positive community.
-
Let's help them become as clever as you
Fucking GOLD ;D ;D
just not as anal...I mean angry
so post it notes with passwords are not a good idea?? learn something new everyday ::)
-
Perhaps I was a bit harsh, but trying to get the noobs to use GPG has been a nightmare... I give up. :-p
-
gpg is a BITCH
-
Beware mtgox phishing sites! I heard they are numerous.
-
This is why everyone with a mt. gox account needs to get a Yubikey.. It makes it IMPOSSIBLE to get into an account with out it.. I could post my username and password here and it would be totally safe..
Its the best 29 bucks I've ever spent..It generates a new 44 character password each time. Like Lasagna said, he doesn't know of any program or programmer that could break it...Im not technical at all, but from what Ive read about the yubikey it makes things uber safe..
-
gpg is a BITCH
It hasn't been hard to teach, really... But every person who inquires about my Listings has never heard of it. I send them the Link to the Sticky about it in the Security section, and they fumble a few times then get it right when they realize they have to encrypt messages to me with my key, not their own... ::)