Bitcoin Forum

I can't figure out how considering I have an impossible to guess password and have setup yubikey for withdrawels but someone emptied out my account for about 80 BTC today!

Luckily I keep most of my BTC in my own wallet but wtf can I do now? Anything? I've been trying to contact Mt Gox all day but it just keeps saying "getting an agent..."

BTW, the person that hacked my account's address is:

1JgqPGJCJWzgeMiTFbmeLi3cpKC9jahPS4


I'll give a reward if I can find out who this person is so I can beat the **** out of them!

you need gox' help to see what's happened. The fact that you had yubikey activated for withdrawals makes it very unlikely you got hacked.

Did you do any other withdrawals during that time?

No I haven't logged into this account at all for like 5 days - this just happened like 20 min before I logged in too! I was going to cashout a little today  :'(

Just looked over my settings and somehow Yubikey isn't linked to my account anymore either!? Somehow that either disappeared or wasn't setup properly and I didn't notice it.

How do you contact gox anyways? I can't get them on chat!

Keep us posted.  AFAIK if verified this would be the first fraudulent withdraw with 2nd factor authentication enabled.  A very clever hack indeed.  On edit: hmm looks like yubikey wasn't enabled.  Still interesting to see the history on this one.


I have never seen the chat work.  You need to create a support ticket ... and wait.  :(

Anyone know how to contact gox though?

Would they even do anything about this??

Try #mtgox on IRC. I've got a replay in few minutes there yesterday.

Can you create a support ticket with your account login details and post the ticket number here ?

Umm why would I post my login credentials and ticket number here?!

He said to open a ticket with that info and then post the ticket number here, not the info itself. Only gox staff (supposedly) can look at the tickets.

Sorry, not sure who you are - plenty of people out their claiming they are someone they are not...

I'm too new to these forums to know who is who

Gotcha, I guess I could post the ticket number here - no sensitive info in that ticket

Not to mention, nothing left in my account now anyways!  :'(

#50629

Haven't heard anything back from anyone at Mt Gox yet on it though...

MagicalTux runs Mt Gox so if your yubi key was indeed compromised or not active it will be addressed.

Again pls keep us posted.

Thanks for the info guys, this really ruined my day! I am already screwed with bills and stuff and then I log in to find this... ugh

Could this have anything to do with my Yubikey being broken and reported lost? I never got a chance to actually use it on Mt Gox so I don't really know what happened there!?

Now you sound sketchy.  

Just tell the truth to mt gox and report back.

I would be very surprised if you intact and activated yubikey was indeed compromised.

A question: Is it possible to un-link your yubikey from your account without use of your yubikey?

If the connection is hijacked, and the hacker keeps the connection after the customer has locked out will he be able to un-link the yubikey without needing to use it to verify?

Maybe Gox could be more proactive:

Disallow withdrawals without yubikey or google auth completely, make it mandetory for both BTC and cash maybe after a trial period?

have a ping trace log on each account, which they might already have, but with automation to block account withdrawls if routing is different and let it demand a new yubikey press. (you can still trade while on vaccation).

Is the API authentication safe? They don't use yubikeys.

Mt.Gox has a kind of panic button now. If you fail log in 3 times, you are locked out for 24 hours. Is that protection if people start posting about a massive hack underway?

I sound sketchy?

I lost a good amount of money today and I'm kinda freakin out I'm just trying to figure out wtf happened! I don't know if that yubi was ever actually activated, I set it for withdrawals only but I never withdrew any money or bitcoins yet so I never actually got to "use" it. I'm trying to figure out if it was ever indeed registered or not...

Anyways, there is a support ticket and they have the information. Basically they told me I'm screwed and to file a police report and send them a copy. Still waiting to hear back about the status of the yubikey however.


Oh btw, that was my question as well - do they lock you out for using the wrong pw x amount of times? If so, then this person got my info in some other way but considering I don't use that same password ANYWHERE ELSE, it would have to be a keylogger or something for them to have gotten the PW. If it was a bruteforce attack, why didn't gox stop the repeated attempts? It wasn't an easy PW to figure out!

In my case on initial enabling of 2FA for withdrawals the setting did not stick.  Although the security center reported 2FA was enabled I had to cycle, disable it, then re-enable for it to take effect.


So, I'm suspicious.

JMcGrath,

First you state yubikey was active
then you state maybe it wasn't
Not this new posts state it didn't stick for them the first time they activate it so maybe that happened to you.

Point it bitcoin hacks happen.  Could be a virus or keylogger on your system or a MIM attack. 

Regardless this is almost impossible with yubikey activated.

If you were hacked with yubike active that it a problem

If mt gox's yubikey activation process it faulty that it a problem.

Just looking for the Facts.

I'm sorry if my posts sound a little all over the place, I'm a little on edge here myself so I'll try to be as clear as possible...

* Yes I did have a Yubikey and *thought* I registered it
* I just spoke with Mt Gox and they are claiming that I never had a registered Yubikey
* They provided the IP Address of the person, but it comes up all over the world when I search it
* I know I tried to register my yubi when I got it so I *suspect* there is a fault where it is not "sticking" the first time around as you stated

As we could see thanks to this ticket number, the hacker gained access to the account on first try (ie. already had the correct password on hand). We also confirmed there was no Yubikey linked to this account nor was one ever registered.

I wonder if JMcGrath is not talking about a Yubikey he bought himself separately, in which case there is no way to "link it" to a MtGox account (only Yubikeys delivered by MtGox work on MtGox). Either way there was no order for a MtGox Yubikey on the account's history.

I would rather suspect phishing or hacked computer (key logger/etc). As usual, having a Yubikey or TOTP device linked to the account and enabled would have helped a lot.

On the subject of Yubikeys, why doesn't MtGox allow plain Yubikeys to be registered with their service?

If MtGox could make it so that you could add your PGP public key and then configure your account such that bitcoin withdrawals require PGP signature of a pre-generated message that contained the destination bitcoin address, MtGox would have undisputable conclusive proof in the event of a disagreement as to whether a withdrawal was authorized.

Put another way, if MtGox's withdrawal had just the same security we have on our IRC channel we use for chatting, confidence would be increased, as we'd have less fear of being stuck in a situation where money has been withdrawn with no way to convince anyone that we didn't do it ourselves.

I say first hand that anything that can be done to increase the confidence in security of funds stored in MtGox will directly correspond to a greater willingness to leave funds in MtGox.

In fact, implementing this idea would put MtGox in an even better position: in the event a hacker really managed to compromise a PGP key and forge a signature on a withdrawal, I think most people in this community would consider it 100% reasonable for MtGox to say "here's his signed request...sorry he's SOL!...do a better job of securing your PGP key next time"... far more than "sorry you must have gotten keylogged or something."

Mostly a security reason. Anyone could create a bitcoin-related site that claims to accept yubikeys and actually log the used codes to try these later on other related websites.

It would also make us dependend on Yubico's server, making these an even greater target than they already are. Yubikey allows security by decentralization, allowing each operator to run their own auth servers.

We will still eventually allow people who understand the risks to add their yubikey on MtGox eventually, but this has lower priority.


We considered this, but the lack of proper PGP lib (the only few libs around will try to create stuff in $HOME and doesn't allow us to store/provide the public keys easily) or appropriate technical documentation on the signature format (it mostly says "read the source") forced us to delay this.

Glad to see you are at least considering it.  For the record if/when you ever implement a PGP signed message system I would prefer it be in addition to 2FA.  I.e. withdraw requires a PGP signed message PLUS sucessful 2FA challenge.  The PGP signed message creates irrevocable proof of the transaction and the 2FA (google authenticator) provides additional security in the event the PGP key is compromised.   While your at it throw in the ability to create multiple logins (w/ different security permissions) for a single account and optional dual authentication (not to be confused with 2FA) for withdrawals and you would have better security than most corporate banking platforms!

Also since you are reading this thread .... Generating a MtGox code can be properly protected by 2FA challenge (I love it you are one of the few exchanges which do it RIGHT (https://bitcointalk.org/index.php?topic=109424.0)) however one can view the "redeem code" page without 2FA authentication.  This create a potential method to compromise codes before redeemed.  User generates a code and before the counterparty redeems it the attacker (possibly alerted due to compromised email) logs in and redeems the code.  There are two simple solutions (one simpler and more limited).  The easiest method is perform a 2FA challenge when viewing the redeem code page.   The more comprehensive option would be to allow viewing the page but the code is redacted.  User can redeem code but clicking "view code" results in a 2FA challenge.

If the computer is compromised can we presume the PGP certificate with corresponding password can also get stolen? I use Google Authenticator and I think it's better unless my phone + computer get compromised by the same hacker.

Google Authenticator is Free to use at a few exchanges including Mt Gox. Use it. I wish more exchanges would implement Google Authenticator.

True it doesn't provide more security than a strong passphrase (not repeated on any other site) but it does provide irrefutable proof that your key was compromised.   It simply is not possible for a compromise on MtGox end to result in a properly signed message.  The hacked user and the community at large have absolute proof that the fault lies with the user.  2FA should be an optional security enhancement for PGP.  I would also point out that security conscious users can use smart cards with hardware independent keypad to protect PGP private key from keyloggers.

PGP sounds like a great additional feature, the more the better. Allow the end user to decide what is preferable to them.

If this guy was using a Ubikey does that mean that Ubikeys are not a reliable protection against Windows virii? It's easy to cloak logging apps and there's a lot of crackers around Bitcoin.

Can this guy assume his install is cracked?
How can he search for whatever may have caused the breach?
Is there a Gox grabbing trojan out there we know about?
Has he installed the Gox app on a phone? (I think that's a risk)

Where did you get the Yubikey from?  Could you have bought it from a third party that asked for your username/password and you sent it to them via email or on a website?  Also what is the IP address of the attacker that Mtgox gave you?

Even just offering the option to assign one pre-determined bitcoin address would provide an equivalent level of security, even if you did no PGP automation whatsoever.  The pre-determined bitcoin address could either be a) withdrawn to directly, or b) for those who know how to sign messages, it could be used to sign a message that permits withdrawal to some other address.  All of this could be evaluated in any environment already accustomed to working with bitcoin keypairs.

Either way, the benefit to MtGox is instant vindication of any questionable withdrawal that goes through.  Further, the moment anyone releases a hardware bitcoin wallet, you can bet that this will end up supported as a bonus feature.

So you never linked your yubi-key to your mgGox account. Well, don't talk about your account "with yubi-key withdrawal protection activated" being hacked, then, dude.

Sorry 'bout your loss, but don't lie to us.

That's a good idea.

However: what's the difference of having ones password stolen and having ones pgp key stolen and passphrase key-logged?

In other words: mtgox even in this case has proof the withdrawal was authorized (albeit not as strong, it could be faked by gox) by means of a successful login with password.

So while this puts mtGox in a more comfortable situation, this is only better for the user if he protects his pgp key better than his password.

The difference is the attacker wouldn't have the PGP private key.

By PGP key he would mean the private key, of course. Who needs to steal public keys?

We could easily add the "limit to one bitcoin address" thing, but there is a problem with the bitcoin message signature process that makes it difficult to implement (last time I checked the bitcoin message signature uses a different way of signing compared to transactions to make shorter signatures, but it's been an issue).

Add optional "withdraw to one address only".

Add 48 hour delay before changing the addresses, during which you'd get two emails, and see a giant warning when you log in.

OP: Don't listen to people moaning about how we had been thinking we had a Mt.Gox breach even with a Yubikey in use and that turning out not to be the case it's just good that we've been told now and can stop worrying :-)

Sounds like this might have been a generic Ubikey and not the Gox one that has to be used with the site.

Remember though folks, if you're trading on Gox that means you're banking. And fast and highly frequent deposits and withdrawals I don't think are feasible

You can use google authenticator on your box account. Its free for browser and smart phone.
That's what I resorted to when my yubi key never showed up.

The difference is that MtGox has no way to prove someone's use of GA or Yubikey actually took place. It is on MtGox's honor.

A system where MtGox could respond to allegations of fraudulent withdrawals by publishing a signed withdrawal request totally and instantly exonerates Gox against claims of being hacked, and is good for market confidence all the way around.

yeah, true, sorry JMcGrath for being a bit harsh before. Thanks for telling us you probably hadn't linked the yubikey.

This would still be a much easier problem to solve than, say, adding a dependency on PGP, given that all the necessary code can be lifted directly from the current build of bitcoind.

And signing aside, simply allowing one the option to restrict their account so that instant bitcoin withdrawals can only go to a single bitcoin address would be of trivial complexity and yet would result in an enormous leap in practical security.  That may not work for some, but for others, it is so simple to understand as to be a meaningful confidence builder.  If you ask people to write that bitcoin address on their AML docs as they send them in, you've got a bulletproof paper trail connecting the withdrawal address to the customer.

The unspoken underlying fear is that one might have their funds disappear and be in a "he said she said" war with Gox as to how the withdrawal actually occurred.  If MtGox adopts policy and procedures that ensures that all withdrawals can be positively accounted for, and that instant withdrawals to arbitrary addresses are easy to limit, it literally reduces the customers negative fear of unauthorized withdrawal.

If there's anyone who should be beat, it should be YOU for this fucking misleading thread title!

MtGox DID NOT GET HACKED and all you're doing is stirring shit.

title should read:

"I was surfing porn, downloaded a key logger and now I don't have anymore coins in my Mt. Gox account. "

LOL.

MY PRONSITE WAS HACKED

I am really astonished about the level of abuse that some Forum members subject the people that get their accounts hacked for.

Someone posts that their account gets hacked and all of a sudden that person is called a lot of names ranging from stupid to much worse.

Is it not enough that he/she lost their Bitcoins?


I am also surprised that Mt Gox has such a high standing in the community that anyone that does not talk favorably about them get
their threads spammed and again are called names and worse.


Please, think before you post and dont post drunk.

/GoK

Actually I was considering starting a fund to pay people to abuse those who "got hacked" further. There's certainly not enough of it being done naturally.

That aside, wasn't muchly aware of such a great standing of MtGox? Perhaps you're confusing Inaba's unpopularity with MtGox's popularity?

Title is misleading. He got hacked not MtGox.

Very Misleading, Please fix!

Agreed. Added a single word.

Read the posts again, and you will notice that your comment is out of place. He makes a false claim that MtGox is "hacked" and that he was using Yubikey. He did not yet correct the title of the thread as of this moment. It is misleading, it spreads unjustified panic, and it is everybody's waste of time.
I am sorry for his loss, and I do hope the thief is caught, but please act with some integrity.

How is google authenticator different from Yubi Key?

You can back up the code at the time if setup, if your phone is lost or broken you can set everything up again easily. Not so easy with yubikey. Having said that, yubikey introduces less risk of security holes than an android phone.

I think it's more convenient since you always have your phone. Plus it's free.

First off, my comment was not about the correct or incorrect title, it was about all those other posts that was made.

Secondly i wrote "their account gets hacked" which is a neutral term as to where the security break was, his pwd or Mt Gox.


Bottom line is, that thread, as well as many other "Gox account hacked" threads are full of namecalling and unintelligent BS in order to belittle the OP.

I am not saying that the Mob should turn on Gox, but i see a systematic behavior of "some elements in the community" that kicks on ppl that gets hacked, calling them stupid and worse.

And i figured i would at least write one post that says that this behavior should end.


/GoK

How much security does Yubi key really add if your PC is compromised?

Im not sure I fully understand this; if the attacker has root access to my PC, he can show me whatever he wants, and send something else to Mt Gox. All he would have to do is wait for me to do whatever transaction that requires the yubi key, provide Mt gox with a different transaction instead, show me the challenge for that fraudulent transaction and make me confirm it.

Im no expert, never used mtgox or yubi key,  but what am I missing?

Doesn't seem there's much better a way to do this than PGP really.

PGP won't be widely used until there are better libraries and it is easier to implement and use.

You are right in the case of a sophisticated attacker but most of them are script kiddies who log only username and password. With Yubi key or Google Authenticator you prevent most attack imo.

That is man in the middle attack, which attacker need a full implenmentation to a specific website to mimic the behavior, and at the same time, not only gaining admin right of your computer, install key logger. , but also change your browser in a very specific way ( for spoofing that specific website, they either install fake certificate authority or disable the function at the same time make the browser behave like normal.)

And doing all these without any infected syndrome.
If the attacker have this capability, thy should start their own business rather than stealing money, way more profitable.

Really doesnt seem that complicated to me, doesnt require a custom browser or even a key logger. Heck, you can probably pull it off with  something as simple as a greasemonkey script.  And yeah, someone knowledgeable might notice that, but those are the people that dont get infected very often in the first place.

They also have a very short term window(in case of Google authenticator) to attack. ( I believe in case of MtGox, once you disable your 2 factor , then you are disallowed to withdraw for some period, so by tricking you enter a one time password could not used to disable the whole 2-factor authentication, they need to immediately use your one time password and send a withdraw request).

And they need to change the browser behavior, since you can not just spoof a website without security warning if browser certificate infrastructure is unchanged.

Adding certificate authority should trigger a security warning in most operation systems and ask for admin password on the fly. So the attacker need to disable these features as well.

Seems a lot of job to me. Of course doable,but way more secure than just have your online password stolen and you are f*cked.

Thats not a problem. The attack would happen in realtime anyway. Basically all the attacker has to do is send a different bitcoin address to MtGox compared to whats shown on the screen.


You dont have to! Im not sure anything would need to be changed on the client side, but if so, greasemonkey will do that for you without any impact on security certificates whatsoever. It basically alters the HTML after its been received. Im not a coder, but it cant take make than a few lines of code to modify one address in to another.


Again, I dont think so. Ill give it a try by running some greasemonkey script on eg gmail, but Im fairly certain I will still see a green padlock icon and no other warnings. That said, even if you would have to spoof everything, its not rocket science for a decent script kiddy. HTML5 fullscreen FTW.  This seriously sounds easier to me than writing a key logger. As illlustration: http://feross.org/html5-fullscreen-api-attack/

Allright, I tried it. I installed greasemonkey and then some random greasemonkey script that switches gmail to minimal layout.
To get there, Ive never entered my root password, so root isnt even needed (in contrast to a keylogger!). Gmail address bar shows everything okey dokey, and there is no obvious way to see greasemonkey is even running. There is a greasemonkey button added to the toolbar that I didnt even notice at first, but I can remove it, without needing any root privilege.  Mind you, the attacker wouldnt even have to use greasemonkey as such, just trying to show how "easy" it can be.

One more comment; with my homebanking, I have a card reader in which I have to insert my ATM card, and enter the challenge presented by my homebanking website. This challenge always includes the amount and some significant digits of the account Im transferring to. If someone were to use a "greasemonkey in the middle" attack on me, at least I might notice the amount/and or account number dont match what Im trying to send. As I understand, Yubi key doesnt have anything like that, you just plug it in, and thats it. I hate to say it, but that sounds like security theatre to me. Having a unique and decently safe password would give the exact same security AFAICT. If your PC is compromised, not even rooted (!), you are SOL with or without yubi.

I checked with your illustration, I definitely agree it is possible to attack this way, but as I said, they need to implement a full browser functionality and specific website functionality to get this working, otherwise, a little savvy will help you quickly realize something is wrong. At least when I press the button, I got two address bars, mine and the fake one. And the "website" is not reactive to normal operations. (Checking certificate, for example, and my address bar did show it is not BOA.)

And this is why when I setup two-factor authentication, I usually not make it default for login, but only for withdraws or change security settings, since this way, they at least need some work to make website specific behavior.


Thanks for pointing this possibility out though.

Isn't installing addons trigger a security response?

?
Website specific, yeah sure, but the website specific code would be like a few dozen lines of javascript that just changes the bitcoin address. And there is no need to implement a full browser, your victim already has a perfectly capable browser, you only need to enable an addon with functionality like greasemonkey and the "10 line" script. Thats not harder than copying a few readily available files to your victims mozilla folder. No root needed. Greasemonkey is opensource, so it would also be trivial to make a few changes that even the button doesnt appear. Honestly, i think even I could even pull this off, and I cant really code.


Ah, you mean the HTML5 spoof? Okay. Well, obviously you can spoof the certificate checking just as well (Im a little surprised the author didnt), because you arent even looking at a real address bar.  And the site is not responsive because the author didnt want to steal your money. Its a proof of concept.


None. Im using ubuntu, no sudo popup, meaning anyone with user access to my machine could install it. Makes sense since the browser addons are stored in the user's home folder, so there is nothing to prompt for root. Feel free to try on windows, but even if the windows GUI would popup some security question, I suspect in windows its fundamentally no different, and only user privileges are required if you do it by accessing the file system directly, as any hacker would.

Does the card reader work on GNU/Linux? Or does it require Microsoft Windows? If it requires Microsoft Windows or some other propriety OS then I suggest that the setup above is security theatre. Let me guess the OP was running Microsoft Windows, the computer was compromised with malware and the MTGox password was captured by the attacker.

Once one accepts that fact that Microsoft Windows is a magnet for all sorts of malware and keyloggers and switches to GNU/Linux well over 99.999% of the risk is eliminated. For extra security set up the MtGox account with both a YubiKey obtained from MtGox and Google Authenticator. One should use both in case the Yubikey fails or is lost or the Google Authenticator private key becomes un obtainable or is lost.

By the way the savings in unnecessary software licensing costs by switching form Microsoft Windows and proprietary applications to GNU/Linux and Free Software may be enough to replace a portion if not all of the OP's loss. 

Its standalone, it doesnt even connect to your PC, so you could be running OS/2 for all I care. It looks like a calculator, you insert your ATM card, enter your pin, enter the numbers (=challenge) from the website on the "calculator" and you retype the response on your PC. Tedious? Yeah, it is, but at least it does offer more real security then a USB dongle that will sign anything.


Though Im a linux user, I cant agree. If windows were to be eliminated and replaced by linux, malware would just follow. If firefox has some vulnerability that can be exploited, running linux offers no help. As I demonstrated, for the kind of attack I described, no root access is even needed. Any dodgy user level software could open one up to such an attack, regardless if you run windows, os-x or linux. Regardless if you use a ubikey or use google authenticator.


I guess you read nothing of what I wrote.

What you describe most certainly adds security because it does not require Microsoft Windows, it is actually very similar to what Google Authenticator or a Yubikey would do. I have come across situations where a bank has required the reader to be connected to the PC with a Windows only driver for the reader. In which case this actually makes the situation far worse by forcing the user to use Microsoft Windows



I have and while it is theoretically possible to compromise a GNU/Linux system it is way way harder than with Microsoft Windows. One of the reasons is cultural. How do you get the malware software on to the end user system in the first place? With GNU/Linux say Ubuntu the end user is encouraged to use trusted repositories, with the alternative being downloading the source code and compiling the software. The latter deters those users that are not technically savvy, who are precisely the most vulnerable. With Microsoft Windows the vast majority of the software is not obtained from a centralized trusted source. Furthermore many otherwise legitimate vendors prompt for the installation of all sorts of adware and toolbars. This effectively blurs the line between legitimate software and malware. I have seen even very experienced Windows administrators get fooled by Windows malware. I know because I had to clean up the mess.

What you are describing is a malicious Firefox add on that is downloaded from an untrusted source. I suggest that between two users with the same level of expertise one on Microsoft Windows and one on GNU/Linux, the Windows user is far more likely to download malware for the cultural reasons above.

The HTML5 phishing attack works on any OS, and for the monkey-in-the-middle attack, you wouldnt even have to download malware, just buggy software that opens an attack vector is enough. Vulnerabilities in eg Firefox tend to be crossplatform.
If you think you are so secure just because you run linux, tell me the output of

java version "1.6.0_24"
OpenJDK Runtime Environment (IcedTea6 1.11.5) (ArchLinux-6.b24_1.11.5-1-x86_64)
OpenJDK 64-Bit Server VM (build 20.0-b12, mixed mode)

Congrats, your system is wide open.
Oracle Java 7 update 10 and earlier Java 7 versions are affected. OpenJDK 7, and subsequently IcedTea, are also affected.
Impact
By convincing a user to visit a specially crafted HTML document, a remote attacker may be able to execute arbitrary code on a vulnerable system
IcedTea   Affected   -   16 Jan 2013
OpenJDK   Affected   -   14 Jan 2013
http://www.kb.cert.org/vuls/id/625617

Please stop thinking just because you use linux your system is somehow invulnerable. It isnt.

What nao?

Good for you. A windows user that doesnt have java installed isnt vulnerable to this exploit either.

But I think I made my point clear enough ; Yubi key doesnt protect you from much if anything other than easy to guess or non unique/stolen passwords. And running Linux doesnt change anything about that. The vast majority of linux users, even the ones that also use a ubi key will still be vulnerable to these kinds of attacks.

We certainly agree on that score: no "website" style interface is sufficiently secure or can be made sufficiently secure to handle bitcoins. As long as you see a "login" over http it's vulnerable. All the dongles and doohickeys in the world, be they yubikeys or whatever else, all the software solutions in the world, be they https or whatever else can't fix the simple fact that http is not a stateful protocol, and consequently the notion of "logged in" is irretrievably broken.

Im not sure about that. For instance, it would help a whole lot if MtGox/yubi didnt only authenticate the user, but also the transaction. A more intelligent and versatile device (or a smartphone) could show you the transaction and let you authenticate that specific transaction, and nothing else. Hacking that would be orders of magnitude more difficult I think.

Im sure there are other ways, and perhaps what I describe isnt feasible or can be hacked in other ways, its just that this yubi key as is seems to add extremely little extra security (and using linux doesnt add all that much either).

Not unless the user is running as root is the system wide open on GNU/Linux. I will not say that GNU/Linux is invulnerable, it just has a way lower risk than Microsoft Windows by about six orders of magnitude. As for the Java vulnerability disabling the Java browser plugin addresses the vulnerability as per the link above. The latter link also shows how Microsoft Windows is vulnerable to additional attacks via Microsoft Office.

Phishing attacks by their very nature work on any OS, so one could in principle get a GNU/Linux user to provide a root password in order to install malware with the right temptation such as some good old Microsoft or propriety software bashing.

As for a man in the middle attack, this involves forging certificates and spoofing the DNS. Again GNU/Linux gives a powerful tool against a DNS spoofing attack namely running bind9 to set up one's own DNS on ones network. An attack on the ISP's DNS will fail not only on the GNU/Linux machine but also on Microsoft Windows Machines that use the DNS on the local GNU/linux machine.

The bottom line with Bitcoin is that if one wishes to use a currency whose entire security model is based on software and hardware freedom, it is only prudent to say the least to use an operating system based upon Free Software.

This is an excellent point.

That is not strictly true....
One example.. Oracle under linux.. oracle runs java inside the database, actually it does not... what it does is launch a JVM as ROOT!!!!! then links that back into the database and onto the user.
Back in 2006/2007 on 9i I found a number of exploits to leverage an attack via java in oracle.... I'm still waiting for oracle to reply back to me. and that was before the current bolox of oracle buying sun and making things 100x worse........

You nicely illustrate a point by using for an example a piece of software that is closed-source.

I already showed that the man in the middle attack doesnt require root. Remember how this discussion started, someone who got his MtGox account emptied and someone else claiming that couldnt have happened when he used ubikey and/or linux. Clearly this is not true, it could have happened with yubikey and running an up to date linux with nothing but very common OSS software from the official repositories (in this case, OpenJDK).

I am in no way suggesting Linux is less safe than windows, Im just arguing against the mindset that a yubi key and Linux is all you need to be safe. Thats no less silly than thinking a windows antivirus program solves all problems.

Everyone would all agree no system is attack proof, but a two factor model and secured software/behavior practice do add up to the total difficulty of the attack, which shouldn't be put up as a "total security thertre", at least from my understanding.

Let this be a reminder that keyloggers / trojans are far more common than most people suspect. Enable 2-factor, better safe than sorry.

How to use 2-factor auth on mtgox, even without a smartphone (https://bitcointalk.org/index.php?topic=111943.0)

This should really be an option.

In fact, a user should be able to specify their own time limit, in hours, that they want a withdrawal address change to be delayed.  They might set it to 1 hour, or 5 days.  A good default might be 48 hours.

The email should contain a link required to confirm the address change.

A person should be allowed to lock their account indefinitely in the event of it being compromised.  A "Freeze my account - it may be compromised" link.  Perhaps this could be a unique link existing in their original registration email (to prevent just anyone from locking other random people's accounts).  This lock could be undone by the person verifying their identification with MtGox support.

The yubikey is good, but not everyone uses it or has one.  Even with the yubikey, I am still afraid of a keylogger.  The above security procedures would largely mitigate risk even against keyloggers and other malware.