|
Title: 2013-04-03 Business Insider - Instawallet suspended Post by: kiko on April 03, 2013, 07:34:35 PM http://www.businessinsider.com/instawallet-suspended-2013-4 (http://www.businessinsider.com/instawallet-suspended-2013-4)
Quote Instawallet — a site that offers a quick way to create your own Bitcoin wallet — just announced that it's been hacked and will not reopen until it can "develop an alternate architecture." Title: Re: 2013-04-03 Business Insider - Instawallet suspended Post by: marcus_of_augustus on April 03, 2013, 08:47:06 PM http://www.businessinsider.com/instawallet-suspended-2013-4 (http://www.businessinsider.com/instawallet-suspended-2013-4) Quote Instawallet — a site that offers a quick way to create your own Bitcoin wallet — just announced that it's been hacked and will not reopen until it can "develop an alternate architecture." Sounds expensive. These web wallets seem like unexploded bombs just lying around waiting to go off. Title: Re: 2013-04-03 Business Insider - Instawallet suspended Post by: pinger on April 04, 2013, 03:38:15 AM Some genius need to implement, a password for the wallets ...
Title: Re: 2013-04-03 Business Insider - Instawallet suspended Post by: lucif on April 04, 2013, 06:35:34 AM More than.
https://instawallet.org/ leads to HTTPS webpage with bitcoin-central exchange service suspension notice. It is actually https://bitcoin-central.net/ On one hand they claims they owns 50k BTC and they are under control. On other hand, their parallel project instawallt closes to indefinite time.... Quote [Apr-01 10:30PM CET] Bitcoin-Central and Paytunia update: Our customer's bitcoins and euros are safe and will not be affected by the security breach. We have taken the websites off-line for proper investigation. The address 1LrPYjto3hsLzWJNstghuwdrQXB96KbrCy is under our exclusive control. We thank you for your patience and will provide updates exclusively on this page as they come in. We are committed to resuming service as soon as possible. Expect normal service to resume within 48 hours. Title: Re: 2013-04-03 Business Insider - Instawallet suspended Post by: lucif on April 04, 2013, 06:42:43 AM And I even figured out how did they hacked.
The full source of bitcoin-central exchange is available on github under AGPL LOL https://github.com/davout/bitcoin-central What crappy brain should owner have to expose the source of his engine processing 100s 1000s dollars? https://github.com/davout/bitcoin-central Title: Re: 2013-04-03 Business Insider - Instawallet suspended Post by: Mike Hearn on April 04, 2013, 09:24:16 AM There's nothing wrong with having an open source trading engine, there shouldn't be any secrets in there.
The issue with InstaWallet is that it's very old and when it was first created, giving people super-easy disposable wallets seemed like a good idea. And it was! The problem is people parked money there and then (probably) forgot about it or lost their URL, meaning that the service accumulated a large balance. Because there was no signup or identity verification involved, if anyone ever learned the list of wallet URLs then it's game over - there's no way to recover from that or get people their money back reliably. Though InstaWallet was conceptually very neat, I often wish the energy put into web wallet services like that was put into better downloadable wallet applications instead. The web model and Bitcoin don't mix very well, which is why the most successful web wallet (blockchain.info) has a very unusual design and for max safety requires people to use a browser extension. Title: Re: 2013-04-03 Business Insider - Instawallet suspended Post by: lucif on April 04, 2013, 09:39:05 AM There's nothing wrong with having an open source trading engine, there shouldn't be any secrets in there. Yeah? What if developers leaved a bug with vulnurability and have no idea about it? And 1000s hackers in the world have ability to watch and reverse the source...Title: Re: 2013-04-03 Business Insider - Instawallet suspended Post by: Puppet on April 04, 2013, 10:11:18 AM There's nothing wrong with having an open source trading engine, there shouldn't be any secrets in there. Yeah? What if developers leaved a bug with vulnurability and have no idea about it? And 1000s hackers in the world have ability to watch and reverse the source...And 1000s of legitimate developers have the possibility to find and correct bugs before hackers do. Its how linux and unix work and your bank runs on it. That said; in this case the ratio of honest devs and wannabee hackers was probably skewed in the wrong direction, and the software couldnt possibly have been as mature as something like linux/unix so Im not sure it was a great idea. Title: Re: 2013-04-03 Business Insider - Instawallet suspended Post by: lucif on April 04, 2013, 11:06:43 AM This is hard violation of all security guidelines for money flow systems. Don't mess Unix with PCI-like services.
Banks don't put a map of all their inside structure right near door. Its just stupid. Sources must keep safe. Programmers must be under NDA. Otherwise your service will be hero of such breaking news. Title: Re: 2013-04-03 Business Insider - Instawallet suspended Post by: 01BTC10 on April 04, 2013, 11:09:09 AM There's nothing wrong with having an open source trading engine, there shouldn't be any secrets in there. Yeah? What if developers leaved a bug with vulnurability and have no idea about it? And 1000s hackers in the world have ability to watch and reverse the source...Title: Re: 2013-04-03 Business Insider - Instawallet suspended Post by: lucif on April 04, 2013, 11:16:43 AM Security via obscurity doesn't make it more secure. Obscurity is additional level. There are much of levels. Keep sources open could be good practice for anyone except money flow.However i see this community sloven level is too high. Why I explain obvious security standards... I see they had very good security, yeah. Title: Re: 2013-04-03 Business Insider - Instawallet suspended Post by: lucif on April 04, 2013, 11:19:27 AM https://www.pcisecuritystandards.org/security_standards/
Internal structure leak. Hard violation. Guilty. |