Title: Everyone stop panicking and read this Post by: Silverpike on June 20, 2011, 04:47:51 AM I was asleep when the whole Mtgox hack incident went down (apparently). I am surprised by the reactions I see on this forum; it reminds me a lot of young children being told for the first time they can't stay out and play after 8pm: tantrums, yelling, and wild accusations of unfairness. If you have half a brain in your head and you care about Bitcoins, then please consider the following important points:
My sympathies to any of the Mt. Gox users hacked in this incident. With that in mind, I'm sure there will be better more robust trading exchanges available in the future, and something tells me we will do a good job of learning from hard lessons. Title: Re: Everyone stop panicking and read this Post by: RyNinDaCleM on June 20, 2011, 04:57:53 AM Bravo! (Applauding emoticon)
I agree 1000%! This is not BitCoins insecurity! It is the users/web site security issues! Problems now, help to discover flaws that need to be fixed! So that, these issues don't arise again, and lead to more secure solutions in the future! Title: Re: Everyone stop panicking and read this Post by: imperi on June 20, 2011, 04:58:42 AM +1
Title: Re: Everyone stop panicking and read this Post by: Electrongolf on June 20, 2011, 05:01:03 AM I agree. This is NOT a result of the shortcomings of BTC. It appears to be a website security issue. Bitcoins are OK.
Title: Re: Everyone stop panicking and read this Post by: DamienBlack on June 20, 2011, 05:16:23 AM Apparently Mt Gox was not hacked through SQL injection.
"It appears that someone who performs audits on our system and had read-only access to our database had their computer compromised. This allowed for someone to pull our database. The site was not compromised with a SQL injection as many are reporting, so in effect the site was not hacked." So it was not website insecurity, but poor practices. Title: Re: Everyone stop panicking and read this Post by: done on June 20, 2011, 05:19:58 AM Buy and hold. Good luck men. If it goes lower buy more.
Title: Re: Everyone stop panicking and read this Post by: Bit_Happy on June 20, 2011, 05:20:30 AM Everyone stop panicking and read this.
+1 For helping remind people not to panic. I'm trying to do the same: When the Hot Deadly Lava from MtGox is Inches from Your Feet how Will YOU React? (http://forum.bitcoin.org/index.php?topic=19880.0) Title: Re: Everyone stop panicking and read this Post by: Tx2000 on June 20, 2011, 05:31:45 AM It's a learning process. It's going to be painful but hopefully in the end, it will make the bitcoin stronger.
Title: Re: Everyone stop panicking and read this Post by: Noam on June 20, 2011, 06:12:55 AM +1 Title: Re: Everyone stop panicking and read this Post by: marcus_of_augustus on June 20, 2011, 06:13:13 AM Quote One large such example is an attempt to split the blockchain. I fear that until someone actually tries this, there may be more serious issues lurking which we can't forsee. How do you know with such certainty that this "test" has not already taken place? If you can find a suitably sized machine/network (~6Thash/s) we could test it ... but the days of a feasible >50% attack are behind us with the current technology ... ... there have been some pretty impressive ramp-ups and collapses in network hashrate that suggest such "tests" have already taken place in the past. Title: Re: Everyone stop panicking and read this Post by: flug on June 20, 2011, 08:38:59 AM +1
Title: Re: Everyone stop panicking and read this Post by: klaus on June 20, 2011, 08:43:44 AM +1 Great !
Title: Re: Everyone stop panicking and read this Post by: jatajuta on June 20, 2011, 08:50:29 AM +1
Hooray! Title: Re: Everyone stop panicking and read this Post by: garyrowe on June 20, 2011, 08:54:51 AM One thing that will help is if someone can post up a set of good secure design practices. This will help those developing new Bitcoin based websites to ensure that their sites won't get immediately cracked. I'm thinking of a minimum set of architecture requirements that can be used as a ticklist.
I'm not simply saying "TrueCrypt your wallet!" - that advice is fine for casual users. If you're developing a large scale system with lots of wallets what would you do to ensure the safety of your clients? Title: Re: Everyone stop panicking and read this Post by: oyster2000 on June 20, 2011, 08:56:00 AM to me it sounds like a rouge auditor not getting paid enough ... or a semi pro using a compromised windows machine.. eitherr way there is going to be many more heists oof btc in the future like this.. its to be expected.. i think only looser here is mtgox as their rep is screwed now.. time for more exchamges to come out of the woodwork and put down the mtgox monopoly... but who to trust .. whos next to get greedy and slam some more bad press around .. totally expect more of the same
Title: Re: Everyone stop panicking and read this Post by: bitclown on June 20, 2011, 09:07:19 AM So it was not website insecurity, but poor practices. Yes... Somehow a cracker just happened to manually discover and root a box with a db connection to Mt. Gox out of the blue. And this excuse comes from the same people who have been disregarding all the recent reports of compromised accounts as client infections?Title: Re: Everyone stop panicking and read this Post by: Litt on June 20, 2011, 06:33:33 PM Finally it's like we are back at the beginning of the year when forum was still filled with adults. Thank you for this because I share the exact same sentiment.
Most important thing we have to remember now and in the future is that this is just the beginning. We are all early adapters and we have got to play the part in helping it become mainstream. No one else will do this for us. We have yet to face the real challenges of bitcoin which are ahead and the community can't forget that many people/organization with lot to lose will try to throw wrenches in bitcoin's path. This is just small bump of the road that really didn't do anything to compromise Bitcoin's actual security. Media outlets will already do the jobs of sensational reporting when infact it was just a compromised computer of an auditor which compromised the db of a single exchange. Title: Re: Everyone stop panicking and read this Post by: GideonGono on June 20, 2011, 06:39:50 PM +1
Title: Re: Everyone stop panicking and read this Post by: ivank2139 on June 20, 2011, 07:24:20 PM One principle of web site design for the Exchanges to follow is "Defense in Depth". don't depend on a single feature to be your security, all aspects of the system require minimum access privileges and very fine grained audit controls and monitoring. If one has permissions to access a database it should be further restricted to what tables and rows are appropriate. All the way down to every file on every system in the enterprise. Who owns it , who can read it (and how often!), who can change it. who can delete it. Keep in mind that once it is read it can be let loose in the wild with another few steps. That has to all be monitored and logged. and the system must do it automatically and with alerts to the watchers.
Title: Re: Everyone stop panicking and read this Post by: saqwe on June 20, 2011, 07:48:14 PM +1
Title: Re: Everyone stop panicking and read this Post by: CalumMc on June 20, 2011, 07:54:22 PM i totally agree with all you said
Title: Re: Everyone stop panicking and read this Post by: bitbitcoincoin on June 20, 2011, 07:54:36 PM Great post. These are very real growing pains that this emerging currency is going through. It's not gonna be a smooth ride with the amount of people who feel threatened by the idea of a decentralized currency becoming mainstream, but as long as you try and keep a level head while ignoring the chicken little doomers you should be fine.
|