|
Title: TradeHill - Status update - resuming service / some accounts disabled Post by: Jered Kenna (TradeHill) on June 20, 2011, 04:10:14 PM TradeHill is back up.
We have made a few changes in regards to security: As of right now we have given our users 12 hours to change their passwords. Implemented a captcha system (no we don't like them either) Lock accounts out after several failed attempts. We are being bombarded with attempts to access our site using the Mt Gox account list. We have disabled a number of accounts to prevent unauthorized access. If your account is disabled send us an email. More changes are on the way. Regards, Jered Title: Re: TradeHill - Status update - resuming service / some accounts disabled Post by: sang on June 20, 2011, 04:19:21 PM As noted in the other thread, giving us the option to change our email's (if possible) would go along way to improving security.
Title: Re: TradeHill - Status update - resuming service / some accounts disabled Post by: Klestin on June 20, 2011, 04:24:39 PM Or how about a forgot password reset system?
Title: Re: TradeHill - Status update - resuming service / some accounts disabled Post by: airdata on June 20, 2011, 04:26:28 PM Great.
Dwolla also implements a PIN number system in addition to their password. Which is painless and adds another bit of security. I will check you guys out later in the day. Title: Re: TradeHill - Status update - resuming service / some accounts disabled Post by: SpaceLord on June 20, 2011, 04:28:12 PM I'd gladly trade on TradeHill, if I could get a password reset. It's genius not allowing me to reset it...
Title: Re: TradeHill - Status update - resuming service / some accounts disabled Post by: Jaime Frontero on June 20, 2011, 04:29:50 PM i've changed my password - although i wasn't prompted to do so when i logged in a few (five) minutes ago.
i won't have to do it again, will i? that is: is a site-wide prompt to change passwords still coming? Title: Re: TradeHill - Status update - resuming service / some accounts disabled Post by: Jered Kenna (TradeHill) on June 20, 2011, 04:34:53 PM Passwords:
We have been resetting passwords manually. If we can handle the volume manually we won't implement the automatic feature when we can devote time to other security issues. For the moment send an email to info@tradehill.com and we will reset it immediately. PIN: It's in the works. We would prefer to keep unauthorized users out but a pin on withdraws would be an additional level of security. Email changes: They are currently the account names. We're looking in to options here and will announce changes to the system. Title: Re: TradeHill - Status update - resuming service / some accounts disabled Post by: Jered Kenna (TradeHill) on June 20, 2011, 04:35:44 PM i've changed my password - although i wasn't prompted to do so when i logged in a few (five) minutes ago. i won't have to do it again, will i? that is: is a site-wide prompt to change passwords still coming? Most likely no. Title: Re: TradeHill - Status update - resuming service / some accounts disabled Post by: Klestin on June 20, 2011, 05:38:25 PM Passwords: I made this request via email three hours ago, no response yet. I realize you guys are probably swamped, so perhaps it's still in queue. For the moment send an email to info@tradehill.com and we will reset it immediately. Title: Re: TradeHill - Status update - resuming service / some accounts disabled Post by: SpaceLord on June 20, 2011, 06:58:48 PM Passwords: I made this request via email three hours ago, no response yet. I realize you guys are probably swamped, so perhaps it's still in queue. For the moment send an email to info@tradehill.com and we will reset it immediately. Same thing here. Title: Re: TradeHill - Status update - resuming service / some accounts disabled Post by: Yankee (BitInstant) on June 20, 2011, 07:12:59 PM Passwords: I made this request via email three hours ago, no response yet. I realize you guys are probably swamped, so perhaps it's still in queue. For the moment send an email to info@tradehill.com and we will reset it immediately. Give them some time, They are dealing with over 50,000 users! Title: Re: TradeHill - Status update - resuming service / some accounts disabled Post by: Nefario on June 20, 2011, 08:04:31 PM Tradehill compromised.
http://securityforthemasses.blogspot.com/2011/06/someone-offering-tradehill-bitcoin.html Title: Re: TradeHill - Status update - resuming service / some accounts disabled Post by: TraderTimm on June 20, 2011, 08:16:49 PM Invalid bouncing email address claims that Tradehill compromised. http://securityforthemasses.blogspot.com/2011/06/someone-offering-tradehill-bitcoin.html Fixed that for you. Title: Re: TradeHill - Status update - resuming service / some accounts disabled Post by: JackH on June 20, 2011, 08:23:16 PM How can people be so blind and dumb and believe that something popping out of the blue, offering to facilitate a service will actually work. These Tradehill people may have good intentions, but who can handle this type of traffic such an exchange is receiving. And who can handle having all the geeks on the internet attacking them all the time.
I am sorry, but unless a big corporation or a bank steps in with some serious money backing it up this is a just mtgox.com all over. Errors are already popping up and the software is untested and repairing it on the fly just doesnt work!!! Its about money people, MONEY! Title: Re: TradeHill - Status update - resuming service / some accounts disabled Post by: SpaceLord on June 20, 2011, 08:47:39 PM Passwords: I made this request via email three hours ago, no response yet. I realize you guys are probably swamped, so perhaps it's still in queue. For the moment send an email to info@tradehill.com and we will reset it immediately. Give them some time, They are dealing with over 50,000 users! 6 hours later, no email to reset my password. Just sayin'. Title: Re: TradeHill - Status update - resuming service / some accounts disabled Post by: Yankee (BitInstant) on June 20, 2011, 08:57:32 PM Passwords: I made this request via email three hours ago, no response yet. I realize you guys are probably swamped, so perhaps it's still in queue. For the moment send an email to info@tradehill.com and we will reset it immediately. Give them some time, They are dealing with over 50,000 users! 6 hours later, no email to reset my password. Just sayin'. I assure you, they are doing their best. Send a PM to JeredKenna on this forum, he is one of the guys who runs TH Title: Re: TradeHill - Status update - resuming service / some accounts disabled Post by: Bunghole on June 20, 2011, 09:16:54 PM I just had a funny thought of the Trade Hill guys sitting around in diapers today, so that they don't have to take the time to go to the bathroom.
Title: Re: TradeHill - Status update - resuming service / some accounts disabled Post by: killer2021 on June 20, 2011, 09:49:41 PM How can people be so blind and dumb and believe that something popping out of the blue, offering to facilitate a service will actually work. These Tradehill people may have good intentions, but who can handle this type of traffic such an exchange is receiving. And who can handle having all the geeks on the internet attacking them all the time. I am sorry, but unless a big corporation or a bank steps in with some serious money backing it up this is a just mtgox.com all over. Errors are already popping up and the software is untested and repairing it on the fly just doesnt work!!! Its about money people, MONEY! So when are you opening up the JackH bitcoin exchange? Just saying. Title: Re: TradeHill - Status update - resuming service / some accounts disabled Post by: Jered Kenna (TradeHill) on June 20, 2011, 10:57:12 PM Passwords: I made this request via email three hours ago, no response yet. I realize you guys are probably swamped, so perhaps it's still in queue. For the moment send an email to info@tradehill.com and we will reset it immediately. Give them some time, They are dealing with over 50,000 users! 6 hours later, no email to reset my password. Just sayin'. We've been reseting passwords / accounts if we missed anyone please email us again. We will be adding a feature to reset your own account soon but we are receiving a lot of hack attempts and do not want to rush anything that could potentially be exploited. Title: Re: TradeHill - Status update - resuming service / some accounts disabled Post by: chihlidog on June 20, 2011, 10:59:05 PM Passwords: I made this request via email three hours ago, no response yet. I realize you guys are probably swamped, so perhaps it's still in queue. For the moment send an email to info@tradehill.com and we will reset it immediately. Give them some time, They are dealing with over 50,000 users! 6 hours later, no email to reset my password. Just sayin'. We've been reseting passwords / accounts if we missed anyone please email us again. We will be adding a feature to reset your own account soon but we are receiving a lot of hack attempts and do not want to rush anything that could potentially be exploited. Could you elaborate a little on these hack attempts and how secure your site is? Title: Re: TradeHill - Status update - resuming service / some accounts disabled Post by: Karen Palen on June 20, 2011, 11:02:30 PM I just had a funny thought of the Trade Hill guys sitting around in diapers today, so that they don't have to take the time to go to the bathroom. YOU may think it funny, but actually WEARING (and USING) the diapers is no fun at all! My sympathies to the "worker bees" at any of the trading sites - I know from personal experience that diapers are the very least of the pain (humiliation, whatever, ???) that you are enduring right now! I have been there and can only offer sympathy - OTH diapers are WAY better than an IED that takes some vital body part! :'( Title: Re: TradeHill - Status update - resuming service / some accounts disabled Post by: Jered Kenna (TradeHill) on June 20, 2011, 11:05:17 PM Passwords: I made this request via email three hours ago, no response yet. I realize you guys are probably swamped, so perhaps it's still in queue. For the moment send an email to info@tradehill.com and we will reset it immediately. Give them some time, They are dealing with over 50,000 users! 6 hours later, no email to reset my password. Just sayin'. We've been reseting passwords / accounts if we missed anyone please email us again. We will be adding a feature to reset your own account soon but we are receiving a lot of hack attempts and do not want to rush anything that could potentially be exploited. Could you elaborate a little on these hack attempts and how secure your site is? A lot of brute force attacks using the Mt Gox compromised user names. As far as we know no one has logged in using one of the Mt Gox accounts. We have seen a lot of attempts and implemented a captcha and accounts are locked after several failed attempts now. This appears to be keeping them out. We are implementing other features as well which will be announced soon. Regards, Jered Title: Re: TradeHill - Status update - resuming service / some accounts disabled Post by: Yankee (BitInstant) on June 21, 2011, 01:01:24 AM Passwords: I made this request via email three hours ago, no response yet. I realize you guys are probably swamped, so perhaps it's still in queue. For the moment send an email to info@tradehill.com and we will reset it immediately. Give them some time, They are dealing with over 50,000 users! 6 hours later, no email to reset my password. Just sayin'. We've been reseting passwords / accounts if we missed anyone please email us again. We will be adding a feature to reset your own account soon but we are receiving a lot of hack attempts and do not want to rush anything that could potentially be exploited. Could you elaborate a little on these hack attempts and how secure your site is? A lot of brute force attacks using the Mt Gox compromised user names. As far as we know no one has logged in using one of the Mt Gox accounts. We have seen a lot of attempts and implemented a captcha and accounts are locked after several failed attempts now. This appears to be keeping them out. We are implementing other features as well which will be announced soon. Regards, Jered Jered is the man Title: Re: TradeHill - Status update - resuming service / some accounts disabled Post by: Jaime Frontero on June 21, 2011, 01:13:29 AM damn internet is like a pack of jackals, waiting to pounce.
i think it's about time i spent a little more time investigating QubesOS ( http://qubes-os.org/Home.html ). the beta 1 is up. you can actually open something like the Bitcoin client; and only allow it a single port, whilst the rest of your environment sails blithely on... now how cool is that? |