Bitcoin Forum
June 23, 2024, 09:45:54 AM *
News: Voting for pizza day contest
 
  Home Help Search Login Register More  
  Show Posts
Pages: « 1 ... 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 [168] 169 »
3341  Bitcoin / Bitcoin Discussion / Re: [Emergency ANN] Bitcoinica site is taken offline for security investigation on: May 18, 2012, 02:09:21 AM
claims works fine on my chrome, www doesn't resolve ever since the incident

this works for me.

https://173.45.224.244/
3342  Economy / Lending / Re: Looking for a 6 day, $5, $175 Dwolla loan. on: May 17, 2012, 04:47:44 PM
$190 ??
3343  Bitcoin / Bitcoin Discussion / Re: [Emergency ANN] Bitcoinica site is taken offline for security investigation on: May 14, 2012, 06:15:00 PM
If anything of the following happened this would be prevented:
[...]
- We should not use the official Bitcoin client because it's very hard to secure it without large investments and affecting instant withdrawals in large amounts.

Can you please explain how using some other software— even a HSM— could have prevented the wallet your site actively withdraws from at the request of users from being robbed by an attacker with root access to your servers?


Here is an interesting dicussion.  

https://bitcointalk.org/index.php?topic=81341

The info on the Thales links offers some interesting solutions for the security minded.

http://www.thales-esecurity.com/Products/Hardware%20Security%20Modules/nShield%20Edge.aspx

JoelKatz also had an interesting solution a few pages back:
/quote/
The correct solution is really never to use a hot wallet at all. There is no reason a key ever needs to be on a machine with Internet access. Methods to sign something with a key while preventing theft of the key or signing of bogus data are well understood since certificate authorities worked them all out. The irony is that CAs frequently ignore these well-understood security practices too.

One way is to a have a machine that is physically secure whose sole purpose is to sign transactions. It can talk over a serial port to a machine with Internet access. The software on the physically-secure machine controls the signing of transactions and is the only machine that can actually process a withdrawal. Any thief could, at most, compromise the machine at the other end of the serial port and would be limited to the commands that exist over the serial link. He could never extract a key that can sign Bitcoin transactions nor can he process a transaction that doesn't meet your security requirements. Yet transactions that do meet those requirements can process without human intervention.
/quote/
3344  Other / Beginners & Help / Re: WTB BTC for Dwolla on: May 12, 2012, 11:42:27 PM
Not 24. 
3345  Bitcoin / Bitcoin Discussion / Re: [Emergency ANN] Bitcoinica site is taken offline for security investigation on: May 12, 2012, 01:08:29 PM
Photo of Zhou

https://intersango.com/about-us.php
3346  Bitcoin / Bitcoin Discussion / Re: [Emergency ANN] Bitcoinica site is taken offline for security investigation on: May 12, 2012, 12:55:56 PM
You can beat up on Zhou all you want and he seem to be taking it pretty well considering his position but I'd like to know why we have not heard anything official from these guys.

https://bitcoinconsultancy.com/

And is their site down or is it just me?
3347  Economy / Service Announcements / Re: [Announce] Coindl.com - a new digital downloads marketplace powered by Bitcoin on: May 11, 2012, 11:38:02 PM
Slick.  I just bought "Bitcoin - What It Is and Why It Matters" by sending BTC to the address.  I tried the Buy Now button but Chrome tried to pop open my Armory wallet which I don't use.  Anyway to change the default?

Thx.
3348  Other / Beginners & Help / Re: WTB BTC for Dwolla on: May 11, 2012, 11:06:11 PM
Too late.  He bailed.
3349  Other / Beginners & Help / Re: WTB BTC for Dwolla on: May 11, 2012, 10:40:59 PM
pyrodeej  Check your address to be sure you received the test transaction.
3350  Other / Beginners & Help / Re: WTB BTC for Dwolla on: May 11, 2012, 10:39:47 PM
PSY why are you such a naysayer.  All of your comments are so negative.
3351  Other / Beginners & Help / Re: WTB BTC for Dwolla on: May 11, 2012, 10:31:45 PM
My risk not yours.
3352  Other / Beginners & Help / Re: WTB BTC for Dwolla on: May 11, 2012, 10:07:27 PM
Check your messages.
3353  Other / Beginners & Help / Re: WTB BTC for Dwolla on: May 11, 2012, 09:58:23 PM
How Many do you need.
3354  Bitcoin / Bitcoin Discussion / Re: What can really be done about server hacking on: May 11, 2012, 09:56:54 PM
How about don't let the hacker reset your password and login to your server?

+1.  Anybody attempting to host a currency exchange where their machines aren't in a locked cabinet/cage that only they have the key to is only fooling themselves if they think they're being professional.

DeathandTaxes I don't think you can get any more secure then this but I think more then a few of the cloud services could be made just as secure with out owning all the hardware.
3355  Bitcoin / Bitcoin Discussion / Re: What can really be done about server hacking on: May 11, 2012, 09:44:15 PM
So are you saying the server has to reboot to change the root password and the encrypted disk would not be automatically remounted on reboot?   I use keys on all my server so I'm not familiar with this.
3356  Bitcoin / Bitcoin Discussion / Re: What can really be done about server hacking on: May 11, 2012, 09:35:44 PM
Not sure.  Sounds like an email account was accessed which was used to reset the server password.  Seems like "they" had root access.
3357  Bitcoin / Bitcoin Discussion / Re: What can really be done about server hacking on: May 11, 2012, 09:30:59 PM
Steve,

Thanks for starting this thread.  I think except for those who have BTC tied up in the downed servers the best that can come of this latest incident if for the community to  share their best practices while we come to understand what the root cause of Bitcoinica's issue so others can prevent similar incidents in the future.  I hope others will see fit to post insightful info for the benefit of the community.

Thanks.
3358  Bitcoin / Bitcoin Discussion / Re: [Emergency ANN] Bitcoinica site is taken offline for security investigation on: May 11, 2012, 09:24:16 PM
Have we hear from Bitcoin Consultancy/Intertsango?  Sorry if I missed it in this long and mostly annoying thread.
3359  Other / Beginners & Help / Re: Bitconica on: May 11, 2012, 09:15:43 PM
The Benefit of Route53 is to have an aws name server to route traffic to internal aws ip's.  Just curious that they would by pointing to external ips.  Must use aws for back up.
3360  Other / Beginners & Help / Re: dwolla alternatives on: May 11, 2012, 09:13:00 PM
https://www.bitinstant.com/
Pages: « 1 ... 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 [168] 169 »
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!