You did business with MTGox. It's such an extraordinary event, that MTGox themselves are the ones who get to make any decisions in this matter. The market will reward or punish their choice. Personally I think MtGox is in the right in this instance.
Reverting might be the lesser evil for some, of course ideally the exchanger would eat the bullet, revert and let the low-price-sellers profit - repay them from own pocket. Getting FBI/CIA involved by giving them logs is not something that users of free, libertarian, bettern-then-government "money" system would love too much I guess. |
|
|
|
- Having to deal with FBI, provide logs and proof
Need more CIA in Bitcoin, the free and libertarian money for everyone!Auditor gets all the passwords, CIA then gets all the logs? How much information will be given to whom exactly? What about any kind of banking privacy - I hope this will be handled better then up to date? |
|
|
|
You stole 643 btc. Congrats.
Why would you call that stealing. I go to art baazaar. See some painting for just 1 USD and I buy it. This sort of paintings where between 1 usd and 1000 usd in last year I suppose, but I don't even have to know that or be art market expert. If later it turns out that the painting was brought to the trading place not by lawful owner, but by someone that stolen it from next room, or stolen it weeks ago, or got this painting in exchange for some work that was not done well so it was sort of "stolen" .... then why do I care about this all, exactly? |
|
|
|
We need to really start bringing attention to the censorship here.
Again, for uncensored forums - go Freenet So, are you defending the admins of the OFFICIAL forums for manipulating the debate in the favor of power players. to the detriment of the community? Nope, just saying where to find forums that can never be censored at all. Seems like good place to discuss bitcoins. Freenet's Frost board "bitcoin", also on FMS and Freetalk. |
|
|
|
Hey I seen that link before. Must you spam your websites each 5 posts in each thread each minute of each hour? |
|
|
|
"please use Google Chrome to view this page" What the hell is that? |
|
|
|
bitomat.pl is safe. Admin forced us to change our passwords and that's all. Exchange is still working.
Bitomat is carrying the Bitcoin show right now. Why is Bitcoin so popular in Poland? All crypto is popular in PL, btw. |
|
|
|
i just received a mail from  MtGox with a self extracting archive ( .exe ) purporting to be a certificate to help combat this.... no way am i opening it, it got captured by my spam services anyhow but really.. who the hell is gonna trust an executable from them now ? Not for them. From: can be trivially spoofed. Don't run any .exe Don't use windows. Don't touch windows with 20 meter stick while doing anything related to security of more then few bucks. Jesus, guys. |
|
|
|
We need to really start bringing attention to the censorship here.
Again, for uncensored forums - go Freenet |
|
|
|
I had created a thread with the title of this post, which garnered over 3000 views and over 60 replies.
It was deleted.
Not locked. Not moderated. But expunged.
It was actually full of lively debate from a lot of people other than myself.
Expunged.
Why?
We need to really start bringing attention to the censorship here.
I call shenanigans. This is obviously a move by the admins of this forum for damage control, to keep Mt. Gox from suffering the fate it so rightly deserves.
You want 100% uncensorable forum - post your post to Freenet. Freenet + Frost setup is 5 minutes, +Freetalk is another 2. Anyway what was the post about? Did it contains something "bad" like more leaked private information etc? |
|
|
|
Now, simple question: how can people possibly visit a .bit website?
Easy for you, just use one of the DNS servers that support it. The problem is getting other people to use them. Meh for a moment I thought you all chipped in and actually bought .bit TLD. |
|
|
|
Well first off, dont worry to much about it, its much of work do de-crypt Salted-md5 if you dont have the salt.
this can happend to any site.
i wouldnt even say the got hacked, The admin probebly got cought in a botnet(blackshades, Cybergate,
Captain Latency to the rescue. Been drunk all weekend too or posting this via Freenet?  |
|
|
|
Are you shitting us?
Secure == code_security AND response_teams,
not "OR".
Why do you ask "Are you shitting us?" and then repeat my statement. ADHD?
Your statement looked like if you said it otherwise. Like if you said "... but don't worry about the bad code, the RESPONSE is what matters" Never mind then  |
|
|
|
i smell lawsuits coming to mtgox.
Good luck suing some guy in Tokyo who is only reachable via IRC. MtGox doesn't even have a postal address to write to. Why people here and on slashdot keep repeating that? Mtgox.com was giving it's company address on their website. K.K. Tibanne 24-30, Kugayama 5-Chome Suginami-ku, Tokyo 168-0082 Sheeesh you guys need to learn your googles and html link clicking thingies. |
|
|
|
"Last time I checked the source code of them... they didn't use parametrized queries. I hope they do now, if security is so important for them."
Security is not just in the code. Management's response to incidents is just as important
Are you shitting us? Secure == code_security AND response_teams, not "OR". |
|
|
|
Who trusts Gavin anyway?
Well... the FBI? (conference) |
|
|
|
What I want to know is, does MT Gox plan on refunding our money? (20BTC of mine was taken just a couple of days ago - and I emailed him from the mtgox website well before this post ever appeared, but i haven't gotten any reply)
From IRC several hours ago 09:01 MagicalTux • thermal: we checked the logs, the CSRF found by phantomcircuit was never exploited Doesn't look like it. They could had just used MySQL injection instead (the 2nd bug as people say in forums) - the database of all users+passwords(weak hash) is leaked. |
|
|
|
My Gmail account reported suspicious activity and I had to reset my password there. I'm using http://howsecureismypassword.net/ to determine the strength. >600yrs to crack on a normal PC it says. So maybe 60 yrs on a mining rig, good enough for now! You are using http://howsecureismypassword.net/ and entering your password there? Let's keep finger crossed the admin of that site is not logging the requests anywhere! Or his hosting, or possible his and your ISP and all ISP in between if this checker is in http instead https. And people able to buy forged SSL certs for MITM attacks even if it is https. |
|
|
|
so obviously its md5, and the salt is contained within db entry, but what method are they using to get the unicode characters back into hex strings that most password crackers utilize for reversing md5?
Mother of god... I'm usually coding a web game page (no money) more securely... |
|
|
|
Which is why we salt passwords before hashing them. It might take seconds to find "monkey" but it'll take ages to find "monkeyefweug#%_#Tsafwef24g" and the user doesn't have to remember that second part. Really if the database is compromised the salt is in there with the hash so it doesn't help much but it DOES at least make it so that two people using the same password won't both be compromised by simply compromising one of them. It also makes "rainbow tables" (giant tables of common passwords and what they hash to) ineffective.
It depends - if ( if, I'm not sure how this is in case of mtgox) entire users database was leaked, then usually you also have the salts for each user right there in the database. On the other hand, if they coded is smartly, they also used extra salt that is only in the source code and not in database - that one should help indeed. |
|
|
|
|
Show Posts
