You aren't the only "OMG we tried to warn them but they DINT LISEN" bozo who was proven wrong by tonight's interview. There are/were a lot of expert opinions, ie, wild guesses being thrown around.
i'm not clear what you think i said that has been 'proven wrong', but i believe you're mistaken. Spare us the "it's not worth debating this if you're not a technical person yourself" snobbery. You may rest assured that I understand the difference between a XSRF and SQL injection. I get paid to make damn sure such things keep running smoothly.
I'm sure your e-peen is so massive it would stampede the women and scare the children, so please keep it private and to yourself.
this again is just the sort of childish response that i'm critiquing. you referred to 'XCHMLL bugs that cause HTXL->BTC overflows or whatever'; a reasonable inference from that kind of a comment is that you have little technical understanding of the concepts we're discussing. if that is not true, you can't fault me for picking up on an anti-intellectual mannerism you intentionally put forward. It's not that hard: the interview tonight (did you watch it?) about the break-in proved that ALL the people who were claiming they knew the cause of the MtGox heist were WRONG. Your petulant lack of humor is far more childish than my poking fun at the idea of technobabble as a compelling explanation for the MtGox situation. Your humorless, grumpy inference regarding my technical understanding of the concepts at hand was not reasonable, especially given my previous posts and demonstrated hash rate. |
|
|
|
With the proper authorizations many people can perform a penetration test of the web site. It should be fairly easy to run one, or contract to do it, and publish the results. It would certainly be worthwhile to have some evidence of security in place.
Some people can do the pen testing without authorization but not legally from the USA.
That's right Ivan. If a site won't publish the results from one or more of the readily-available penetration testing services, you should assume that their code is ready to be opened up by hackers like a tin can of sardines with a pull-tab. |
|
|
|
Nice try, gotcha guy. But it turns out that the supposed MtGox "hack" was an inside job. It had NOTHING to do with XSRF, SQL, or whatever technical point the oversensitive guy (who ran away rather than debate mean, stinky libertarians) was previously belaboring.
mt. gox was, within the last week and by their own admission, vulnerable to cross-site request forgeries. i don't recall "s" ever saying anything about sql injection, which is harder to detect without access to the code. (it's not worth debating this if you're not a technical person yourself.) Nobody is debating whether the XSRF vulnerability existed any longer, as it was demonstrated on Friday night. It's been fixed and had nothing to do with the break-in, which was the fault of MtGox's finance auditor AND NOT THE RESULT OF XSRF, SQL, TROJANS, TEMPEST, OR WHATEVER YOUR BUDDY WAS MOANING ABOUT. Now the issue is that so many were so quick to point fingers immediately following the MtGox breach, without bothering to confirm or verify anything with the principals involved. You aren't the only "OMG we tried to warn them but they DINT LISEN" bozo who was proven wrong by tonight's interview. There are/were a lot of expert opinions, ie, wild guesses being thrown around. Spare us the "it's not worth debating this if you're not a technical person yourself" snobbery. You may rest assured that I understand the difference between a XSRF and SQL injection. I get paid to make damn sure such things keep running smoothly. I'm sure your e-peen is so massive it would stampede the women and scare the children, so please keep it private and to yourself. |
|
|
|
i really just have a particular type of poster in mind. it's not everyone who happens to be a libertarian; it's the rabid, often teenage ones who think that any criticism of the bitcoin protocol must be motivated by a brainwashing from the 'state'.
Many teens have yet not learned to tolerate the ignorant hypocrisy of those whose knee jerk objections to bitcoin not only are specifically addressed by the design, but obviously apply to the fiat money created by the State. That's a good thing. I like people who stand up and vigorously defend their values and beliefs. If you, or the other guy who left, can't look past their enthusiasm, vehemence, and zeal that's your problem. Even a reasonable adult might get sick having to repeatedly point out that federal reserve notes are way more of a fake Ponzi rip-off scam than any form of cryptocash.  these were not lessons to learn; these are obvious to anyone with even the slightest experience in systems security. as i said, a good critical user who visited the forum for a week pointed them out, specifically, along with a variety of other problems. either there's too much noise or too much complacency for people to listen or learn before the problems manifest themselves. Nice try, gotcha guy. But it turns out that the supposed MtGox "hack" was an inside job. It had NOTHING to do with XSRF, SQL, or whatever technical point the oversensitive guy (who ran away rather than debate mean, stinky libertarians) was previously belaboring. |
|
|
|
buttcoin is hilarious, i'm sorry, and If you really don't get the humour in satiring a website then I don't know what to think.
It's not just satire. He is all about hating on bitcoins. If he supported them, he would not spend his time doing this. It's more than a joke. It's vicious From Gulliver's Travels to South Park, good satire is nothing if not vicious. Calling them shitcoins would be vicious; buttcoin is merely a hilarious spoof. By taking everything so seriously, you play into their smarmy critique, and make it funnier to boot. |
|
|
|
This mtgox biz and many other things which we are witnessing with bitcoin will be in history books.
History books? Hell, I feel like I've been living inside a Bruce Sterling sci-fi novel for the last month. Today topped them all, as an especially Islands-In-The-Net kind of day. Damn those data pirates! /wants razorgirl bodyguard |
|
|
|
OP is a moron.
You'd generally export those values as strings for enhanced readibility when combined and thrown together in, say, a table. Key word here is EXPORT.
You act as if there is no way to convert that json element back to a float.... silly.
Such an ironic mistake is pretty amateurish, no? Although you gotta admit that the guy is pretty darn good at getting worked up, pointing fingers, and name-calling.
A senior level programmer would not make this trivial mistake. My firm wouldn't even hire for junior level the people who designed such a thing should fire me for being such a presumptuous donkey.
ftfy |
|
|
|
|
khal,
Are you doing any security upgrades to prevent the kind of attacks we've seen on MtGox?
|
|
|
|
I didn't provide that person with my email address or opt-in to their messages. This makes it spam.
No, that's incorrect. For example, reference the situation which occurred at Gawker: http://opensource.com/life/10/12/what-hintio-and-why-are-they-emailing-you So what of hint.io, then? It appears to be the tool for a group that took matters into their own hands after Gawker opted to leave its users in the dark. TNW (The Next Web) calls them "good Samaritans." But at least one commenter there thinks that those sending the emails are as bad as those who compromised the accounts to begin with, since they're using the compromised data to sent the alerts.
As one of the recipients, I disagree. I'm thankful for their transparency where Gawker was unwilling. The data has been released. That can't be changed. But they've used it for good, not evil. Or at least as an effort to help prevent more evil. I've already explained the difference between "any email that hurts your feelings" and "spam." This is like trying to reason with someone that calls anyone who disagrees with them in an online forum a "troll." |
|
|
|
this may sound petulant, and my apologies if it is, but i distinctly recall the user "s" pointing out in this forum the importance of cross-site request forgeries and the fact that many popular bitcoin-related websites were vulnerable to them. he (or she) then left the forum and deleted all his/her posts, having been pushed away by extreme libertarians.
this is another example of the tone of the forums posing a problem for the bitcoin community, which could benefit from more inclusiveness, diversity of opinion, and politeness. if people had listened to "s" rather than dismissing that user's concerns as somehow hostile to bitcoin because they didn't 'toe the line', many problems could have been addressed months ago.
I, too, Blame Ayn Rand for all evil in the world and especially on this forum. /s That's actually more lulzy than petulant. I think we've all learned some valuable lessons today, about boring web standards' XCHMLL bugs that cause HTXL->BTC overflows or whatever. And not using the same l/p. And due diligence. |
|
|
|
Seems like the simplest defense against this would be to use a moving average to base the withdraw limits off.
That would be the 2nd simplest defense. The most simple defense would be a circuit-breaker that automatically halts trading in the event of a flash crash or other anomalous event. I'm absolutely sure that I'm the very first one to suggest that MtGox and the rest implement this. *files with patent office* |
|
|
|
Seven emails from someone I don't know, giving me advice I don't need, encouraging me to change exchanges even though I already have accounts at both, and trying to get referral fees out of it - that sure meets my definition of spam.
Spam is getting advertisements for male performance products or whatever, for no good reason, out of the blue. Ms. BS's timely and responsive email blast was primarily an advisory about the MtGox situation, with the additional option of using TradeHill as a handy replacement also being provided. Your objections just go to show that no good deed goes unpunished. |
|
|
|
hehehe
hehehe
hehehe
It's too bad we have no idea what this function dose. You think the client software is infected? Or the people behind the attack are bitcoins founders?
This is like something out of a movie.
It would seem that hehehe is how you call the Lulz function. |
|
|
|
Delivered-To: x@x.comReceived: by 10.52.183.73 with SMTP id ek9cs4491vdc; Sun, 19 Jun 2011 16:15:17 -0700 (PDT) Received: by 10.91.72.28 with SMTP id z28mr5024515agk.61.1308525316970; Sun, 19 Jun 2011 16:15:16 -0700 (PDT) Return-Path: < goemitar@bonecrusher.gulfsouthmedia.com> Received: from bonecrusher.gulfsouthmedia.com (bonecrusher.gulfsouthmedia.com [209.223.236.66]) by mx.google.com with ESMTPS id f2si9221695anb.176.2011.06.19.16.15.16 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 19 Jun 2011 16:15:16 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of goemitar@bonecrusher.gulfsouthmedia.com designates 209.223.236.66 as permitted sender) client-ip=209.223.236.66; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of goemitar@bonecrusher.gulfsouthmedia.com designates 209.223.236.66 as permitted sender) smtp.mail=goemitar@bonecrusher.gulfsouthmedia.com Received: from goemitar by bonecrusher.gulfsouthmedia.com with local (Exim 4.69) (envelope-from < goemitar@bonecrusher.gulfsouthmedia.com>) id 1QYRD2-0004XV-Fn for x@x.com; Sun, 19 Jun 2011 18:15:16 -0500 To: x@x.comSubject: Mt Gox has been hacked X-PHP-Script: www.goemitar.com/mailto.php for 84.194.195.139, 173.245.53.210 From: A Bitcoin Supporter < Bitcoin@unknown.com> Message-Id: < E1QYRD2-0004XV-Fn@bonecrusher.gulfsouthmedia.com> Date: Sun, 19 Jun 2011 18:15:16 -0500 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - bonecrusher.gulfsouthmedia.com X-AntiAbuse: Original Domain - x.com X-AntiAbuse: Originator/Caller UID/GID - [639 634] / [47 12] X-AntiAbuse: Sender Address Domain - bonecrusher.gulfsouthmedia.com Dear Sir or Madam, A few hours ago the Bitcoin trading website Mt Gox has been hacked. Malicious individuals have been able to obtain a database containing usernames, email address and encrypted passwords. This information has been posted publicly on the internet. As a Bitcoin supporter I'm now sending a message to every email address contained in the hacked database. This is to warn you that your username, email address and password have been leaked. I therefore strongly advice you to change your passwords. If you have used the same password on different websites it's highly recommended to change your password on all of your accounts! For a more secure alternative to Mt Gox, the community appears to be moving to TradeHill. So this is no reason to lose faith in Bitcoin itself. It must be seen as a warning that not every website can be trusted with your data however! Their link is http://www.tradehill.com/?r=TH-R15683 (Note: You can remove the Referral Code when registering if you want!) This is certainly not the only website where you can exchange Bitcoins, also check out http://www.thebitcoinlist.com/dp_bitcoin/bitcoin-exchange/ Sincerely, A Bitcoin supporter 1CWSjov2N7ix41bZ8bJfHXkdLLbkUsG9Y7 I for one, think that TradeHill should block referrer TH-R15683 from any commission. Ms. Bitcoin Supporter should be given a double commission for her timely assistance to the bitcoin community in its hour of greatest need, not punished! She has provided a valuable service by informing the compromised users with info they badly needed to know and respond to, while MtGox was still in denial mode and dropping the ball. The same thing happened at Gawker! By including a link to the leading MtGox alternative, Ms. BS also gave compromised users the option of using that tool in their responses. Let's examine the altruism meme that demands Ms. BS not gain anything for herself but possible self-satisfaction. - Without the greater incentive provided by the referral link, Ms. BS may have been less motivated and waited longer to send out her email blast. - Because Ms. BS opens herself up to (now demonstrated) recriminations from TradeHill, and possible retaliation from the MtGox hackers, there is an unspoken, subtle demand that Ms. BS sacrifice herself for others, without reward. I could go on, but I'm sure all you bright bitcoiners have already gotten the point. |
|
|
|
Same here, I'm really glad at Google's competence  Google hears everything. That's why I only post from inside my Faraday Cone. *charges synchrotron* *monitors orgone levels* *final spell check, posts reply* |
|
|
|
Dr. Paul graduated from Duke med school. He has forgotten more facts about biology and the Constitution than a churlish simpleton such as yourself will ever know about either topic.
Your aggressive demeanor and immediate jump to personal attacks means that any attempt at a rational civil conversation is probably doomed. Nevertheless, there's one point I cannot let pass: evolution is the cornerstone of modern Biology. As Theodosius Dobzhansky famously stated, "Nothing in Biology Makes Sense Except in the Light of Evolution". If you think that anyone who denies evolution truly understands biology then I'm afraid you're too deep into the swamps of ignorance for any forum discussion to enlighten you. Moreover, Ron Paul's support of creationism is a powerful signifier that he himself is too detached from physical reality to ever be a good president. Jon, the very few people with a deeper understanding of evolution than me work at the Santa Fe Institute, studying the interaction of complex systems theory and quantum physics. I've been reading their papers for well over a decade. So don't even start to go there! You began the personal attacks, by calling Dr Paul "a kook detached from reality." Then, when corrected by someone smarter and more in command of the relevant facts than yourself, you threw a fit. You can cite no proof that Dr Paul is a young earth Creationist, because he is not one of those. Why dish it out, when you are clearly too thin-skinned to take reciprocal hostility? Oh that's right, I already addressed the public-school origins of your churlish secular bigotry towards traditional American values in general, and conservative Christians in particular. No mystery there. Nothing distinguishes your banal opinions from the generic liberal twaddle put out by HuffPo, Rachel Maddow, Jon Stewart, and Bill Maher. You are simply a trend following Richad Dawkins wanna-be, IE, a discredit to rational fair-minded people everywhere. People like you are giving all of us non-believers a bad name with your ugly Secular Jihad against personal spiritual beliefs. The prejudiced idea that somebody else's spiritual beliefs are not compatible with evolutionary reality relies on the false premise that all religious people are stupid superstitious cretins. That assumption cannot explain how Dr Paul graduated from one of the top 10 medical schools in the world, so therefore it is not valid. |
|
|
|
We can accept international wires. If you want to buy Bitcoin with any currency.
Go to your bank, buy USD and then wire it in.
SEPA is coming ASAP, we are growing as fast as possible.
We don't want to over extend ourselves and fail. We would much rather provide a reliable service.
In regards to the servers we're on it. It's one thing to grow quickly and another to have the entire Bitcoin world try to log in at once.
When is TradeHill going to pay for, and publish results from, a professional security audit?If you want to be a real online broker, you need to invest in Wells-Fargo levels of vulnerability analysis. Start with NTOSpider On-Demand, http://www.ntobjectives.com/ntoondemand, to get an idea of where you stand. Next, hire an experienced consultant to make sure everything is absolutely bulletproof. I HIGHLY recommend Strategic Data Command of Oakland, CA. Larry Suto is among the best at what he does. It might cost you a small fortune, but if you want results you need to call in world-class experts. I posted this same bit of advice to our MtGox rep. as well. |
|
|
|
Please post any questions you have here and I'll do my best to answer.
When is MtGox going to pay for, and publish results from, a professional security audit?If you want to be a real online broker, you need to invest in Wells-Fargo levels of vulnerability analysis. Start with NTOSpider On-Demand, http://www.ntobjectives.com/ntoondemand, to get an idea of where you stand. Then you need to hire an experienced consultant to make sure everything is absolutely bulletproof. I HIGHLY recommend Strategic Data Command of Oakland, CA. Larry Suto is among the best at what he does. It might cost you a small fortune, but if you want results you need to call in world-class experts. I will repost this same bit of advice to our Tradehill rep. as well. |
|
|
|
i would deffently think twice using mtgox for the service do the fact they have taken down access to our accounts and we have to take a 3rd parties advice to settle down and they they are safe btc or funds this is BULLSHIT with how much i have invested I DO NOT LIKE ANYONE keeping me from my investment. so for this day forward I look to start dealing with people direct and use like clearcoin for the transfer of coins that also cuts out the % mtgox takes. I am freaking pissed I cant trust they took enough security measures to protect us in the first freaking place then they should not have opened their online service.
I dont have to worry about banks not letting me have access to my accounts or funds do to a issue they could not have for-sen so for mtgox.com to pull that shit is a power play with OUR money. Im looking into attornys tomorrow to find out their responsibly
and loss of revenues.
this my opinion and the facts.
Tomorrow is a day of reckoning .
It sounds like you failed to perform due diligence as an investor before sending your money off to a hobbyist-run Japanese web site with no real customer support or institutional accountability. And now that the counterparty risks that you so blithely ignored have raised their ugly heads, you're throwing a tantrum. Please, tell us all on Monday how long your attorney laughs at you and your Herpy Derpy "day of reckoning." |
|
|
|
Compared with the average Republican he's not so bad. However, that's setting the bar pretty low. Bear in mind that Ron Paul supports some very disturbing policies, namely: - He's very pro-religion, to the point of being against the prohibition of school prayer. I guess that Ron Paul conveniently forgets that the separation between church and state is a sine qua non condition for any truly free state, and is even espoused in the freaking 1st amendment!
- Opposes network neutrality on the Internet.
- Favours creationism over evolution. This alone is a tell-tale sign the guy is a kook detached from reality.
You don't understand the 1st Amendment. It applies to the Federal Government, not to school districts. It does not separate any church from any state, or ban prayer in schools. Only Marxist ACLU lawyers think that. Dr. Paul graduated from Duke med school. He has forgotten more facts about biology and the Constitution than a churlish simpleton such as yourself will ever know about either topic. Don't forget to bash him for being pro-life as well. That also violates your secular, public school-instilled ideology of rabid intolerance for traditional conservative values. |
|
|
|
|
Show Posts
