You're doing it wrong - making people change their passwords every 30 days results in them running out of quality passwords OR them writing their password down.

Multiple hashes? If you want to be paranoid that's also the wrong way to go about things, you should use a system like bcrypt and make sure it's slow enough that GPU bruteforce is a no-go.

Partition the database too, don't have one big MySQL database with full perms which every part of the site has access to - one exploit on any part and it's game over. Limit it tightly, VERY tightly.

Even the human factor can be mitigated - don't give access to EVERYTHING to EVERY employee, restrict things tightly.

Use whitelists, not blacklists.

I don't want to be devils advocate, but I would argue that almost everybody uses (and trusts) closed code software. Even if you run Linux and you compiled the kernel yourself chances are that you didn't get the chance to read every line of code. In fact I've been using the official Bitcoin client for month and I haven't even glanced at the code yet, just because I don't have the time right now. I trust the official client because people would complain about it and stop using it if it would be a scam.

Anyway I started to run Allbitcoin and transferred a very small amount of coins into it and it works great. I like the GUI. I like the wallet encryption and I think the JSON export/import feature is a fantastic idea to manage multiple wallets!

Well done guys. Keep up the good work. I'm looking forward to your future releases! 

Oliver.

Is this still alive

i have a coolmaster 932 full tower and the computer is cooler then the room cause of the fans inside it.

As we've said, it's a new virus, so the AV's won't have a signature for it yet.