|
Oh, it could definitely work. Interesting idea.
|
|
|
|
We have an automated process but have to manually initiate it.
If it's been a few hours by all means let us know.
We aim for hourly but there may be a delay of a few hours early in the morning.
We may convert to a 100% automated system soon but we prefer the control we have at this point.
Regards,
Jered
Thanks for the info! |
|
|
|
|
The transaction has cleared, so no worries. I guess it just took a while. :|
|
|
|
|
NEVER forget about the Librarians on this site.
That's Cardinal Sin #1.
Nope, both the librarians and libertarians must be considered.  |
|
|
|
if it doesn't kill you it only makes you stronger.
No, sometimes it terminally injures you, but in this context I agree, though too much of this could kill Bitcoin, or at least kill a majority of its user base. One, two, even three incidents like this one are survivable, especially if they don't cause too much permanent damage, but if this becomes a regular thing, it may convince many to give up on Bitcoin. That said, we need to keep this in perspective. Many millions of dollars are stolen every day, and Bitcoin has only had a few incidents, and hopefully will not have too many more. Looking at it from that angle, this really isn't a big deal. |
|
|
|
I sort of agree; I think bitcoin will be tougher after this. However, it is still unfortunate to have to go through this. It is much better if we can anticipate these problems and prevent them rather than suffer through them and fix them post facto.
Well, yes and no. I think that it's good for people to realize that Bitcoin is not perfect and that security is integral, and that kind of learning comes best from catastrophes like this. The road to success for Bitcoin may be like a roller coaster ride, but when you're done, you'll wish you could do it again. |
|
|
|
I transferred some money from my Dwolla account to TradeHill almost an hour ago, and though Dwolla shows the transaction as completed, TradeHill still shows it as "In Progress". I though Dwolla to TradeHill transfers were instantaneous. Is this normal or did some problem occur? Thanks in advance for your help. |
|
|
|
Longer down time than initially expected. More details being revealed. Poll reset.  Tradehill is around $14 as of this post, and I think it'll stay there for a little while, then slowly climb back up, at least to the $20 mark. |
|
|
|
The only thing really have a huge effect on bitcoin is governments around the world trying to make it illegal to use.
Considering how all the press lately, though much of it was negative, has brought so many people in, I think governments trying to ban Bitcoin would end up backfiring on them. They'll never be able to do it, it'll just bring more people who want currency free from government control on to the Bitcoin wagon, and it'll make the government look terrible. Besides, there's nothing inherently illegal or morally questionable about Bitcoin, so the government would have a hard time finding a justification that intelligent people would believe. |
|
|
|
I don't know anything about that, but I use and reccomend LastPass. It is essentially the same type of thing as PasswordMaker, but works on all major browsers, has mobile apps, and is generally very secure. |
|
|
|
I concur that 2-factor authentication is a good idea, but there are a couple of problems. First, RSA SecureID keys (the "dongles" that an earlier poster mentioned) have been compromised recently. It's all over the news, and network security forums and mailing lists. I would not trust RSA as a factor until they've figured out what happened, how it happened, and taken measures to prevent a reoccurrence. Cell phones via text messages also have an issue -- some of us block texting on our phones because of spam. In the US, we pay per message sent OR RECEIVED. Verizon Wireless (the least nasty/best quality of the major US cell carriers) will credit your account with 10 cents when they remove a text spam, but they won't reverse the "hit" on your messaging allowance and you have to call them and wade through their phone tree EVERY FRICKING TIME YOU GET SPAMMED. :/ IMHO we need something better than either of these things for 2-factor authentication to be ready for prime time.
2-factor authentication also doesn't fix the real issue: not taking Bitcoin seriously enough. Any site that manages trading in Bitcoins (rather than using bitcoins as currency to trade in something else), conversion between bitcoins and other kinds of currency, or that hosts bitcoin wallets (accounts) needs to be AT LEAST AS SECURE as a bank or other financial institution web site. I'm a technical writer who works for a company that provides security for bank web sites and other web sites that handle highly sensitive private information. Most of these web sites have undergone multiple security audits, are carefully and professionally coded by software engineers who know how to block injected SQL from web forms, cross-site scripts, and cross-site request forgeries. They also sit behind sophisticated firewalls that look for and block these sorts of things.
None of this means that they can't be compromised; malware with a keylogger can still steal your logon and password credentials. However, the last time I heard of a bank site that had its entire user list with encrypted passwords stolen was years ago. Even the recent Citibank theft wasn't a compromise of this type or magnitude.
Mt. Gox simply wasn't up to the standard needed for a bank, payment processor, or any institution whose primary purpose is handling other people's money. I'm not saying this lightly or to yell at Mt. Gox. Frankly, I think that they were no more guilty of treating bitcoin security cavalierly than the people who wrote the local wallet program that I use. (Otherwise, the wallet would be encrypted by the program.) Further, they notified their users and are doing the right thing now. I wish them luck rebuilding on a better security foundation this time. I'm also not convinced that other web sites used for Bitcoin trading don't have similar flaws. :/ So I will move *very* slowly and carefully when I start trading.
Fair point. You're probably right, the core of the problem is that Bitcoin isn't taken seriously enough, and I agree that that is what really needs to be resolved. I just hope that multiple-step verification could serve as a stepping stone to get some easily implemented security fast, and then the good Bitcoin websites should get their penetration testing and the like done. I didn't know about the RSA key break-in; I don't use one myself, but that certainly seems to detract from the stability of that idea. One other way to provide a verification code is a mobile app, which won't cost anything except data if you pay for it, which even so would be minimal. I think that people just want a more secure Bitcoin market now, and maybe this could help. |
|
|
|
If someone posts something about Bitcoin, and you feel you have a valid counter point that nullifies what they have said, and you would like them to be able to see where it is you are coming from, then insulting them is not going to help. If you start off with a common ground, slowly lead away from there using what you view to be sound logic and ultimately arrive at you view, then you stand a much better chance of having them be able to understand your view. As soon as most people feel they have been insulted they switch to attack mode and healthy dialogue goes right out the window.
Agreed, and I think most people do this. The trolls are the real problem here. |
|
|
|
This is not true. A properly hashed strong password would take millions of trillions of trillions of trillions of trillions of trillions centuries to break even with the most ridiculous hashing cluster you can imagine. See the link in foo's post above.
Even the Unix MD5 crypt scheme is really strong as long as you stay away from dictionary words and make sure the "search space" is large enough.
Also, once an attacker has gained access to a database, the game is pretty much over, and the passwords are only a nice bonus...
I stand corrected. Nonetheless, as you say, once the database is hacked, you're screwed anyway. |
|
|
|
|
What do you all think? Are multiple-step verifications a good idea, or do you think they're not worth the hassle? Do you think that Bitcoin's basic infrastructure is secure enough?
|
|
|
|
If people are so worried, they think BTC is coming to an end, then leave them behind. Little Scardy cats are nothing but bad publicity.
BTC has proven to be a worthy of following. Stick with it.
Agreed. This can serve as a way to prune out the people we don't want here anyways. |
|
|
|
This is common sense no need to warn people.
You'd be surprised how many people use the same account username and password for multiple accounts. Hopefully less prevalent here on the Bitcoin forums, but nonetheless, it's never a bad idea to remind people. |
|
|
|
|
With the numerous recent hacking incidents on Bitcoin-related sites, most notably Mt. Gox, I think we need to step up our game in terms of account security. While the break-in at Mt. Gox could probably have been prevented, it nonetheless stands to reason that something like it will happen again, and maybe with more devastating and less reversible consequences. We need a better security system for our accounts.
Bitcoin is a currency, and we need to get used to that. Many online banks, stock trading services, and such have multiple-step verification processes, where you must enter a password and a code, whether is changed every thirty seconds and stored on a small dongle, in the case of E-Trade, or sent to you mobile phone, in the case of Gmail. With a system such as this, the financial accounts of Bitcoin users would be much more secure.
Mt. Gox, Tradehill, BitcoinMarket, and the like, this is a message for you. Your users want security, and we're willing to give up a bit of convenience for it. Systems like Gmail's are not hard to implement, and are much more secure than a simple password. Bitcoin is not a toy currency, not a simple experiment for fun. Bitcoin is worth real money, and we need to protect it as such.
|
|
|
|
Nice how the votes are nearly equally distributed, at least above 10$. It seems the crowd doesn't know more than anyone else, in this case. :-)
Well, where the price will end up could be significantly affected by anyone with a lot of Bitcoins deciding to cash out, and I think no one really can say if that will happen or not, and to what extreme. The market is small enough and some people have enough Bitcoins to the point where the price can climb sky-high or drop like a rock just by one user's decision, as demonstrated in the price drop when MtGox got hacked. As Seldon so eloquently puts it, a group is predictable, but individuals are not. |
|
|
|
|
No matter how complex your password is, it can still be easily hacked if the attackers gain access to the database. A much more secure way to login that I wish more sites would implement is Gmail's two-step verification process, where you must enter your password and enter a verification code sent to your phone in order to login. I think that the time where a complicated password that would be impossible to brute force being sufficient has passed. Newer, multiple-step verification processes are necessary. Maybe MtGox can consider implementing something like that. It would sure make their users feel safer.
|
|
|
|
I would just suggest using a desktop mining client such as Ufasoft and connecting to a pool such as Deepbit, you'll make more money and you won't get scammed. |
|
|
|
|
Show Posts
