That's pretty awesome. Have you bought anything cool with the interest you've taken out in the last few weeks?
yes, i compunded it back. turning into an even bigger deposit. isnt that cool? It's really strange, you're a smart kid, like you understand the concepts of cryptography really well, you can do some nifty Chrome plugins etc. and yet you think this, I don't understand, is it like a mental blind spot for you? This is public knowledge. There was massive drama about my not giving Nefario my ID cuz he said he was going to give it to the police.
I think you miss-remembered or miss-interpreted something I had said, it's never been my position to give any ID to anyone outside GLBSE and I've said as much. We've gone to great lengths to make it difficult to impossible for law enforcement to make us do so through the use of cryptography. Also GLBSE will only have to follow AML rules if we're required to register as a financial institution, which would also mean that other regulations apply. All we need comply with is the 1998 data protection act which prevents us giving out our users information.
|
|
|
He was visiting his wife's family in China. I'm not sure when he's going back home. I believe within the next 2 weeks.
I'm in London now, I've had a look at the attempted "hack", quite funny if it wasn't annoying to users. I hadn't considered putting limits on the number of PM's some can send. I'll also clean up the spam.
|
|
|
I'm in London for the month so will be hitting up the FSA to register GLBSE if they'll let me, I don't believe they will.
any progress? Im not long after arriving, and my laptop was DOA so had to get another one and restore my backup, which has taken some time. So no update on this and I don't think there will be until sometime next week.
|
|
|
NORMAL PRICE:£300 for a tier 2 slot. DISCOUNT PRICE:£230 for the first 5 slots, HURRY! what is that in bitcoins? Payable in bitcoins, whatever the market rate is at the time of paying.
|
|
|
I'll be adding a slider as a way to solve this.
|
|
|
ANNOUNCEMENT: First 5 for £230! Two days, over 30 speakers, 400+ people, and buckets of press. Tier 2 sponsorship available - Roller banner at event 800x2065mm (banner,stand,printing included)
- A PowerPoint slide on main screen(looped) between talks.
- Your logo included in the final production video of event.
- The ability to say you are a sponsor of this conference
NORMAL PRICE:£300 for a tier 2 slot. DISCOUNT PRICE:£230 for the first 5 slots, HURRY!
|
|
|
Hearing this from you Nefario amuses me to no end, you're normally extremely well-spoken.
Sorry, I'm just getting really tired of people attacking me or GLBSE, they don't have anything to actually criticize so they make stuff up and throw all kinds of baseless accusations. There is piotr_n as you see but also MPOE-PR (Mircea Popescu of Romania's sock puppet), who lately has been saying that I'm being sued as part of the Bitcoinica lawsuit (says I'm one of the unnamed Does), the guy is making up all kinds of stuff, and attacking me when I'm on IRC.
|
|
|
so now it is about fat fingers - not a stolen session anymore... sure - it could have been anything... i agree but you know what, as for me, it was most likely just you. otherwise you would have reverted the transaction. if you let this money to get withdrawn from your service, even though all the withdrawals are delayed anyway and man needs to wait an hour for a fucking 1.66. 300 - and you just let it go through like that... that's your fucking fault and you should have taken the consequences
Does any exchange revert a transaction when someone has allowed their account to be compromised? MtGox? Intersango? BTC-e? You'll find the answer is no, for obvious reasons. We've taken a hit plenty of times, when it was our fault but never had to do so for a compromised account as GLBSE takes all precautions, I see no reason why we or any other site should do so if they're not responsible. People are responsible for their own security there is only so much we can do and this is doubly so with bitcoin.
|
|
|
The service is under full control of Nefario (who is already proven to be a cheeky crook) and there is no way for anyone to prove that Nerafio stole anything from him at GLBSE.
Listen, crazy, if you need lies to win an argument then it's no win at all. Just like there was no way for nedbert9 to prove that Nefario stole 3k of his ASICMINER. If there is no way to prove anything or no proof of anything, why are you accusing me? But the common sense says that he is the obvious thief, since he refused to revert the stealing transactions. I provide a secure platform for people to use, which includes 2fa, it requires that users keep their passwords safe, don't re-use them and use a machine that isn't compromised. If they can't do these things then there is nothing I can do to protect them. I've done everything I can and the rest is up to the user. Just like a real stock market, if someone breaks into your account and executes trades, well that's just too bad they don't get reversed. Whats to stop someone who made a bad trade or has fat fingers from claiming their account was compromised? Then every time the market takes a turn for the worst there would be a sudden rush of claims of hacked accounts. On top of this I can't reverse trades when bitcoin has been withdrawn, since it's not GLBSE's fault, we've gone to the trouble to secure the exchange, we should not be required to foot the cost of someone else who didn't secure their account. Pirate would have to be crazy, like I used to be, to open an account on this fucking thief's server. You're just sore that you lost money betting in the pirate game, and Goat won't give it back to you and I won't help you. You had your chance, you could have bought insured PPT's, or like most sensible people you could have kept your money. You made yourself a victim, don't go blaming others, don't go calling assets on my exchange "illegal IPO's" when you we're perfectly happy to buy into them when things were sweet. I am realy glad I have taken the tiem to work with FellowTraveler on getting Open Transactions working, so if people like you end up using my server every asset balance they have will be signed with their own secret private key that only exists on their computer, so if they try to claim I stole something their own digital signature will refute their accusation.
-MarkM-
No one cares about OpenTransactions, it's difficult to use and the problem it's tying to solve is the wrong one, the problem is key management. GLBSE used to have all clients sign their orders with their private key, pretty soon because obvious that this wasn't going to scale as more and more people lost their keys
|
|
|
I just want to chime in on the compromise.
There was no unusual activity around the time of the attack, meaning there wasn't a large number of attempted logins.
GLBSE uses SSL from the browser to Cloudflare and from Cloudflare to the GLBSE server, cloudflare can minify JavaScript (hence the "we may change site content" in their TOS). I have a paid service with them.
I specifically told nedbert9 that GLBSE is not vulnerable to session hijacking attacks, so I don't know why he stated that it was. GLBSE resets the session ID after login which prevents session fixation. We only whitelist certain html elements for PM's and contracts so no XSS, and we use SSL so no man in the middle session sniffing attacks. Session ID's are not predictable or unencrypted.
In my PM I said apart from machine compromise, re-used/insecure password, the only thing I could think of that could be the cause was a session fixation attack, which GLBSE is not vulnerable to.
A session fixation attack requires the attacker to set the cookie in the users browser so the session ID is known, once the user visits a site and logs in, if the session ID is not changed then the (known session ID) becomes a valid session, and the attacker has succeeded. This is prevented by changing the session ID on login and using SSL (GLBSE only allows SSL).
I'm not able to say what caused the compromise, but I can say what it was not.
Nefario
|
|
|
you being a Goat's laying bitch. And now you pretending to be surprised that I chose the later Is laying a step up or down? I feign no surprise, I place you in the tinfoil hat category of people so expect to hear all sorts of things. How should I know if the lie was a step up, or down, for you? For me, such a lie, would have definitely been a step down. But since you are so stupid, and so I cannot put myself in your position - I believe that you may still be thinking that it was leading you up...
|
|
|
you being a Goat's laying bitch. And now you pretending to be surprised that I chose the later Is laying a step up or down? I feign no surprise, I place you in the tinfoil hat category of people so expect to hear all sorts of things.
|
|
|
No - you still don't get it. I don't have any PPT bonds and when I did, I did not buy them for cents.
Goat was trying to get himself rich by selling empty PPT bonds - and Nefario was helping him, probably being his partner in this business. And now they are both screwed.
Absolutely baseless accusation, proof please. The proof of Goat selling empty PPT bonds? Or the proof or you being his lying bitch? Both. 1) The number of active assets is 30175 ATM, while it was far below 27895, after Pirate announced that he's stopping accepting deposits. 2) You are denying this simple fact. Look Mr. conspiracy theorist, I provided you with all the numbers for that asset you requested(dates as well), and all you could provide was "I remember them being different", you got chewed out by everyone else on that thread as well because you're so damn sure you remembered several sets of numbers, dates and times over a period of a few days and that the numbers I provided (pulled from a DB) are wrong, and therefor I must be in league with Goat. Now, as I've said I'll give users signed receipts of their asset balance (but not give user details to pirate) what else have you got to say, except to trot out your theory that the rest of the world is conspiring against specifically you. I believe it would be stupid for any GLBSE user to get a receipt to give to pirate, it won't increase their chance of getting paid, and will reduce the chance other users will (not that I think they have a chance either way), pirate will keep making excuses not to pay. I also believe it would be dangerous for GLBSE users to give such information to pirate, why in the world would he want it?
|
|
|
Although the pirate's request is extremely odd, if it were the only way to receive payments, can bondholders authorize the transfer of that information ?, so that GLBSE no infringes any data protection law Yes, at the request of bond holder we can provide GPG signed reciepts stating how many of the asset the person holds, it would mean that they would no longer be able to trade that asset afterwards (i.e. it would be stuck in their account) otherwise they would be able to game the system. It seems right. So why has not considered this possibility before tell him "we can't"? Although insist again the absurdity, rare and risky of his request Because thats not what he was asking, I was being asked to give GLBSE users details to pirate, which I can't. It's different from "can GLBSE users get a signed receipt of the pirate related assets they hold". Besides, that won't get you anything, as pirate has said before his obligation is not to any of the PPT owners.
|
|
|
No - you still don't get it. I don't have any PPT bonds and when I did, I did not buy them for cents.
Goat was trying to get himself rich by selling empty PPT bonds - and Nefario was helping him, probably being his partner in this business. And now they are both screwed.
Absolutely baseless accusation, proof please. The proof of Goat selling empty PPT bonds? Or the proof or you being his lying bitch? Both.
|
|
|
No - you still don't get it. I don't have any PPT bonds and when I did, I did not buy them for cents.
Goat was trying to get himself rich by selling empty PPT bonds - and Nefario was helping him, probably being his partner in this business. And now they are both screwed.
Absolutely baseless accusation, proof please. Although the pirate's request is extremely odd, if it were the only way to receive payments, can bondholders authorize the transfer of that information ?, so that GLBSE no infringes any data protection law Yes, at the request of bond holder we can provide GPG signed reciepts stating how many of the asset the person holds, it would mean that they would no longer be able to trade that asset afterwards (i.e. it would be stuck in their account) otherwise they would be able to game the system.
|
|
|
GLBSE is completely legal, I don't know what part of the world you're from, but here in the UK something has to be forbidden or outlawed to become illegal, everything that is not... is legal.
as a financial service provider who offer his services to the public you need to be registered. It depends on whether bitcoin is considered to be a currency and the FSA has already determined that it's not (that may change in the future, but it would require legislation from the UK or EU level). As things currently stand GLBSE is a virtual stock exchange for a virtual currency. I'm in London for the month so will be hitting up the FSA to register GLBSE if they'll let me, I don't believe they will. I agree with most of what you said. But being an enabler is still bad. Just look at all the people thrown in jail for running websites that link to pirated content but don't host it themselves; they are only enablers. I don't believe so, there are pinkslip markets all over the world, this is currently what GLBSE is at the moment and even under the new standards we're bringing in (to separate assets into markets) all the PPT stuff would be in the pink section.
|
|
|
|