 Show Posts
|
|
Pages: [1] 2 »
|
|
1
|
Bitcoin / Bitcoin Discussion / Re: [Emergency ANN] Bitcoinica site is taken offline for security investigation
|
on: May 25, 2012, 09:07:16 AM
|
Per standard practice, Bitcoin Consultancy entered into a non-disclosure agreement which extends to Bitcoinica's proprietary systems and processes. They are free to discuss their role and history with the company.
Hi, Thank you for this. We are incredibly happy. We will need to clear up some distinctions and make sure the account is in fact Tihan's account. He can do so via confirmation in email or on skype. We also need clarification as to what "role and history mean". 1. Are Bitcoinica Consultancy and its individual members allowed to talk about the security issues and this incident without limitation? Yes/No The NDA extends to our persons I believe. Finally, Tihan, people seem to have questions regarding the database. 2. Are we, Bitcoinica Consultancy and it's individual members, at liberty to discuss in full detail the nature of the database? Yes/No 3A. Are we, Bitcoinica Consultancy and it's individual members, at liberty to release relevant skype logs in full without worry that information in those logs are sensitive? Yes/No 3B. If there is a "No" answer for question 3A, could you specify and clearly what we are not allowed to post (for example, content that would violate a user's privacy) and remember to claim that the list of restrictions you post is an exhaustive list. 4. Are you willing to take the short steps to nullify any NDA we may have? Yes/No 5. Can we release a full account of the security detail and practices relevant to Bitcoinica's history and this incident? Yes/No Finally, we can certainly see the semblance of unprofessionality that Bitcoinica Consultancy was resonating. We would like to apologise for having to go to such an extreme. We were urged against making such statements by Tihan and Zhou as they would hurt everyone's reputation, including our own. The circumstances were such that we had no real ability to respond to misinformation and misrepresentation. We full well knew that our immediate reputation would suffer greatly. In matters like this, things often need to get worse before they can get better. However, it seems we will be finally be successful in providing full disclosure for everyone. We were talking with Tihan about trying to clear up misrepresentations for a long time and with Zhou as well. Unfortunately, we were not granted the ability to clear up the relevant issues (possibly until now) and Zhou kept making and continues to make false statements and wildly misrepresenting the facts. We are very happy with the turn of events as we are certain that (as long as Tihan's comment wasn't intentionally nondescript or ambiguous) we will be able to set the record straight. We are not pursuing this matter at the expense of the reclaims process. However, when we have time, we will (in great detail) show that many statements that have been made have been malicious and false. |
|
|
|
|
2
|
Bitcoin / Bitcoin Discussion / Re: [Emergency ANN] Bitcoinica site is taken offline for security investigation
|
on: May 24, 2012, 11:57:32 AM
|
Bitcoinica Consultancy: You are full of shit when you say you already dealt with a good number of the more simple claims.
My friend who has a whole bitcoin(lol) in your service still haven't got a response after he filled your stupid claim form.
I guess 1 open position with a 1 BTC balance is fucking complicated for you to deal with.
Also, one question my friend asked me: Where are you going to return his Bitcoin to if you don't even ask for a Bitcoin address?
Just stop lying.
I'm not sure were you got that. Please show us the post so it can be altered. This is what we said: Right now, we believe the best thing for all parties involved is that we continue with the reclaims process. We have investigated many of the claims but have many left. There were still claims being filed as of at least yesterday. Our intention is to have a secure platform where users can claim their accounts and everyone will be able to claims their accounts once the claims process is finished. We cannot offer a concrete timeline for exactly when this will happen but we are working as fast as possible. Please be patient. We are truly sorry for the grave inconveniences. |
|
|
|
|
4
|
Bitcoin / Bitcoin Discussion / Re: [Emergency ANN] Bitcoinica site is taken offline for security investigation
|
on: May 24, 2012, 10:13:38 AM
|
|
We will take what Zhou has proposed into consideration and discuss it with relevant parties. The issues of misrepresentation were not amenable despite numerous talks. Our silence was called into question the same time we were being misrepresented. Despite our best efforts this was unavoidable. We apologise but we are happy that Zhou has stated many things which, if there is full disclosure, will be shown to be lies and misrepresentations.
With full disclosure I believe our actions will be understood. Without full disclosure, our reputation may remain damaged. If that is the case at least we can say we spoke up.
|
|
|
|
|
5
|
Bitcoin / Bitcoin Discussion / Re: [Emergency ANN] Bitcoinica site is taken offline for security investigation
|
on: May 24, 2012, 09:14:50 AM
|
I don't have to respond to this already. Because you have no evidence at all.
You mean evidence that we can currently now share? The fact that you lied was a public admission of yours. Yes you do not have to answer and you can say "we have no evidence" The issue is clear. We would like full disclosure. It will resolve all these issues. Are you willing to publicly state that you support full disclosure? |
|
|
|
|
7
|
Bitcoin / Bitcoin Discussion / Re: [Emergency ANN] Bitcoinica site is taken offline for security investigation
|
on: May 24, 2012, 08:53:33 AM
|
I'm Zhou cannot even keep his word for a matter of hours. Anyone who continues to take him for his word should really consider the situation. ...And you don't give me the permission to post the private chat. The private chat starts with a greeting and was never continued after the day. It's not partial log.
I do not need to give you permission!? You need consent from whomever you've singed non disclosure agreements with in 2012 or before obviously. The private chat is extensive and covers a ton of ground. Thank you for your long list of 15 items. 3. I apologised and gave a self-criticism publicly (about my incompetency in security system). - because continued misrepresentation would lead to what has happened today. 5. Bitcoinica Consultancy's compromised system (which was already in production before Bitcoinica's transition period) is the direct cause (i.e. if the transition didn't start the problem wouldn't have happened, and the transition didn't cause the initial compromise on the email server). -Unrepresentative 7. I was prohibited from expressing anything that may damage Bitcoinica Consultancy's reputation (this is from your long post recently [1]). -You agreed not to post anymore about us. The agreement came out of a conversation based on the fact that there were many cases of cherry picking and misrepresentations. Only hours later you broke your word and even now you continue to misrepresent. 9. I have not signed any NDA with any one in 2012. - point? 12. I assume that I obtained the permission from the person who may grant you the transparency (I'm not sure) to post the apology. -You are responsible for what you post. 13. I have been asked to co-author an apology in my name. (And my own one doesn't sound sincere enough. [2]) -After you had misrepresented the situation so many times and lied, you offer to make an apology was assumed to be simply as a means to be political. We wanted to avoid further problems and misrepresentations (as seen in that thread). We wanted to avoid what is happening right now and reach an agreement with a public statement to clarify the situation. If full disclosure comes out all these details will all be addressed. |
|
|
|
|
8
|
Bitcoin / Bitcoin Discussion / Re: [Emergency ANN] Bitcoinica site is taken offline for security investigation
|
on: May 24, 2012, 08:14:22 AM
|
And instead of tending to the matters at hand that are truly important, I see childish bickering among partners(?!) in the forums
While the account is speaking for the group as a whole, it is the other two members which after many days of unrest thought it was best to break this silence. Patrick is working on the claims and right now we have to wait on Patrick before we can continue. We agree that the statements we have had to release are not the ones we would have liked to, it was the only option at our disposal. It has come after over a week of silence where we were trying to resolve the misinformation issues in a more appropriate manner. |
|
|
|
|
9
|
Bitcoin / Bitcoin Discussion / Re: [Emergency ANN] Bitcoinica site is taken offline for security investigation
|
on: May 24, 2012, 07:54:44 AM
|
If you get the consent to publish both in full please do. Realise that "cherry picking" though through a partial log might not be a smart long term strategy.
please state a date when you plan to close the claim process and start to refund people. i just want to know when i can expect to get my money back. a simple "there where claims made just yesterday" is not enough. you can not proove that. we already waited much too long for OUR money. btw: if you are so sure that we all will get our money back: why dont you just buy my 100btc debt for 80btc? We will try to stop the drama. It is secondary or tertiary to the claims process. As stated in the earlier post we can't give a definite date now. We will be providing information as we can with regards to the claims process and all else. btw: if you are so sure that we all will get our money back: why dont you just buy my 100btc debt for 80btc?
This would potentially be illegal and certainly unethical. |
|
|
|
|
12
|
Bitcoin / Bitcoin Discussion / Re: [Emergency ANN] Bitcoinica site is taken offline for security investigation
|
on: May 24, 2012, 07:34:32 AM
|
I don't think there's any problem with the group conversation.
You only pointed out the problem to me privately, and the verbal promise is not in the group conversation later. i.e. If the private conversation didn't happen, I have done absolutely nothing wrong.
 The group conversation would establish essentially the entire history of what happened and would conflict with some of your forum posts. The whole private conversation was founded on your gross misrepresentations and inaccurate statements. |
|
|
|
|
13
|
Bitcoin / Bitcoin Discussion / Re: [Emergency ANN] Bitcoinica site is taken offline for security investigation
|
on: May 24, 2012, 06:26:22 AM
|
I have already apologised about the violation with a Skype message promise. And I confirm that all I stated was pure fact. (You are welcome to take legal actions against me if anything in the apology post in untrue.) Sincerity is rather a subjective concern. I think I'm sincere.
If total transparency is ever granted, people will be able to answer all their questions and they will know that this is a complete lie. I urge people to wait until they have all the information. While it may appear as though Zhou is being more forthcoming please do not mistake it for honesty. |
|
|
|
|
14
|
Bitcoin / Bitcoin Discussion / Re: [Emergency ANN] Bitcoinica site is taken offline for security investigation
|
on: May 24, 2012, 06:19:07 AM
|
Unfortunately, disclosing the skype conversations of our group would would largely be in violation of our NDA. You know this though. We would also like to give much greater detail as to the nature of the incident but are not able to due to our inability to disclose information.
Zhou (aka my fearless little asian alter ego!), why don't you release the Skype logs since Bitcoinica Consultancy is reluctant to do so? C'mon, take one for the team! We would have to advise against this. It is better to wait if and until we have permission to release the logs in full. Releasing the full logs now would certainly violate our NDA and I am sure his. |
|
|
|
|
15
|
Bitcoin / Bitcoin Discussion / Re: [Emergency ANN] Bitcoinica site is taken offline for security investigation
|
on: May 24, 2012, 06:11:20 AM
|
Let me start off by saying the information in this post is gathered from already public statements, separate knowledge or, in individual cases has been preapproved. We have been disgusted by the fact that we cannot speak liberally. Once the reclaims process is finished, if we are not allowed to speak publicly we will stop all activity with bitcoinica.
Right now, we believe the best thing for all parties involved is that we continue with the reclaims process. We have investigated many of the claims but have many left. There were still claims being filed as of at least yesterday. Our intention is to have a secure platform where users can claim their accounts and everyone will be able to claims their accounts once the claims process is finished. We cannot offer a concrete timeline for exactly when this will happen but we are working as fast as possible. Please be patient. We are truly sorry for the grave inconveniences.
As for recent incidents:
We first got involved with Bitcoinica after we discovered a security vulnerability where we could liberally withdraw and empty bitcoinica's live wallet. It became apparent to us that the site was a poorly constructed security nightmare. We started talks with bitcoinica in the hopes that they would see us as being an indispensable asset to help secure their site. The site currently is far more secure then previously.
While Zhou has made a lot of public statements, I assume his doing so has violated agreement(s) which he may have. He has stated publicly that he does have some non-disclosure agreement. Many of his posts were either untrue or certainly misleading. Many of these posts were directed at us. After being confronted on the issue, he agreed not to post anymore. After breaking that promise only hours later, we confronted him again privately.
He posted an insincere and politically worded apology.
Within the apology he made it sound as though we were trying to stop him from posting. As if he had not respected some secrecy that we wished to maintain. This of course is entirely misleading. He also posted the link to the reclaims page before it was finished and without our consent. He also continued to make very important decisions without our consent which has effected our ability to recover. In fact, even as of the 17th, we were often still in the dark and learning things through Zhou's posts on the forums. We may decide later to take action against Zhou as he has offered no public recompense. He was the owner of bitcoinica, sold bitcoinica keeping earlier profits and it seems he was paid and that he was responsible for its security until at least very recently. We even hope to release our private conversations with him if there is deemed to be no liability for us doing so. These issues should never have been made public and we took many measures speaking with him many times so that it would not get to this level. Right now though this needs to be put on the back-burner. It is immaterial until the claims process if resolved.
As for the current owners of Bitcoinica, they have by far exceeded their legal obligations in helping Bitcoinica recover from the previous hack and have pledged their continued support in seeing this incident fully resolved. I am not sure they knew how insecure the site was when they first bought it. We applaud their generosity. The inability to disclose pertinent information however we vehemently disagree with. We believe this information is critical to restoring the trust a business like bitcoinica requires.
The only agreement I have signed is in last year, with a non-disclosure clause. I have already apologised about the violation with a Skype message promise. And I confirm that all I stated was pure fact. (You are welcome to take legal actions against me if anything in the apology post in untrue.) Sincerity is rather a subjective concern. I think I'm sincere. In the past few days, I have been quite supportive about the account claim issue. I have communicated some ideas with Patrick. I admit that the security features of the site are not up to standard. But the compromised system belongs to Bitcoinica Consultancy, and I have neither knowledge nor control. Being a target is the worst thing to have in the security world, and no system is 100% secure. The uncompromised systems are simply not the targets. Bitcoinica was not the initial target of the hacker. These statements are not directed to Bitcoinica Consultancy. They are directed to facts. I officially grant Donald Norman the right to disclose any private communication on Skype between Donald and me in recent 14 days. Unfortunately, disclosing the skype conversations of our group would would largely be in violation of our NDA. You know this though. We would also like to give much greater detail as to the nature of the incident but are not able to due to our inability to disclose information. |
|
|
|
|
16
|
Bitcoin / Bitcoin Discussion / Re: [Emergency ANN] Bitcoinica site is taken offline for security investigation
|
on: May 24, 2012, 06:07:46 AM
|
You are mad at zhou for taking emergency steps to save things (that apparently stemmed from your server) and for making an emergency announcement while you were asleep? And mad at him for making it sound as though you didn't want to post certain news? And, also mad at him for posting things (the truth, or was it a lie?) that were embarrassing?
No problem. We are referring to posts made mostly on the 14th to 16th or so. Sorry for the misunderstanding. |
|
|
|
|
17
|
Bitcoin / Bitcoin Discussion / Re: [Emergency ANN] Bitcoinica site is taken offline for security investigation
|
on: May 24, 2012, 05:26:19 AM
|
I think the post just outlined the fact that their hands are tied. They can't talk about the situation directly, at this point. They agree that it's BS that they can't answer the questions, but they aren't the ones to make the decision about what can and cannot be spoken about.
Agreed, we would like to answer every important question and provide tons of information but we do not have that liberty. After the claims process however we will if we are not allowed to speak publicly we will stop all activity with bitcoinica. We believe this information is critical not only to restoring the trust a business like bitcoinica requires but answering many of the questions people have. In fact they go hand in hand. |
|
|
|
|
18
|
Bitcoin / Bitcoin Discussion / Re: [Emergency ANN] Bitcoinica site is taken offline for security investigation
|
on: May 24, 2012, 04:51:53 AM
|
|
Let me start off by saying the information in this post is gathered from already public statements, separate knowledge or, in individual cases has been preapproved. We have been disgusted by the fact that we cannot speak liberally. Once the reclaims process is finished, if we are not allowed to speak publicly we will stop all activity with bitcoinica.
Right now, we believe the best thing for all parties involved is that we continue with the reclaims process. We have investigated many of the claims but have many left. There were still claims being filed as of at least yesterday. Our intention is to have a secure platform where users can claim their accounts and everyone will be able to claims their accounts once the claims process is finished. We cannot offer a concrete timeline for exactly when this will happen but we are working as fast as possible. Please be patient. We are truly sorry for the grave inconveniences.
As for recent incidents:
We first got involved with Bitcoinica after we discovered a security vulnerability where we could liberally withdraw and empty bitcoinica's live wallet. It became apparent to us that the site was a poorly constructed security nightmare. We started talks with bitcoinica in the hopes that they would see us as being an indispensable asset to help secure their site. The site currently is far more secure then previously.
While Zhou has made a lot of public statements, I assume his doing so has violated agreement(s) which he may have. He has stated publicly that he does have some non-disclosure agreement. Many of his posts were either untrue or certainly misleading. Many of these posts were directed at us. After being confronted on the issue, he agreed not to post anymore. After breaking that promise only hours later, we confronted him again privately.
He posted an insincere and politically worded apology.
Within the apology he made it sound as though we were trying to stop him from posting. As if he had not respected some secrecy that we wished to maintain. This of course is entirely misleading. He also posted the link to the reclaims page before it was finished and without our consent. He also continued to make very important decisions without our consent which has effected our ability to recover. In fact, even as of the 17th, we were often still in the dark and learning things through Zhou's posts on the forums. We may decide later to take action against Zhou as he has offered no public recompense. He was the owner of bitcoinica, sold bitcoinica keeping earlier profits and it seems he was paid and that he was responsible for its security until at least very recently. We even hope to release our private conversations with him if there is deemed to be no liability for us doing so. These issues should never have been made public and we took many measures speaking with him many times so that it would not get to this level. Right now though this needs to be put on the back-burner. It is immaterial until the claims process if resolved.
As for the current owners of Bitcoinica, they have by far exceeded their legal obligations in helping Bitcoinica recover from the previous hack and have pledged their continued support in seeing this incident fully resolved. I am not sure they knew how insecure the site was when they first bought it. We applaud their generosity. The inability to disclose pertinent information however we vehemently disagree with. We believe this information is critical to restoring the trust a business like bitcoinica requires.
|
|
|
|
|
