Bitcoin Forum
November 11, 2024, 11:06:05 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: 2013-04-03 Business Insider - Instawallet suspended  (Read 1097 times)
kiko (OP)
Sr. Member
****
Offline Offline

Activity: 453
Merit: 250


View Profile
April 03, 2013, 07:34:35 PM
 #1

http://www.businessinsider.com/instawallet-suspended-2013-4

Quote
Instawallet — a site that offers a quick way to create your own Bitcoin wallet — just announced that it's been hacked and will not reopen until it can "develop an alternate architecture."
marcus_of_augustus
Legendary
*
Offline Offline

Activity: 3920
Merit: 2349


Eadem mutata resurgo


View Profile
April 03, 2013, 08:47:06 PM
 #2

http://www.businessinsider.com/instawallet-suspended-2013-4

Quote
Instawallet — a site that offers a quick way to create your own Bitcoin wallet — just announced that it's been hacked and will not reopen until it can "develop an alternate architecture."

Sounds expensive.

These web wallets seem like unexploded bombs just lying around waiting to go off.

pinger
Legendary
*
Offline Offline

Activity: 1512
Merit: 1001


Bitcoin - Resistance is futile


View Profile WWW
April 04, 2013, 03:38:15 AM
 #3

Some genius need to implement, a password for the wallets ...

For rent
lucif
Sr. Member
****
Offline Offline

Activity: 462
Merit: 250


Clown prophet


View Profile
April 04, 2013, 06:35:34 AM
 #4

More than.

https://instawallet.org/ leads to HTTPS webpage with bitcoin-central exchange service suspension notice. It is actually https://bitcoin-central.net/

On one hand they claims they owns 50k BTC and they are under control.

On other hand, their parallel project instawallt closes to indefinite time....

Quote
[Apr-01 10:30PM CET]

Bitcoin-Central and Paytunia update: Our customer's bitcoins and euros are safe and will not be affected by the security breach. We have taken the websites off-line for proper investigation.

The address 1LrPYjto3hsLzWJNstghuwdrQXB96KbrCy is under our exclusive control.

We thank you for your patience and will provide updates exclusively on this page as they come in. We are committed to resuming service as soon as possible. Expect normal service to resume within 48 hours.
lucif
Sr. Member
****
Offline Offline

Activity: 462
Merit: 250


Clown prophet


View Profile
April 04, 2013, 06:42:43 AM
 #5

And I even figured out how did they hacked.

The full source of bitcoin-central exchange is available on github under AGPL LOL

https://github.com/davout/bitcoin-central

What crappy brain should owner have to expose the source of his engine processing 100s 1000s dollars?

https://github.com/davout/bitcoin-central
Mike Hearn
Legendary
*
Offline Offline

Activity: 1526
Merit: 1134


View Profile
April 04, 2013, 09:24:16 AM
 #6

There's nothing wrong with having an open source trading engine, there shouldn't be any secrets in there.

The issue with InstaWallet is that it's very old and when it was first created, giving people super-easy disposable wallets seemed like a good idea. And it was! The problem is people parked money there and then (probably) forgot about it or lost their URL, meaning that the service accumulated a large balance. Because there was no signup or identity verification involved, if anyone ever learned the list of wallet URLs then it's game over - there's no way to recover from that or get people their money back reliably.

Though InstaWallet was conceptually very neat, I often wish the energy put into web wallet services like that was put into better downloadable wallet applications instead. The web model and Bitcoin don't mix very well, which is why the most successful web wallet (blockchain.info) has a very unusual design and for max safety requires people to use a browser extension.
lucif
Sr. Member
****
Offline Offline

Activity: 462
Merit: 250


Clown prophet


View Profile
April 04, 2013, 09:39:05 AM
 #7

There's nothing wrong with having an open source trading engine, there shouldn't be any secrets in there.
Yeah? What if developers leaved a bug with vulnurability and have no idea  about it? And 1000s hackers in the world have ability to watch and reverse the source...
Puppet
Legendary
*
Offline Offline

Activity: 980
Merit: 1040


View Profile
April 04, 2013, 10:11:18 AM
 #8

There's nothing wrong with having an open source trading engine, there shouldn't be any secrets in there.
Yeah? What if developers leaved a bug with vulnurability and have no idea  about it? And 1000s hackers in the world have ability to watch and reverse the source...

And 1000s of legitimate developers have the possibility to find and correct bugs before hackers do. Its how linux and unix work and your bank runs on it.  That said; in this case the ratio of honest devs and wannabee hackers was probably skewed in the wrong direction, and the software couldnt possibly have been as mature as something like linux/unix so Im not sure it was a great idea.

lucif
Sr. Member
****
Offline Offline

Activity: 462
Merit: 250


Clown prophet


View Profile
April 04, 2013, 11:06:43 AM
 #9

This is hard violation of all security guidelines for money flow systems. Don't mess Unix with PCI-like services.

Banks don't put a map of all their inside structure right near door. Its just stupid.

Sources must keep safe. Programmers must be under NDA. Otherwise your service will be hero of such breaking news.
01BTC10
VIP
Hero Member
*
Offline Offline

Activity: 756
Merit: 503



View Profile
April 04, 2013, 11:09:09 AM
 #10

There's nothing wrong with having an open source trading engine, there shouldn't be any secrets in there.
Yeah? What if developers leaved a bug with vulnurability and have no idea  about it? And 1000s hackers in the world have ability to watch and reverse the source...
Security via obscurity doesn't make it more secure.
lucif
Sr. Member
****
Offline Offline

Activity: 462
Merit: 250


Clown prophet


View Profile
April 04, 2013, 11:16:43 AM
 #11

Security via obscurity doesn't make it more secure.
Obscurity is additional level. There are much of levels. Keep sources open could be good practice for anyone except money flow.

However i see this community sloven level is too high. Why I explain obvious security standards...

I see they had very good security, yeah.
lucif
Sr. Member
****
Offline Offline

Activity: 462
Merit: 250


Clown prophet


View Profile
April 04, 2013, 11:19:27 AM
 #12

https://www.pcisecuritystandards.org/security_standards/

Internal structure leak. Hard violation. Guilty.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!