Bitcoin Forum
November 05, 2024, 11:14:04 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2]  All
  Print  
Author Topic: The upside to the MtGox hax  (Read 4312 times)
YoYa
Hero Member
*****
Offline Offline

Activity: 809
Merit: 501


Always verify deals with me through my public key!


View Profile WWW
June 20, 2011, 05:25:34 PM
 #21

The world doesn't operate on prevention, because prevention doesn't work.

They were able to reverse transactions and roll the site back to the way it was before the invalid order.  They also had mechanisms in place to reduce the amount of irreversible damage that could happen before the attack was noticed and stopped.

Those sound like pretty damn good safeguards to me.

Tight security is a pretty important form of prevention.  Mt Gox can rollback transactions as much as they like.  The few members of the general public who follow bitcoin got the message that 'bitcoin got hacked', regardless of the real details.

The world does operate on prevention.  That's why balconies have railings, dangerous areas are often fenced off and industrial machinery has physical and electronic barriers to prevent accidents.

Agreed, not only that but banking and finance operate on prevention^2. This represents the sheer lack of experience MtGox have in what they are doing. I've worked in companies with extremely fast growth, and it's not hard to notice that success leads to growing pains, and as evidenced by yesterday these can be severe.

In that sense I can sympatise with MtGox, but on the other hand.....
  • They didn't add even the simplest of extra sec checks to their login
  • They didn't assume the worst and proceed as such when reports started surfacing that accounts were being hacked
  • Their database should have been natively encrypted, performance issues are not a customers concern
  • They could have closed the exchange at the weekends to help stabilize both security and volatility

Get with it! You're not in the game card trading world any more Dorothy! This is the real world, with an entire internet of dodgy fucks just looking to penetrate your every orificeflaw!
Sottilde
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile
June 20, 2011, 05:54:23 PM
 #22


In that sense I can sympatise with MtGox, but on the other hand.....
  • They didn't add even the simplest of extra sec checks to their login
  • They didn't assume the worst and proceed as such when reports started surfacing that accounts were being hacked
  • Their database should have been natively encrypted, performance issues are not a customers concern


Agreed on these points.  They don't even do basic IP verification (non-recognized IP, send email with verification link).  They really need to step it up.
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!