Bitcoin Forum
December 09, 2016, 07:51:00 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: Now these are some serious and security minded people  (Read 3602 times)
Houdini
Member
**
Offline Offline

Activity: 84



View Profile
June 19, 2011, 08:55:33 PM
 #1


Quote from https://britcoin.co.uk/ :
Due to the recent events at MTGox.com, we at Britcoin have decided to move our servers to a new location. MTGox suffered an SQL injection which means access to the site's funds were in the hands of the malicious hacker. As such, until we see evidence to the contrary, for security reasons we are assuming that MTGox has none of it's client's bitcoins. For this reason, we have withdrawn their access to our servers and the sensitive information on those servers.

While our servers were separate, we were purchasing server space from MagicalTux, the owner/operator of MTGox. We have already moved all our customer bitcoins to a wallet which has newly been created and has the highest measure of security possible. The GBP deposits of course are still safe in our business bank account as well.

We will put Britcoin up again as soon as possible, but only once we are confident we have the highest level of security our users deserve.
1481269860
Hero Member
*
Offline Offline

Posts: 1481269860

View Profile Personal Message (Offline)

Ignore
1481269860
Reply with quote  #2

1481269860
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
SgtSpike
Legendary
*
Offline Offline

Activity: 1344



View Profile
June 19, 2011, 08:58:09 PM
 #2

Yeah, I am glad to see that at least ONE bitcoin site has security on their minds!
myrkul
Hero Member
*****
Offline Offline

Activity: 532


FIAT LIBERTAS RVAT CAELVM


View Profile WWW
June 19, 2011, 09:00:33 PM
 #3


Quote from https://britcoin.co.uk/ :

We will put Britcoin up again as soon as possible, but only once we are confident we have the highest level of security our users deserve.


Good on them.

BTC1MYRkuLv4XPBa6bGnYAronz55grPAGcxja
Need Dispute resolution? Public Key ID: 0x11D341CF
No person has the right to initiate force, threat of force, or fraud against another person or their property. VIM VI REPELLERE LICET
angelo95
Member
**
Offline Offline

Activity: 84


View Profile
June 19, 2011, 09:03:01 PM
 #4

Yes but it's easy now after the battle. They might gain a lot of bidders though now as Mtgox is dead.
BioMike
Legendary
*
Offline Offline

Activity: 1258


View Profile
June 19, 2011, 09:04:26 PM
 #5

Last time I checked the source code of them... they didn't use parametrized queries. I hope they do now, if security is so important for them.
Houdini
Member
**
Offline Offline

Activity: 84



View Profile
June 19, 2011, 09:48:59 PM
 #6

There's one good thing to come out of this horrible mess (every cloud has a silver lining). Every other bitcoin exchange from now one will strive with all their might to secure their database, because not doing so means business failure (if Mt. Gox isn't killed by this, it will certainly have a huge decrease in revenues due to loss of customers).
bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
June 19, 2011, 09:51:56 PM
 #7

Yeah, I am glad to see that at least ONE bitcoin site has security on their minds!

They work with real money - not with worthless FED bills. Smiley

Misspelling protects against dictionary attacks NOT
cunicula
Hero Member
*****
Offline Offline

Activity: 756


Stack-overflow Guru


View Profile WWW
June 19, 2011, 10:19:55 PM
 #8

"Last time I checked the source code of them... they didn't use parametrized queries. I hope they do now, if security is so important for them."

Security is not just in the code. Management's response to incidents is just as important. Mt. Gox has failed severely on this dimension.
"Really guys it's just one account, breached due to user error. All the other accounts are safe."
Rinse Repeat until the business fails.

Kudos to Britcoin.

▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁
        AltCoinInternalExperts                Get Your Altcoin Promoted On Social Media       
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
GeniuSxBoY
Hero Member
*****
Offline Offline

Activity: 546



View Profile
June 19, 2011, 10:24:27 PM
 #9

I don't buy anyone claiming security. I haven't seen lulz FAIL at anything they put their mind to.


Houdini
Member
**
Offline Offline

Activity: 84



View Profile
June 19, 2011, 11:18:49 PM
 #10

Someone else takes security seriously as well :
"TradeHill has recently learned that a large number of user accounts at a competing Bitcoin exchange have been compromised. Because of the possibility that our users may have used the same password on multiple exchanges, we will be halting the ability to trade or withdraw funds for a few hours. We hope this will give all of our users time to reset their passwords if needed. You can reset your password by clicking on your username in the upper right of the website. This merely a precaution, and we do not have any evidence that our site has been compromised in any way. More info soon."
It seems whatever happens (market bubble bursts, astronomic thefts, server database hacks) Bitcoin keeps rolling on like a steamroller, stopping for nothing (including the victims splattened on the way Smiley ).
unk
Member
**
Offline Offline

Activity: 84


View Profile
June 20, 2011, 12:48:35 AM
 #11

a suggestion to the kind folks at britcoin:

once you are able, announce in advance a particular time that you will restart the exchange. announce also a time, at least several hours before that opening, at which customers will be able to log in and have an opportunity to add and delete orders. then, orders on the same side of the market at the same price when the exchange goes 'live' again should compete at random, not based on the time of entry.

this will help avoid a rush, normalize the market, and satisfy a variety of disparate interests.
ishav
Newbie
*
Offline Offline

Activity: 12


View Profile
June 20, 2011, 01:01:47 AM
 #12

"Last time I checked the source code of them... they didn't use parametrized queries. I hope they do now, if security is so important for them."

Security is not just in the code. Management's response to incidents is just as important. Mt. Gox has failed severely on this dimension.
"Really guys it's just one account, breached due to user error. All the other accounts are safe."
Rinse Repeat until the business fails.

Kudos to Britcoin.

And how do you know that they was aware of their database breach when they wrote that?.
saqwe
Full Member
***
Offline Offline

Activity: 224



View Profile WWW
June 20, 2011, 01:23:48 AM
 #13

a suggestion to the kind folks at britcoin:

once you are able, announce in advance a particular time that you will restart the exchange. announce also a time, at least several hours before that opening, at which customers will be able to log in and have an opportunity to add and delete orders. then, orders on the same side of the market at the same price when the exchange goes 'live' again should compete at random, not based on the time of entry.

this will help avoid a rush, normalize the market, and satisfy a variety of disparate interests.

+1

onesalt
Sr. Member
****
Offline Offline

Activity: 308


View Profile
June 20, 2011, 01:25:16 AM
 #14

Yeah, I am glad to see that at least ONE bitcoin site has security on their minds!

They work with real money - not with worthless FED bills. Smiley

which is wierd becuase I don't recall one main street bank losing all their money and customer records to a simple sql injection attack...
Batouzo
Member
**
Offline Offline

Activity: 70


View Profile
June 20, 2011, 01:26:37 AM
 #15

"Last time I checked the source code of them... they didn't use parametrized queries. I hope they do now, if security is so important for them."

Security is not just in the code. Management's response to incidents is just as important

Are you shitting us?

Secure == code_security AND response_teams,
not "OR".

cunicula
Hero Member
*****
Offline Offline

Activity: 756


Stack-overflow Guru


View Profile WWW
June 20, 2011, 01:29:44 AM
 #16

Of course they didn't know.  Point is that they shouldn't have made optimistic assumptions.  I posted yesterday that it was negligent of them not to have taken the site offline when the cross-site forgery exploit was discovered. I have much less information and expertise than they do, but it still seemed negligent to me.

They should have assumed the worst when the rate of reports of hacked accounts on the forums spiked dramatically in the last few days. If you wait for proof that you've been had it is too late by definition.

▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁
        AltCoinInternalExperts                Get Your Altcoin Promoted On Social Media       
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
cunicula
Hero Member
*****
Offline Offline

Activity: 756


Stack-overflow Guru


View Profile WWW
June 20, 2011, 01:34:46 AM
 #17

Are you shitting us?

Secure == code_security AND response_teams,
not "OR".

Why do you ask "Are you shitting us?" and then repeat my statement. ADHD?

▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁
        AltCoinInternalExperts                Get Your Altcoin Promoted On Social Media       
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
unk
Member
**
Offline Offline

Activity: 84


View Profile
June 20, 2011, 01:37:04 AM
 #18

i'm forced to concur with cunicula about negligence. these aren't novel or clever problems to be having, and not responding to them instantaneously is very shoddy security practice. savvy users should demand no less, which is one reason i never set up a mt. gox account.

i've said it many times, but the community is overall exceedingly complacent when it comes to security, which is surprising for supporters of a cryptocurrency.

various attacks on the bitcoin protocol itself are next, because they take a little more cleverness than exploiting the kind of obvious web-based vulnerabilities that plague poorly written websites. nonetheless, i'm fairly sure that most people reading my last sentence are still thinking 'there are no such attacks because bitcoin is peer-to-peer. go away, you troll'.
Batouzo
Member
**
Offline Offline

Activity: 70


View Profile
June 20, 2011, 01:40:05 AM
 #19

Are you shitting us?

Secure == code_security AND response_teams,
not "OR".

Why do you ask "Are you shitting us?" and then repeat my statement. ADHD?

Your statement looked like if you said it otherwise.
Like if you said "... but don't worry about the bad code, the RESPONSE is what matters"

Never mind then Smiley

NO_SLAVE
Jr. Member
*
Offline Offline

Activity: 56


DEBT IS SLAVERY


View Profile
June 20, 2011, 01:46:44 AM
 #20


It seems whatever happens (market bubble bursts, astronomic thefts, server database hacks) Bitcoin keeps rolling on like a steamroller, stopping for nothing (including the victims splattened on the way Smiley ).

Yeh right, keep on smoking it brah. Fall out is on the way.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!