Bitcoin Forum
December 08, 2016, 04:30:12 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 4 5 »  All
  Print  
Author Topic: MtGox UPDATE  (Read 22787 times)
JTaBitCoinKing
Newbie
*
Offline Offline

Activity: 28


View Profile
June 19, 2011, 09:35:03 PM
 #21

i really don't think you can call them 'stolen coins' with a straight face. what's done is done, and it's on your shoulders to fix it, NOT by denying people with legitimate bids their feast.
Coins sold by someone who didn't own them are not stolen? Why? because you got them?

That's very narcissistic, almost psychopathic.

Psychopaths should not benefit from this currency: that's the way the old world worked.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481171412
Hero Member
*
Offline Offline

Posts: 1481171412

View Profile Personal Message (Offline)

Ignore
1481171412
Reply with quote  #2

1481171412
Report to moderator
1481171412
Hero Member
*
Offline Offline

Posts: 1481171412

View Profile Personal Message (Offline)

Ignore
1481171412
Reply with quote  #2

1481171412
Report to moderator
1481171412
Hero Member
*
Offline Offline

Posts: 1481171412

View Profile Personal Message (Offline)

Ignore
1481171412
Reply with quote  #2

1481171412
Report to moderator
MyFarm
Hero Member
*****
Offline Offline

Activity: 840


View Profile
June 19, 2011, 09:35:57 PM
 #22

MyFarm:
Yes the site won't be back online until we are certain there are no other exploits.
Cool, see you guys in a month or two.  Though you might upset a few people who have thousands of dollars/BTC tied up in your system.

I sure don't envy you at this point.
bittrader
Jr. Member
*
Offline Offline

Activity: 42



View Profile
June 19, 2011, 09:36:30 PM
 #23

All passwords will be disabled and you will have to reset your password with the email on file. If no email is on file then it will be handled manually.

I count almost 4,000 accounts with blank emails — and mine is one of them. How do you plan on handling them manually? How will you verify that whoever is claiming to be the owner really is the owner?

Thanks.
paulie_w
Sr. Member
****
Offline Offline

Activity: 420


View Profile
June 19, 2011, 09:36:49 PM
 #24

i really don't think you can call them 'stolen coins' with a straight face. what's done is done, and it's on your shoulders to fix it, NOT by denying people with legitimate bids their feast.
Coins sold by someone who didn't own them are not stolen? Why? because you got them?

That's very narcissistic, almost psychopathic.

Psychopaths should not benefit from this currency: that's the way the old world worked.

you're completely right and i already retracted that sentiment in an earlier post in this thread.

even if i do feel a little burned (hey it's natural after a seemingly eye-popping win), i'd rather do what is right for this thing to succeed long-term.
RandyMarsh
Full Member
***
Offline Offline

Activity: 237



View Profile
June 19, 2011, 09:37:26 PM
 #25

i really don't think you can call them 'stolen coins' with a straight face. what's done is done, and it's on your shoulders to fix it, NOT by denying people with legitimate bids their feast.

Of course they were stolen! They were in essence stolen from the user whos account was compromised, and then used to cause chaos on the market. Regardless of the fact that they were used within the system and by the account of the user who orignally owned them, they were still plainly stolen by the hacker who then simply dumped all but the little bit he could get away with.

They were absolutely Stolen, and almost all trades since the event are Illegitimate in my eyes anyway.

Stan?! STAN?!?!
Bit_Happy
Legendary
*
Offline Offline

Activity: 1442


A Great Time to Start Something!


View Profile
June 19, 2011, 09:40:52 PM
 #26

Thanks for the update, I'm a big fan of your service (the charts are great) and you still have my support.
Any ETA on how long the security fixes will take? Any chance of being up within ~12 hours?

15DYJpWJe9H1YofsNQbP9JEWWNn7XPZgbS
jorgen
VIP
Member
*
Offline Offline

Activity: 114


View Profile
June 19, 2011, 09:43:08 PM
 #27

Jed and Tux made a lot for bitcoin community in the past and I hope this accident will force them make double efforts to secure the No1 exchange! I also had some bids on 14.5 but I do not mind against reversing transactions.
elmom
Newbie
*
Offline Offline

Activity: 21


View Profile
June 19, 2011, 09:43:21 PM
 #28

What about the people that have complained that their email is wrong based on the leaked DB. Will you roll back the email addresses too? Someone said (on IRC) they had a hash in the DB corresponding to a password that was changed 19 days ago. And several accounts have been reported as compromised before today's events.
jhansen858
Sr. Member
****
Offline Offline

Activity: 336


View Profile
June 19, 2011, 09:44:03 PM
 #29

Well people, there you have it,

They manned up, took responsibility, are going to make everything right, if necessary on a case by case basis.  

What have we learned?

1) Don't put all your BTC in one basket if you don't want to not have unlimited access to it.
2) This isn't a game, if you cant take the drama, get the fuck out of the kitchen, go back to some safer investment like trading over your margins on the stock market.
3) Don't use easy to un-hash passwords that are the same for every site you use.
4) more control and regulation is needed on the side of the exchanges to limit the price swings much like the real stock market has now


Hi forum: 1DDpiEt36VTJsiJunyBc3XtG6CcSAnsQ4p
jatajuta
Sr. Member
****
Offline Offline

Activity: 365



View Profile
June 19, 2011, 09:44:26 PM
 #30

This is definitively the digital gold run of the century.

Welcome to the wild west. Cheesy
joepie91
Sr. Member
****
Offline Offline

Activity: 294


View Profile
June 19, 2011, 09:47:11 PM
 #31

And what about the users who had their accounts compromised in the past few weeks or so?

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
unk
Member
**
Offline Offline

Activity: 84


View Profile
June 19, 2011, 09:49:36 PM
 #32

a trade in all conventional currency markets is not 'invalid' merely because it is made with stolen funds. the trades and the theft are two separate issues. people analogizing to the 'flash crash' are doing so without understanding financial markets fully.

s3052, some others, and i have been discussing the proper way to think about this here: https://forum.bitcoin.org/index.php?topic=19593.0

if mt. gox is indeed determined to do what is legally and ethically correct, it seems far too glib to assume that a 'rollback' of transactions is legitimate merely because funds were stolen and then sold. as an analogy, if someone stole us dollars and then bought bitcoins with them, would you be so quick to break the trades? it would seem ridiculous to do so, and i'm afraid it's potentially just as problematic on this side as if the theft happened on the other side. i'm not a lawyer, but i suspect you'll face legal exposure for breaking trades as well, given that you combine the roles both of a broker and an exchange.

in case it matters, i do not have a mt. gox account and would not be directly affected by a rollback. i'm just frustrated with the lack of transparency and have claimed for months that issues with exchanges may prove disastrous for bitcoin's wider adoption.
Bit_Happy
Legendary
*
Offline Offline

Activity: 1442


A Great Time to Start Something!


View Profile
June 19, 2011, 09:51:26 PM
 #33

And what about the users who had their accounts compromised in the past few weeks or so?

Many were trolls who lied, IMO.
A password hash does not allow you to login. The mysterious big account might have had a virus/key-logger on his PC.

15DYJpWJe9H1YofsNQbP9JEWWNn7XPZgbS
lacedwithkerosene
Member
**
Offline Offline

Activity: 112


View Profile WWW
June 19, 2011, 09:51:34 PM
 #34

So now you are acknowledging the situation and providing updates but what about an inclusion of a simple apology/saying "We're Sorry" to your customers, is that too much ?  Huh

Durr
Newbie
*
Offline Offline

Activity: 28


View Profile
June 19, 2011, 09:53:07 PM
 #35

So now you are acknowledging the situation and providing updates but what about an inclusion of a simple apology/saying "We're Sorry" to your customers, is that too much ?  Huh

Big risk in acknowlidging you are wrong. So they won't say they are sorry.

It'd be like saying "Im guilty" in court.

Help this puppy survive: http://larrycorreia.files.wordpress.com/2011/06/mr-snuggles.jpg

Donate to 1Gvzk3L3oLjeK5m6y4B82kFvLEZbqQnUWs
mrenouf
Newbie
*
Offline Offline

Activity: 17


View Profile
June 19, 2011, 09:55:11 PM
 #36

http://oi53.tinypic.com/2mhzq6u.jpg
joepie91
Sr. Member
****
Offline Offline

Activity: 294


View Profile
June 19, 2011, 09:59:05 PM
 #37

And what about the users who had their accounts compromised in the past few weeks or so?

Many were trolls who lied, IMO.
A password hash does not allow you to login. The mysterious big account might have had a virus/key-logger on his PC.
I have had $200 vanish from my account. I have turned my PC upside down, including manual analysis and found no malware of any kind. I had a 20 character alphanumeric mixed case KeePass-generated random password. I was not a victim of the CSRF exploit as I could not reach the Mt. Gox site (thus wasn't logged in) at the moment the funds were stolen. Someone could easily break such a password by using a service like Amazon AWS - and it would actually pay off as you are trying to compromise accounts on a financial service that holds money. Not to mention that miners have hardware that is specifically suited for hashcracking.

Now tell me with a straight face that this was not related to the database leak.

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
DamienBlack
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 19, 2011, 10:00:46 PM
 #38

And what about the users who had their accounts compromised in the past few weeks or so?

Many were trolls who lied, IMO.
A password hash does not allow you to login. The mysterious big account might have had a virus/key-logger on his PC.

It does if the password was weak and you brute force it.

I trade bitcoin options at https://bitoption.org/ ... Join me.
I play poker at https://betco.in/ ... Join me.
Support the bitcoin economy, what do you do?
Tips: 1NfXhiTFEdKQTdLy49s6DYAP1K7MeFWyao
kokojie
Legendary
*
Offline Offline

Activity: 1498



View Profile WWW
June 19, 2011, 10:01:16 PM
 #39

And what about the users who had their accounts compromised in the past few weeks or so?

Many were trolls who lied, IMO.
A password hash does not allow you to login. The mysterious big account might have had a virus/key-logger on his PC.

Actually it does if SQLI attack were possible (which apparently it is at mtgox). All the server want is compare the password hash with the one it had in the db. If you bypass the login box and provide the server with the hash directly thru SQLI attack, the mtgox server would allow you to login.

If my post has been helpful, send me some love -> BTC: 1kokojUapmWqCqPw3Ch2rjcVh57tJEzka | PPC: PDyXAgA8eH47gokVW6zVZPSuu15aao5nZF | Bitshares: kokojie
My reputation
klamathonsite
Full Member
***
Offline Offline

Activity: 154



View Profile WWW
June 19, 2011, 10:03:15 PM
 #40

yeah they got into my email just few minutes ago and then i found new email from mtgox they are still hacking the site.
so DONT TRUST MTGOX they took your info and if you have same mail and same password on Dwolla change it RIGHT NOW OOOH MTGOX!!! Liability i can see if going up higher and higher by the hour.

Pages: « 1 [2] 3 4 5 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!