Hey guys, I recently started looking more into the crisis over at Mt. Gox, and I was absolutely shocked to find out that all of these accounts, worth (likely) over half a million dollars combined, were hacked with a simple SQL injection.
Now, what is an SQL injection, you may ask? It is one of the most basic and well-known methods of cracking websites. It is constantly seen as one of the most high-risk attacks possible on websites, yet it seems to be over-looked time and again. I'm guessing that whoever was behind this attack has been inspired by the recent Lulzsec epidemic, as most of their recent attacks seem to use this method. If I remember correctly, they downright admitted this was the case in their recent leak of a few thousand FBI accounts.
Now, SQL injection is not the only method of attacking websites. There are, of course, others. But by Mt. Gox simply ignoring a very basic vulnerability in their site, they put their customer's at risk. And so, this happened. As a result, out of personal disgust I will be doing free security audits for any site related to BTC market trading or any site that uses BTC that would like to be audited.
If you would like me to audit the site, just post the website URL here and I will PM you any vulnerabilities I find. If you wish to be on the safe side, you can just post here that you would like me to audit the site then PM me with the URL. Again, this is entirely free, but donations are appreciated at my address: 1LmRDt5z5Ry4JarzcRow3HFa1dLYFf5kJF.
Most likely I will only point out the possible vulnerabilites, but if I have some knowledge on the vulnerability then I will suggest ways to prevent your website from coming under attack through it.
Hi, we would be interested in speaking with you. We are also creating a community funded Task Force to beef up security across the Bitcoin community. Send an email to firstname.lastname@example.org
with the title "Task Force"