Bitcoin Forum
December 10, 2016, 08:58:18 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: Everyone stop panicking and read this  (Read 3501 times)
Silverpike
Jr. Member
*
Offline Offline

Activity: 57



View Profile
June 20, 2011, 04:47:51 AM
 #1

I was asleep when the whole Mtgox hack incident went down (apparently).  I am surprised by the reactions I see on this forum; it reminds me a lot of young children being told for the first time they can't stay out and play after 8pm: tantrums, yelling, and wild accusations of unfairness.  If you have half a brain in your head and you care about Bitcoins, then please consider the following important points:

  • Bitcoin is still an extremely young technology.  Nobody in the Bitcoin community, including developers, can tell you with certainty that everything will work out successfully, because none of us have ever done this before.
  • Due to the disruptive nature of Bitcoin, it will attract a lot of both positive and negative attention.  Even after this Mt. Gox incident is over, there will be future problems with deception, fraud, theft, and misuse.
  • We need more attacks in order to secure a bright future for Bitcoin.  I know this statement will aggravate lots of people.  However, it is a fundamental property of engineering complex systems: if you haven't tested it, it's broken.  This means until we have actually tried to compromise the system in ways which we know are possible to observe the effects, we can't declare Bitcoin a secure system.  One large such example is an attempt to split the blockchain.  I fear that until someone actually tries this, there may be more serious issues lurking which we can't forsee.
  • Bitcoin is not a substitute for common sense.  Just because we can all use our shiny new currency does not mean basic needs like authentication, trust, and good financial engineering practices aren't necessary.  The Mt. Gox hack was a basic failure of secure website design, and as far as I'm aware does not represent any compromise to viability of Bitcoin itself.

My sympathies to any of the Mt. Gox users hacked in this incident.  With that in mind, I'm sure there will be better more robust trading exchanges available in the future, and something tells me we will do a good job of learning from hard lessons.
1481403498
Hero Member
*
Offline Offline

Posts: 1481403498

View Profile Personal Message (Offline)

Ignore
1481403498
Reply with quote  #2

1481403498
Report to moderator
1481403498
Hero Member
*
Offline Offline

Posts: 1481403498

View Profile Personal Message (Offline)

Ignore
1481403498
Reply with quote  #2

1481403498
Report to moderator
1481403498
Hero Member
*
Offline Offline

Posts: 1481403498

View Profile Personal Message (Offline)

Ignore
1481403498
Reply with quote  #2

1481403498
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481403498
Hero Member
*
Offline Offline

Posts: 1481403498

View Profile Personal Message (Offline)

Ignore
1481403498
Reply with quote  #2

1481403498
Report to moderator
RyNinDaCleM
Legendary
*
Offline Offline

Activity: 2002


Legen -wait for it- dary


View Profile
June 20, 2011, 04:57:53 AM
 #2

Bravo! (Applauding emoticon)
I agree 1000%! This is not BitCoins insecurity! It is the users/web site security issues! Problems now, help to discover flaws that need to be fixed! So that, these issues don't arise again, and lead to more secure solutions in the future!

imperi
Full Member
***
Offline Offline

Activity: 196


View Profile
June 20, 2011, 04:58:42 AM
 #3

+1
Electrongolf
Full Member
***
Offline Offline

Activity: 139

What's Your Gig?


View Profile WWW
June 20, 2011, 05:01:03 AM
 #4

I agree. This is NOT a result of the shortcomings of BTC. It appears to be a website security issue. Bitcoins are OK.

DamienBlack
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 20, 2011, 05:16:23 AM
 #5

Apparently Mt Gox was not hacked through SQL injection.

"It appears that someone who performs audits on our system and had read-only access to our database had their computer compromised. This allowed for someone to pull our database. The site was not compromised with a SQL injection as many are reporting, so in effect the site was not hacked."

So it was not website insecurity, but poor practices.

I trade bitcoin options at https://bitoption.org/ ... Join me.
I play poker at https://betco.in/ ... Join me.
Support the bitcoin economy, what do you do?
Tips: 1NfXhiTFEdKQTdLy49s6DYAP1K7MeFWyao
done
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 20, 2011, 05:19:58 AM
 #6

Buy and hold. Good luck men. If it goes lower buy more.
Bit_Happy
Legendary
*
Offline Offline

Activity: 1442


A Great Time to Start Something!


View Profile
June 20, 2011, 05:20:30 AM
 #7

Everyone stop panicking and read this.

+1
 For helping remind people not to panic.
I'm trying to do the same:
When the Hot Deadly Lava from MtGox is Inches from Your Feet how Will YOU React?


15DYJpWJe9H1YofsNQbP9JEWWNn7XPZgbS
Tx2000
Full Member
***
Offline Offline

Activity: 182



View Profile
June 20, 2011, 05:31:45 AM
 #8

It's a learning process.  It's going to be painful but hopefully in the end, it will make the bitcoin stronger.
Noam
Newbie
*
Offline Offline

Activity: 19


View Profile
June 20, 2011, 06:12:55 AM
 #9



+1
marcus_of_augustus
Legendary
*
Offline Offline

Activity: 2100



View Profile
June 20, 2011, 06:13:13 AM
 #10

Quote
One large such example is an attempt to split the blockchain.  I fear that until someone actually tries this, there may be more serious issues lurking which we can't forsee.

How do you know with such certainty that this "test" has not already taken place?

If you can find a suitably sized machine/network (~6Thash/s) we could test it ... but the days of a feasible >50% attack are behind us with the current technology ...

... there have been some pretty impressive ramp-ups and collapses in network hashrate that suggest such "tests" have already taken place in the past.

flug
Sr. Member
****
Offline Offline

Activity: 280



View Profile
June 20, 2011, 08:38:59 AM
 #11

+1
klaus
Legendary
*
Offline Offline

Activity: 1652



View Profile
June 20, 2011, 08:43:44 AM
 #12

+1 Great !

bitmessage:BM-2D9c1oAbkVo96zDhTZ2jV6RXzQ9VG3A6f1​
threema:HXUAMT96
jatajuta
Sr. Member
****
Offline Offline

Activity: 365



View Profile
June 20, 2011, 08:50:29 AM
 #13

+1

Hooray!
garyrowe
Full Member
***
Offline Offline

Activity: 124



View Profile WWW
June 20, 2011, 08:54:51 AM
 #14

One thing that will help is if someone can post up a set of good secure design practices. This will help those developing new Bitcoin based websites to ensure that their sites won't get immediately cracked. I'm thinking of a minimum set of architecture requirements that can be used as a ticklist.

I'm not simply saying "TrueCrypt your wallet!" - that advice is fine for casual users. If you're developing a large scale system with lots of wallets what would you do to ensure the safety of your clients?

Bitcoin enthusiast and Java programmer contributing to https://multibit.org and http://bitcoin.stackexchange.com
oyster2000
Jr. Member
*
Offline Offline

Activity: 37


View Profile
June 20, 2011, 08:56:00 AM
 #15

to me it sounds like a rouge auditor not getting paid enough ... or a semi pro using a compromised windows machine.. eitherr way there is going to be many more heists oof btc in the future like this.. its to be expected.. i think only looser here is mtgox as their rep is screwed now.. time for more exchamges to come out of the woodwork and put down the mtgox monopoly... but who to trust .. whos next to get greedy and slam some more bad press around .. totally expect more of the same

bitclown
Full Member
***
Offline Offline

Activity: 186


View Profile
June 20, 2011, 09:07:19 AM
 #16

So it was not website insecurity, but poor practices.
Yes... Somehow a cracker just happened to manually discover and root a box with a db connection to Mt. Gox out of the blue. And this excuse comes from the same people who have been disregarding all the recent reports of compromised accounts as client infections?
Litt
Sr. Member
****
Offline Offline

Activity: 350


View Profile
June 20, 2011, 06:33:33 PM
 #17

Finally it's like we are back at the beginning of the year when forum was still filled with adults. Thank you for this because I share the exact same sentiment.

Most important thing we have to remember now and in the future is that this is just the beginning. We are all early adapters and we have got to play the part in helping it become mainstream. No one else will do this for us. We have yet to face the real challenges of bitcoin which are ahead and the community can't forget that many people/organization with lot to lose will try to throw wrenches in bitcoin's path. This is just small bump of the road that really didn't do anything to compromise Bitcoin's actual security. Media outlets will already do the jobs of sensational reporting when infact it was just a compromised computer of an auditor which compromised the db of a single exchange.
GideonGono
Sr. Member
****
Offline Offline

Activity: 398


Long Live The FED


View Profile WWW
June 20, 2011, 06:39:50 PM
 #18

+1

ivank2139
Newbie
*
Offline Offline

Activity: 27


View Profile
June 20, 2011, 07:24:20 PM
 #19

One principle of web site design for the Exchanges to follow is "Defense in Depth".  don't depend on a single feature to be your security, all aspects of the system require minimum access privileges and very fine grained audit controls and monitoring.  If one has permissions to access a database it should be further restricted to what tables and rows are appropriate.  All the way down to every file on every system in the enterprise.  Who owns it , who can read it (and how often!), who can change it.  who can delete it.  Keep in mind that once it is read it can be let loose in the wild with another few steps.  That has to all be monitored and logged.  and the system must do it automatically and with alerts to the watchers.
saqwe
Full Member
***
Offline Offline

Activity: 224



View Profile WWW
June 20, 2011, 07:48:14 PM
 #20

+1

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!