Bitcoin Forum
December 08, 2016, 12:21:12 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: Poll: Rollback, No Rollback?  (Read 2463 times)
bitsalame
Donator
Hero Member
*
Offline Offline

Activity: 616


Preaching the gospel of Satoshi


View Profile
June 21, 2011, 02:16:06 AM
 #1

I created this poll and I would like to hear the opinion of the community:

Take the Poll: http://www.learnmyself.com/personality.asp?p=take-poll&qp=63841x03B4485e
1481199672
Hero Member
*
Offline Offline

Posts: 1481199672

View Profile Personal Message (Offline)

Ignore
1481199672
Reply with quote  #2

1481199672
Report to moderator
1481199672
Hero Member
*
Offline Offline

Posts: 1481199672

View Profile Personal Message (Offline)

Ignore
1481199672
Reply with quote  #2

1481199672
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481199672
Hero Member
*
Offline Offline

Posts: 1481199672

View Profile Personal Message (Offline)

Ignore
1481199672
Reply with quote  #2

1481199672
Report to moderator
1481199672
Hero Member
*
Offline Offline

Posts: 1481199672

View Profile Personal Message (Offline)

Ignore
1481199672
Reply with quote  #2

1481199672
Report to moderator
Dobrodav
Full Member
***
Offline Offline

Activity: 140


View Profile
June 21, 2011, 02:26:45 AM
 #2

No way. I am will not press unknown links on that forum, especially if that poll can be done right here.

We will  meet in not-so-distant future.
Today`s strange music :
http://www.youtube.com/watch?v=V8mCgjbBPMk
Yesterday`s  strange music:
http://www.youtube.com/watch?v=-uCTyC1FGLw
d.james
Sr. Member
****
Offline Offline

Activity: 280

Firstbits: 12pqwk


View Profile
June 21, 2011, 02:27:56 AM
 #3

New pool:

* Click on that link.
* Don't click on that link.

You can not roll a BitCoin, but you can rollback some. Cheesy
Roll me back: 1NxMkvbYn8o7kKCWPsnWR4FDvH7L9TJqGG
epii
Full Member
***
Offline Offline

Activity: 196



View Profile
June 21, 2011, 02:28:48 AM
 #4

For what it's worth, so far 10 out of 15 votes are in favour of rollback.

Vires In Numeris.
AngstHase
Jr. Member
*
Offline Offline

Activity: 31


View Profile
June 21, 2011, 02:30:02 AM
 #5

No way. I am will not press unknown links on that forum, especially if that poll can be done right here.

just a link. Its not 1996 anymore.

BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
June 21, 2011, 02:31:17 AM
 #6

But I really have issues with urls leading to .asp pages... IIS gives me itch!  Embarrassed
AngstHase
Jr. Member
*
Offline Offline

Activity: 31


View Profile
June 21, 2011, 02:34:12 AM
 #7

Stop surfing and trolling around with on your rig  Grin


Or at least disable java,javascript,flash,firefox,internetexplorer and last but not least all microsoft products Cheesy

bitsalame
Donator
Hero Member
*
Offline Offline

Activity: 616


Preaching the gospel of Satoshi


View Profile
June 21, 2011, 02:38:44 AM
 #8

Wow, I didn't expect so many people opting for Rollbacks.
The good thing about this poll is that I published the same poll in three different forums.
It will give us the general opinion, rather than the biased opinion of "Bitcoin Discussion"
jjiimm_64
Legendary
*
Offline Offline

Activity: 1680


View Profile
June 21, 2011, 02:44:45 AM
 #9

lol,

 I would rather print out all the packets on the printer and drive them to the browser then use IIS.

1jimbitm6hAKTjKX4qurCNQubbnk2YsFw
BitBuster
Member
**
Offline Offline

Activity: 101


View Profile
June 21, 2011, 02:47:16 AM
 #10

MtGox had access to data.
MtGox gave access to "auditor".
"auditor" was compromised.
Lulz ensued.
People got screwed.

MtGox is responsible, but is trying to cop out of it by rolling back.
The ONLY positive thing would be to compensate all parties.
bitsalame
Donator
Hero Member
*
Offline Offline

Activity: 616


Preaching the gospel of Satoshi


View Profile
June 21, 2011, 03:10:48 AM
 #11

MtGox had access to data.
MtGox gave access to "auditor".
"auditor" was compromised.
Lulz ensued.
People got screwed.

MtGox is responsible, but is trying to cop out of it by rolling back.
The ONLY positive thing would be to compensate all parties.

Compensate it, how?
BitBuster
Member
**
Offline Offline

Activity: 101


View Profile
June 21, 2011, 03:13:11 AM
 #12

Pay those disadvantaged out of their own (MtGox's) pocket. Leave those who benefitted as compensation for market being down and value turning to crap anyway.

The blame lies squarely on MtGox. No one else.
BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
June 21, 2011, 03:14:05 AM
 #13

Dude! We're talking about 9 million bucks here. Surely these last months MtGox made some money, but still isn't Microsoft or Google. Doubt they can cover the expenses.
fascistmuffin
Jr. Member
*
Offline Offline

Activity: 56



View Profile
June 21, 2011, 03:19:18 AM
 #14

Better Roll Poll
Tasty Champa
Member
**
Offline Offline

Activity: 84


View Profile
June 21, 2011, 03:37:45 AM
 #15

i watched it all happen, the trades went back up to 12-15 after the sell off.
bitsalame
Donator
Hero Member
*
Offline Offline

Activity: 616


Preaching the gospel of Satoshi


View Profile
June 21, 2011, 03:55:21 AM
 #16

Dude! We're talking about 9 million bucks here. Surely these last months MtGox made some money, but still isn't Microsoft or Google. Doubt they can cover the expenses.
I seriously believe that the only account being compromised is Mt.Gox's.

See the psychological side here:
ANYONE LOSING 500,000 BTC (more or less worth $8,500,000 USD) WOULD BE GOING APESHIT INSANE.
Anyone would be twitting about it, shouting about it, ranting about it, talking to the press, talking shit about Mt.Gox, and blaming God, the Devil, the Archangels and cursing his own mother.

This is the critical factor I consider since I am a psychology major I am way more attentive on behavioral cues.
It is totally abnormal this silence from the account owner.
Either this user doesn't exist or he is a Buddhist monk with the lowest neuroticism level in the history of mankind.

According to Mt.Gox 500,000 BTC were stolen from ONE account, and that not only is highly implausible, but seeing the calmness of that supposed owner I rather believing that that owner is non-existent.
The only one going bananas is Mt.Gox. Obviously you can claim Mt. Gox is simply protecting the credibility of his exchange site, but what is really interesting is that he insists on reverting back when actually there are other options.

Why would an exchange protect the interests of only ONE user? When account got hacked in the past MtGox took some of the heavy lifting and reimbursed partially to the hacked user, never reverted back a whole history of transactions.
Also why is MtGox so adamant in defending this single affected user?

If that doesn't make sense then, we have three options left:
1) The REAL Account Owner: The hacked account "single user" account are Mt.Gox's or it belongs to someone closely related to Mt.Gox.
2) The PWNAGE Cover Up:The "single user account" is a cover story to hide the fact that actually the site got compromised much deeper than they are willing to admit. (loss of credibility would be the death of Mt.Gox)
If the auditor/attacker got access to the passwd file, he could have cracked hundred of accounts in hours.
I am currently testing that idea out, I've been trying to crack the hashes for 3 hours and I neared 600 accounts cracked, all of them from salted hashes and weak passwords. A simple script could have siphoned all the bitcoins out when the attack wasn't yet detected (maybe salami sliced, that's why nobody really noticed any thievery).
The worst case scenario is that the attacker has been in control of the site from a long time and he actually didn't need to crack any password, he simply got them all in plaintext.
3) The STOOPID Cover Up: We can never leave out the most stupid causes, since stupid mistakes happens everytime, maybe it was a typing mistake, a new employee, a girlfriend playing with the admin panel, etc...

These three possibilities makes Mt.Gox's claims understandable, it would be humilliating and his credibility would be completely stained forever. He wouldn't be able to admit such stupid mistakes.

But one thing is definitive: The single hacked user account makes NO SENSE AT ALL.

(Spin-off in a new thread)
Nescio
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 21, 2011, 03:56:23 AM
 #17

No way. I am will not press unknown links on that forum, especially if that poll can be done right here.

just a link. Its not 1996 anymore.

Actually, in 1996 it was just a link. Today, it's CSRF or autoinfection. Or worse, Rick Astley Smiley
adamstgBit
Legendary
*
Offline Offline

Activity: 1904


Trusted Bitcoiner


View Profile WWW
June 21, 2011, 04:04:41 AM
 #18

The people have spoken in favor of the roll back.

personally, i dont blame mt gox.

this was the first major hack. it wont be the last...

LMAO

Quote
girlfriend playing with the admin panel

WTV it was hacker or pissed off girlfriend...Rollback and move along


Nescio
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 21, 2011, 04:37:42 AM
 #19

ANYONE LOSING 500,000 BTC (more or less worth $8,500,000 USD) WOULD BE GOING APESHIT INSANE.

Erm, the db dump contains 60k users. It's not one account, it's thousands. Someone in the other thread got 3000 passwords in an hour with a GPU. md5 of a weak password is trivial to break, with or without salt. Most of that is the user's own damn fault, some used the same password as account name, even the same password for their E-mail, how dumb can you be?

What is most likely to have happened is this: the BTC balance of several thousand accounts was transferred to one account. This can be scripted to either log in via https or whatever, or more likely to use the trading API (faster).

From this single account, it doesn't matter which, could have had 1 bitcent on it, the accumulated 400k BTC was sold as a single order at 0.01 USD/BTC. Which absorbed all the outstanding buy orders and crashed the price down to 0.01.

After which the attacker possibly has 100k, 300k, whatever BTC left in this single account. He immediately transfers out 100k to his own Bitcoin address (100,000*0.01 USD=$1000). If he has time, he transfers the rest of the balance to another account so he can once again transfer out $1000 worth of BTC, and gets out another 100k. Or maybe it's just 80k if other automatic sell orders are placed in the mean time. Repeat a few times until it's either blocked or you have transfered out everything.

The big question now is how Mt. Gox handles the $1000/day limit and whether they immediately transfer out BTC or have some internal mechanism that delays things or possibly even tries to detect suspicious activity and halts them for operator approval for example. If they are smart and take $1000 over the average of the past 24 hours for example, then maybe $1000/(17.5/2)=114.29 BTC is lost (per account), which they can easily absorb. If they don't, and have no mechanism to filter/delay things (including massive amount of withdrawals close to $1000 from multiple accounts), then they are out of business and a bunch of people lost all their assets.

It was NOT one account with 400k BTC. Maybe a few big ones in there, but can't imagine anything that big. Your own damn fault too if you had say 50k BTC in there with a weak password.

The reason for rolling back would be to protect people who do automatic trading who don't have protection for something crazy like this. Your own damn fault too, but they could sue Mt. Gox for the breach.

On the other hand, the people who got their hands on massive amounts of BTC at 0.05 or whatever might sue for losing this golden opportunity. They would be assholes, but could win.

IMHO it's the proper and fair thing to roll back, not because Mt. Gox would protect their own asses, but because it just would be. I don't have any assets or affiliation with them BTW.

BTW, even if it was one account, he/she cannot know of this yet (and consequently not rave from the mountaintops about it), since Mt. Gox has only sent out a generic mail about the hack, and if people can log in already to look at their balance, it will show the post firesale balance, before the rollback, which either says they haven't been hacked (balance is there), or they have, and since Mt. Gox explicitly state no balances are lost, their balance will be returned. If this is not the case they have a problem, unless they can cover it up by not actually (fully) covering the BTC balance and hoping they can slowly gain it back through regular trading before someone withdraws a large enough balance, or before they can get a loan from someone to be fully covered again.

If the thief succeeded in large transfers, they should show up in blockexplorer. I haven't bothered to look yet myself.
bitsalame
Donator
Hero Member
*
Offline Offline

Activity: 616


Preaching the gospel of Satoshi


View Profile
June 21, 2011, 05:17:39 AM
 #20

ANYONE LOSING 500,000 BTC (more or less worth $8,500,000 USD) WOULD BE GOING APESHIT INSANE.

Erm, the db dump contains 60k users. It's not one account, it's thousands. Someone in the other thread got 3000 passwords in an hour with a GPU. md5 of a weak password is trivial to break, with or without salt. Most of that is the user's own damn fault, some used the same password as account name, even the same password for their E-mail, how dumb can you be?

What is most likely to have happened is this: the BTC balance of several thousand accounts was transferred to one account. This can be scripted to either log in via https or whatever, or more likely to use the trading API (faster).

From this single account, it doesn't matter which, could have had 1 bitcent on it, the accumulated 400k BTC was sold as a single order at 0.01 USD/BTC. Which absorbed all the outstanding buy orders and crashed the price down to 0.01.

After which the attacker possibly has 100k, 300k, whatever BTC left in this single account. He immediately transfers out 100k to his own Bitcoin address (100,000*0.01 USD=$1000). If he has time, he transfers the rest of the balance to another account so he can once again transfer out $1000 worth of BTC, and gets out another 100k. Or maybe it's just 80k if other automatic sell orders are placed in the mean time. Repeat a few times until it's either blocked or you have transfered out everything.

The big question now is how Mt. Gox handles the $1000/day limit and whether they immediately transfer out BTC or have some internal mechanism that delays things or possibly even tries to detect suspicious activity and halts them for operator approval for example. If they are smart and take $1000 over the average of the past 24 hours for example, then maybe $1000/(17.5/2)=114.29 BTC is lost (per account), which they can easily absorb. If they don't, and have no mechanism to filter/delay things (including massive amount of withdrawals close to $1000 from multiple accounts), then they are out of business and a bunch of people lost all their assets.

It was NOT one account with 400k BTC. Maybe a few big ones in there, but can't imagine anything that big. Your own damn fault too if you had say 50k BTC in there with a weak password.

The reason for rolling back would be to protect people who do automatic trading who don't have protection for something crazy like this. Your own damn fault too, but they could sue Mt. Gox for the breach.

On the other hand, the people who got their hands on massive amounts of BTC at 0.05 or whatever might sue for losing this golden opportunity. They would be assholes, but could win.

IMHO it's the proper and fair thing to roll back, not because Mt. Gox would protect their own asses, but because it just would be. I don't have any assets or affiliation with them BTW.

BTW, even if it was one account, he/she cannot know of this yet (and consequently not rave from the mountaintops about it), since Mt. Gox has only sent out a generic mail about the hack, and if people can log in already to look at their balance, it will show the post firesale balance, before the rollback, which either says they haven't been hacked (balance is there), or they have, and since Mt. Gox explicitly state no balances are lost, their balance will be returned. If this is not the case they have a problem, unless they can cover it up by not actually (fully) covering the BTC balance and hoping they can slowly gain it back through regular trading before someone withdraws a large enough balance, or before they can get a loan from someone to be fully covered again.

If the thief succeeded in large transfers, they should show up in blockexplorer. I haven't bothered to look yet myself.


Precisely, that is precisely the point. Read carefully my post.

Mt. Gox doesn't want to admit that it was a hack. Their official statement is:
  • It was only ONE account hacked.
  • Their systems weren't compromised, they weren't hacked.
  • Their userbase was leaked, but it is not related to the market crash.

Uhm... do you believe that shit? Because I don't.
They keep insisting that it was only one user who got hacked, had a weak password and had more than 500,000 BTC.
With this excuse they are trying to say: "It ain't our fault. Our systems are secure, you got nothing to worry about, come back to us."

With this thread my intention is to uncover that stupid lie.
It is definitely a cover up, something else happened but they don't want us to know it.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!