[Reality Check!] MtGox Is Doing Their Best and Will Remain The #1 Exchange!

[bitrebel]

Can anyone say Stockgeneration.com ?
http://forum.bitcoin.org/index.php?topic=20223.0

[1714883470]

1714883470

[Dirt Rider]

<My statements are paraphrased and accurate enough>

Before:
We were told the primary verification is based on password strength. If your password was not easily hackable, then you can use email verification and login to change your password.


Currently:
Today's offering verified the email and offered a chance to provide "more information."

1) Password strength check can be easily automated.
^^^
A key part of my initial main point


2) How are they currently checking password strength, with what was offered today?
(I don't recall entering a password today, please tell me if I'm wrong)

I guess I'm just being dense but I don't follow...

Which part is a key part of your point?  #1?  ok so they aren't automating and that's why they're wasting time?  That's your suggestion, that they automate password strength check?  I'm now just completely confused.

[unbuttered_toast]

So the folks at Mt. Gox, probably not sleeping a lot, in the middle of the biggest shitstorm of their lives, trying to operate slowly enough to be cautious, put up an account reclamation page that fails to cater to your emotional needs.

I'd call this, at very worst, an exceedingly weak indication of intent to run with the cash. There's no logical connection to make here. If they were going to run, why not just placate you with a page that says "yup, you have your account back. Hang on for the next 3 days while we rustle up some more security." and then take take off?

I think your anxieties are running roughshod over your rational thought.

You may be correct.
Try this:

First you say how busy and over-worked they are.
The thread topic is asking "Why did they intentionally set-up a system that will keep us waiting, worrying, fighting, and debating for at least 3 more days?", and causes much more needless work for MtGox

Second, the current set-up does not increase security any more than what they already stated they are doing. It adds a delay that could drag on for a very long time.

In light of your response, I feel like I'm missing something. I read the first post fairly carefully, but I don't understand what exactly it is you think they've done wrong, and what you think they should have done instead. Earlier today, I went to the claims page, typed in my old password, typed in a new password, submitted the form, and got an email with a link. I can't get anywhere with the link or go back and look at the form for reference since Mt. Gox is down now, but what's wrong with the system I described?

Maybe I just haven't been reading these forums heavily enough (I did glance around several topics); but your post kind of confuses me. The form I looked at had a "current password" field, for example...

edit: thread's moving fast, isn't it... sorry for the moderately redundant points

[Bit_Happy]

<My statements are paraphrased and accurate enough>

Before:
We were told the primary verification is based on password strength. If your password was not easily hackable, then you can use email verification and login to change your password.


Currently:
Today's offering verified the email and offered a chance to provide "more information."

1) Password strength check can be easily automated.
^^^
A key part of my initial main point


2) How are they currently checking password strength, with what was offered today?
(I don't recall entering a password today, please tell me if I'm wrong)

I guess I'm just being dense but I don't follow...

Which part is a key part of your point?  #1?  ok so they aren't automating and that's why they're wasting time?  That's your suggestion, that they automate password strength check?  I'm now just completely confused.

Yes, here:
We were told the primary verification is based on password strength. If your password was not easily hackable, then you can use email verification and login to change your password.

That did not happen, why?

[Dirt Rider]

The thread topic is asking "Why did they intentionally set-up a system that will keep us waiting, worrying, fighting, and debating for at least 3 more days?", and causes much more needless work for MtGox

From where I sit, the thread topic (the subject) is: [Reality Check!] Strong Indication MtGox Is Packing Up to Run w/ Money and BTC?

If you want to plant the idea that MtGox might consider just running off with everyone's money, I would hope you have some supporting information that strongly suggests that is what's happening.  I don't see any such information being offered, or at the least I am not understanding it.

(btw, why a supporter would want to promote such a theory is beyond me)

[Bit_Happy]

So the folks at Mt. Gox, probably not sleeping a lot, in the middle of the biggest shitstorm of their lives, trying to operate slowly enough to be cautious, put up an account reclamation page that fails to cater to your emotional needs.

I'd call this, at very worst, an exceedingly weak indication of intent to run with the cash. There's no logical connection to make here. If they were going to run, why not just placate you with a page that says "yup, you have your account back. Hang on for the next 3 days while we rustle up some more security." and then take take off?

I think your anxieties are running roughshod over your rational thought.

You may be correct.
Try this:

First you say how busy and over-worked they are.
The thread topic is asking "Why did they intentionally set-up a system that will keep us waiting, worrying, fighting, and debating for at least 3 more days?", and causes much more needless work for MtGox

Second, the current set-up does not increase security any more than what they already stated they are doing. It adds a delay that could drag on for a very long time.

In light of your response, I feel like I'm missing something. I read the first post fairly carefully, but I don't understand what exactly it is you think they've done wrong, and what you think they should have done instead. Earlier today, I went to the claims page, typed in my old password, typed in a new password, submitted the form, and got an email with a link. I can't get anywhere with the link or go back and look at the form for reference since Mt. Gox is down now, but what's wrong with the system I described?

Maybe I just haven't been reading these forums heavily enough (I did glance around several topics); but your post kind of confuses me. The form I looked at had a "current password" field, for example...

edit: thread's moving fast, isn't it... sorry for the moderately redundant points

Hi unbuttered_toast,
I'm sorry if I don't remember entering my old (and new) password today, but it does tend to strengthen my primary question:

Why, are we still waiting for more verification after today's verification? that doesn't match what was supposed to happen.

[Dirt Rider]

We were told the primary verification is based on password strength. If your password was not easily hackable, then you can use email verification and login to change your password.

That did not happen, why?

Was your password easily hackable?

[Dirt Rider]

Why, are we still waiting for more verification after today's verification? that doesn't match what was supposed to happen.

Is this the basis for your suggestion that Gox might run away with the money?

[unbuttered_toast]

We were told the primary verification is based on password strength. If your password was not easily hackable, then you can use email verification and login to change your password.

That did not happen, why?

Was your password easily hackable?

Maybe this is the key point. My previous password was 24 characters, alphanumeric, and might have had some special characters in there.

Perhaps their definition of "not easily hackable" requires more than 20 characters, or something else unintuitive.

[Zman0101]

My Gox account was empty anyways so ill just go to TradeHill if he runs off. But , why would you run off when he has such a successful business. Gox is 90% of the trading market. You can say I'm wrong all you want but, all other trading sites are open.. Bitcoin 7 ... Tradehill. They aren't don't nearly as much transactions as Gox. This is like Gox being Microsoft and just up and leaving and taking their billions of dollars and bailing. What is the point? So Mac could take the market.. GET LOST!!! If Magical Tux wants to run off with his millions whatever... He fooled us all...but why run away with a couple million when you can turn that million into billions ? An no frigen site online is secure from all hackers. How many times did Citi Bank get taken down. You people need to relax. Just shut up and stop crying about it and ride the wave in. The site isn't even up yet and all I see in the forums is people bashing him. I'm on his side till he runs away with my zero dollars and i have to go to TradeHill.

[Dirt Rider]

I think we've been trolled.  Can I rollback the past hour to get my lost time back?

[Bit_Happy]

The thread topic is asking "Why did they intentionally set-up a system that will keep us waiting, worrying, fighting, and debating for at least 3 more days?", and causes much more needless work for MtGox

From where I sit, the thread topic (the subject) is: [Reality Check!] Strong Indication MtGox Is Packing Up to Run w/ Money and BTC?

If you want to plant the idea that MtGox might consider just running off with everyone's money, I would hope you have some supporting information that strongly suggests that is what's happening.  I don't see any such information being offered, or at the least I am not understanding it.

(btw, why a supporter would want to promote such a theory is beyond me)

I told you and everyone from the start that this is the main point of the thread:

<Spoiler Code>
Both you and the Bitcoin project might be better off if you ignore all MtGox threads and help build projects for the Bitcoin economy. If you want to know why they may be preparing to run please continue now.  
</Spoiler Code>

Dirt Rider and unbuttered_toast, have above average to excellent attention to detail regarding the MtGox questions. Thank you for participating. I will edit the OP and the title now.

[ryepdx]

Secure Code to check the strength of passwords is very common.

Like this: Add a current password field to the current form >> Use a script similar to a login to verify password is accurate >> Add simple code to stop more than _ attempts (brute force protection)  >> If password matches, then finish current script w/ email verification and account activation (minus actual tading) NOW, not later. *EDIT: Also force password change...
^^^

Wrong. Not that simple, though I'm sure Mt. Gox wish it were. There have already been accounts hacked at MyBitcoin, possibly using the information from the leaked database. If that's the case, then the attacker has at least several passwords in plaintext now, possibly all. This means the attacker could also have access to their e-mail. Asking for their old password or relying on an e-mail-based confirmation would not be at all a safe way to restore security.

And +1 to whoever it was that said they're busy trying to seal up all the other holes in the foundation a hacker might use to get in. Security audits can be pretty lengthy, depending on how thorough the audit is, how skilled the auditor is, and how foo-barred the code is.

[Bit_Happy]

I think we've been trolled.  Can I rollback the past hour to get my lost time back?

Please, see the current OP and thread title., I'm sorry if your time was wasted. Thank you for your accurate feedback.

[finack]

Please, see the current OP and thread title., I'm sorry if your time was wasted. Thank you for your accurate feedback.

Considering you posted the most to the thread and had to spend time artificially inventing and arguing a point of view you didn't agree with, I'm pretty sure you mostly just trolled yourself. gg and next time eat less sugar.

[Bit_Happy]

Please, see the current OP and thread title., I'm sorry if your time was wasted. Thank you for your accurate feedback.

Considering you posted the most to the thread and had to spend time artificially inventing and arguing a point of view you didn't agree with, I'm pretty sure you mostly just trolled yourself. gg and next time eat less sugar.

Not accurate.
This is genuine and a great idea:
Both you and the Bitcoin project might be better off if you ignore all MtGox threads and help build projects for the Bitcoin economy....


The rest was presented as a serious question (for anyone who went past the spoiler code)
My phone rang this morning when I was halfway through with the process; Since the main section doesn't ask for a password, I did not remember being asked for it at all.

In addition, many people were expecting (without trading) to actually have access to our accounts today.

[Clipse]

For all you nay sayers.

I have confirmed with magicaltux that my BTC is in tact, my libertyreserve withdrawal I made on that day even got processed.

Why would my funds get processed if they intended to steal it?

Things will be up soon and much more reliable, hes implementing a few nifty security features.

[shockD]

Is there somewhere they publically state this?

In the interview yesterday on onlyonetv.com (check episode #8) with Mark and Adam, they were asked "Who else is working for mtgox?" and the response was (I'm paraphrasing a bit as I'm not watching it atm) "Well we're in the process of hiring other people at the moment. Also there was supposed to be someone else coming on but they backed out..."

[Bit_Happy]

For all you nay sayers.

I have confirmed with magicaltux that my BTC is in tact, my libertyreserve withdrawal I made on that day even got processed.

Why would my funds get processed if they intended to steal it?

Things will be up soon and much more reliable, hes implementing a few nifty security features.

Thanks for the positive update, Clipse.

[teamdren]

I have full confidence that MTGox will be restored and I'll be able to access the small # of btc that I had stored there.  I've submitted a request to have my account confirmed, and will proceed with mailing the physical confirmation tomorrow.  I'm sure they have a lot to work to do, with ~60k accounts needing confirmation, but they seem determined to get through it.  My password was not very secure, but fortunately my other important accounts (email, banking, etc..) used unique passwords so were unaffected by this recent hiccup.  Has anyone here had their account confirmed yet?