In reply to this thread http://forum.bitcoin.org/index.php?topic=20535.0;all
Re: Mt.Gox and void trades: Force Majeure
June 21, 2011, 10:36:38 am
Let me quote a part of our generic terms of service about Force Majeure:
Tibanne Co. Ltd., agents, partners, ICANN, the central registry nor any person involved in the registration will be liable to the customer or any third party for any direct or indirect loss of profits, earnings or business opportunities, damages, expense, or costs resulting directly or indirectly from any failure to perform any obligation or provide service herunder because of any Force Majeure, or governmental acts or directives, strikes, riot or civil commotion, war, hacking, any natural desaster, equipment or facilities shortages which are beeing experienced by providers of telecommunication services generally, or other similar force or condition beyond Tibanne Co. Ltd.‘s reasonable control.
And another one:
For all services of Tibanne Co. Ltd. liability will be limited to intention and gross negligence.
We had no intention of getting this to happen, and we have followed every industry standard to make this secure
. Despite this it happened. We have learnt new things (especially that lots of people want Bitcoin to disappear).
This seemed a bit weird to me - what kind of industry standards have to be followed to end up with such security?
So i went to inquire about this in public venue #mtgox:
26 08:28 < upb> 'We had no intention of getting this to happen, and we have followed every industry standard to make this secure.'
26 08:28 < upb> which industry standards were followed ?
26 08:33 < upb> from memory CWE-352 CWE-79 CWE-89 CWE-209 CWE-327 or the OWASP equivalent errors were present so there was no audit
26 08:43 <@MagicalTux> upb: ?
26 08:46 < upb> hi i read the thread that was posted on forums on tuesday and it was claimed that 'and we have followed every industry standard to make this secure.'
26 08:46 < upb> so the question is which, if any, standards26 08:46 <@MagicalTux> this applies to the new system
26 08:46 < upb> ahh ok
26 08:46 <@MagicalTux> as far as I know none of the CWE listed applies to the new system
26 08:47 < upb> yes if its the new site you were referring to, the question doesnt apply
26 08:47 <@MagicalTux> legacy code was made at a time when 1000$ worth of bitcoins exchanged in one month was impressive
Okay, so he was reffering to the NEW SYSTEM. Despite his new system being secure, his old system got hacked....