Bitcoin Forum
December 08, 2016, 08:18:11 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 [10] 11 12 13 14 15 »  All
  Print  
Author Topic: Hacked Linode & coins stolen to 1NRy8GbX56MymBhDYM...  (Read 57566 times)
payb.tc
Hero Member
*****
Offline Offline

Activity: 812



View Profile
March 02, 2012, 05:04:24 AM
 #181

Come on, stop spreading FUD. There is NO WAY IN HELL that the guy can cash out so quickly. Think of daily withdrawal limits, ID verification, coin tracing, and so forth.

My guess? Disheartened noobs cashing out because of loss of faith in the system. All the more coins for me!

Yeah, it's more likely market panic.

yeah i never said it was the stolen coins that were being sold.
1481185091
Hero Member
*
Offline Offline

Posts: 1481185091

View Profile Personal Message (Offline)

Ignore
1481185091
Reply with quote  #2

1481185091
Report to moderator
1481185091
Hero Member
*
Offline Offline

Posts: 1481185091

View Profile Personal Message (Offline)

Ignore
1481185091
Reply with quote  #2

1481185091
Report to moderator
1481185091
Hero Member
*
Offline Offline

Posts: 1481185091

View Profile Personal Message (Offline)

Ignore
1481185091
Reply with quote  #2

1481185091
Report to moderator
"With e-currency based on cryptographic proof, without the need to trust a third party middleman, money can be secure and transactions effortless." -- Satoshi
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
k9quaint
Legendary
*
Offline Offline

Activity: 1190



View Profile
March 02, 2012, 05:13:06 AM
 #182

This too shall pass.

But in the mean time, I am vexed!  Angry
Buy!

Markets can remain irrational for longer than I can remain solvent. Cry

Bitcoin is backed by the full faith and credit of YouTube comments.
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
March 02, 2012, 05:15:05 AM
 #183

This too shall pass.

But in the mean time, I am vexed!  Angry
Buy!

Markets can remain irrational for longer than I can remain solvent. Cry
Yes this is a problem sometimes Sad

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
99Percent
Full Member
***
Offline Offline

Activity: 179



View Profile
March 02, 2012, 05:56:46 AM
 #184

Lesson learned: private keys (wallet.dat) are just that: private. Once you put them out there, cloud, webserver, hosting server, email, etc, THEY ARE NO LONGER PRIVATE.

Can we move along now?
ThomasV
Legendary
*
Offline Offline

Activity: 1722



View Profile WWW
March 02, 2012, 07:19:14 AM
 #185

do these incidents not bode well for online clients like Electrum or Blockchain.info?

even with encrypted user generated private keys, they can be stolen by the server when opened to sign tx's.

Please do not mix things. There are two separate issues:
1. - the security of the server that your client is talking to.
2. - the security of the software running on your computer.

1. It is completely impossible for an Electrum server to steal your coins, because transactions are signed locally. The only way to steal your coins would be to compromise your own computer.
2. Someone gaining access to the server that distributes the software could insert malicious code in the software that is being distributed. (the tar.gz or .zip file, or the executable). Such an attack would only affect the users who downloaded and installed software between the time of the attack and the time where the attack is discovered. This kind of attack is possible for any type of bitcoin client (even the official one). It is mitigated by scrutiny from the community.

Please understand that the situation is very different if you use a web wallet such as blockchain.info. If you use a web wallet, points 1 and 2 are not distinct; an attacker who gains control of the server will modify the javascript code that is sent by the server. The danger is amplified by the fact that your web browser will update the javascript code running on your computer everytime you use the service, and not just when you decide to upgrade your client. Thus, if the server is compromised, then the attacker can quickly replace the javascript code running in the web browser of all clients, and do whatever they want.

Electrum: the convenience of a web wallet, without the risks
Detritus
Member
**
Offline Offline

Activity: 100



View Profile
March 02, 2012, 08:15:59 AM
 #186

I think it's more likely that Linode has a staffer into bitcoins that used the command line tools from the host VM manager to halt the systems, modify the shadow file and bring them up and steal the coins than it is that the Linode user's management tool was compromised.

Linode, if we can believe what they've said, didn't see any management UI activity in the logs at the time the reboots occurred. This is more consistent with someone using a tool outside of the normal logged events, such as the native VM tools, rather than the UI being broken into.


finway
Hero Member
*****
Offline Offline

Activity: 714


View Profile
March 02, 2012, 09:00:31 AM
 #187


Actually, I think the real lesson here for pool operators
is that they should all move to the eligius model:

    - eligius has no notion "customer accounts. These are a giant PITA for the miners,
      require the pool op to manage a DB which is a PITA in itself. Accounts are also the
      source of a whole host of security problem:
              - need to create account/login -> need to enter data in website -> exposure surface to SQL injections
              - need an email -> phishing attacks, etc .

    - on eligius, miner just send their shares along with a public address
    - on eligius, no need to store any kind of BTC amount on the pool server at any time:
      the payout is built into the block from the coinbase. No BTC ever hit disk.
    - on eligius, added bonus: anonymity for the pool users
    - on eligius, added bonus: much easier to use for miners

Yes, Eligius' better than the traditional pool, on that point.

Hawkix
Hero Member
*****
Offline Offline

Activity: 517



View Profile WWW
March 02, 2012, 09:00:45 AM
 #188

I think it's more likely that Linode has a staffer into bitcoins that used the command line tools from the host VM manager to halt the systems, modify the shadow file and bring them up and steal the coins than it is that the Linode user's management tool was compromised.

Linode, if we can believe what they've said, didn't see any management UI activity in the logs at the time the reboots occurred. This is more consistent with someone using a tool outside of the normal logged events, such as the native VM tools, rather than the UI being broken into.

If, and I believe in it, it was a staffer, I just fully hope that Linode has logged all such attemps and will identify the attacker and will try hard to force him to return the stolen funds. If he somehow managed to bypass the logs, or hacked the Linode, then Linode should end immediately as whole, this is unacceptable.

Donations: 1Hawkix7GHym6SM98ii5vSHHShA3FUgpV6
http://btcportal.net/ - All about Bitcoin - coming soon!
LightRider
Legendary
*
Offline Offline

Activity: 1488


I advocate the Zeitgeist Movement & Venus Project.


View Profile WWW
March 02, 2012, 09:14:15 AM
 #189

Hopefully, this doesn't encourage other VPS/service/host providers to decline service to any potential future bitcoin sites. If slush/bitcoinica successfully convice Linode to compensate them in some significant way, then the lesson for other hosts is that "bitcoin losses will hurt or kill us". In any event, I bet every major host is double checking their TOS and reminding their clientele that they don't cover "imaginary webzone dollar" losses.

Bitcoin combines money, the wrongest thing in the world, with software, the easiest thing in the world to get wrong.
Visit www.thevenusproject.com and www.theZeitgeistMovement.com.
FlipPro
Legendary
*
Offline Offline

Activity: 1372



View Profile WWW
March 02, 2012, 09:17:29 AM
 #190

they don't cover "imaginary webzone dollar" losses.
This


Tweet For Coins http://uptweet.com
Matthew N. Wright
Untrustworthy
Hero Member
*****
Offline Offline

Activity: 588


Hero VIP ultra official trusted super staff puppet


View Profile
March 02, 2012, 09:19:08 AM
 #191

In any event, I bet every major host is double checking their TOS and reminding their clientele that they don't cover "imaginary webzone dollar" losses.

If facebook's employee administrator panel was hacked into and someone stole facebook credits from users, would they say "fuck you it's imaginary money"?

I hope you're being sarcastic and not an uneducated twat who has never heard of digital commodities, intellectual properties and suing for damages.

LightRider
Legendary
*
Offline Offline

Activity: 1488


I advocate the Zeitgeist Movement & Venus Project.


View Profile WWW
March 02, 2012, 09:44:37 AM
 #192

In any event, I bet every major host is double checking their TOS and reminding their clientele that they don't cover "imaginary webzone dollar" losses.

If facebook's employee administrator panel was hacked into and someone stole facebook credits from users, would they say "fuck you it's imaginary money"?

I hope you're being sarcastic and not an uneducated twat who has never heard of digital commodities, intellectual properties and suing for damages.

Well Facebook has complete control over their own currency and could easily mitigate such issues. Bitcoin is a different animal of a different color on a different planet. This isn't a data redundancy issue, nor an intellectual property issue. This is storing, backing up and restricting access to unique digital information that once accessed and used, is no longer valuable to anyone anywhere ever again (particularly the victim). I can steal the secret formula for Coca Cola, but that doesn't prevent Coca Cola from continuing to produce and sell their beverage. I can pirate a movie, but that doesn't mean the original copy is unviewable (in the vast majority of cases). I can login and delete all of your live data, but you still likely have backups. I can't keep my wallet in a safe and have the ability to double spend my illicitly accessed bitcoin (outside of exceedingly unlikely circumstances).

I do not believe that I am a twat.

PS: All money is imaginary.

Bitcoin combines money, the wrongest thing in the world, with software, the easiest thing in the world to get wrong.
Visit www.thevenusproject.com and www.theZeitgeistMovement.com.
Kluge
Donator
Legendary
*
Offline Offline

Activity: 1218


Michael, send me some coins before I hitman you


View Profile
March 02, 2012, 09:50:40 AM
 #193

In any event, I bet every major host is double checking their TOS and reminding their clientele that they don't cover "imaginary webzone dollar" losses.

If facebook's employee administrator panel was hacked into and someone stole facebook credits from users, would they say "fuck you it's imaginary money"?

I hope you're being sarcastic and not an uneducated twat who has never heard of digital commodities, intellectual properties and suing for damages.
Don't see how Linode can get out of compensating (at least in the form of 5 free years of hosting or something) without implying "we're just not a secure-enough service for you to put sensitive data on. Don't put data on our servers unless you're hosting non-interactive web-pages with cute little kittens, or protect your data like Fort Knox because there's no telling when it'll be compromised, either by our staff or our irresponsibility/incompetence."

Don't mix your coins someone said isn't legal
farfiman
Legendary
*
Offline Offline

Activity: 1434



View Profile
March 02, 2012, 09:52:29 AM
 #194

In any event, I bet every major host is double checking their TOS and reminding their clientele that they don't cover "imaginary webzone dollar" losses.

If facebook's employee administrator panel was hacked into and someone stole facebook credits from users, would they say "fuck you it's imaginary money"?

I hope you're being sarcastic and not an uneducated twat who has never heard of digital commodities, intellectual properties and suing for damages.

Well Facebook has complete control over their own currency and could easily mitigate such issues. Bitcoin is a different animal of a different color on a different planet. This isn't a data redundancy issue, nor an intellectual property issue. This is storing, backing up and restricting access to unique digital information that once accessed and used, is no longer valuable to anyone anywhere ever again (particularly the victim). I can steal the secret formula for Coca Cola, but that doesn't prevent Coca Cola from continuing to produce and sell their beverage. I can pirate a movie, but that doesn't mean the original copy is unviewable (in the vast majority of cases). I can login and delete all of your live data, but you still likely have backups. I can't keep my wallet in a safe and have the ability to double spend my bitcoin (outside of exceedingly unlikely circumstances).

I do not believe that I am a twat.

PS: All money is imaginary.

Exactly - like the difference  between stealing a shirt or pirating a movie . Both might cost the same but the 1st is a 100% loss to the store and the other...well, the pirate probably wouldn't have bought it anyway so no real loss.

"We are just fools. We insanely believe that we can replace one politician with another and something will really change. The ONLY possible way to achieve change is to change the very system of how government functions. Until we are prepared to do that, suck it up for your future belongs to the madness and corruption of politicians."
Martin Armstrong
Matthew N. Wright
Untrustworthy
Hero Member
*****
Offline Offline

Activity: 588


Hero VIP ultra official trusted super staff puppet


View Profile
March 02, 2012, 09:59:37 AM
 #195

In any event, I bet every major host is double checking their TOS and reminding their clientele that they don't cover "imaginary webzone dollar" losses.

If facebook's employee administrator panel was hacked into and someone stole facebook credits from users, would they say "fuck you it's imaginary money"?

I hope you're being sarcastic and not an uneducated twat who has never heard of digital commodities, intellectual properties and suing for damages.

Well Facebook has complete control over their own currency and could easily mitigate such issues. Bitcoin is a different animal of a different color on a different planet. This isn't a data redundancy issue, nor an intellectual property issue. This is storing, backing up and restricting access to unique digital information that once accessed and used, is no longer valuable to anyone anywhere ever again (particularly the victim). I can steal the secret formula for Coca Cola, but that doesn't prevent Coca Cola from continuing to produce and sell their beverage. I can pirate a movie, but that doesn't mean the original copy is unviewable (in the vast majority of cases). I can login and delete all of your live data, but you still likely have backups. I can't keep my wallet in a safe and have the ability to double spend my illicitly accessed bitcoin (outside of exceedingly unlikely circumstances).

I do not believe that I am a twat.

PS: All money is imaginary.

You are trying to preach a libertarian ideal without accepting that the US legal system is not libertarian. Bring it back down to earth now.

In a court of law, what Linode did was actionable. That is the only point that needs be made.

P.S. I don't think you're a twat and I typically agree with you, but this point smells of agenda.

Matthew N. Wright
Untrustworthy
Hero Member
*****
Offline Offline

Activity: 588


Hero VIP ultra official trusted super staff puppet


View Profile
March 02, 2012, 10:01:03 AM
 #196

In any event, I bet every major host is double checking their TOS and reminding their clientele that they don't cover "imaginary webzone dollar" losses.

If facebook's employee administrator panel was hacked into and someone stole facebook credits from users, would they say "fuck you it's imaginary money"?

I hope you're being sarcastic and not an uneducated twat who has never heard of digital commodities, intellectual properties and suing for damages.

Well Facebook has complete control over their own currency and could easily mitigate such issues. Bitcoin is a different animal of a different color on a different planet. This isn't a data redundancy issue, nor an intellectual property issue. This is storing, backing up and restricting access to unique digital information that once accessed and used, is no longer valuable to anyone anywhere ever again (particularly the victim). I can steal the secret formula for Coca Cola, but that doesn't prevent Coca Cola from continuing to produce and sell their beverage. I can pirate a movie, but that doesn't mean the original copy is unviewable (in the vast majority of cases). I can login and delete all of your live data, but you still likely have backups. I can't keep my wallet in a safe and have the ability to double spend my bitcoin (outside of exceedingly unlikely circumstances).

I do not believe that I am a twat.

PS: All money is imaginary.

Exactly - like the difference  between stealing a shirt or pirating a movie . Both might cost the same but the 1st is a 100% loss to the store and the other...well, the pirate probably wouldn't have bought it anyway so no real loss.

Yea, so you agree then? Linode should be held responsible since it had nothing to do with customer security and was indistinguishable from an inside job...

LightRider
Legendary
*
Offline Offline

Activity: 1488


I advocate the Zeitgeist Movement & Venus Project.


View Profile WWW
March 02, 2012, 10:10:13 AM
 #197

In any event, I bet every major host is double checking their TOS and reminding their clientele that they don't cover "imaginary webzone dollar" losses.

If facebook's employee administrator panel was hacked into and someone stole facebook credits from users, would they say "fuck you it's imaginary money"?

I hope you're being sarcastic and not an uneducated twat who has never heard of digital commodities, intellectual properties and suing for damages.

Well Facebook has complete control over their own currency and could easily mitigate such issues. Bitcoin is a different animal of a different color on a different planet. This isn't a data redundancy issue, nor an intellectual property issue. This is storing, backing up and restricting access to unique digital information that once accessed and used, is no longer valuable to anyone anywhere ever again (particularly the victim). I can steal the secret formula for Coca Cola, but that doesn't prevent Coca Cola from continuing to produce and sell their beverage. I can pirate a movie, but that doesn't mean the original copy is unviewable (in the vast majority of cases). I can login and delete all of your live data, but you still likely have backups. I can't keep my wallet in a safe and have the ability to double spend my illicitly accessed bitcoin (outside of exceedingly unlikely circumstances).

I do not believe that I am a twat.

PS: All money is imaginary.

You are trying to preach a libertarian ideal without accepting that the US legal system is not libertarian. Bring it back down to earth now.

In a court of law, what Linode did was actionable. That is the only point that needs be made.

P.S. I don't think you're a twat and I typically agree with you, but this point smells of agenda.

A court of law and physical reality don't always agree, I'll give you that. I'm hopeful that all parties involved will work together to determine what can be done to mitigate the losses, but this is an unfortunate collision between the purity of mathematical and physical reality and legal opinion, (assuming it even gets that far), and opinion will never trump reality.

Bitcoin combines money, the wrongest thing in the world, with software, the easiest thing in the world to get wrong.
Visit www.thevenusproject.com and www.theZeitgeistMovement.com.
BkkCoins
Hero Member
*****
Offline Offline

Activity: 784


firstbits:1MinerQ


View Profile WWW
March 02, 2012, 10:13:02 AM
 #198


Actually, I think the real lesson here for pool operators
is that they should all move to the eligius model:

    - eligius has no notion "customer accounts. These are a giant PITA for the miners,
      require the pool op to manage a DB which is a PITA in itself. Accounts are also the
      source of a whole host of security problem:
              - need to create account/login -> need to enter data in website -> exposure surface to SQL injections
              - need an email -> phishing attacks, etc .

    - on eligius, miner just send their shares along with a public address
    - on eligius, no need to store any kind of BTC amount on the pool server at any time:
      the payout is built into the block from the coinbase. No BTC ever hit disk.
    - on eligius, added bonus: anonymity for the pool users
    - on eligius, added bonus: much easier to use for miners
You missed  - on eligius, added bonus:
The coins you receive are virgin whereas with most pools you potentially could get mixed/old coins.

LightRider
Legendary
*
Offline Offline

Activity: 1488


I advocate the Zeitgeist Movement & Venus Project.


View Profile WWW
March 02, 2012, 10:25:03 AM
 #199

You missed  - on eligius, added bonus:
The coins you receive are virgin whereas with most pools you potentially could get mixed/old coins.

What is the advantage of virgin coins  Huh


You can sacrifice them to please internet gods.

Bitcoin combines money, the wrongest thing in the world, with software, the easiest thing in the world to get wrong.
Visit www.thevenusproject.com and www.theZeitgeistMovement.com.
Matthew N. Wright
Untrustworthy
Hero Member
*****
Offline Offline

Activity: 588


Hero VIP ultra official trusted super staff puppet


View Profile
March 02, 2012, 10:25:26 AM
 #200

In any event, I bet every major host is double checking their TOS and reminding their clientele that they don't cover "imaginary webzone dollar" losses.

If facebook's employee administrator panel was hacked into and someone stole facebook credits from users, would they say "fuck you it's imaginary money"?

I hope you're being sarcastic and not an uneducated twat who has never heard of digital commodities, intellectual properties and suing for damages.

Well Facebook has complete control over their own currency and could easily mitigate such issues. Bitcoin is a different animal of a different color on a different planet. This isn't a data redundancy issue, nor an intellectual property issue. This is storing, backing up and restricting access to unique digital information that once accessed and used, is no longer valuable to anyone anywhere ever again (particularly the victim). I can steal the secret formula for Coca Cola, but that doesn't prevent Coca Cola from continuing to produce and sell their beverage. I can pirate a movie, but that doesn't mean the original copy is unviewable (in the vast majority of cases). I can login and delete all of your live data, but you still likely have backups. I can't keep my wallet in a safe and have the ability to double spend my illicitly accessed bitcoin (outside of exceedingly unlikely circumstances).

I do not believe that I am a twat.

PS: All money is imaginary.

You are trying to preach a libertarian ideal without accepting that the US legal system is not libertarian. Bring it back down to earth now.

In a court of law, what Linode did was actionable. That is the only point that needs be made.

P.S. I don't think you're a twat and I typically agree with you, but this point smells of agenda.

A court of law and physical reality don't always agree, I'll give you that. I'm hopeful that all parties involved will work together to determine what can be done to mitigate the losses, but this is an unfortunate collision between the purity of mathematical and physical reality and legal opinion, (assuming it even gets that far), and opinion will never trump reality.

Fair enough. ^^

Pages: « 1 2 3 4 5 6 7 8 9 [10] 11 12 13 14 15 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!