Bitcoin Forum
November 15, 2024, 10:27:10 AM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 [5] 6 7 8 9 10 11 12 13 14 15 »  All
  Print  
Author Topic: Hacked Linode & coins stolen to 1NRy8GbX56MymBhDYM...  (Read 62160 times)
Revalin
Hero Member
*****
Offline Offline

Activity: 728
Merit: 500


165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g


View Profile
March 02, 2012, 01:17:22 AM
 #81

It might be interesting, if, instead of balances, there were specific 'coins' in the protocol (at the moment, balances lose their individual identities, when they pass through a transaction)

Not true.  Each transaction into an address is a separate coin, and they are redeemed separately when you spend them.  They only mix when multiple coins are redeemed at the same time.

If you mean completely individual, non-mixing coins, I don't think there's a practical way to do it with a Bitcoin-like cryptocurrency.  The blockchain would become huge.

      War is God's way of teaching Americans geography.  --Ambrose Bierce
Bitcoin is the Devil's way of teaching geeks economics.  --Revalin 165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g
m3ta
Sr. Member
****
Offline Offline

Activity: 435
Merit: 250



View Profile WWW
March 02, 2012, 01:19:38 AM
 #82

Boycott unless they fix it.

How will you be sure they "fixed it" unless they disclose the full vulnerability?
So, as you can never be sure, I say "boycott unless they greatly compensate Slush for the loss" - "I'm sorry" just doesn't cut it.

Why the frell so many retards spell "ect" as an abbreviation of "Et Cetera"? "ETC", DAMMIT! http://en.wikipedia.org/wiki/Et_cetera

Host:/# rm -rf /var/forum/trolls
JeffK
Sr. Member
****
Offline Offline

Activity: 350
Merit: 250

I never hashed for this...


View Profile
March 02, 2012, 01:22:19 AM
 #83

Linode does not owe you anything, especially an 'estimated value' of your Bitcoins.

Terms of Service exist for a reason, even if it was their fault (which I somehow doubt, given their track record)

Have a more secure system in place next time.
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1358
Merit: 1002



View Profile
March 02, 2012, 01:26:00 AM
 #84

Boycott unless they fix it.

How will you be sure they "fixed it" unless they disclose the full vulnerability?
So, as you can never be sure, I say "boycott unless they greatly compensate Slush for the loss" - "I'm sorry" just doesn't cut it.


They already disclosed that it was a support login that did it. What else do they need to disclose?

@JeffK just crawl back under the rock you were since Jan 9, 2012.
Interesting that you came back just to say that...
dooglus
Legendary
*
Offline Offline

Activity: 2940
Merit: 1333



View Profile
March 02, 2012, 01:26:48 AM
 #85

Have a more secure system in place next time.

The attacker went outside his secure system and gained root access.  There's not much you can do about that except for not using a hosting service which allows attackers root access to your files.

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
Eveofwar
Sr. Member
****
Offline Offline

Activity: 406
Merit: 250


View Profile
March 02, 2012, 01:28:03 AM
 #86

Have a more secure system in place next time.

The attacker went outside his secure system and gained root access.  There's not much you can do about that except for not using a hosting service which allows attackers root access to your files.

How about encrypting the wallet ?
Thralen
Full Member
***
Offline Offline

Activity: 123
Merit: 100


View Profile
March 02, 2012, 01:28:07 AM
 #87

Terms of Service exist for a reason, even if it was their fault (which I somehow doubt, given their track record)

Have a more secure system in place next time.

Their track record? This last statement tells me you didn't read the thread. The access was from one of Linode's administrative accounts. Therefore the track record is not good... A more secure system would involve not using linode since the access came from them..

Please read the thread before commenting, otherwise you make yourself look foolish.

Thralen

Supporting bitcoin as best I can with 1. mining, 2. buying with bitcoin, 3. selling (or trying to) for bitcoin. If you make a donation to:  1MahzUUEYJrZ4VbPRm2h5itGZKEguGVZK1  I'll get it into circulation.
glitch003
Full Member
***
Offline Offline

Activity: 219
Merit: 101


View Profile
March 02, 2012, 01:29:16 AM
 #88

Linode does not owe you anything, especially an 'estimated value' of your Bitcoins.

Terms of Service exist for a reason, even if it was their fault (which I somehow doubt, given their track record)

Have a more secure system in place next time.

Linode already acknowledged that it's their fault.  BTW I have a mat I'd love to sell you. It has conclusions on it and you can jump to them.
JeffK
Sr. Member
****
Offline Offline

Activity: 350
Merit: 250

I never hashed for this...


View Profile
March 02, 2012, 01:29:41 AM
 #89

Terms of Service exist for a reason, even if it was their fault (which I somehow doubt, given their track record)

Have a more secure system in place next time.

Their track record? This last statement tells me you didn't read the thread. The access was from one of Linode's administrative accounts. Therefore the track record is not good... A more secure system would involve not using linode since the access came from them..

Please read the thread before commenting, otherwise you make yourself look foolish.

Thralen


Ah yes, a goddamn pastebin surely is proof
glitch003
Full Member
***
Offline Offline

Activity: 219
Merit: 101


View Profile
March 02, 2012, 01:31:02 AM
 #90

Terms of Service exist for a reason, even if it was their fault (which I somehow doubt, given their track record)

Have a more secure system in place next time.

Their track record? This last statement tells me you didn't read the thread. The access was from one of Linode's administrative accounts. Therefore the track record is not good... A more secure system would involve not using linode since the access came from them..

Please read the thread before commenting, otherwise you make yourself look foolish.

Thralen


Ah yes, a goddamn pastebin surely is proof

Some people on this forum trust slush quite a bit.  What is his motivation to lie about this?
slush (OP)
Legendary
*
Offline Offline

Activity: 1386
Merit: 1097



View Profile WWW
March 02, 2012, 01:32:08 AM
 #91

Another 10k+ BTC from Bitcoinica :-/.
https://bitcointalk.org/index.php?topic=66961

m3ta
Sr. Member
****
Offline Offline

Activity: 435
Merit: 250



View Profile WWW
March 02, 2012, 01:32:35 AM
 #92

Boycott unless they fix it.

How will you be sure they "fixed it" unless they disclose the full vulnerability?
So, as you can never be sure, I say "boycott unless they greatly compensate Slush for the loss" - "I'm sorry" just doesn't cut it.


They already disclosed that it was a support login that did it. What else do they need to disclose?


The proof that if it happens again, criminal charges will be taken against the offender, and the victim will be compensated - basically, a secure SLA.
For example. Was that too hard?

Cause if you don't need anything else and are satisfied with their reply as it is, then you have very minimal requirements with people who have responsibilities over your assets and it's people like you who endanger everyone else.

Dasse....

Why the frell so many retards spell "ect" as an abbreviation of "Et Cetera"? "ETC", DAMMIT! http://en.wikipedia.org/wiki/Et_cetera

Host:/# rm -rf /var/forum/trolls
JeffK
Sr. Member
****
Offline Offline

Activity: 350
Merit: 250

I never hashed for this...


View Profile
March 02, 2012, 01:33:33 AM
 #93

Terms of Service exist for a reason, even if it was their fault (which I somehow doubt, given their track record)

Have a more secure system in place next time.

Their track record? This last statement tells me you didn't read the thread. The access was from one of Linode's administrative accounts. Therefore the track record is not good... A more secure system would involve not using linode since the access came from them..

Please read the thread before commenting, otherwise you make yourself look foolish.

Thralen


Ah yes, a goddamn pastebin surely is proof

Some people on this forum trust slush quite a bit.  What is his motivation to lie about this?


Hell if I know, I'm just saying that the proof is very shaky, I'll wait for a statement from Linode before I think they actually screwed up, but given this community's history for having 'trusted people' disappear with funds, I don't know how much the opinion of 'some people on this forum' matters.
Littleshop
Legendary
*
Offline Offline

Activity: 1386
Merit: 1004



View Profile WWW
March 02, 2012, 01:34:44 AM
 #94

Boycott unless they fix it.

How will you be sure they "fixed it" unless they disclose the full vulnerability?
So, as you can never be sure, I say "boycott unless they greatly compensate Slush for the loss" - "I'm sorry" just doesn't cut it.


Bitcoin raises web hosting to a new level.  Yes, there are juicy non-bitcoin targets out there such as credit cards and personal data.  But there is nothing like bitcoin for a hacker thief.  Once you steal them, you can wait to use them, something that does not work as well with credit cards.  You can mix them, something you can not do with credit cards.  You can even lay down false tracks by sending them to peoples public addresses.  

Now you have 'data' that is pretty much worth a years (or more) salary for a typical sysadmin.  An employee of a webhost can take it and if they know what they are doing, they can be much 'safer' then stealing credit card information.  Right now the only crime is unauthorized access and data theft, not all of the other crimes that go along with credit card fraud that could involve massive jail time.  I am not saying if caught they would not go to jail, but laws have not caught up to bitcoin.  

I would not trust any shared host (VM or not) that has access to your data for a wallet over $1000.  The only way to do this is with encrypted disks that are setup or encrypted by the customer with no host access of any kind.  No 'control panel" based hosting.  

Thralen
Full Member
***
Offline Offline

Activity: 123
Merit: 100


View Profile
March 02, 2012, 01:36:13 AM
 #95


Ah yes, a goddamn pastebin surely is proof

Do you see any other proof for the opposition posted, in addition there are corroborating reports from others as to the same thing occurring to them nearly simultaneously. Therefore the concept of admin access used for the crime is far more feasible. So we have proof of a sort vs. your opinion. Exactly why would be believe your opinion over even the slightest shred of proof?

Thralen

Supporting bitcoin as best I can with 1. mining, 2. buying with bitcoin, 3. selling (or trying to) for bitcoin. If you make a donation to:  1MahzUUEYJrZ4VbPRm2h5itGZKEguGVZK1  I'll get it into circulation.
Thralen
Full Member
***
Offline Offline

Activity: 123
Merit: 100


View Profile
March 02, 2012, 01:38:26 AM
 #96


Hell if I know, I'm just saying that the proof is very shaky, I'll wait for a statement from Linode before I think they actually screwed up, but given this community's history for having 'trusted people' disappear with funds, I don't know how much the opinion of 'some people on this forum' matters.

Here is some more 'proof' for you. Although you're liable to dismiss this in the same manner as the other:

https://bitcointalk.org/index.php?topic=66961

Thralen

Supporting bitcoin as best I can with 1. mining, 2. buying with bitcoin, 3. selling (or trying to) for bitcoin. If you make a donation to:  1MahzUUEYJrZ4VbPRm2h5itGZKEguGVZK1  I'll get it into circulation.
cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
March 02, 2012, 01:42:09 AM
 #97

do these incidents not bode well for online clients like Electrum or Blockchain.info?

even with encrypted user generated private keys, they can be stolen by the server when opened to sign tx's.
notme
Legendary
*
Offline Offline

Activity: 1904
Merit: 1002


View Profile
March 02, 2012, 01:42:51 AM
 #98


Hell if I know, I'm just saying that the proof is very shaky, I'll wait for a statement from Linode before I think they actually screwed up, but given this community's history for having 'trusted people' disappear with funds, I don't know how much the opinion of 'some people on this forum' matters.

Here is some more 'proof' for you. Although you're liable to dismiss this in the same manner as the other:

https://bitcointalk.org/index.php?topic=66961

Thralen

That corroborates the current theory (Linode admin leak).

What are you trying to prove with that link that is contrary to a Linode admin leak?

https://www.bitcoin.org/bitcoin.pdf
While no idea is perfect, some ideas are useful.
Eveofwar
Sr. Member
****
Offline Offline

Activity: 406
Merit: 250


View Profile
March 02, 2012, 01:44:32 AM
 #99


Hell if I know, I'm just saying that the proof is very shaky, I'll wait for a statement from Linode before I think they actually screwed up, but given this community's history for having 'trusted people' disappear with funds, I don't know how much the opinion of 'some people on this forum' matters.

Here is some more 'proof' for you. Although you're liable to dismiss this in the same manner as the other:

https://bitcointalk.org/index.php?topic=66961

Thralen

That corroborates the current theory (Linode admin leak).

What are you trying to prove with that link that is contrary to a Linode admin leak?

I think he may be trying to "set JeffK straight" as they say...
slush (OP)
Legendary
*
Offline Offline

Activity: 1386
Merit: 1097



View Profile WWW
March 02, 2012, 01:49:43 AM
 #100

I would not trust any shared host (VM or not) that has access to your data for a wallet over $1000.  The only way to do this is with encrypted disks that are setup or encrypted by the customer with no host access of any kind.

Unfortunately this is very hard to achieve in real world. For example, I cannot use any housing here in Prague because of stupidly poor connectivity to abroad. Then it really don't matter if the provider is VPS or not, because technically there must be somebody who have physical access to the server instead of me. I'm hosting the pool in France - it's standalone server, but there is still software KVM (because *I* need to reach the server anytime) and there are probably tens of sysadmins with physical access to server.

So it happen today in Linode, but it can happen everywhere else tomorrow. So choosing server provider for services where you don't have thousands of dollars monthly to protect your own server room is like playing russian roulette.

Pages: « 1 2 3 4 [5] 6 7 8 9 10 11 12 13 14 15 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!