|
Revalin
|
 |
March 02, 2012, 01:17:22 AM |
|
It might be interesting, if, instead of balances, there were specific 'coins' in the protocol (at the moment, balances lose their individual identities, when they pass through a transaction) Not true. Each transaction into an address is a separate coin, and they are redeemed separately when you spend them. They only mix when multiple coins are redeemed at the same time. If you mean completely individual, non-mixing coins, I don't think there's a practical way to do it with a Bitcoin-like cryptocurrency. The blockchain would become huge. |
War is God's way of teaching Americans geography. --Ambrose Bierce
Bitcoin is the Devil's way of teaching geeks economics. --Revalin 165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g |
|
|
|
|
|
|
|
|
|
|
|
In order to get the maximum amount of activity points possible, you just need to post once per day on average. Skipping days is OK as long as you maintain the average.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
m3ta
|
|
March 02, 2012, 01:19:38 AM |
|
Boycott unless they fix it.
How will you be sure they "fixed it" unless they disclose the full vulnerability? So, as you can never be sure, I say "boycott unless they greatly compensate Slush for the loss" - "I'm sorry" just doesn't cut it. |
|
|
|
JeffK
Sr. Member
 Offline
Activity: 350
Merit: 250
I never hashed for this...
|
|
March 02, 2012, 01:22:19 AM |
|
Linode does not owe you anything, especially an 'estimated value' of your Bitcoins.
Terms of Service exist for a reason, even if it was their fault (which I somehow doubt, given their track record)
Have a more secure system in place next time.
|
|
|
|
|
Raoul Duke
aka psy
Legendary
Offline
Activity: 1358
Merit: 1002
|
|
March 02, 2012, 01:26:00 AM |
|
Boycott unless they fix it.
How will you be sure they "fixed it" unless they disclose the full vulnerability? So, as you can never be sure, I say "boycott unless they greatly compensate Slush for the loss" - "I'm sorry" just doesn't cut it. They already disclosed that it was a support login that did it. What else do they need to disclose? @JeffK just crawl back under the rock you were since Jan 9, 2012. Interesting that you came back just to say that... |
|
|
|
|
dooglus
Legendary
Offline
Activity: 2940
Merit: 1330
|
|
March 02, 2012, 01:26:48 AM |
|
Have a more secure system in place next time.
The attacker went outside his secure system and gained root access. There's not much you can do about that except for not using a hosting service which allows attackers root access to your files. |
| Just-Dice | ██
██████████
██████████████████
██████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████
██████████████
██████ | Play or Invest | ██
██████████
██████████████████
██████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████
██████████████
██████ | 1% House Edge |
|
|
|
|
Eveofwar
|
|
March 02, 2012, 01:28:03 AM |
|
Have a more secure system in place next time.
The attacker went outside his secure system and gained root access. There's not much you can do about that except for not using a hosting service which allows attackers root access to your files. How about encrypting the wallet ? |
|
|
|
|
|
Thralen
|
|
March 02, 2012, 01:28:07 AM |
|
Terms of Service exist for a reason, even if it was their fault (which I somehow doubt, given their track record)
Have a more secure system in place next time.
Their track record? This last statement tells me you didn't read the thread. The access was from one of Linode's administrative accounts. Therefore the track record is not good... A more secure system would involve not using linode since the access came from them.. Please read the thread before commenting, otherwise you make yourself look foolish. Thralen |
Supporting bitcoin as best I can with 1. mining, 2. buying with bitcoin, 3. selling (or trying to) for bitcoin. If you make a donation to: 1MahzUUEYJrZ4VbPRm2h5itGZKEguGVZK1 I'll get it into circulation.
|
|
|
|
glitch003
|
|
March 02, 2012, 01:29:16 AM |
|
Linode does not owe you anything, especially an 'estimated value' of your Bitcoins.
Terms of Service exist for a reason, even if it was their fault (which I somehow doubt, given their track record)
Have a more secure system in place next time.
Linode already acknowledged that it's their fault. BTW I have a mat I'd love to sell you. It has conclusions on it and you can jump to them. |
|
|
|
|
JeffK
Sr. Member
Offline
Activity: 350
Merit: 250
I never hashed for this...
|
|
March 02, 2012, 01:29:41 AM |
|
Terms of Service exist for a reason, even if it was their fault (which I somehow doubt, given their track record)
Have a more secure system in place next time.
Their track record? This last statement tells me you didn't read the thread. The access was from one of Linode's administrative accounts. Therefore the track record is not good... A more secure system would involve not using linode since the access came from them.. Please read the thread before commenting, otherwise you make yourself look foolish. Thralen Ah yes, a goddamn pastebin surely is proof |
|
|
|
|
|
glitch003
|
|
March 02, 2012, 01:31:02 AM |
|
Terms of Service exist for a reason, even if it was their fault (which I somehow doubt, given their track record)
Have a more secure system in place next time.
Their track record? This last statement tells me you didn't read the thread. The access was from one of Linode's administrative accounts. Therefore the track record is not good... A more secure system would involve not using linode since the access came from them.. Please read the thread before commenting, otherwise you make yourself look foolish. Thralen Ah yes, a goddamn pastebin surely is proof Some people on this forum trust slush quite a bit. What is his motivation to lie about this? |
|
|
|
|
slush (OP)
Legendary
Offline
Activity: 1386
Merit: 1097
|
|
March 02, 2012, 01:32:08 AM |
|
|
|
|
|
|
m3ta
|
|
March 02, 2012, 01:32:35 AM |
|
Boycott unless they fix it.
How will you be sure they "fixed it" unless they disclose the full vulnerability? So, as you can never be sure, I say "boycott unless they greatly compensate Slush for the loss" - "I'm sorry" just doesn't cut it. They already disclosed that it was a support login that did it. What else do they need to disclose? The proof that if it happens again, criminal charges will be taken against the offender, and the victim will be compensated - basically, a secure SLA. For example. Was that too hard? Cause if you don't need anything else and are satisfied with their reply as it is, then you have very minimal requirements with people who have responsibilities over your assets and it's people like you who endanger everyone else. Dasse.... |
|
|
|
JeffK
Sr. Member
Offline
Activity: 350
Merit: 250
I never hashed for this...
|
|
March 02, 2012, 01:33:33 AM |
|
Terms of Service exist for a reason, even if it was their fault (which I somehow doubt, given their track record)
Have a more secure system in place next time.
Their track record? This last statement tells me you didn't read the thread. The access was from one of Linode's administrative accounts. Therefore the track record is not good... A more secure system would involve not using linode since the access came from them.. Please read the thread before commenting, otherwise you make yourself look foolish. Thralen Ah yes, a goddamn pastebin surely is proof Some people on this forum trust slush quite a bit. What is his motivation to lie about this? Hell if I know, I'm just saying that the proof is very shaky, I'll wait for a statement from Linode before I think they actually screwed up, but given this community's history for having 'trusted people' disappear with funds, I don't know how much the opinion of 'some people on this forum' matters. |
|
|
|
|
Littleshop
Legendary
Offline
Activity: 1386
Merit: 1003
|
|
March 02, 2012, 01:34:44 AM |
|
Boycott unless they fix it.
How will you be sure they "fixed it" unless they disclose the full vulnerability? So, as you can never be sure, I say "boycott unless they greatly compensate Slush for the loss" - "I'm sorry" just doesn't cut it. Bitcoin raises web hosting to a new level. Yes, there are juicy non-bitcoin targets out there such as credit cards and personal data. But there is nothing like bitcoin for a hacker thief. Once you steal them, you can wait to use them, something that does not work as well with credit cards. You can mix them, something you can not do with credit cards. You can even lay down false tracks by sending them to peoples public addresses. Now you have 'data' that is pretty much worth a years (or more) salary for a typical sysadmin. An employee of a webhost can take it and if they know what they are doing, they can be much 'safer' then stealing credit card information. Right now the only crime is unauthorized access and data theft, not all of the other crimes that go along with credit card fraud that could involve massive jail time. I am not saying if caught they would not go to jail, but laws have not caught up to bitcoin. I would not trust any shared host (VM or not) that has access to your data for a wallet over $1000. The only way to do this is with encrypted disks that are setup or encrypted by the customer with no host access of any kind. No 'control panel" based hosting. |
|
|
|
|
Thralen
|
|
March 02, 2012, 01:36:13 AM |
|
Ah yes, a goddamn pastebin surely is proof
Do you see any other proof for the opposition posted, in addition there are corroborating reports from others as to the same thing occurring to them nearly simultaneously. Therefore the concept of admin access used for the crime is far more feasible. So we have proof of a sort vs. your opinion. Exactly why would be believe your opinion over even the slightest shred of proof? Thralen |
Supporting bitcoin as best I can with 1. mining, 2. buying with bitcoin, 3. selling (or trying to) for bitcoin. If you make a donation to: 1MahzUUEYJrZ4VbPRm2h5itGZKEguGVZK1 I'll get it into circulation.
|
|
|
|
Thralen
|
|
March 02, 2012, 01:38:26 AM |
|
Hell if I know, I'm just saying that the proof is very shaky, I'll wait for a statement from Linode before I think they actually screwed up, but given this community's history for having 'trusted people' disappear with funds, I don't know how much the opinion of 'some people on this forum' matters.
Here is some more 'proof' for you. Although you're liable to dismiss this in the same manner as the other: https://bitcointalk.org/index.php?topic=66961Thralen |
Supporting bitcoin as best I can with 1. mining, 2. buying with bitcoin, 3. selling (or trying to) for bitcoin. If you make a donation to: 1MahzUUEYJrZ4VbPRm2h5itGZKEguGVZK1 I'll get it into circulation.
|
|
|
cypherdoc
Legendary
Offline
Activity: 1764
Merit: 1002
|
|
March 02, 2012, 01:42:09 AM |
|
do these incidents not bode well for online clients like Electrum or Blockchain.info?
even with encrypted user generated private keys, they can be stolen by the server when opened to sign tx's.
|
|
|
|
|
notme
Legendary
Offline
Activity: 1904
Merit: 1002
|
|
March 02, 2012, 01:42:51 AM |
|
Hell if I know, I'm just saying that the proof is very shaky, I'll wait for a statement from Linode before I think they actually screwed up, but given this community's history for having 'trusted people' disappear with funds, I don't know how much the opinion of 'some people on this forum' matters.
Here is some more 'proof' for you. Although you're liable to dismiss this in the same manner as the other: https://bitcointalk.org/index.php?topic=66961Thralen That corroborates the current theory (Linode admin leak). What are you trying to prove with that link that is contrary to a Linode admin leak? |
|
|
|
|
Eveofwar
|
|
March 02, 2012, 01:44:32 AM |
|
Hell if I know, I'm just saying that the proof is very shaky, I'll wait for a statement from Linode before I think they actually screwed up, but given this community's history for having 'trusted people' disappear with funds, I don't know how much the opinion of 'some people on this forum' matters.
Here is some more 'proof' for you. Although you're liable to dismiss this in the same manner as the other: https://bitcointalk.org/index.php?topic=66961Thralen That corroborates the current theory (Linode admin leak). What are you trying to prove with that link that is contrary to a Linode admin leak? I think he may be trying to "set JeffK straight" as they say... |
|
|
|
|
slush (OP)
Legendary
Offline
Activity: 1386
Merit: 1097
|
|
March 02, 2012, 01:49:43 AM |
|
I would not trust any shared host (VM or not) that has access to your data for a wallet over $1000. The only way to do this is with encrypted disks that are setup or encrypted by the customer with no host access of any kind.
Unfortunately this is very hard to achieve in real world. For example, I cannot use any housing here in Prague because of stupidly poor connectivity to abroad. Then it really don't matter if the provider is VPS or not, because technically there must be somebody who have physical access to the server instead of me. I'm hosting the pool in France - it's standalone server, but there is still software KVM (because *I* need to reach the server anytime) and there are probably tens of sysadmins with physical access to server. So it happen today in Linode, but it can happen everywhere else tomorrow. So choosing server provider for services where you don't have thousands of dollars monthly to protect your own server room is like playing russian roulette. |
|
|
|
|
