|
payb.tc
|
 |
March 02, 2012, 05:04:24 AM |
|
Come on, stop spreading FUD. There is NO WAY IN HELL that the guy can cash out so quickly. Think of daily withdrawal limits, ID verification, coin tracing, and so forth.
My guess? Disheartened noobs cashing out because of loss of faith in the system. All the more coins for me!
Yeah, it's more likely market panic. yeah i never said it was the stolen coins that were being sold. |
|
|
|
|
|
|
|
|
|
"Bitcoin: mining our own business since 2009" -- Pieter Wuille
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
k9quaint
Legendary
 Offline
Activity: 1190
Merit: 1000
|
|
March 02, 2012, 05:13:06 AM |
|
This too shall pass. But in the mean time, I am vexed!  Buy! Markets can remain irrational for longer than I can remain solvent.  |
Bitcoin is backed by the full faith and credit of YouTube comments.
|
|
|
rjk
Sr. Member
Offline
Activity: 448
Merit: 250
1ngldh
|
|
March 02, 2012, 05:15:05 AM |
|
This too shall pass. But in the mean time, I am vexed! Buy! Markets can remain irrational for longer than I can remain solvent. Yes this is a problem sometimes  |
|
|
|
99Percent
Full Member
Offline
Activity: 402
Merit: 100
🦜| Save Smart & Win 🦜
|
|
March 02, 2012, 05:56:46 AM |
|
Lesson learned: private keys (wallet.dat) are just that: private. Once you put them out there, cloud, webserver, hosting server, email, etc, THEY ARE NO LONGER PRIVATE.
Can we move along now?
|
|
|
|
ThomasV
Legendary
Offline
Activity: 1896
Merit: 1353
|
|
March 02, 2012, 07:19:14 AM |
|
do these incidents not bode well for online clients like Electrum or Blockchain.info?
even with encrypted user generated private keys, they can be stolen by the server when opened to sign tx's.
Please do not mix things. There are two separate issues: 1. - the security of the server that your client is talking to. 2. - the security of the software running on your computer. 1. It is completely impossible for an Electrum server to steal your coins, because transactions are signed locally. The only way to steal your coins would be to compromise your own computer. 2. Someone gaining access to the server that distributes the software could insert malicious code in the software that is being distributed. (the tar.gz or .zip file, or the executable). Such an attack would only affect the users who downloaded and installed software between the time of the attack and the time where the attack is discovered. This kind of attack is possible for any type of bitcoin client (even the official one). It is mitigated by scrutiny from the community. Please understand that the situation is very different if you use a web wallet such as blockchain.info. If you use a web wallet, points 1 and 2 are not distinct; an attacker who gains control of the server will modify the javascript code that is sent by the server. The danger is amplified by the fact that your web browser will update the javascript code running on your computer everytime you use the service, and not just when you decide to upgrade your client. Thus, if the server is compromised, then the attacker can quickly replace the javascript code running in the web browser of all clients, and do whatever they want. |
Electrum: the convenience of a web wallet, without the risks
|
|
|
Detritus
Member
Offline
Activity: 295
Merit: 98
|
|
March 02, 2012, 08:15:59 AM |
|
I think it's more likely that Linode has a staffer into bitcoins that used the command line tools from the host VM manager to halt the systems, modify the shadow file and bring them up and steal the coins than it is that the Linode user's management tool was compromised.
Linode, if we can believe what they've said, didn't see any management UI activity in the logs at the time the reboots occurred. This is more consistent with someone using a tool outside of the normal logged events, such as the native VM tools, rather than the UI being broken into.
|
|
|
|
|
|
finway
|
|
March 02, 2012, 09:00:31 AM |
|
Actually, I think the real lesson here for pool operators
is that they should all move to the eligius model:
- eligius has no notion "customer accounts. These are a giant PITA for the miners,
require the pool op to manage a DB which is a PITA in itself. Accounts are also the
source of a whole host of security problem:
- need to create account/login -> need to enter data in website -> exposure surface to SQL injections
- need an email -> phishing attacks, etc .
- on eligius, miner just send their shares along with a public address
- on eligius, no need to store any kind of BTC amount on the pool server at any time:
the payout is built into the block from the coinbase. No BTC ever hit disk.
- on eligius, added bonus: anonymity for the pool users
- on eligius, added bonus: much easier to use for miners
Yes, Eligius' better than the traditional pool, on that point. |
|
|
|
|
Hawkix
|
|
March 02, 2012, 09:00:45 AM |
|
I think it's more likely that Linode has a staffer into bitcoins that used the command line tools from the host VM manager to halt the systems, modify the shadow file and bring them up and steal the coins than it is that the Linode user's management tool was compromised.
Linode, if we can believe what they've said, didn't see any management UI activity in the logs at the time the reboots occurred. This is more consistent with someone using a tool outside of the normal logged events, such as the native VM tools, rather than the UI being broken into.
If, and I believe in it, it was a staffer, I just fully hope that Linode has logged all such attemps and will identify the attacker and will try hard to force him to return the stolen funds. If he somehow managed to bypass the logs, or hacked the Linode, then Linode should end immediately as whole, this is unacceptable. |
|
|
|
LightRider
Legendary
Offline
Activity: 1500
Merit: 1021
I advocate the Zeitgeist Movement & Venus Project.
|
|
March 02, 2012, 09:14:15 AM |
|
Hopefully, this doesn't encourage other VPS/service/host providers to decline service to any potential future bitcoin sites. If slush/bitcoinica successfully convice Linode to compensate them in some significant way, then the lesson for other hosts is that "bitcoin losses will hurt or kill us". In any event, I bet every major host is double checking their TOS and reminding their clientele that they don't cover "imaginary webzone dollar" losses.
|
|
|
|
FlipPro
Legendary
Offline
Activity: 1764
Merit: 1015
|
|
March 02, 2012, 09:17:29 AM |
|
they don't cover "imaginary webzone dollar" losses.
This |
|
|
|
|
Matthew N. Wright
Untrustworthy
Hero Member
Offline
Activity: 588
Merit: 500
Hero VIP ultra official trusted super staff puppet
|
|
March 02, 2012, 09:19:08 AM |
|
In any event, I bet every major host is double checking their TOS and reminding their clientele that they don't cover "imaginary webzone dollar" losses.
If facebook's employee administrator panel was hacked into and someone stole facebook credits from users, would they say "fuck you it's imaginary money"? I hope you're being sarcastic and not an uneducated twat who has never heard of digital commodities, intellectual properties and suing for damages. |
|
|
|
LightRider
Legendary
Offline
Activity: 1500
Merit: 1021
I advocate the Zeitgeist Movement & Venus Project.
|
|
March 02, 2012, 09:44:37 AM |
|
In any event, I bet every major host is double checking their TOS and reminding their clientele that they don't cover "imaginary webzone dollar" losses.
If facebook's employee administrator panel was hacked into and someone stole facebook credits from users, would they say "fuck you it's imaginary money"? I hope you're being sarcastic and not an uneducated twat who has never heard of digital commodities, intellectual properties and suing for damages. Well Facebook has complete control over their own currency and could easily mitigate such issues. Bitcoin is a different animal of a different color on a different planet. This isn't a data redundancy issue, nor an intellectual property issue. This is storing, backing up and restricting access to unique digital information that once accessed and used, is no longer valuable to anyone anywhere ever again (particularly the victim). I can steal the secret formula for Coca Cola, but that doesn't prevent Coca Cola from continuing to produce and sell their beverage. I can pirate a movie, but that doesn't mean the original copy is unviewable (in the vast majority of cases). I can login and delete all of your live data, but you still likely have backups. I can't keep my wallet in a safe and have the ability to double spend my illicitly accessed bitcoin (outside of exceedingly unlikely circumstances). I do not believe that I am a twat. PS: All money is imaginary. |
|
|
|
Kluge
Donator
Legendary
Offline
Activity: 1218
Merit: 1015
|
|
March 02, 2012, 09:50:40 AM |
|
In any event, I bet every major host is double checking their TOS and reminding their clientele that they don't cover "imaginary webzone dollar" losses.
If facebook's employee administrator panel was hacked into and someone stole facebook credits from users, would they say "fuck you it's imaginary money"? I hope you're being sarcastic and not an uneducated twat who has never heard of digital commodities, intellectual properties and suing for damages. Don't see how Linode can get out of compensating (at least in the form of 5 free years of hosting or something) without implying "we're just not a secure-enough service for you to put sensitive data on. Don't put data on our servers unless you're hosting non-interactive web-pages with cute little kittens, or protect your data like Fort Knox because there's no telling when it'll be compromised, either by our staff or our irresponsibility/incompetence." |
|
|
|
|
farfiman
Legendary
Offline
Activity: 1449
Merit: 1001
|
|
March 02, 2012, 09:52:29 AM |
|
In any event, I bet every major host is double checking their TOS and reminding their clientele that they don't cover "imaginary webzone dollar" losses.
If facebook's employee administrator panel was hacked into and someone stole facebook credits from users, would they say "fuck you it's imaginary money"? I hope you're being sarcastic and not an uneducated twat who has never heard of digital commodities, intellectual properties and suing for damages. Well Facebook has complete control over their own currency and could easily mitigate such issues. Bitcoin is a different animal of a different color on a different planet. This isn't a data redundancy issue, nor an intellectual property issue. This is storing, backing up and restricting access to unique digital information that once accessed and used, is no longer valuable to anyone anywhere ever again (particularly the victim). I can steal the secret formula for Coca Cola, but that doesn't prevent Coca Cola from continuing to produce and sell their beverage. I can pirate a movie, but that doesn't mean the original copy is unviewable (in the vast majority of cases). I can login and delete all of your live data, but you still likely have backups. I can't keep my wallet in a safe and have the ability to double spend my bitcoin (outside of exceedingly unlikely circumstances). I do not believe that I am a twat. PS: All money is imaginary. Exactly - like the difference between stealing a shirt or pirating a movie . Both might cost the same but the 1st is a 100% loss to the store and the other...well, the pirate probably wouldn't have bought it anyway so no real loss. |
"We are just fools. We insanely believe that we can replace one politician with another and something will really change. The ONLY possible way to achieve change is to change the very system of how government functions. Until we are prepared to do that, suck it up for your future belongs to the madness and corruption of politicians."
Martin Armstrong
|
|
|
Matthew N. Wright
Untrustworthy
Hero Member
Offline
Activity: 588
Merit: 500
Hero VIP ultra official trusted super staff puppet
|
|
March 02, 2012, 09:59:37 AM |
|
In any event, I bet every major host is double checking their TOS and reminding their clientele that they don't cover "imaginary webzone dollar" losses.
If facebook's employee administrator panel was hacked into and someone stole facebook credits from users, would they say "fuck you it's imaginary money"? I hope you're being sarcastic and not an uneducated twat who has never heard of digital commodities, intellectual properties and suing for damages. Well Facebook has complete control over their own currency and could easily mitigate such issues. Bitcoin is a different animal of a different color on a different planet. This isn't a data redundancy issue, nor an intellectual property issue. This is storing, backing up and restricting access to unique digital information that once accessed and used, is no longer valuable to anyone anywhere ever again (particularly the victim). I can steal the secret formula for Coca Cola, but that doesn't prevent Coca Cola from continuing to produce and sell their beverage. I can pirate a movie, but that doesn't mean the original copy is unviewable (in the vast majority of cases). I can login and delete all of your live data, but you still likely have backups. I can't keep my wallet in a safe and have the ability to double spend my illicitly accessed bitcoin (outside of exceedingly unlikely circumstances). I do not believe that I am a twat. PS: All money is imaginary. You are trying to preach a libertarian ideal without accepting that the US legal system is not libertarian. Bring it back down to earth now. In a court of law, what Linode did was actionable. That is the only point that needs be made. P.S. I don't think you're a twat and I typically agree with you, but this point smells of agenda. |
|
|
|
Matthew N. Wright
Untrustworthy
Hero Member
Offline
Activity: 588
Merit: 500
Hero VIP ultra official trusted super staff puppet
|
|
March 02, 2012, 10:01:03 AM |
|
In any event, I bet every major host is double checking their TOS and reminding their clientele that they don't cover "imaginary webzone dollar" losses.
If facebook's employee administrator panel was hacked into and someone stole facebook credits from users, would they say "fuck you it's imaginary money"? I hope you're being sarcastic and not an uneducated twat who has never heard of digital commodities, intellectual properties and suing for damages. Well Facebook has complete control over their own currency and could easily mitigate such issues. Bitcoin is a different animal of a different color on a different planet. This isn't a data redundancy issue, nor an intellectual property issue. This is storing, backing up and restricting access to unique digital information that once accessed and used, is no longer valuable to anyone anywhere ever again (particularly the victim). I can steal the secret formula for Coca Cola, but that doesn't prevent Coca Cola from continuing to produce and sell their beverage. I can pirate a movie, but that doesn't mean the original copy is unviewable (in the vast majority of cases). I can login and delete all of your live data, but you still likely have backups. I can't keep my wallet in a safe and have the ability to double spend my bitcoin (outside of exceedingly unlikely circumstances). I do not believe that I am a twat. PS: All money is imaginary. Exactly - like the difference between stealing a shirt or pirating a movie . Both might cost the same but the 1st is a 100% loss to the store and the other...well, the pirate probably wouldn't have bought it anyway so no real loss. Yea, so you agree then? Linode should be held responsible since it had nothing to do with customer security and was indistinguishable from an inside job... |
|
|
|
LightRider
Legendary
Offline
Activity: 1500
Merit: 1021
I advocate the Zeitgeist Movement & Venus Project.
|
|
March 02, 2012, 10:10:13 AM |
|
In any event, I bet every major host is double checking their TOS and reminding their clientele that they don't cover "imaginary webzone dollar" losses.
If facebook's employee administrator panel was hacked into and someone stole facebook credits from users, would they say "fuck you it's imaginary money"? I hope you're being sarcastic and not an uneducated twat who has never heard of digital commodities, intellectual properties and suing for damages. Well Facebook has complete control over their own currency and could easily mitigate such issues. Bitcoin is a different animal of a different color on a different planet. This isn't a data redundancy issue, nor an intellectual property issue. This is storing, backing up and restricting access to unique digital information that once accessed and used, is no longer valuable to anyone anywhere ever again (particularly the victim). I can steal the secret formula for Coca Cola, but that doesn't prevent Coca Cola from continuing to produce and sell their beverage. I can pirate a movie, but that doesn't mean the original copy is unviewable (in the vast majority of cases). I can login and delete all of your live data, but you still likely have backups. I can't keep my wallet in a safe and have the ability to double spend my illicitly accessed bitcoin (outside of exceedingly unlikely circumstances). I do not believe that I am a twat. PS: All money is imaginary. You are trying to preach a libertarian ideal without accepting that the US legal system is not libertarian. Bring it back down to earth now. In a court of law, what Linode did was actionable. That is the only point that needs be made. P.S. I don't think you're a twat and I typically agree with you, but this point smells of agenda. A court of law and physical reality don't always agree, I'll give you that. I'm hopeful that all parties involved will work together to determine what can be done to mitigate the losses, but this is an unfortunate collision between the purity of mathematical and physical reality and legal opinion, (assuming it even gets that far), and opinion will never trump reality. |
|
|
|
|
BkkCoins
|
|
March 02, 2012, 10:13:02 AM
Last edit: March 03, 2012, 01:32:33 AM by BkkCoins |
|
Actually, I think the real lesson here for pool operators
is that they should all move to the eligius model:
- eligius has no notion "customer accounts. These are a giant PITA for the miners,
require the pool op to manage a DB which is a PITA in itself. Accounts are also the
source of a whole host of security problem:
- need to create account/login -> need to enter data in website -> exposure surface to SQL injections
- need an email -> phishing attacks, etc .
- on eligius, miner just send their shares along with a public address
- on eligius, no need to store any kind of BTC amount on the pool server at any time:
the payout is built into the block from the coinbase. No BTC ever hit disk.
- on eligius, added bonus: anonymity for the pool users
- on eligius, added bonus: much easier to use for miners
You missed - on eligius, added bonus: The coins you receive are virgin whereas with most pools you potentially could get mixed/old coins. |
|
|
|
LightRider
Legendary
Offline
Activity: 1500
Merit: 1021
I advocate the Zeitgeist Movement & Venus Project.
|
|
March 02, 2012, 10:25:03 AM |
|
You missed - on eligius, added bonus:
The coins you receive are virgin whereas with most pools you potentially could get mixed/old coins.
What is the advantage of virgin coins  You can sacrifice them to please internet gods. |
|
|
|
Matthew N. Wright
Untrustworthy
Hero Member
Offline
Activity: 588
Merit: 500
Hero VIP ultra official trusted super staff puppet
|
|
March 02, 2012, 10:25:26 AM |
|
In any event, I bet every major host is double checking their TOS and reminding their clientele that they don't cover "imaginary webzone dollar" losses.
If facebook's employee administrator panel was hacked into and someone stole facebook credits from users, would they say "fuck you it's imaginary money"? I hope you're being sarcastic and not an uneducated twat who has never heard of digital commodities, intellectual properties and suing for damages. Well Facebook has complete control over their own currency and could easily mitigate such issues. Bitcoin is a different animal of a different color on a different planet. This isn't a data redundancy issue, nor an intellectual property issue. This is storing, backing up and restricting access to unique digital information that once accessed and used, is no longer valuable to anyone anywhere ever again (particularly the victim). I can steal the secret formula for Coca Cola, but that doesn't prevent Coca Cola from continuing to produce and sell their beverage. I can pirate a movie, but that doesn't mean the original copy is unviewable (in the vast majority of cases). I can login and delete all of your live data, but you still likely have backups. I can't keep my wallet in a safe and have the ability to double spend my illicitly accessed bitcoin (outside of exceedingly unlikely circumstances). I do not believe that I am a twat. PS: All money is imaginary. You are trying to preach a libertarian ideal without accepting that the US legal system is not libertarian. Bring it back down to earth now. In a court of law, what Linode did was actionable. That is the only point that needs be made. P.S. I don't think you're a twat and I typically agree with you, but this point smells of agenda. A court of law and physical reality don't always agree, I'll give you that. I'm hopeful that all parties involved will work together to determine what can be done to mitigate the losses, but this is an unfortunate collision between the purity of mathematical and physical reality and legal opinion, (assuming it even gets that far), and opinion will never trump reality. Fair enough. ^^ |
|
|
|
|
