In light of the recent hacks, I feel I have a responsibility to share part of a private message sent to me by user cablepair:
[...] You are inquiring what happened, heres the story:
I dont know if you were around in june, but at that time MTGox got hacked and passwords were leaked, I had a weak password and was cracked. Someone hacked my local linux box and not only stole my entire wallet they deleted all traces of it off my local machine. 400 BTC was stolen half of it was actually mine, the other half belonged to two other people. [...]
You'd think that the owner of a public web host and
tech support company would know better than to not only reuse the same password, but to have it be weak enough to be (probably) bruteforced. Please exercise caution when investing, or in some other way taking part in the services offered by cablepair or any of his ventures.
cablepair has said he wants to "put the whole thing behind me", referring to the hack, without what I would call sufficient disclosure of the intrusion. As the owner of a web host that highly depends on the integrity and security of its owner, I'd say this is warranted. (Excellent example:
GitHub's response to the recent security vulnerability.)
Please note that this by no means is a personal attack, but me disclosing important information and doing what I feel is the right thing, especially now that you're going to be hosting instances of "bitcoind", the command-line daemon of the official client aimed at businesses and advanced users.
At the very least, a full disclosure of what has happened and what steps you have taken from preventing it from happening in the future is in order.
Thank you,
Terry
