Bitcoin Forum
December 05, 2016, 10:41:49 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 4 5 6 7 »  All
  Print  
Author Topic: GLBSE 2.0, Is safer now.  (Read 7661 times)
Nefario
Hero Member
*****
Offline Offline

Activity: 602


GLBSE Support support@glbse.com


View Profile WWW
April 02, 2012, 03:04:24 PM
 #21

I could also add GPGAuth as an authentication method
http://gpgauth.org

However there is currently only a plugin for Google Chrome and no ruby server side implementation(which means I'd have to create it.

So it's an option, and one I'd happily support in the current system, just not an immediate one.

PGP key id at pgp.mit.edu 0xA68F4B7C

To get help and support for GLBSE please email support@glbse.com
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
likuidxd
Sr. Member
****
Offline Offline

Activity: 448



View Profile
April 02, 2012, 03:59:04 PM
 #22

Goat, are you preemptively passing all blame of Nefario if something goes wrong with any of your GLBSE listings here because you don't want to authenticate your account? You can personally take measures to keep your e-mail account safe if you're worried. One, for instance, is as simple a rotating passwords regularly. It is the responsibility of both of you to secure your accounts, taking no responsibility is fairly childish IMO.
My apologies, but this sounds sketchy

Nefario
Hero Member
*****
Offline Offline

Activity: 602


GLBSE Support support@glbse.com


View Profile WWW
April 02, 2012, 04:13:13 PM
 #23

I'm going to add Yubikey support soon, next few hours.

likuidxd makes some very good points, security is everyones responsibility.

I'm making the commitment to secure GLBSE, but it only works if users secure their passwords.

If you want to be able to recover your accounts via email then you need to secure those as well, there is not other way around it.

PGP key id at pgp.mit.edu 0xA68F4B7C

To get help and support for GLBSE please email support@glbse.com
labestiol
Sr. Member
****
Offline Offline

Activity: 434


View Profile
April 02, 2012, 04:26:33 PM
 #24

What i find most alarming in this thread is that goat doesn't want to authenticate his account...

Apart from that, having a secure email address, and single use password is a basic when money is involved...
Regarding 2 step authentication, how difficult is it to implement google authenticator ? (like bitcoinica did)


1BestioLC7YBVh8Q5LfH6RYURD6MrpP8y6
OgNasty
Donator
Legendary
*
Offline Offline

Activity: 2016


Powered by NastyFans


View Profile WWW
April 02, 2012, 04:59:45 PM
 #25

Hold assets created by me at your own risk. If I am hacked I will take no responsibility. Why? My account is attached to a free e-mail account that I have used for years on public computers all over the world. Would I even dream of putting 1000s of bitcoins on the security of this free junk mail account? No, never and to do so would be negligent! This was forced upon me without warning or consent!

Holy scam warning Batman!

Goat, why didn't you create an alias email account with an outrageously complicated password when you signed up for GLBSE 2.0?  You're honestly saying you use the same email/password for multiple sites and have been doing it for years?  I find it hard to believe that anyone in Bitcoin could be so naive.  You hold thousands maybe tens of thousands of dollars in other people's money and you reuse a commonly used email address?  I apologize, but I don't believe you are that stupid.  You were around for the MtGox email address hack, you know better.  This seems like either A) you setting up to scam everyone and not claim responsibility or B) you trying to create a panic in all your holdings so that you can buy them back for cheap and keep the profits.  For someone with 4 listings on the GLBSE, I find this incredibly irresponsible.

THIS WARNING seems to be a lot more relevant now.

BITSLER                 ▄███
               ▄████▀
             ▄████▀
           ▄████▀  ▄██▄
         ▄████▀    ▀████▄
       ▄████▀        ▀████▄
     ▄████▀            ▀████▄
   ▄████▀                ▀████▄
 ▄████▀ ▄████▄      ▄████▄ ▀████▄
█████   ██████      ██████   █████
 ▀████▄ ▀████▀      ▀████▀ ▄████▀
   ▀████▄                ▄████▀
     ▀████▄            ▄████▀
       ▀████▄        ▄████▀
         ▀████▄    ▄████▀
           ▀████▄▄████▀
             ▀██████▀
               ▀▀▀▀
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄            
▄▄▄▄▀▀▀▀    ▄▄█▄▄ ▀▀▄         
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄      
█  ▀▄▄  ▀█▀▀ ▄      ▀████   ▀▀▄   
█ █▄  ▀▄   ▀████       ▀▀ ▄██▄ ▀▀▄
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█  ▀▀       ▀▄▄ ▀████      ▄▄▄▀▀▀  █
█            ▄ ▀▄    ▄▄▄▀▀▀   ▄▄  █
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█ ▄▄   ███   ▀██  █           ▀▀  █ 
█ ███  ▀██       █        ▄▄      █ 
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  
▀▄            █        ▀▀      █  
▀▀▄   ███▄  █   ▄▄          █   
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀    
▀▀▄   █   ▀▀▄▄▄▀▀▀         
▄▄▄▄▄▄▄▄▄▄▄█▄▄▀▀▀▀              
              ▄▄▄██████▄▄▄
          ▄▄████████████████▄▄
        ▄██████▀▀▀▀▀▀▀▀▀▀██████▄
▄     ▄█████▀             ▀█████▄
██▄▄ █████▀                ▀█████
 ████████            ▄██      █████
  ████████▄         ███▀       ████▄
  █████████▀▀     ▄███▀        █████
   █▀▀▀          █████         █████
     ▄▄▄         ████          █████
   █████          ▀▀           ████▀
    █████                     █████
     █████▄                 ▄█████
      ▀█████▄             ▄█████▀
        ▀██████▄▄▄▄▄▄▄▄▄▄██████▀
          ▀▀████████████████▀▀
              ▀▀▀██████▀▀▀
            ▄▄▄███████▄▄▄
         ▄█▀▀▀ ▄▄▄▄▄▄▄ ▀▀▀█▄
       █▀▀ ▄█████████████▄ ▀▀█
     █▀▀ ███████████████████ ▀▀█
    █▀ ███████████████████████ ▀█
   █▀ ███████████████▀▀ ███████ ▀█
 ▄█▀ ██████████████▀      ▀█████ ▀█▄
███ ███████████▀▀            ▀▀██ ███
███ ███████▀▀                     ███
███ ▀▀▀▀                          ███
▀██▄                             ▄██▀
  ▀█▄                            ▀▀
    █▄       █▄▄▄▄▄▄▄▄▄█
     █▄      ▀█████████▀
      ▀█▄      ▀▀▀▀▀▀▀
        ▀▀█▄▄  ▄▄▄
            ▀▀█████
[]
Nefario
Hero Member
*****
Offline Offline

Activity: 602


GLBSE Support support@glbse.com


View Profile WWW
April 02, 2012, 05:10:09 PM
 #26

Hold assets created by me at your own risk. If I am hacked I will take no responsibility. Why? My account is attached to a free e-mail account that I have used for years on public computers all over the world. Would I even dream of putting 1000s of bitcoins on the security of this free junk mail account? No, never and to do so would be negligent! This was forced upon me without warning or consent!

Holy scam warning Batman!

Goat, why didn't you create an alias email account with an outrageously complicated password when you signed up for GLBSE 2.0?  You're honestly saying you use the same email/password for multiple sites and have been doing it for years?  I find it hard to believe that anyone in Bitcoin could be so naive.  You hold thousands maybe tens of thousands of dollars in other people's money and you reuse a commonly used email address?  I apologize, but I don't believe you are that stupid.  You were around for the MtGox email address hack, you know better.  This seems like either A) you setting up to scam everyone and not claim responsibility or B) you trying to create a panic in all your holdings so that you can buy them back for cheap and keep the profits.  For someone with 4 listings on the GLBSE, I find this incredibly irresponsible.

THIS WARNING seems to be a lot more relevant now.

I would hold off on the speculation for a while. We must allow Goat a reasonable amount of time to comply with the requests.

Nefario.

PGP key id at pgp.mit.edu 0xA68F4B7C

To get help and support for GLBSE please email support@glbse.com
Nefario
Hero Member
*****
Offline Offline

Activity: 602


GLBSE Support support@glbse.com


View Profile WWW
April 02, 2012, 05:58:40 PM
 #27

I'm going to add Yubikey support soon, next few hours.

likuidxd makes some very good points, security is everyones responsibility.

I'm making the commitment to secure GLBSE, but it only works if users secure their passwords.

If you want to be able to recover your accounts via email then you need to secure those as well, there is not other way around it.

Actually I changed my mind, turns out you (I) actually need to buy a Yubikey to even get started, I don't want to bother waiting.

I'll find another option.
Will use Google Authenticator, actually that seems to be the perfect option.

PGP key id at pgp.mit.edu 0xA68F4B7C

To get help and support for GLBSE please email support@glbse.com
stochastic
Hero Member
*****
Offline Offline

Activity: 532


View Profile
April 02, 2012, 06:15:51 PM
 #28

I'm going to add Yubikey support soon, next few hours.

likuidxd makes some very good points, security is everyones responsibility.

I'm making the commitment to secure GLBSE, but it only works if users secure their passwords.

If you want to be able to recover your accounts via email then you need to secure those as well, there is not other way around it.

Actually I changed my mind, turns out you (I) actually need to buy a Yubikey to even get started, I don't want to bother waiting.

I'll find another option.
Will use Google Authenticator, actually that seems to be the perfect option.

So is the login on GLBSE turned off for now because I can't log into my account either?

Edit:  Stupid me, I need to allow the permission to run that thing.

Thanks for the quick reply.

Introducing constraints to the economy only serves to limit what can be economical.
Nefario
Hero Member
*****
Offline Offline

Activity: 602


GLBSE Support support@glbse.com


View Profile WWW
April 02, 2012, 06:25:41 PM
 #29

No I added a captcha to the login page to make brute force logins difficult.


PGP key id at pgp.mit.edu 0xA68F4B7C

To get help and support for GLBSE please email support@glbse.com
stochastic
Hero Member
*****
Offline Offline

Activity: 532


View Profile
April 02, 2012, 06:31:59 PM
 #30

First of all I do not like to talk in public about this sort of stuff but I am doing so because I have a duty to my shareholders and people who hold my assets.  I apologize in advance. Nafario will be PMed a link to this thread.

GLBSE 1.0 was extremely solid. For the user to be at fault for a hack not only did someone need to have access to their physical computer but they also needed the password. I only kept the account on one computer and encrypted the HDD. If I got hacked it was not going to be my fault.
GLBSE2.0 is nothing close to solid. All you need now to get access to someone’s account is their e-mail address and password. That is it!

https://bitcointalk.org/index.php?topic=60489.msg829923#msg829923

Nefario himself understand how risky this is and claims he will take no responsibility. I understand that point of view and I am going to make it very clear that I also take no responsibility!

Hold assets created by me at your own risk. If I am hacked I will take no responsibility. Why? My account is attached to a free e-mail account that I have used for years on public computers all over the world. Would I even dream of putting 1000s of bitcoins on the security of this free junk mail account? No, never and to do so would be negligent! This was forced upon me without warning or consent!

Sunday morning I woke up and found that I could not get into my GLBSE account. I was almost physically ill because I knew the password I was using was correct. I had no idea what was wrong. I first checked the stock prices to see if there was a massive sell off on things I held. There was not. This made me feel better. However there is a massive amount of bitcoin in that account and I had no idea if it was still there or not. I messaged and e-mail Nefario. He did not get back to me for 24 hours and finally told me that he is having problems with my account.

I do not want to deal with level of stress again so I’m making it very clear now that I will not be held responsible for what I consider to be Nefario’s negligence. Right now I still do not have access to my account and assume no one else does either.

This whole thing just blows me away. I’m truly in shock.


Does this mean you are unable to pay your dividends for your contract/bonds?

Introducing constraints to the economy only serves to limit what can be economical.
Nefario
Hero Member
*****
Offline Offline

Activity: 602


GLBSE Support support@glbse.com


View Profile WWW
April 02, 2012, 06:36:40 PM
 #31

It means he is unable to use his GLBSE account, it's locked.

This will all be sorted once Goat complies with my reasonable request.

PGP key id at pgp.mit.edu 0xA68F4B7C

To get help and support for GLBSE please email support@glbse.com
stochastic
Hero Member
*****
Offline Offline

Activity: 532


View Profile
April 02, 2012, 06:43:52 PM
 #32

It means he is unable to use his GLBSE account, it's locked.

This will all be sorted once Goat complies with my reasonable request.

Hopefully he does as you are doing the right thing by requiring verification.  It is impossible to know if the person requesting login information is really the person that owns the account without some type of verification.  Sometimes I wonder if the people on these forums are really the same people posting the day before.

I hope people realize the importance of having strong passwords.  Ten to twenty years ago people could remember multiple phone numbers and I don't see any reason why someone can't remember multiple strong passwords.

Introducing constraints to the economy only serves to limit what can be economical.
memvola
Hero Member
*****
Offline Offline

Activity: 896


View Profile
April 02, 2012, 06:44:28 PM
 #33

I could also add GPGAuth as an authentication method
http://gpgauth.org

However there is currently only a plugin for Google Chrome and no ruby server side implementation(which means I'd have to create it.

So it's an option, and one I'd happily support in the current system, just not an immediate one.

I guess this would mimic the behavior of GLBSE 1.0. I liked it but it might be overkill. Also, I feel that GPG-encrypted e-mails would serve more than one purpose by addressing the danger of e-mail interception, which is IMO a valid concern. However it seems the idea doesn't excite many people. Wink
Nefario
Hero Member
*****
Offline Offline

Activity: 602


GLBSE Support support@glbse.com


View Profile WWW
April 02, 2012, 07:10:59 PM
 #34

I could also add GPGAuth as an authentication method
http://gpgauth.org

However there is currently only a plugin for Google Chrome and no ruby server side implementation(which means I'd have to create it.

So it's an option, and one I'd happily support in the current system, just not an immediate one.

I guess this would mimic the behavior of GLBSE 1.0. I liked it but it might be overkill. Also, I feel that GPG-encrypted e-mails would serve more than one purpose by addressing the danger of e-mail interception, which is IMO a valid concern. However it seems the idea doesn't excite many people. Wink


Well I think that GPG signed emails by default (and encrypted where public keys have been provided) would make it harder to do fishing attacks.

I'm going to have two-factor authentication up and running for email, password changes and withdrawals/transfers (all user optional) before I go to bed.

PGP key id at pgp.mit.edu 0xA68F4B7C

To get help and support for GLBSE please email support@glbse.com
guruvan
Hero Member
*****
Offline Offline

Activity: 518

ShastaFarEye Prospectors mazaclub & mazacha.in


View Profile WWW
April 02, 2012, 08:05:53 PM
 #35

I'm going to have two-factor authentication up and running for email, password changes and withdrawals/transfers (all user optional) before I go to bed.

 That's awesome. Thanks!

Mine at the Maza Club! with ShastaFarEye Prospectors! Mazacoin PPS & P2pool mining, and more services coming soon!
Maza Means Money! Check yours at the mazacha.in!

Please contact me  on my  OTC registered GPG (A54E87F2) Key's email address or guruvan@shastafareye.net  and encrypt all correspondence.
Nefario
Hero Member
*****
Offline Offline

Activity: 602


GLBSE Support support@glbse.com


View Profile WWW
April 02, 2012, 08:23:34 PM
 #36

How often does Goat normally post? And what timezone is he in? I've already send him an email but not heard anything from him since he post this thread.

PGP key id at pgp.mit.edu 0xA68F4B7C

To get help and support for GLBSE please email support@glbse.com
likuidxd
Sr. Member
****
Offline Offline

Activity: 448



View Profile
April 02, 2012, 08:26:27 PM
 #37

He's in Thailand

Nefario
Hero Member
*****
Offline Offline

Activity: 602


GLBSE Support support@glbse.com


View Profile WWW
April 02, 2012, 08:29:03 PM
 #38

He's in Thailand

Sleeping time then, we should expect something of a reply after about 6 hours or so.

PGP key id at pgp.mit.edu 0xA68F4B7C

To get help and support for GLBSE please email support@glbse.com
guruvan
Hero Member
*****
Offline Offline

Activity: 518

ShastaFarEye Prospectors mazaclub & mazacha.in


View Profile WWW
April 02, 2012, 08:36:51 PM
 #39

Hmm. I had missed a few posts. I don't like this one bit.

(Nefario, keep up the good work, please)

Mine at the Maza Club! with ShastaFarEye Prospectors! Mazacoin PPS & P2pool mining, and more services coming soon!
Maza Means Money! Check yours at the mazacha.in!

Please contact me  on my  OTC registered GPG (A54E87F2) Key's email address or guruvan@shastafareye.net  and encrypt all correspondence.
molecular
Donator
Legendary
*
Offline Offline

Activity: 2128



View Profile
April 02, 2012, 11:05:15 PM
 #40

The drama because I've locked his account and asked for ID verification.

May I ask why you locked his account?

PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
Pages: « 1 [2] 3 4 5 6 7 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!