Bitcoin Forum
December 06, 2016, 12:14:35 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 ... 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 [78] 79 80 »
  Print  
Author Topic: [Emergency ANN] Bitcoinica site is taken offline for security investigation  (Read 201629 times)
Herodes
Hero Member
*****
Offline Offline

Activity: 868


View Profile
May 26, 2012, 09:11:53 PM
 #1541

No database backups. Sorry for avoiding the question.

Oh dear, bitomat.pl all over again.

I sincerely hope that the community will learn from this.

And good luck in sorting out this mess.
1481026475
Hero Member
*
Offline Offline

Posts: 1481026475

View Profile Personal Message (Offline)

Ignore
1481026475
Reply with quote  #2

1481026475
Report to moderator
1481026475
Hero Member
*
Offline Offline

Posts: 1481026475

View Profile Personal Message (Offline)

Ignore
1481026475
Reply with quote  #2

1481026475
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481026475
Hero Member
*
Offline Offline

Posts: 1481026475

View Profile Personal Message (Offline)

Ignore
1481026475
Reply with quote  #2

1481026475
Report to moderator
1481026475
Hero Member
*
Offline Offline

Posts: 1481026475

View Profile Personal Message (Offline)

Ignore
1481026475
Reply with quote  #2

1481026475
Report to moderator
1481026475
Hero Member
*
Offline Offline

Posts: 1481026475

View Profile Personal Message (Offline)

Ignore
1481026475
Reply with quote  #2

1481026475
Report to moderator
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1302


Bitcoin: An Idea Worth Spending


View Profile
May 27, 2012, 02:19:46 AM
 #1542

Is this relative/relevant?

http://boingboing.net/2011/06/08/ocean-bank-lost-3000.html
Quote
Ocean Bank, which allowed hackers to withdraw more than $300,000 from a customer's account, won't have to cover the loss. A Maine judge said its account security was "not optimal," but ultimately ruled for it because hackers obtained account credentials using malicious software installed on the customer's computers. Ocean asserted that its due diligence was covered by verifying a password.
repentance
Hero Member
*****
Offline Offline

Activity: 840


View Profile
May 27, 2012, 02:52:00 AM
 #1543

Is this relative/relevant?

http://boingboing.net/2011/06/08/ocean-bank-lost-3000.html
Quote
Ocean Bank, which allowed hackers to withdraw more than $300,000 from a customer's account, won't have to cover the loss. A Maine judge said its account security was "not optimal," but ultimately ruled for it because hackers obtained account credentials using malicious software installed on the customer's computers. Ocean asserted that its due diligence was covered by verifying a password.

Likely completely irrelevant as it's an application of US state law.  It "might" have some relevance if Bitcoinica tried to sue Rackspace but international lawsuits are a costly pain in the ass.

All I can say is that this is Bitcoin. I don't believe it until I see six confirmations.
paraipan
Legendary
*
Offline Offline

Activity: 924


Firstbits: 1pirata


View Profile WWW
May 27, 2012, 03:06:01 AM
 #1544

Is this relative/relevant?

http://boingboing.net/2011/06/08/ocean-bank-lost-3000.html
Quote
Ocean Bank, which allowed hackers to withdraw more than $300,000 from a customer's account, won't have to cover the loss. A Maine judge said its account security was "not optimal," but ultimately ruled for it because hackers obtained account credentials using malicious software installed on the customer's computers. Ocean asserted that its due diligence was covered by verifying a password.

Likely completely irrelevant as it's an application of US state law.  It "might" have some relevance if Bitcoinica tried to sue Rackspace but international lawsuits are a costly pain in the ass.

They would more likely better use some arbitration platform like judge.me in such a case.

BTCitcoin: An Idea Worth Saving - Q&A with bitcoins on rugatu.com - Check my rep
proudhon
Legendary
*
Offline Offline

Activity: 1148



View Profile
May 27, 2012, 03:59:01 AM
 #1545

Haven't been following this.  Is it clear yet, you know, that anyone will get any coins back or not?
proudhon
Legendary
*
Offline Offline

Activity: 1148



View Profile
May 27, 2012, 04:45:50 AM
 #1546

No backups.  I guess this explains why the whole process of officially acknowledging the hack (via the bitcoinica web site) and the claims process has been so slow.

Missed this earlier.  So it's settled then?  Nobody is getting anything back.  Next.
S3052
Legendary
*
Offline Offline

Activity: 1946


BTC Up or Down? go to www.bullbearanalytics.com


View Profile WWW
May 27, 2012, 05:16:25 AM
 #1547

the remaining funds excl. 18k btc should be there .
I guess its not a matter of IF but HOW they refund as without the database the process is tedious

>15years analysis experience

Always do your own due diligence & consult your financial advisor. Never invest unless you can afford to lose your entire investment.

http://twitter.com/BitcoinAnalyst

Subscribe here
repentance
Hero Member
*****
Offline Offline

Activity: 840


View Profile
May 27, 2012, 05:19:58 AM
 #1548

Haven't been following this.  Is it clear yet, you know, that anyone will get any coins back or not?

Roughly 20% of the Bitcoins they held were lost but USD are apparently fine.  One of the VCs with a silent interest in Bitcionica has said that the losses will be covered and I'd be inclined to believe him as they just received half a million dollars in seed funding for their Bitcoin projects and need to be seen to be reputable in order to grow their CoinLab business.

They do have accounting records, even though they don't have an image of the database as it stood at the time it was deleted.  While that's not a perfect record, it's nowhere near as catastrophic as having no records would be - it might just take a bit longer to piece the information needed to return funds and Bitcoins to users together.

All I can say is that this is Bitcoin. I don't believe it until I see six confirmations.
fivebells
Sr. Member
****
Offline Offline

Activity: 462


View Profile
May 27, 2012, 05:21:58 AM
 #1549

...without the database the process [of determining remuneration] is tedious

Ha ha, that's one way to describe it. 
proudhon
Legendary
*
Offline Offline

Activity: 1148



View Profile
May 27, 2012, 05:27:08 AM
 #1550

Haven't been following this.  Is it clear yet, you know, that anyone will get any coins back or not?

Roughly 20% of the Bitcoins they held were lost but USD are apparently fine.  One of the VCs with a silent interest in Bitcionica has said that the losses will be covered and I'd be inclined to believe him as they just received half a million dollars in seed funding for their Bitcoin projects and need to be seen to be reputable in order to grow their CoinLab business.

They do have accounting records, even though they don't have an image of the database as it stood at the time it was deleted.  While that's not a perfect record, it's nowhere near as catastrophic as having no records would be - it might just take a bit longer to piece the information needed to return funds and Bitcoins to users together.

Hmmm, ok.  I guess I'm just going to let this cook for a while and move on.  Maybe in a few weeks I'll get a surprise email that their ready to return my coins.  In the meantime, I still want to try this new BitInstant thing and buy a few more coins.  I've only got a few hundred coins in any exchange now.  Everything else has been moved to paper and brain wallets.  I'm keeping one hot wallet with small amounts for day to day stuff, but otherwise everything else is is staying locked up tight.
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1302


Bitcoin: An Idea Worth Spending


View Profile
May 27, 2012, 05:35:19 AM
 #1551

Haven't been following this.  Is it clear yet, you know, that anyone will get any coins back or not?

Roughly 20% of the Bitcoins they held were lost but USD are apparently fine.  One of the VCs with a silent interest in Bitcionica has said that the losses will be covered and I'd be inclined to believe him as they just received half a million dollars in seed funding for their Bitcoin projects and need to be seen to be reputable in order to grow their CoinLab business.

They do have accounting records, even though they don't have an image of the database as it stood at the time it was deleted.  While that's not a perfect record, it's nowhere near as catastrophic as having no records would be - it might just take a bit longer to piece the information needed to return funds and Bitcoins to users together.

Hmmm, ok.  I guess I'm just going to let this cook for a while and move on.  Maybe in a few weeks I'll get a surprise email that their ready to return my coins.  In the meantime, I still want to try this new BitInstant thing and buy a few more coins.  I've only got a few hundred coins in any exchange now.  Everything else has been moved to paper and brain wallets.  I'm keeping one hot wallet with small amounts for day to day stuff, but otherwise everything else is is staying locked up tight.

I guess this would be a perfect time to ask the operators of every single Bitcoin exchange if they have a backup of their database. Each and every one of them should go on record stating that they do. I suggest that this should be done within the next 48 hours. Any exchange that does not go on record in stating that they do within this time frame, users of those exchanges should immediately remove their funds from those exchanges.

~Bruno~
repentance
Hero Member
*****
Offline Offline

Activity: 840


View Profile
May 27, 2012, 05:40:40 AM
 #1552



I guess this would be a perfect time to ask the operators of every single Bitcoin exchange if they have a backup of their database. Each and every one of them should go on record stating that they do. I suggest that this should be done within the next 48 hours. Any exchange that does not go on record in stating that they do within this time frame, users of those exchanges should immediately remove their funds from those exchanges.

~Bruno~


Remember that in this case the hacker was able to delete the backup, so I don't think that exchanges saying that they have a backup means much.  How often they make back ups and how they back up are pretty critical to their ability to recover from a critical incident and who has access to the back ups determines whether they are also vulnerable.

All I can say is that this is Bitcoin. I don't believe it until I see six confirmations.
Serge
Legendary
*
Offline Offline

Activity: 1050


View Profile
May 27, 2012, 05:43:43 AM
 #1553


I guess this would be a perfect time to ask the operators of every single Bitcoin exchange if they have a backup of their database. Each and every one of them should go on record stating that they do. I suggest that this should be done within the next 48 hours. Any exchange that does not go on record in stating that they do within this time frame, users of those exchanges should immediately remove their funds from those exchanges.

~Bruno~


they need daily off-site backups at the very least, not just a (single) backup. these daily backups should be kept very safe as well
Bitcoin Oz
Hero Member
*****
Offline Offline

Activity: 700


Wat


View Profile WWW
May 27, 2012, 05:48:39 AM
 #1554

There should be a prediction market where you can bet which site will get hacked next Smiley

Just like assassination markets except for websites....

Vladimir
Hero Member
*****
Offline Offline

Activity: 812


-


View Profile
May 27, 2012, 06:59:57 AM
 #1555

There should be a prediction market where you can bet which site will get hacked next Smiley

Just like assassination markets except for websites....

That would be cool, but only if owners of websites could take the other side of the bets. This would kind of allow some to finance information security efforts.  LOL.

-
Maged
Legendary
*
Offline Offline

Activity: 1260


View Profile
May 27, 2012, 07:01:55 AM
 #1556

Is this relative/relevant?

http://boingboing.net/2011/06/08/ocean-bank-lost-3000.html
Quote
Ocean Bank, which allowed hackers to withdraw more than $300,000 from a customer's account, won't have to cover the loss. A Maine judge said its account security was "not optimal," but ultimately ruled for it because hackers obtained account credentials using malicious software installed on the customer's computers. Ocean asserted that its due diligence was covered by verifying a password.
Not at all. This is not a case where just a customer's account was hacked.
I guess this would be a perfect time to ask the operators of every single Bitcoin exchange if they have a backup of their database. Each and every one of them should go on record stating that they do. I suggest that this should be done within the next 48 hours. Any exchange that does not go on record in stating that they do within this time frame, users of those exchanges should immediately remove their funds from those exchanges.

~Bruno~
We're not an exchange, but I'll go on record as saying that Bitcointalk.org has daily backups mirrored to at least 2 different locations other than the datacenter that we're hosted at. This is in addition to industry standard backup and recovery solutions deployed onsite.

Yes, believe it or not, but your posts and PMs on this forum are actually better preserved than your current balance at Bitcoinica.

DiabloD3
Legendary
*
Offline Offline

Activity: 1162


DiabloMiner author


View Profile WWW
May 27, 2012, 07:03:26 AM
 #1557

Yes, believe it or not, but your posts and PMs on this forum are actually safer than your current balance at Bitcoinica.

I lol'd.

Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1302


Bitcoin: An Idea Worth Spending


View Profile
May 27, 2012, 07:35:25 AM
 #1558

Is this relative/relevant?

http://boingboing.net/2011/06/08/ocean-bank-lost-3000.html
Quote
Ocean Bank, which allowed hackers to withdraw more than $300,000 from a customer's account, won't have to cover the loss. A Maine judge said its account security was "not optimal," but ultimately ruled for it because hackers obtained account credentials using malicious software installed on the customer's computers. Ocean asserted that its due diligence was covered by verifying a password.
Not at all. This is not a case where just a customer's account was hacked.
I guess this would be a perfect time to ask the operators of every single Bitcoin exchange if they have a backup of their database. Each and every one of them should go on record stating that they do. I suggest that this should be done within the next 48 hours. Any exchange that does not go on record in stating that they do within this time frame, users of those exchanges should immediately remove their funds from those exchanges.

~Bruno~
We're not an exchange, but I'll go on record as saying that Bitcointalk.org has daily backups mirrored to at least 2 different locations other than the datacenter that we're hosted at. This is in addition to industry standard backup and recovery solutions deployed onsite.

Yes, believe it or not, but your posts and PMs on this forum are actually better preserved than your current balance at Bitcoinica.

Dude, that means I'm/we're counting to 63,000,000 with images in that Newbie thread. That'll take forever!  Grin


I guess this would be a perfect time to ask the operators of every single Bitcoin exchange if they have a backup of their database. Each and every one of them should go on record stating that they do. I suggest that this should be done within the next 48 hours. Any exchange that does not go on record in stating that they do within this time frame, users of those exchanges should immediately remove their funds from those exchanges.

~Bruno~


they need daily off-site backups at the very least, not just a (single) backup. these daily backups should be kept very safe as well

I guess that's what I meant--proper backups. While we're at it, I think all backups should be open-source so that we can all see that they're backup. We're going to see them anyway, but at least then a hacker wouldn't have anything to do, unless they all pooled their resources and hacked via adding funds to databases, coupled with becoming Grammar Nazis.
Bitcoin Oz
Hero Member
*****
Offline Offline

Activity: 700


Wat


View Profile WWW
May 27, 2012, 07:54:24 AM
 #1559

Theres an old saying that a backup doesnt exist untill its in 3 separate places Smiley

muyuu
Donator
Legendary
*
Offline Offline

Activity: 924



View Profile
May 27, 2012, 07:57:49 AM
 #1560

Is this relative/relevant?

http://boingboing.net/2011/06/08/ocean-bank-lost-3000.html
Quote
Ocean Bank, which allowed hackers to withdraw more than $300,000 from a customer's account, won't have to cover the loss. A Maine judge said its account security was "not optimal," but ultimately ruled for it because hackers obtained account credentials using malicious software installed on the customer's computers. Ocean asserted that its due diligence was covered by verifying a password.

Not at all.

User gets hacked, hackers withdraw using user's interface. No other user is affected other than the hacked user, who's responsible of his own account.

This is like someone got the passwords to your bank account online interface from you and pwned you. You are responsible of not revealing your passwords. Sure, allowing such massive withdrawals is probably over the top but it's most likely something the user decided or agreed to.

GPG ID: 7294199D - OTC ID: muyuu (470F97EB7294199D)
forum tea fund BTC 1Epv7KHbNjYzqYVhTCgXWYhGSkv7BuKGEU DOGE DF1eTJ2vsxjHpmmbKu9jpqsrg5uyQLWksM CAP F1MzvmmHwP2UhFq82NQT7qDU9NQ8oQbtkQ
Pages: « 1 ... 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 [78] 79 80 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!