Bitcoin Forum
December 02, 2016, 06:16:15 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 ... 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 [79] 80 »
  Print  
Author Topic: [Emergency ANN] Bitcoinica site is taken offline for security investigation  (Read 201368 times)
cypherdoc
Legendary
*
Offline Offline

Activity: 1764



View Profile
May 27, 2012, 09:34:03 AM
 #1561

Theres an old saying that a backup doesnt exist untill its in 3 separate places Smiley

thats a good saying.
1480702575
Hero Member
*
Offline Offline

Posts: 1480702575

View Profile Personal Message (Offline)

Ignore
1480702575
Reply with quote  #2

1480702575
Report to moderator
1480702575
Hero Member
*
Offline Offline

Posts: 1480702575

View Profile Personal Message (Offline)

Ignore
1480702575
Reply with quote  #2

1480702575
Report to moderator
1480702575
Hero Member
*
Offline Offline

Posts: 1480702575

View Profile Personal Message (Offline)

Ignore
1480702575
Reply with quote  #2

1480702575
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480702575
Hero Member
*
Offline Offline

Posts: 1480702575

View Profile Personal Message (Offline)

Ignore
1480702575
Reply with quote  #2

1480702575
Report to moderator
David_Benz
Donator
Jr. Member
*
Offline Offline

Activity: 56

you got hacked bitch!


View Profile
May 27, 2012, 10:01:04 AM
 #1562

Theres an old saying that a backup doesnt exist untill its in 3 separate places Smiley

VERY good saying.

I am the Bitcoinica Hacker.
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
May 27, 2012, 11:41:36 AM
 #1563

Theres an old saying that a backup doesnt exist untill its in 3 separate places Smiley

thats a good saying.
Additionally, rjk's Third Law Of Backups states that if your backup procedures are rigorous and the backups are stored in at least 3 locations, you will never ever have to recover from them. If however they suddenly disappear due to a freak accident, that is the day you are guaranteed to need them the most.

Kind of like the Law Of Extra Parts also by rjk: if you need 5 screws to complete a project, and you bring only 5, you are guaranteed to lose one of them. If however you bring 6 screws to a project that needs only 5, you are guaranteed to always have 1 left over.

Grin

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
DiabloD3
Legendary
*
Offline Offline

Activity: 1162


DiabloMiner author


View Profile WWW
May 27, 2012, 12:07:15 PM
 #1564

Theres an old saying that a backup doesnt exist untill its in 3 separate places Smiley

thats a good saying.
Additionally, rjk's Third Law Of Backups states that if your backup procedures are rigorous and the backups are stored in at least 3 locations, you will never ever have to recover from them. If however they suddenly disappear due to a freak accident, that is the day you are guaranteed to need them the most.

Kind of like the Law Of Extra Parts also by rjk: if you need 5 screws to complete a project, and you bring only 5, you are guaranteed to lose one of them. If however you bring 6 screws to a project that needs only 5, you are guaranteed to always have 1 left over.

Grin

The generic version of that is just Diablo's Rule #1: Redundancy in planning is not paranoia.

paraipan
Legendary
*
Offline Offline

Activity: 924


Firstbits: 1pirata


View Profile WWW
May 27, 2012, 01:24:24 PM
 #1565

Yes, believe it or not, but your posts and PMs on this forum are actually safer than your current balance at Bitcoinica.

I lol'd.

Great, seems like some people would have done a better job by asking you guys how it's done.  Roll Eyes

BTCitcoin: An Idea Worth Saving - Q&A with bitcoins on rugatu.com - Check my rep
BTC_Bear
B4 Foundation
VIP
Sr. Member
*
Offline Offline

Activity: 364


Best Offense is a Good Defense


View Profile WWW
May 27, 2012, 04:50:52 PM
 #1566

Theres an old saying that a backup doesnt exist untill its in 3 separate places Smiley

Nice to see the Rule of 3 is still a universal constant.

Guy: How many guys have you slept with?
Girl: 2

Answer: 2*3=6



Girl: How many girls have you slept with?
Guy: 9

Answer: 9/3=3


How many back-ups should you have?

Answer: 3


Corporations have been enthroned, An era of corruption in high places will follow and the money power will endeavor to prolong its reign by working on the prejudices of the people until wealth is aggregated in a few hands and the Republic is destroyed. ~Abe Lincoln 1ApJdWUdSWYw8n8HEATYhHXA9EYoRTy7c4
cypherdoc
Legendary
*
Offline Offline

Activity: 1764



View Profile
May 27, 2012, 05:06:14 PM
 #1567

Theres an old saying that a backup doesnt exist untill its in 3 separate places Smiley

thats a good saying.
Additionally, rjk's Third Law Of Backups states that if your backup procedures are rigorous and the backups are stored in at least 3 locations, you will never ever have to recover from them. If however they suddenly disappear due to a freak accident, that is the day you are guaranteed to need them the most.

Kind of like the Law Of Extra Parts also by rjk: if you need 5 screws to complete a project, and you bring only 5, you are guaranteed to lose one of them. If however you bring 6 screws to a project that needs only 5, you are guaranteed to always have 1 left over.

Grin

Lol!  You're just taking credit for Murphy's Law! Wink
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1302


Bitcoin: An Idea Worth Spending


View Profile
May 27, 2012, 05:20:55 PM
 #1568

http://www.rackspace.com/knowledge_center/rackspace_cloud_backup_faq
Quote
Where are my backups stored?
Your backups are stored in your personal Cloud Files storage account.

While penning my dad's obituary a couple years ago, I kept a copy in documents on this laptop as well as putting a copy in a dedicated image file. I see my error now. I should have also created a public folder to store a third copy. Luckily nobody logged into my laptop and deleted said files, for I wouldn't have had that third backup available to me at the time.
edd
Donator
Legendary
*
Offline Offline

Activity: 1372



View Profile WWW
May 27, 2012, 05:22:31 PM
 #1569

Theres an old saying that a backup doesnt exist untill its in 3 separate places Smiley

thats a good saying.
Additionally, rjk's Third Law Of Backups states that if your backup procedures are rigorous and the backups are stored in at least 3 locations, you will never ever have to recover from them. If however they suddenly disappear due to a freak accident, that is the day you are guaranteed to need them the most.

Kind of like the Law Of Extra Parts also by rjk: if you need 5 screws to complete a project, and you bring only 5, you are guaranteed to lose one of them. If however you bring 6 screws to a project that needs only 5, you are guaranteed to always have 1 left over.

Grin

Lol!  You're just taking credit for Murphy's Law! Wink

In rjk's defense, Murphy's Law states that anything that can go wrong, will go wrong. This is similar but with a slight modification. In other words, "Any problem that you anticipate won't happen and every other one will."

Still around.
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1302


Bitcoin: An Idea Worth Spending


View Profile
May 27, 2012, 06:24:34 PM
 #1570

Theres an old saying that a backup doesnt exist untill its in 3 separate places Smiley

thats a good saying.
Additionally, rjk's Third Law Of Backups states that if your backup procedures are rigorous and the backups are stored in at least 3 locations, you will never ever have to recover from them. If however they suddenly disappear due to a freak accident, that is the day you are guaranteed to need them the most.

Kind of like the Law Of Extra Parts also by rjk: if you need 5 screws to complete a project, and you bring only 5, you are guaranteed to lose one of them. If however you bring 6 screws to a project that needs only 5, you are guaranteed to always have 1 left over.

Grin

Lol!  You're just taking credit for Murphy's Law! Wink

In rjk's defense, Murphy's Law states that anything that can go wrong, will go wrong. This is similar but with a slight modification. In other words, "Any problem that you anticipate won't happen and every other one will."

Surely we're not talking about Hanlon's Razor on this thread, are we?

Quote
Never attribute to malice that which is adequately explained by stupidity.

~BrunO~
DiabloD3
Legendary
*
Offline Offline

Activity: 1162


DiabloMiner author


View Profile WWW
May 27, 2012, 06:29:31 PM
 #1571

Theres an old saying that a backup doesnt exist untill its in 3 separate places Smiley

thats a good saying.
Additionally, rjk's Third Law Of Backups states that if your backup procedures are rigorous and the backups are stored in at least 3 locations, you will never ever have to recover from them. If however they suddenly disappear due to a freak accident, that is the day you are guaranteed to need them the most.

Kind of like the Law Of Extra Parts also by rjk: if you need 5 screws to complete a project, and you bring only 5, you are guaranteed to lose one of them. If however you bring 6 screws to a project that needs only 5, you are guaranteed to always have 1 left over.

Grin

Lol!  You're just taking credit for Murphy's Law! Wink

In rjk's defense, Murphy's Law states that anything that can go wrong, will go wrong. This is similar but with a slight modification. In other words, "Any problem that you anticipate won't happen and every other one will."

Surely we're not talking about Hanlon's Razor on this thread, are we?

Quote
Never attribute to malice that which is adequately explained by stupidity.

~BrunO~


No. Its a special corollary of Murphy's Law that I don't think has a name but most people are aware of: Murphy's Law is efficient, if you're sufficiently guarded against it in one way, it'll just strike you some other way.

ssaCEO
Hero Member
*****
Offline Offline

Activity: 568



View Profile WWW
May 27, 2012, 07:50:48 PM
 #1572


I guess this would be a perfect time to ask the operators of every single Bitcoin exchange if they have a backup of their database. Each and every one of them should go on record stating that they do. I suggest that this should be done within the next 48 hours. Any exchange that does not go on record in stating that they do within this time frame, users of those exchanges should immediately remove their funds from those exchanges.

~Bruno~


We're not an exchange, but given that we deal with people's Bitcoins we do have an obligation to state this: We have always maintained 1) hourly database backups to a second data center, 2) daily offline backups, 3) a hot wallet stored in a third datacenter, on a dedicated server, and 4) offline wallet storage of all funds other than petty cash. Furthermore, everything we run other than our blog is on offshore dedicated servers at datacenters with casino-grade physical security measures, NOT on VPS. A hacker who accessed one of our dedis would find our hot wallet basically empty and our user passwords hashed. At most we'd lose a hundred bucks or so.

We don't have anything near the volume of Bitcoinica. We've got about 1000 users. When we launched, and started paying for the servers involved in this elaborate setup, we had no users. There's no doubt the added security has come at a cost that dug into our bottom line. But what's the alternative? Hosting on a VPS somewhere and waiting for disaster? You don't screw around with cutting costs on security; a wise guy once told me it's better to be "insurance poor" than temporarily rich and waiting for the other shoe to drop. One of the dumbest things I've done in recent memory was send some of our first positive revenues into a Bitcoinica account. I would never have imagined the security there would be more lax than ours, but it's my fault for not doing more research. I accept that.

There is no formulaic way yet of definitively securing a site that deals in BTC, but having lots of backups and dedicated servers seems like kind of a no-brainer place to start. It's a shame all the "security experts" floating around the Bitcoinica scene couldn't afford an extra $200 a month for a dedicated / offline backup solution. We don't make the kind of money they do, and we trusted them with our profit; if I'd known they were so poverty-stricken I would have paid for it myself goddamn it.

R-
Full Member
***
Offline Offline

Activity: 238

Pasta


View Profile WWW
May 27, 2012, 08:07:54 PM
 #1573

If I'd known they were so poverty-stricken I would have paid for it myself goddamn it.

Now all you have to do is offer margin trading.
ssaCEO
Hero Member
*****
Offline Offline

Activity: 568



View Profile WWW
May 27, 2012, 08:09:16 PM
 #1574

If I'd known they were so poverty-stricken I would have paid for it myself goddamn it.

Now all you have to do is offer margin trading.

what, blackjack ain't good enough for ya?

repentance
Hero Member
*****
Offline Offline

Activity: 840


View Profile
May 27, 2012, 09:59:55 PM
 #1575


There is no formulaic way yet of definitively securing a site that deals in BTC, but having lots of backups and dedicated servers seems like kind of a no-brainer place to start. It's a shame all the "security experts" floating around the Bitcoinica scene couldn't afford an extra $200 a month for a dedicated / offline backup solution. We don't make the kind of money they do, and we trusted them with our profit; if I'd known they were so poverty-stricken I would have paid for it myself goddamn it.

They openly stated upthread that their priority was fixing the code rather than addressing other possible/known vulnerabilities and that they still believe that was the correct choice, so I don't think that money was the concern - it seems more like a case of tunnel vision.  I'm not sure why fixing the code and preventing further attacks/securing data against catastrophic loss were regarded as mutually exclusive options.

And yeah, the "rule of three" has been around for a long time.  Back in the days of DOS and 5 1/4 floppy disks we used to work on a three days worth of back ups (we had physical back ups for each of the last three days) and three locations rule (in practice, this meant that one set of backups stayed at the office and the boss and I each took home a set of back up disks).

All I can say is that this is Bitcoin. I don't believe it until I see six confirmations.
ssaCEO
Hero Member
*****
Offline Offline

Activity: 568



View Profile WWW
May 27, 2012, 10:45:31 PM
 #1576

And yeah, the "rule of three" has been around for a long time.  Back in the days of DOS and 5 1/4 floppy disks we used to work on a three days worth of back ups (we had physical back ups for each of the last three days) and three locations rule (in practice, this meant that one set of backups stayed at the office and the boss and I each took home a set of back up disks).

Been around long enough to have discovered that for myself (and to remember backing up to disks that were actually floppy). Hell, when I ran a 2400bps hermes board outta my mom's house I was backing up my user lists and warez to disks as fast as I could. I've still got boxes of disks full of gif porn and the names and phone numbers of freaks in Los Angeles somewhere in a storage unit, if those disks haven't degraded yet. "The cloud" is a fucking euphemism for shared hosting without the customer service and accountability that used to come with shared hosting. Why retailers would make a big deal out of a server wholesaler's new buzzword for shit service is totally beyond me. Guess it sounds fancy to their customers.

Most tripods can stand on two legs if you prop them up a little. Anyway, if everything was wiped out, one server hacked and the other two had drive malfunctions or whatever, it's not like you can blame people. But a few extra precautions might be in order when dealing with half a million dollars, even if they do cost a few hundred bucks a month. After all, what's that money worth if your reputation is shit?

Vladimir
Hero Member
*****
Offline Offline

Activity: 812


-


View Profile
May 27, 2012, 11:50:48 PM
 #1577

Why retailers would make a big deal out of a server wholesaler's new buzzword for shit service is totally beyond me. Guess it sounds fancy to their customers.

Indeed, this is beyond comprehension. Apparently these cloud things have hypnotizing effect on Zhou's generation of Internet Pros "powered by google search".

People stop eating all the marketing BS you are being fed.


-
btcgoldsilver
Member
**
Offline Offline

Activity: 63


Bitcoins Gold Silver


View Profile
May 28, 2012, 12:06:39 AM
 #1578



Just been trying to catch up with the claims process by reading this thread.   Angry  Angry  Angry


The shit fight between bitcoinicca consulting and zhoutong is NOT very inspiring. Frankly I don't give a shit about that stuff. Haven't read many of the latest pages of comments.



Has there been any real information about when we can expect our claims to be actioned Huh??

Has anyone had money refunded yet Huh?




16ZodW6mxFkmxrCy5MSii7PLJ6VdfNknue
proudhon
Legendary
*
Offline Offline

Activity: 1148



View Profile
May 28, 2012, 12:15:25 AM
 #1579



Just been trying to catch up with the claims process by reading this thread.   Angry  Angry  Angry


The shit fight between bitcoinicca consulting and zhoutong is NOT very inspiring. Frankly I don't give a shit about that stuff. Haven't read many of the latest pages of comments.



Has there been any real information about when we can expect our claims to be actioned Huh??

Has anyone had money refunded yet Huh?





No money has been returned yet, and there haven't been any statements about when money will be returned.
btcgoldsilver
Member
**
Offline Offline

Activity: 63


Bitcoins Gold Silver


View Profile
May 28, 2012, 01:05:21 AM
 #1580

Thanks Proudhon, saves me some time.

no money returned yet :-( ah well, thats what I thought.


16ZodW6mxFkmxrCy5MSii7PLJ6VdfNknue
Pages: « 1 ... 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 [79] 80 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!