Bitcoin Forum
December 10, 2016, 03:12:29 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 [25] 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 ... 80 »
  Print  
Author Topic: [Emergency ANN] Bitcoinica site is taken offline for security investigation  (Read 201885 times)
naima53
Hero Member
*****
Offline Offline

Activity: 616



View Profile
May 12, 2012, 06:16:35 PM
 #481

Bitkoinika
Bitcoinica - Soviet Union edition
how to teach a stupid Google to translate the words? bothered to change the letter ..

Donate me) 16f6iWHHkVEnDReeBQPT9GwCNwUfPTXrp2
1481382749
Hero Member
*
Offline Offline

Posts: 1481382749

View Profile Personal Message (Offline)

Ignore
1481382749
Reply with quote  #2

1481382749
Report to moderator
1481382749
Hero Member
*
Offline Offline

Posts: 1481382749

View Profile Personal Message (Offline)

Ignore
1481382749
Reply with quote  #2

1481382749
Report to moderator
1481382749
Hero Member
*
Offline Offline

Posts: 1481382749

View Profile Personal Message (Offline)

Ignore
1481382749
Reply with quote  #2

1481382749
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481382749
Hero Member
*
Offline Offline

Posts: 1481382749

View Profile Personal Message (Offline)

Ignore
1481382749
Reply with quote  #2

1481382749
Report to moderator
BTC_Bear
B4 Foundation
VIP
Sr. Member
*
Offline Offline

Activity: 364


Best Offense is a Good Defense


View Profile WWW
May 12, 2012, 06:24:07 PM
 #482

It was in this thread but appears to have been removed.

Well that doesn't bode well.

Well the Admins should still see it and those in the community that keep the forum downloaded.

Corporations have been enthroned, An era of corruption in high places will follow and the money power will endeavor to prolong its reign by working on the prejudices of the people until wealth is aggregated in a few hands and the Republic is destroyed. ~Abe Lincoln 1ApJdWUdSWYw8n8HEATYhHXA9EYoRTy7c4
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1302


Bitcoin: An Idea Worth Spending


View Profile
May 12, 2012, 06:27:14 PM
 #483

The best part about this is that its a so called "registered FSP"...just shows what that amounts to.


If Bitcoinica was sold, the new owners would have to be a registered FSP also. I just can't go and buy a real estate brokerage business--I must be licensed, among other things.
pcexpress4less
Member
**
Offline Offline

Activity: 83


View Profile
May 12, 2012, 06:28:08 PM
 #484


It was in this thread but appears to have been removed.
[/quote]

I read it here also.
osmosis
Sr. Member
****
Offline Offline

Activity: 301



View Profile
May 12, 2012, 06:28:27 PM
 #485

He's just fucking with you. The 8 digit remainder is binary. Convert the first 7 to ascii and you get "expect <space>".

Edit: the whole 21 characters spell "expect mass leak soon".

Edit 2: and given the first three characters of the address are EML, it might have been a vanity account.

Looks like he is advertising the fatal flaw that allowed the compromise, the email server.

naima53
Hero Member
*****
Offline Offline

Activity: 616



View Profile
May 12, 2012, 06:29:26 PM
 #486

One important question I don't think has been addressed here yet:

What about verification documents that were emailed to Bitcoinica? Were those compromised?



He said they weren't. That they were stored encrypted at some other server. Now I'm not sure if that was on this thread or on the statement they had at blogspot which is no longer there and nobody knows if was real or fake.

EDIT: Just checked and it was not in this thread.

I remember reading that as well.  I thought it was in this thread.  Perhaps the post has been edited/deleted.

I remember something like that from the Linoide debacle, but not this thread.
It was in this thread but appears to have been removed.
I've seen. In this thread. Do not have been compromised. Verification of the data - not been compromised.

Donate me) 16f6iWHHkVEnDReeBQPT9GwCNwUfPTXrp2
Ichthyo
Hero Member
*****
Offline Offline

Activity: 602


View Profile
May 12, 2012, 06:42:00 PM
 #487

..just to repost that statement
bitcoinica.blogspot.com



It is with much regret that we write to inform our users of a recent security breach at Bitcoinica. At approximately 1:00pm GMT, our live production servers were compromised by an attacker and they used this access to deplete our online wallet of 18547 BTC.

We will learn more as we investigate, but would like to address early concerns.
We have suspended operations while we focus on our investigation.
The overwhelming majority of our bitcoin deposits were not stolen.
The thief stole from us not you. All withdrawal requests will be honored.
The database was most likely compromised.

The last point has important implications for the following:

PASSWORDS
Bitcoinica uses the most stringent best practices for password security.* Therefore, it is extremely unlikely that even full database access would give the attacker knowledge of your Bitcoinica password. It is always best not to reuse passwords among different online services and we recommend changing passwords if you have done this.

IDENTIFYING DOCUMENTS
All identifying documents for verified customers are stored on separate servers at a separate data center and separately encrypted. Even full access to website database would not give the attacker access to this data.

USER INFORMATION
Other user information that you've provided upon account creation is stored in the database. If the attacker has full access to the database, they would have access to this information. This would include your username, email and account history, but not information about your banking details outside of Bitcoinca. Users should be especially suspicious of any emails received to your Bitcoinica email address. It is always a best practice to never click an email link to login to any online service.

We're providing this notice primarily for the protection of our users.

We will have more to say soon about the circumstances surrounding this attack and what we will do to handle it.

- The Bitcoinica Team




* For the technically inclined, we salt and encrypt passwords with bcrypt.
Posted 36 minutes ago by Bitcoinica

Ichthyo
Hero Member
*****
Offline Offline

Activity: 602


View Profile
May 12, 2012, 06:45:43 PM
 #488

to clarify: in my previous post, I just pasted in a statement, which appeared on bitcoinica.blogspot.com yesterday afternoon. It was the first sort-of official statement. We didnt get any verification if it was really official. The user "myself" re-posted it on this thread, I saved a copy locally, which I reposted here.

--Ichthyo
bulanula
Hero Member
*****
Offline Offline

Activity: 518



View Profile
May 12, 2012, 06:50:25 PM
 #489

How convenient ... after Intersango gets bitcoinica some "hacker" steals all the coins.

Zhoutong was the only one awake during the "hack" ... why am I not surprised Huh
girlsgonebitcoin
Member
**
Offline Offline

Activity: 99



View Profile WWW
May 12, 2012, 06:53:13 PM
 #490

How convenient ... after Intersango gets bitcoinica some "hacker" steals all the coins.

Zhoutong was the only one awake during the "hack" ... why am I not surprised Huh

I'm going to go out there and say Zho   zho tounged his own service!!!
Stephen Gornick
Legendary
*
Offline Offline

Activity: 2002



View Profile
May 12, 2012, 06:55:58 PM
 #491

Quick Update

- It's more serious than we thought.
[...]
- Reminder again: Please do not reuse your Bitcoinica passwords as the database server was compromised. Do not click any links in the email.

What email?  Has the attacker sent out an e-mail?

..just to repost that statement
bitcoinica.blogspot.com

[...]
The database was most likely compromised.
[...]
Other user information that you've provided upon account creation is stored in the database. If the attacker has full access to the database, they would have access to this information. This would include your username, email and account history

Account history shows balances, deposits, withdrawals and transactions all tied to my username.

If that is what will be leaked in the "mass leak"', there will be some interesting discoveries.  Discoveries like, for instance, the amount of past trading profits.   Will there be some ammended returns filed for the 2011 tax year as a result?

Particularly of interest would be the link between username and bitcoin addresses used for all deposits and withdraws.

That would be quite useful when doing flow analysis:
 - http://toolongdidntread.com
 - http://anonymity-in-bitcoin.blogspot.com/2011/07/bitcoin-is-not-anonymous.html

Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1302


Bitcoin: An Idea Worth Spending


View Profile
May 12, 2012, 07:02:16 PM
 #492

to clarify: in my previous post, I just pasted in a statement, which appeared on bitcoinica.blogspot.com yesterday afternoon. It was the first sort-of official statement. We didnt get any verification if it was really official. The user "myself" re-posted it on this thread, I saved a copy locally, which I reposted here.

--Ichthyo

Maybe I'm just "fishing" here, but who is "we" in the following?

Quote
We didnt get any verification if it was really official.

~Bruno~
Ichthyo
Hero Member
*****
Offline Offline

Activity: 602


View Profile
May 12, 2012, 07:03:21 PM
 #493

to clarify: in my previous post, I just pasted in a statement, which appeared on bitcoinica.blogspot.com yesterday afternoon. It was the first sort-of official statement. We didnt get any verification if it was really official. The user "myself" re-posted it on this thread, I saved a copy locally, which I reposted here.

--Ichthyo

Maybe I'm just "fishing" here, but who is "we" in the following?

Quote
We didnt get any verification if it was really official.

~Bruno~


"we" == the readers in this form, especially in this thread  Grin
BTC_Bear
B4 Foundation
VIP
Sr. Member
*
Offline Offline

Activity: 364


Best Offense is a Good Defense


View Profile WWW
May 12, 2012, 07:05:04 PM
 #494

to clarify: in my previous post, I just pasted in a statement, which appeared on bitcoinica.blogspot.com yesterday afternoon. It was the first sort-of official statement. We didnt get any verification if it was really official. The user "myself" re-posted it on this thread, I saved a copy locally, which I reposted here.

--Ichthyo

Maybe I'm just "fishing" here, but who is "we" in the following?

Quote
We didnt get any verification if it was really official.

~Bruno~


You know, 'WE' as in 'US'.

Corporations have been enthroned, An era of corruption in high places will follow and the money power will endeavor to prolong its reign by working on the prejudices of the people until wealth is aggregated in a few hands and the Republic is destroyed. ~Abe Lincoln 1ApJdWUdSWYw8n8HEATYhHXA9EYoRTy7c4
Ichthyo
Hero Member
*****
Offline Offline

Activity: 602


View Profile
May 12, 2012, 07:05:50 PM
 #495


to clarify: in my previous post, I just pasted in a statement, which appeared on bitcoinica.blogspot.com yesterday afternoon. It was the first sort-of official statement. We didnt get any verification if it was really official. The user "myself" re-posted it on this thread, I saved a copy locally, which I reposted here.


Maybe I'm just "fishing" here, but who is "we" in the following?

"we" == the readers in this forum, especially following this thread Grin
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1302


Bitcoin: An Idea Worth Spending


View Profile
May 12, 2012, 07:11:18 PM
 #496

to clarify: in my previous post, I just pasted in a statement, which appeared on bitcoinica.blogspot.com yesterday afternoon. It was the first sort-of official statement. We didnt get any verification if it was really official. The user "myself" re-posted it on this thread, I saved a copy locally, which I reposted here.

--Ichthyo

Maybe I'm just "fishing" here, but who is "we" in the following?

Quote
We didnt get any verification if it was really official.

~Bruno~


"we" == the readers in this form, especially in this thread  Grin

Thanks, bud. Stupid me. Read it several times, but only now it makes sense.

Aside:

Whoever created this vanity address 1EMLwAwseowTkDtKnEHRKrwQvzi4HShxSX is the cracker. Notice that there is only one number in it--a 4. That took a while.
mcorlett
Donator
Sr. Member
*
Offline Offline

Activity: 308



View Profile
May 12, 2012, 07:13:13 PM
 #497

Whoever created this vanity address 1EMLwAwseowTkDtKnEHRKrwQvzi4HShxSX is the cracker. Notice that there is only one number in it--a 4. That took a while.
I doubt that's intended. The EML prefix probably is, though.

bbit
Legendary
*
Offline Offline

Activity: 1288

Bitcoin


View Profile
May 12, 2012, 07:14:53 PM
 #498

Another thing I was just thinking since Mt.Gox blacklists "tainted funds"  - they should go ahead and entertain the person to send their coins "to cash" out but never cash them out thus retrieving the coins again ?
bulanula
Hero Member
*****
Offline Offline

Activity: 518



View Profile
May 12, 2012, 07:17:33 PM
 #499

Another thing I was just thinking since Mt.Gox blacklists "tainted funds"  - they should go ahead and entertain the person to send their coins "to cash" out but never cash them out thus retrieving the coins again ?

What ... Huh
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1302


Bitcoin: An Idea Worth Spending


View Profile
May 12, 2012, 07:17:37 PM
 #500

Whoever created this vanity address 1EMLwAwseowTkDtKnEHRKrwQvzi4HShxSX is the cracker. Notice that there is only one number in it--a 4. That took a while.
I doubt that's intended. The EML prefix probably is, though.

Is this relevant?

http://www.bestsoftware4download.com/software/k-bitcoin-market-t-free-eml-into-pst-download-czwzfidi.html
Quote
Bitcoin market - EML into PST - Download Notice

Using EML into PST Free Download crack, warez, password, serial numbers, torrent, keygen, registration codes, key generators is illegal and your business could subject you to lawsuits and leave your operating systems without patches. We do not host any torrent files or links of EML into PST on rapidshare.com, depositfiles.com, megaupload.com etc. All EML into PST download links are direct EML into PST full download from publisher site or their selected mirrors.
Avoid: bitcoin market oem software, old version, warez, serial, torrent, EML into PST keygen, crack.
Consider: EML into PST full version, bitcoin market full download, premium download, licensed copy.
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 [25] 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 ... 80 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!