Bitcoin Forum
December 11, 2016, 02:29:54 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 [37] 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 »
  Print  
Author Topic: [Emergency ANN] Bitcoinica site is taken offline for security investigation  (Read 201932 times)
bulanula
Hero Member
*****
Offline Offline

Activity: 518



View Profile
May 14, 2012, 09:55:42 PM
 #721


Damn it ! I almost got an epileptic seizure from that rjk.

Not trolling. I suffer from that and almost got shocked.

Please put a warning up for people like me affected.
1481423394
Hero Member
*
Offline Offline

Posts: 1481423394

View Profile Personal Message (Offline)

Ignore
1481423394
Reply with quote  #2

1481423394
Report to moderator
1481423394
Hero Member
*
Offline Offline

Posts: 1481423394

View Profile Personal Message (Offline)

Ignore
1481423394
Reply with quote  #2

1481423394
Report to moderator
1481423394
Hero Member
*
Offline Offline

Posts: 1481423394

View Profile Personal Message (Offline)

Ignore
1481423394
Reply with quote  #2

1481423394
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481423394
Hero Member
*
Offline Offline

Posts: 1481423394

View Profile Personal Message (Offline)

Ignore
1481423394
Reply with quote  #2

1481423394
Report to moderator
1481423394
Hero Member
*
Offline Offline

Posts: 1481423394

View Profile Personal Message (Offline)

Ignore
1481423394
Reply with quote  #2

1481423394
Report to moderator
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1302


Bitcoin: An Idea Worth Spending


View Profile
May 14, 2012, 10:05:39 PM
 #722


Damn it ! I almost got an epileptic seizure from that rjk.

Not trolling. I suffer from that and almost got shocked.

Please put a warning up for people like me affected.

I was thinkin' 'bout postin' the same thing, but opted not to. Although I'm not epileptic (think not), I too felt strange afterwards of only viewing the images a couple secs. Odd!

~Bruno~
bitstory
Jr. Member
*
Offline Offline

Activity: 35


View Profile
May 14, 2012, 10:16:07 PM
 #723

Damn it! We nearly got rid of bulanula permanently!
Crypt_Current
Hero Member
*****
Offline Offline

Activity: 686


Shame on everything; regret nothing.


View Profile
May 14, 2012, 10:17:25 PM
 #724


Damn it ! I almost got an epileptic seizure from that rjk.

Not trolling. I suffer from that and almost got shocked.

Please put a warning up for people like me affected.

Sounds like a scam  Grin

10% off at CampBX for LIFE:  https://campbx.com/main.php?r=C9a5izBQ5vq  ----  Authorized BitVoucher MEGA reseller (& BTC donations appreciated):  https://bitvoucher.co/affl/1HkvK8o8WWDpCTSQGnek7DH9gT1LWeV5s3/
LTC:  LRL6vb6XBRrEEifB73DiEiYZ9vbRy99H41  NMC:  NGb2spdTGpWj8THCPyCainaXenwDhAW1ZT
bulanula
Hero Member
*****
Offline Offline

Activity: 518



View Profile
May 14, 2012, 10:17:48 PM
 #725

Damn it! We nearly got rid of bulanula permanently!
Indeed. Too bad I did not die !

The world would have been a better place that way with evil people like me out of it ...
bulanula
Hero Member
*****
Offline Offline

Activity: 518



View Profile
May 14, 2012, 11:42:47 PM
 #726

Hi,

We did not post a response earlier because we helped with the Bitcoinica official statement and had nothing more at that time to add. We were brought on to secure Bitcoinica as the investors were concerned about potentially serious security issues. Patrick Strateman had identified a serious problem in Bitcoinica previous to getting involved. After the Linode hacking the owners of Bitcoinica decided they needed to address security issues. Almost all of these issues seemed to have been addressed and fixed as of last week but unfortunately there remained a huge security flaw. The flaw was not in the core Bitcoinica code base, but in access to the server.

Administrative privileges allowing access to the rackspace account, and thus the server, were being issued haphazardly. A person with no managerial role even had this access without even knowing it. With Intersango, our CTO (Patrick Strateman) is the only one with access to the server, the database, and all sensitive material. There is a very tedious process in which another member could retrieve access however it would require more than a plane trip (this is so we do not have a bus factor of 1).

The recent compromise of Bitcoinica was born out of an inadequate access policy which unfortunately was not dealt with in time. As day to day operations for a company like Bitcoinica cannot be passed over in a single night, despite the core bitcoinica code having been secured, administrative privileges on the server had not been redesigned.

Upon reopening, Bitcoinica will not have any of these issues. We will finally be able to say Bitcoinica's growing pains are over.


A few things to add:

I want to assure you that the current owners of Bitcoinica have by far exceeded their legal obligations in helping Bitcoinica recover from the previous hack and have pledged their continued support in seeing this incident fully resolved.

The restructuring of Bitcoinica is the very thing that has saved Bitcoinica. It will also guarantee that the security going forward is fully up to professional standards.



Sincerely,
Team Intersango

Who are these so-called "owners" ?

Zhoutong claims it is not him => you claim it is not you => then who is it Huh
Ichthyo
Hero Member
*****
Offline Offline

Activity: 602


View Profile
May 14, 2012, 11:52:18 PM
 #727

Who are these so-called "owners" ?

Zhoutong claims it is not him => you claim it is not you => then who is it Huh

Just a hint from a another lurker here in the forum Wink

Zhoutong pointed out that the owner requested not to be publickly known.

This started a rather lengthy discussion right here in this thread about business and ownership in generall, but like it or not, such things are very common in the current world of business. I might be wrong, but just from the answers available here in the forum, I would be surprised to get any further disclosure on that topic.

Personally I'm glad that Team Intersango spoke up and clarified their position and the technical details.

--Ichthyo

Littleshop
Legendary
*
Offline Offline

Activity: 1316



View Profile WWW
May 14, 2012, 11:53:12 PM
 #728

Finally there is a notice on bitcoinica.com for users not on This forum.

rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
May 14, 2012, 11:56:00 PM
 #729

All I know is, I prefer my systems to be owned by people that can fix them, not people that have to hire others to fix them. Not only that, but I forsee that there will be more of the same since Intersango et al are suddenly more valuable due to the acquisition of control of Bitcoinica.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
May 14, 2012, 11:57:57 PM
 #730

Um anyone else find the answer lacking?

There was never any exploit against the code base.  In linode hack the attacker used a "super-admin" account and the administrative console to reset an admin password, logged into the server and copied the private keys from the wallet.  End result was 40K BTC stolen.  So the "solution" to leaving server vulnerable to remote password reset was to do a tedious line by line analysis of the codebase (which has never exploited) and meanwhile install the code on a new server which had (almost) the same vulnerability as the prior server.

Really?  That was the impossible to determine flaw? The attacker did almost the same thing ALL OVER AGAIN in the recent attack. Compromise an off site email account, use the remote admin console, reset the admin password, login to the server and copy the private keys stealing 20K BTC.

Linode: Compromise a super-admin account, reset admin password, login to server, steal private keys from wallet, profit.
Rackspace: Compromise off-site email, reset admin password, login to server, steal private keys from wallet, profit.

Starting to see the pattern?

BTC_Bear
B4 Foundation
VIP
Sr. Member
*
Offline Offline

Activity: 364


Best Offense is a Good Defense


View Profile WWW
May 15, 2012, 12:19:03 AM
 #731

All I know is, I prefer my systems to be owned by people that can fix them, not people that have to hire others to fix them. Not only that, but I forsee that there will be more of the same since Intersango et al are suddenly more valuable due to the acquisition of control of Bitcoinica.

Not many businesses work that way.

Corporations have been enthroned, An era of corruption in high places will follow and the money power will endeavor to prolong its reign by working on the prejudices of the people until wealth is aggregated in a few hands and the Republic is destroyed. ~Abe Lincoln 1ApJdWUdSWYw8n8HEATYhHXA9EYoRTy7c4
phorensic
Hero Member
*****
Offline Offline

Activity: 630



View Profile
May 15, 2012, 12:26:03 AM
 #732

http://rt.com/usa/news/internet-stolen-bitcoin-currency-226/
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
May 15, 2012, 12:29:46 AM
 #733

All I know is, I prefer my systems to be owned by people that can fix them, not people that have to hire others to fix them. Not only that, but I forsee that there will be more of the same since Intersango et al are suddenly more valuable due to the acquisition of control of Bitcoinica.

Not many businesses work that way.
I guess that is a bit extreme and can't be expected always, but it is the way many Bitcoin related things work. Many current Bitcoin-related businesses have owners that still hack on their codebases. I guess what I meant to say was that I hope the new owner is at least smart enough to turn on a server and bash out a few linux commands.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
Littleshop
Legendary
*
Offline Offline

Activity: 1316



View Profile WWW
May 15, 2012, 12:36:15 AM
 #734


Uggggg.   So many mistakes and unclear statements in that article.


Crypt_Current
Hero Member
*****
Offline Offline

Activity: 686


Shame on everything; regret nothing.


View Profile
May 15, 2012, 12:54:07 AM
 #735

Hi,

We did not post a response earlier because we helped with the Bitcoinica official statement and had nothing more at that time to add. We were brought on to secure Bitcoinica as the investors were concerned about potentially serious security issues. Patrick Strateman had identified a serious problem in Bitcoinica previous to getting involved. After the Linode hacking the owners of Bitcoinica decided they needed to address security issues. Almost all of these issues seemed to have been addressed and fixed as of last week but unfortunately there remained a huge security flaw. The flaw was not in the core Bitcoinica code base, but in access to the server.

Administrative privileges allowing access to the rackspace account, and thus the server, were being issued haphazardly. A person with no managerial role even had this access without even knowing it. With Intersango, our CTO (Patrick Strateman) is the only one with access to the server, the database, and all sensitive material. There is a very tedious process in which another member could retrieve access however it would require more than a plane trip (this is so we do not have a bus factor of 1).

The recent compromise of Bitcoinica was born out of an inadequate access policy which unfortunately was not dealt with in time. As day to day operations for a company like Bitcoinica cannot be passed over in a single night, despite the core bitcoinica code having been secured, administrative privileges on the server had not been redesigned.

Upon reopening, Bitcoinica will not have any of these issues. We will finally be able to say Bitcoinica's growing pains are over.


A few things to add:

I want to assure you that the current owners of Bitcoinica have by far exceeded their legal obligations in helping Bitcoinica recover from the previous hack and have pledged their continued support in seeing this incident fully resolved.

The restructuring of Bitcoinica is the very thing that has saved Bitcoinica. It will also guarantee that the security going forward is fully up to professional standards.



Sincerely,
Team Intersango

Cool story bro -- Can I just get in to get my $100 back so I can eat this month?  Here I was planning to quit Bitcoinica this week, and now I can't even quit...   Angry

10% off at CampBX for LIFE:  https://campbx.com/main.php?r=C9a5izBQ5vq  ----  Authorized BitVoucher MEGA reseller (& BTC donations appreciated):  https://bitvoucher.co/affl/1HkvK8o8WWDpCTSQGnek7DH9gT1LWeV5s3/
LTC:  LRL6vb6XBRrEEifB73DiEiYZ9vbRy99H41  NMC:  NGb2spdTGpWj8THCPyCainaXenwDhAW1ZT
gusti
Legendary
*
Offline Offline

Activity: 1102


View Profile
May 15, 2012, 01:09:27 AM
 #736

I'm feeling sad for this "new owner" trusting his business operation to Intersango.

If you don't own the private keys, you don't own the coins.
Cluster2k
Legendary
*
Offline Offline

Activity: 1512


View Profile
May 15, 2012, 01:19:56 AM
 #737

It's great to see the new site up at bitcoinica.com to put everyone's mind at ease that things are progressing well in restoring the site... 

Nothing restores confidence like no official statements from the main source (Zhoutong was just an employee, not the owner).

Do not send bitcoins to me: 16b8s7pBJ9rUmsExNW25qD5VUqVqRPZuXu
100% solar powered bitcoin generation
BadBear
v2.0
Administrator
Legendary
*
Offline Offline

Activity: 1652



View Profile WWW
May 15, 2012, 01:22:34 AM
 #738

If the plan is for the forums to be the primary source of information for bitcoinica.com, there should at least be a PR rep to answer questions. Who is it and why aren't they posting?

1Kz25jm6pjNTaz8bFezEYUeBYfEtpjuKRG | PGP: B5797C4F

Tired of annoying signature ads? Ad block for signatures
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1302


Bitcoin: An Idea Worth Spending


View Profile
May 15, 2012, 01:41:40 AM
 #739

If the plan is for the forums to be the primary source of information for bitcoinica.com, there should at least be a PR rep to answer questions. Who is it and why aren't they posting?

Or maybe they are. Do all of Zhowtong's most recent postings stem from the same IP (assuming it's not masked)?
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1302


Bitcoin: An Idea Worth Spending


View Profile
May 15, 2012, 01:44:04 AM
 #740

I'm feeling sad for this "new owner" trusting his business operation to Intersango.

My apologies for double posting, but I'm wondering if "the investor" also has control of bitcoin.com.
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 [37] 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!