Bitcoin Forum
March 19, 2024, 08:21:49 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 [40] 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 »
  Print  
Author Topic: [Emergency ANN] Bitcoinica site is taken offline for security investigation  (Read 224548 times)
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1063


Gerald Davis


View Profile
May 15, 2012, 01:00:41 PM
Last edit: May 15, 2012, 01:11:46 PM by DeathAndTaxes
 #781

IIRC the Armory client doesn't use any of the Satoshi codebase. I am not sure how useful it is for automated processing but the argument that all clients use the Satoshi codebase is simply wrong.  On edit: I was wrong.  It uses bitcoin-qt codebase under the surface.

Still moving the discussion forward, what is really needed is a "client" which exists solely as a daemon (or windows service) communicates to a variety of database platforms through ODBC and is designed specifically for backend processing (integration with shopping carts, order processing systems, customer databases, etc).  Keeping the private keys in an encrypted database would also provide another layer of security.  Access to the server doesn't necessarily mean access to the database (or specifically tables containing keys).  Having a "client" which requires manual startup and loads digitally signed business rules (limits on tx volume, max tx size, velocity, etc) would provide another layer of security.

I am working on forking the bitcoinsharp (.net library) to handle a merchant backend (database driven) wallet.  One limit of the bitcoinsharp codebase is that it doesn't maintain a local copy of the blockchain.  It relies on peers for transactional data.  However that limitation can be overcome by ensuring the processing node only connect to a handful of trusted peers which are running as full nodes (satoshi or otherwise).
According to NIST and ECRYPT II, the cryptographic algorithms used in Bitcoin are expected to be strong until at least 2030. (After that, it will not be too difficult to transition to different algorithms.)
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
davout
Legendary
*
Offline Offline

Activity: 1372
Merit: 1007


1davout


View Profile WWW
May 15, 2012, 01:03:10 PM
 #782

IIRC the Armory client doesn't use any of the Satoshi codebase. I am not sure how useful it is for backend processing but the argument that no other client exists is simply wrong.  

Still moving the discussion forward I would love to see a "client" which exists solely as a daemon (or windows service) communicates to a variety of database platforms through ODBC and is designed specifically for backend processing.  I am working on forking the bitcoinsharp (.net library) to handle a merchant backend (database driven) wallet.
I'm keeping an eye on bitcoinjs it uses nodejs so it'll easily scale, libbitcoin is very promising too

davout
Legendary
*
Offline Offline

Activity: 1372
Merit: 1007


1davout


View Profile WWW
May 15, 2012, 01:19:00 PM
 #783

Armory uses bitcoin QT.
http://bitcoin.org/clients.html

Multibit uses bitcoinjava

bitcoin-js is not a full client anymore and is unmaintained

Davout, you quoted me as saying "implementing" not reimplementing. New clients can use the Satoshi code base or Libbitcoin which is a reimplementation of the original bitcoin codebase.

There are/were 4 codebases

*Satoshi

*bitcoinjava - mobiles and not full implementation (no scripting or block validation)
            bitcoinjava is used in all mobile clients and multibit

*bitcoin-js which is unmaintained and doesnt have the new changes. nor is it complete.

*electrum off libbitcoin (in it's newest form. formerly bitcoind/ABE)
Interesting.

I'm still curious about how MultiBit manages to send coins if it can't do the scripting magic.

But hey, thanks for clearing some stuff up!

DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1063


Gerald Davis


View Profile
May 15, 2012, 01:19:39 PM
 #784

*bitcoinjava - mobiles and not full implementation (no scripting or block validation)
            bitcoinjava is used in all mobile clients and multibit

It could be used securely for web applications by limiting its connections to trusted peers.  Right?
rjk
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


1ngldh


View Profile
May 15, 2012, 01:41:48 PM
 #785

Shouldn't you be making a claims page instead of trolling about the nuances of different clients?
To be fair, there were those here wanting a response. You got it, even if it wasn't what you wanted to hear.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
imsaguy
General failure and former
VIP
Hero Member
*
Offline Offline

Activity: 574
Merit: 500

Don't send me a pm unless you gpg encrypt it.


View Profile WWW
May 15, 2012, 01:43:43 PM
 #786

Shouldn't you be making a claims page instead of trolling about the nuances of different clients?
To be fair, there were those here wanting a response. You got it, even if it wasn't what you wanted to hear.

I agree, a posting was warranted.  They even made a splash page on Bitcoinica.com.  Bickering about the subtleties in the clients isn't productive, producing the remainder of what was promised to their customers is.

Coming Soon!™ © imsaguy 2011-2013, All rights reserved.

EIEIO:
https://bitcointalk.org/index.php?topic=60117.0

Shades Minoco Collection Thread: https://bitcointalk.org/index.php?topic=65989
Payment Address: http://btc.to/5r6
disclaimer201
Legendary
*
Offline Offline

Activity: 1526
Merit: 1001


View Profile
May 15, 2012, 01:46:53 PM
 #787

Armory uses bitcoin QT.
http://bitcoin.org/clients.html

Multibit uses bitcoinjava

bitcoin-js is not a full client anymore and is unmaintained

Davout, you quoted me as saying "implementing" not reimplementing. New clients can use the Satoshi code base or Libbitcoin which is a reimplementation of the original bitcoin codebase.

There are/were 4 codebases

*Satoshi

*bitcoinjava - mobiles and not full implementation (no scripting or block validation)
            bitcoinjava is used in all mobile clients and multibit

*bitcoin-js which is unmaintained and doesnt have the new changes. nor is it complete.

*electrum off libbitcoin (in it's newest form. formerly bitcoind/ABE)

Shouldn't you be making a claims page instead of trolling about the nuances of different clients?

+1
realnowhereman
Hero Member
*****
Offline Offline

Activity: 504
Merit: 502



View Profile
May 15, 2012, 02:39:39 PM
 #788

Armory uses bitcoin QT.

Shouldn't you be making a claims page instead of trolling about the nuances of different clients?

I'm as annoyed with Intersango as the next man; but this sort of response is just contrarian for the sake of it.

Is it not conceivable that not every single member of Intersango is working on the claims page at once?  Is it possible that the PR account is being run by... a PR person?

Five minutes ago, there were shouts that we hadn't heard anything from Intersango, and that they had probably run off with all our money.  If anything, the fact that Intersango is responding to mundane technical questions is a sign that they are not all on a flight to the bahamas.

1AAZ4xBHbiCr96nsZJ8jtPkSzsg1CqhwDa
imsaguy
General failure and former
VIP
Hero Member
*
Offline Offline

Activity: 574
Merit: 500

Don't send me a pm unless you gpg encrypt it.


View Profile WWW
May 15, 2012, 03:01:25 PM
 #789

I'm as annoyed with Intersango as the next man; but this sort of response is just contrarian for the sake of it.

Is it not conceivable that not every single member of Intersango is working on the claims page at once?  Is it possible that the PR account is being run by... a PR person?

Five minutes ago, there were shouts that we hadn't heard anything from Intersango, and that they had probably run off with all our money.  If anything, the fact that Intersango is responding to mundane technical questions is a sign that they are not all on a flight to the bahamas.


It was just the nature of the posts.  I think you'd agree that a status update was warranted.  Worrying about which client was the most significant rewrite isn't exactly a priority.

Coming Soon!™ © imsaguy 2011-2013, All rights reserved.

EIEIO:
https://bitcointalk.org/index.php?topic=60117.0

Shades Minoco Collection Thread: https://bitcointalk.org/index.php?topic=65989
Payment Address: http://btc.to/5r6
ElectricBrain
Newbie
*
Offline Offline

Activity: 34
Merit: 0


View Profile
May 15, 2012, 03:06:29 PM
 #790

*there's always a possibility that the attacker tampered with the database. But it's nearly impossible to tell which data was tampered with and which wasn't, so either way they're in pretty hot water.

If only database technology was available for financial services where there is the ability to store transactions with auditable history as well as there being an archive log such that recovery to a point in time is possible.  If only such a thing existed ....

I find myself wanting to +1 90% of the stuff you write.
Shuai
Full Member
***
Offline Offline

Activity: 189
Merit: 100


View Profile
May 15, 2012, 03:24:53 PM
 #791

JusticeForYou
VIP
Sr. Member
*
Offline Offline

Activity: 490
Merit: 271



View Profile
May 15, 2012, 03:31:15 PM
 #792


So you guys chose to take over a bucket shop which is constantly at the risk of getting into massive BTC denominated debt (while BTC rallies way up), blinded by greed upon the profits the few shares the mystery investor gave you would promise and now had your reputation tarnished.

You made the mistake of operating for free just to commit another one to correct it. Sad

While it is true that the identity of the investor did not have to be shared, I believe the fact that ownership changed in November SHOULD have been announced. Unless there was an announcement I am aware of, zhoutong deceived us for half a year into believing he solely owned the company.


+10000

Fine, I don't care who the investor is. Who is the CEO and/or Director, and/or Officer in charge of the day to day operations of the company? You surely must have a name for us? This is required by any government on earth as far as I know.

And by the way, Bitcoin LP (the NZ structure) is a PARTNERSHIP and not a corporation, and as per NZ rules, the name of the general partner must be public and known.

You don't want to reveal who owns the shop? That's fine. But please provide a name for a responsible officer of the company as required by law.




I guess I understand your need to know who you are working with in this industry.

Lack of information is information in of itself. There are plenty of legal ways of hiding ownership. Although they do take some money to do so. There are shell corporations, basically companies that own companies, all leading back to a registered agent somewhere who happens to be a trust or organization's attorney (law firm), and it would take a very long legal fight to get the information you seek. Or you are a government and just go get the information.

But apart from that need for anonymous non-anonymity which plagues the community, do you actually need to know?

I mean, can't you judge based off of their actions, past and present, to determine whether you want to be associated with them.

Although, I strongly agree, the change in ownership should have been broadcast to everyone. That is like giving someone else your private gpg key in the -otc. (Which I am sure had been done).

Aurumxchange, btw: you might want to remove bitcoinica from your sig.




.
..1xBit.com   Super Six..
▄█████████████▄
████████████▀▀▀
█████████████▄
█████████▌▀████
██████████  ▀██
██████████▌   ▀
████████████▄▄
███████████████
███████████████
███████████████
███████████████
███████████████
▀██████████████
███████████████
█████████████▀
█████▀▀       
███▀ ▄███     ▄
██▄▄████▌    ▄█
████████       
████████▌     
█████████    ▐█
██████████   ▐█
███████▀▀   ▄██
███▀   ▄▄▄█████
███ ▄██████████
███████████████
███████████████
███████████████
███████████████
███████████████
███████████████
███████████▀▀▀█
██████████     
███████████▄▄▄█
███████████████
███████████████
███████████████
███████████████
███████████████
         ▄█████
        ▄██████
       ▄███████
      ▄████████
     ▄█████████
    ▄███████
   ▄███████████
  ▄████████████
 ▄█████████████
▄██████████████
  ▀▀███████████
      ▀▀███
████
          ▀▀
          ▄▄██▌
      ▄▄███████
     █████████▀

 ▄██▄▄▀▀██▀▀
▄██████     ▄▄▄
███████   ▄█▄ ▄
▀██████   █  ▀█
 ▀▀▀
    ▀▄▄█▀
▄▄█████▄    ▀▀▀
 ▀████████
   ▀█████▀ ████
      ▀▀▀ █████
          █████
       ▄  █▄▄ █ ▄
     ▀▄██▀▀▀▀▀▀▀▀
      ▀ ▄▄█████▄█▄▄
    ▄ ▄███▀    ▀▀ ▀▀▄
  ▄██▄███▄ ▀▀▀▀▄  ▄▄
  ▄████████▄▄▄▄▄█▄▄▄██
 ████████████▀▀    █ ▐█
██████████████▄ ▄▄▀██▄██
 ▐██████████████    ▄███
  ████▀████████████▄███▀
  ▀█▀  ▐█████████████▀
       ▐████████████▀
       ▀█████▀▀▀ █▀
.
Premier League
LaLiga
Serie A
.
Bundesliga
Ligue 1
Primeira Liga
.
..TAKE PART..
hazek
Legendary
*
Offline Offline

Activity: 1078
Merit: 1002


View Profile
May 15, 2012, 03:57:20 PM
 #793


So you guys chose to take over a bucket shop which is constantly at the risk of getting into massive BTC denominated debt (while BTC rallies way up), blinded by greed upon the profits the few shares the mystery investor gave you would promise and now had your reputation tarnished.

You made the mistake of operating for free just to commit another one to correct it. Sad

While it is true that the identity of the investor did not have to be shared, I believe the fact that ownership changed in November SHOULD have been announced. Unless there was an announcement I am aware of, zhoutong deceived us for half a year into believing he solely owned the company.


+10000

Fine, I don't care who the investor is. Who is the CEO and/or Director, and/or Officer in charge of the day to day operations of the company? You surely must have a name for us? This is required by any government on earth as far as I know.

And by the way, Bitcoin LP (the NZ structure) is a PARTNERSHIP and not a corporation, and as per NZ rules, the name of the general partner must be public and known.

You don't want to reveal who owns the shop? That's fine. But please provide a name for a responsible officer of the company as required by law.




In other words spit out who the damn fiduciary of the secret owner is already.

My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)

If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
arby
Donator
Member
*
Offline Offline

Activity: 112
Merit: 10


keybase.io/arblarg


View Profile
May 15, 2012, 03:59:10 PM
 #794

The owner is former US president George W. Bush.

Jabber/XMPP: arby@darkness.su
stochastic
Hero Member
*****
Offline Offline

Activity: 532
Merit: 500


View Profile
May 15, 2012, 04:24:42 PM
 #795


So you guys chose to take over a bucket shop which is constantly at the risk of getting into massive BTC denominated debt (while BTC rallies way up), blinded by greed upon the profits the few shares the mystery investor gave you would promise and now had your reputation tarnished.

You made the mistake of operating for free just to commit another one to correct it. Sad

While it is true that the identity of the investor did not have to be shared, I believe the fact that ownership changed in November SHOULD have been announced. Unless there was an announcement I am aware of, zhoutong deceived us for half a year into believing he solely owned the company.


+10000

Fine, I don't care who the investor is. Who is the CEO and/or Director, and/or Officer in charge of the day to day operations of the company? You surely must have a name for us? This is required by any government on earth as far as I know.

And by the way, Bitcoin LP (the NZ structure) is a PARTNERSHIP and not a corporation, and as per NZ rules, the name of the general partner must be public and known.

You don't want to reveal who owns the shop? That's fine. But please provide a name for a responsible officer of the company as required by law.




+ ∞

Introducing constraints to the economy only serves to limit what can be economical.
JohnBigheart
Full Member
***
Offline Offline

Activity: 167
Merit: 100



View Profile
May 15, 2012, 04:29:58 PM
 #796

I don't mean to be rude but I don't understand how people on this forum manage to get scammed literally every day by something new.... and the worst part is.. nothing ever happens.. You guys will make a collection thread no doubt.. and that will be that..

It must be embarrassing for some of you.... ?

My unpopular opinion is that these ripoffs actually benefit the Bitcoin economy:
  • Vulnerabilities are discovered, security awareness and best practices are spread while Bitcoin is still in beta
  • Stolen Bitcoins get into circulation and level the initial imbalance of early adopters vs. others
  • Risk of theft counteracts hoarding and the deflationary spiral and encourages people to spend Bitcoins while they still have them

World renowned expert on silly sketches and stupid gif animations.
Your tips are welcome: 17cETm8zDugFKuNQMprW6GgAFEpmrcPUA
JusticeForYou
VIP
Sr. Member
*
Offline Offline

Activity: 490
Merit: 271



View Profile
May 15, 2012, 04:38:02 PM
 #797

Quote
Who is the CEO and/or Director, and/or Officer in charge of the day to day operations of the company? You surely must have a name for us? This is required by any government on earth as far as I know.

It is, but it isn't required to be public knowledge.

If they promised him/her/them to not reveal it then they should stand by their word if not contractual obligations.

btw: I do believe it is in the businesses best interest, but that information shouldn't be forced by us. It should be made known for the business' best interest. OR Said another way: Where do their best efforts lay? With the business or themselves.

I am not for forcing them to do it tho... they should do it because it is the right thing to do. If they don't, then they should bear the consequences of it. Not for any moral or ethical reasons but just for purely business reasons.

This is the nature of business today. Everyone wants the money but nobody wants the accountability.

I would much rather have a person who says: Guys, I fucked up. Here is how. I will try to make it right. Rather than a guy that says: I dunno, it wasn't me, I was sleeping. Isn't that what leaders do, even if it is not their fault? Of course, heads roll but that is the nature of the beast.




.
..1xBit.com   Super Six..
▄█████████████▄
████████████▀▀▀
█████████████▄
█████████▌▀████
██████████  ▀██
██████████▌   ▀
████████████▄▄
███████████████
███████████████
███████████████
███████████████
███████████████
▀██████████████
███████████████
█████████████▀
█████▀▀       
███▀ ▄███     ▄
██▄▄████▌    ▄█
████████       
████████▌     
█████████    ▐█
██████████   ▐█
███████▀▀   ▄██
███▀   ▄▄▄█████
███ ▄██████████
███████████████
███████████████
███████████████
███████████████
███████████████
███████████████
███████████▀▀▀█
██████████     
███████████▄▄▄█
███████████████
███████████████
███████████████
███████████████
███████████████
         ▄█████
        ▄██████
       ▄███████
      ▄████████
     ▄█████████
    ▄███████
   ▄███████████
  ▄████████████
 ▄█████████████
▄██████████████
  ▀▀███████████
      ▀▀███
████
          ▀▀
          ▄▄██▌
      ▄▄███████
     █████████▀

 ▄██▄▄▀▀██▀▀
▄██████     ▄▄▄
███████   ▄█▄ ▄
▀██████   █  ▀█
 ▀▀▀
    ▀▄▄█▀
▄▄█████▄    ▀▀▀
 ▀████████
   ▀█████▀ ████
      ▀▀▀ █████
          █████
       ▄  █▄▄ █ ▄
     ▀▄██▀▀▀▀▀▀▀▀
      ▀ ▄▄█████▄█▄▄
    ▄ ▄███▀    ▀▀ ▀▀▄
  ▄██▄███▄ ▀▀▀▀▄  ▄▄
  ▄████████▄▄▄▄▄█▄▄▄██
 ████████████▀▀    █ ▐█
██████████████▄ ▄▄▀██▄██
 ▐██████████████    ▄███
  ████▀████████████▄███▀
  ▀█▀  ▐█████████████▀
       ▐████████████▀
       ▀█████▀▀▀ █▀
.
Premier League
LaLiga
Serie A
.
Bundesliga
Ligue 1
Primeira Liga
.
..TAKE PART..
bulanula
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500



View Profile
May 15, 2012, 04:52:05 PM
 #798

Quote
Who is the CEO and/or Director, and/or Officer in charge of the day to day operations of the company? You surely must have a name for us? This is required by any government on earth as far as I know.

It is, but it isn't required to be public knowledge.

If they promised him/her/them to not reveal it then they should stand by their word if not contractual obligations.

btw: I do believe it is in the businesses best interest, but that information shouldn't be forced by us. It should be made known for the business' best interest. OR Said another way: Where do their best efforts lay? With the business or themselves.

I am not for forcing them to do it tho... they should do it because it is the right thing to do. If they don't, then they should bear the consequences of it. Not for any moral or ethical reasons but just for purely business reasons.

This is the nature of business today. Everyone wants the money but nobody wants the accountability.

I would much rather have a person who says: Guys, I fucked up. Here is how. I will try to make it right. Rather than a guy that says: I dunno, it wasn't me, I was sleeping. Isn't that what leaders do, even if it is not their fault? Of course, heads roll but that is the nature of the beast.

LOL the sleeping excuse is the latest and greatest. Sleeping during lunchtime ( post was made at 2:15 UK time ) = EPIC excuse for Intersango.

proudhon
Legendary
*
Offline Offline

Activity: 2198
Merit: 1309



View Profile
May 15, 2012, 06:14:57 PM
 #799

Hopefully the fact that I used two-factor authentication makes getting my bitcoins back easier.   Undecided

Bitcoin Fact: the price of bitcoin will not be greater than $70k for more than 25 consecutive days at any point in the rest of recorded human history.
mobodick
Hero Member
*****
Offline Offline

Activity: 840
Merit: 1000



View Profile
May 15, 2012, 06:16:35 PM
 #800

Nice  Shocked


Can the current owner(s) of bitcoinica comment on these transactions that took place today?
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 [40] 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!