|
bulanula
|
 |
May 14, 2012, 09:55:42 PM |
|
Damn it ! I almost got an epileptic seizure from that rjk. Not trolling. I suffer from that and almost got shocked. Please put a warning up for people like me affected. |
|
|
|
|
Phinnaeus Gage
Legendary
 Offline
Activity: 1918
Merit: 1570
Bitcoin: An Idea Worth Spending
|
|
May 14, 2012, 10:05:39 PM |
|
Damn it ! I almost got an epileptic seizure from that rjk. Not trolling. I suffer from that and almost got shocked. Please put a warning up for people like me affected. I was thinkin' 'bout postin' the same thing, but opted not to. Although I'm not epileptic (think not), I too felt strange afterwards of only viewing the images a couple secs. Odd! ~Bruno~ |
|
|
|
|
bitstory
Newbie
Offline
Activity: 35
Merit: 0
|
|
May 14, 2012, 10:16:07 PM |
|
Damn it! We nearly got rid of bulanula permanently!
|
|
|
|
|
|
Crypt_Current
|
|
May 14, 2012, 10:17:25 PM |
|
Damn it ! I almost got an epileptic seizure from that rjk. Not trolling. I suffer from that and almost got shocked. Please put a warning up for people like me affected. Sounds like a scam  |
|
|
|
|
bulanula
|
|
May 14, 2012, 10:17:48 PM |
|
Damn it! We nearly got rid of bulanula permanently!
Indeed. Too bad I did not die ! The world would have been a better place that way with evil people like me out of it ... |
|
|
|
|
|
bulanula
|
|
May 14, 2012, 11:42:47 PM |
|
Hi,
We did not post a response earlier because we helped with the Bitcoinica official statement and had nothing more at that time to add. We were brought on to secure Bitcoinica as the investors were concerned about potentially serious security issues. Patrick Strateman had identified a serious problem in Bitcoinica previous to getting involved. After the Linode hacking the owners of Bitcoinica decided they needed to address security issues. Almost all of these issues seemed to have been addressed and fixed as of last week but unfortunately there remained a huge security flaw. The flaw was not in the core Bitcoinica code base, but in access to the server.
Administrative privileges allowing access to the rackspace account, and thus the server, were being issued haphazardly. A person with no managerial role even had this access without even knowing it. With Intersango, our CTO (Patrick Strateman) is the only one with access to the server, the database, and all sensitive material. There is a very tedious process in which another member could retrieve access however it would require more than a plane trip (this is so we do not have a bus factor of 1).
The recent compromise of Bitcoinica was born out of an inadequate access policy which unfortunately was not dealt with in time. As day to day operations for a company like Bitcoinica cannot be passed over in a single night, despite the core bitcoinica code having been secured, administrative privileges on the server had not been redesigned.
Upon reopening, Bitcoinica will not have any of these issues. We will finally be able to say Bitcoinica's growing pains are over.
A few things to add:
I want to assure you that the current owners of Bitcoinica have by far exceeded their legal obligations in helping Bitcoinica recover from the previous hack and have pledged their continued support in seeing this incident fully resolved.
The restructuring of Bitcoinica is the very thing that has saved Bitcoinica. It will also guarantee that the security going forward is fully up to professional standards.
Sincerely,
Team Intersango
Who are these so-called "owners" ? Zhoutong claims it is not him => you claim it is not you => then who is it  |
|
|
|
|
|
Ichthyo
|
|
May 14, 2012, 11:52:18 PM |
|
Who are these so-called "owners" ? Zhoutong claims it is not him => you claim it is not you => then who is it Just a hint from a another lurker here in the forum  Zhoutong pointed out that the owner requested not to be publickly known. This started a rather lengthy discussion right here in this thread about business and ownership in generall, but like it or not, such things are very common in the current world of business. I might be wrong, but just from the answers available here in the forum, I would be surprised to get any further disclosure on that topic. Personally I'm glad that Team Intersango spoke up and clarified their position and the technical details. --Ichthyo |
|
|
|
|
Littleshop
Legendary
Offline
Activity: 1386
Merit: 1004
|
|
May 14, 2012, 11:53:12 PM |
|
Finally there is a notice on bitcoinica.com for users not on This forum.
|
|
|
|
rjk
Sr. Member
Offline
Activity: 448
Merit: 250
1ngldh
|
|
May 14, 2012, 11:56:00 PM |
|
All I know is, I prefer my systems to be owned by people that can fix them, not people that have to hire others to fix them. Not only that, but I forsee that there will be more of the same since Intersango et al are suddenly more valuable due to the acquisition of control of Bitcoinica.
|
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
May 14, 2012, 11:57:57 PM
Last edit: May 15, 2012, 12:25:07 AM by DeathAndTaxes |
|
Um anyone else find the answer lacking?
There was never any exploit against the code base. In linode hack the attacker used a "super-admin" account and the administrative console to reset an admin password, logged into the server and copied the private keys from the wallet. End result was 40K BTC stolen. So the "solution" to leaving server vulnerable to remote password reset was to do a tedious line by line analysis of the codebase (which has never exploited) and meanwhile install the code on a new server which had (almost) the same vulnerability as the prior server.
Really? That was the impossible to determine flaw? The attacker did almost the same thing ALL OVER AGAIN in the recent attack. Compromise an off site email account, use the remote admin console, reset the admin password, login to the server and copy the private keys stealing 20K BTC.
Linode: Compromise a super-admin account, reset admin password, login to server, steal private keys from wallet, profit.
Rackspace: Compromise off-site email, reset admin password, login to server, steal private keys from wallet, profit.
Starting to see the pattern?
|
|
|
|
|
JusticeForYou
VIP
Sr. Member
Offline
Activity: 490
Merit: 271
|
|
May 15, 2012, 12:19:03 AM |
|
All I know is, I prefer my systems to be owned by people that can fix them, not people that have to hire others to fix them. Not only that, but I forsee that there will be more of the same since Intersango et al are suddenly more valuable due to the acquisition of control of Bitcoinica.
Not many businesses work that way. |
|
|
|
|
|
.
..1xBit.com Super Six.. | ▄█████████████▄
████████████▀▀▀
█████████████▄
█████████▌▀████
██████████ ▀██
██████████▌ ▀
████████████▄▄
███████████████
███████████████
███████████████
███████████████
███████████████
▀██████████████ | ███████████████
█████████████▀
█████▀▀
███▀ ▄███ ▄
██▄▄████▌ ▄█
████████
████████▌
█████████ ▐█
██████████ ▐█
███████▀▀ ▄██
███▀ ▄▄▄█████
███ ▄██████████
███████████████ | ███████████████
███████████████
███████████████
███████████████
███████████████
███████████▀▀▀█
██████████
███████████▄▄▄█
███████████████
███████████████
███████████████
███████████████
███████████████ | ▄█████
▄██████
▄███████
▄████████
▄█████████
▄██████████
▄███████████
▄████████████
▄█████████████
▄██████████████
▀▀███████████
▀▀███████
▀▀██▀ | ▄▄██▌
▄▄███████
█████████▀
▄██▄▄▀▀██▀▀
▄██████ ▄▄▄
███████ ▄█▄ ▄
▀██████ █ ▀█
▀▀▀ ▄ ▀▄▄█▀
▄▄█████▄ ▀▀▀
▀████████
▀█████▀ ████
▀▀▀ █████
█████ | ▄ █▄▄ █ ▄
▀▄██▀▀▀▀▀▀▀▀
▀ ▄▄█████▄█▄▄
▄ ▄███▀ ▀▀ ▀▀▄
▄██▄███▄ ▀▀▀▀▄ ▄▄
▄████████▄▄▄▄▄█▄▄▄██
████████████▀▀ █ ▐█
██████████████▄ ▄▄▀██▄██
▐██████████████ ▄███
████▀████████████▄███▀
▀█▀ ▐█████████████▀
▐████████████▀
▀█████▀▀▀ █▀ | .
Premier League
LaLiga
Serie A | .
Bundesliga
Ligue 1
Primeira Liga | | .
..TAKE PART.. |
|
|
|
|
|
rjk
Sr. Member
Offline
Activity: 448
Merit: 250
1ngldh
|
|
May 15, 2012, 12:29:46 AM |
|
All I know is, I prefer my systems to be owned by people that can fix them, not people that have to hire others to fix them. Not only that, but I forsee that there will be more of the same since Intersango et al are suddenly more valuable due to the acquisition of control of Bitcoinica.
Not many businesses work that way. I guess that is a bit extreme and can't be expected always, but it is the way many Bitcoin related things work. Many current Bitcoin-related businesses have owners that still hack on their codebases. I guess what I meant to say was that I hope the new owner is at least smart enough to turn on a server and bash out a few linux commands. |
|
|
|
Littleshop
Legendary
Offline
Activity: 1386
Merit: 1004
|
|
May 15, 2012, 12:36:15 AM |
|
Uggggg. So many mistakes and unclear statements in that article. |
|
|
|
|
Crypt_Current
|
|
May 15, 2012, 12:54:07 AM |
|
Hi,
We did not post a response earlier because we helped with the Bitcoinica official statement and had nothing more at that time to add. We were brought on to secure Bitcoinica as the investors were concerned about potentially serious security issues. Patrick Strateman had identified a serious problem in Bitcoinica previous to getting involved. After the Linode hacking the owners of Bitcoinica decided they needed to address security issues. Almost all of these issues seemed to have been addressed and fixed as of last week but unfortunately there remained a huge security flaw. The flaw was not in the core Bitcoinica code base, but in access to the server.
Administrative privileges allowing access to the rackspace account, and thus the server, were being issued haphazardly. A person with no managerial role even had this access without even knowing it. With Intersango, our CTO (Patrick Strateman) is the only one with access to the server, the database, and all sensitive material. There is a very tedious process in which another member could retrieve access however it would require more than a plane trip (this is so we do not have a bus factor of 1).
The recent compromise of Bitcoinica was born out of an inadequate access policy which unfortunately was not dealt with in time. As day to day operations for a company like Bitcoinica cannot be passed over in a single night, despite the core bitcoinica code having been secured, administrative privileges on the server had not been redesigned.
Upon reopening, Bitcoinica will not have any of these issues. We will finally be able to say Bitcoinica's growing pains are over.
A few things to add:
I want to assure you that the current owners of Bitcoinica have by far exceeded their legal obligations in helping Bitcoinica recover from the previous hack and have pledged their continued support in seeing this incident fully resolved.
The restructuring of Bitcoinica is the very thing that has saved Bitcoinica. It will also guarantee that the security going forward is fully up to professional standards.
Sincerely,
Team Intersango
Cool story bro -- Can I just get in to get my $100 back so I can eat this month? Here I was planning to quit Bitcoinica this week, and now I can't even quit...  |
|
|
|
gusti
Legendary
Offline
Activity: 1099
Merit: 1000
|
|
May 15, 2012, 01:09:27 AM |
|
I'm feeling sad for this "new owner" trusting his business operation to Intersango.
|
If you don't own the private keys, you don't own the coins.
|
|
|
Cluster2k
Legendary
Offline
Activity: 1692
Merit: 1018
|
|
May 15, 2012, 01:19:56 AM |
|
It's great to see the new site up at bitcoinica.com to put everyone's mind at ease that things are progressing well in restoring the site...
Nothing restores confidence like no official statements from the main source (Zhoutong was just an employee, not the owner).
|
|
|
|
|
BadBear
v2.0
Legendary
Offline
Activity: 1652
Merit: 1128
|
|
May 15, 2012, 01:22:34 AM |
|
If the plan is for the forums to be the primary source of information for bitcoinica.com, there should at least be a PR rep to answer questions. Who is it and why aren't they posting?
|
|
|
|
Phinnaeus Gage
Legendary
Offline
Activity: 1918
Merit: 1570
Bitcoin: An Idea Worth Spending
|
|
May 15, 2012, 01:41:40 AM |
|
If the plan is for the forums to be the primary source of information for bitcoinica.com, there should at least be a PR rep to answer questions. Who is it and why aren't they posting?
Or maybe they are. Do all of Zhowtong's most recent postings stem from the same IP (assuming it's not masked)? |
|
|
|
|
Phinnaeus Gage
Legendary
Offline
Activity: 1918
Merit: 1570
Bitcoin: An Idea Worth Spending
|
|
May 15, 2012, 01:44:04 AM |
|
I'm feeling sad for this "new owner" trusting his business operation to Intersango.
My apologies for double posting, but I'm wondering if "the investor" also has control of bitcoin.com. |
|
|
|
|
|
