Bitcoin Forum
December 04, 2016, 10:27:07 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 [4]  All
  Print  
Author Topic: A public apology to Donald, Patrick and Amir ("Intersango guys")  (Read 7481 times)
zhoutong
VIP
Hero Member
*
Offline Offline

Activity: 490


View Profile WWW
May 18, 2012, 08:06:46 PM
 #61

Apparently, Zhou Tong, wich had access to the server "temp" folder holding the session data, didn't knew how to invalidate a php session also.
Are you trying to tell me that Rackspace still had root access to that server? Pretty slick, actually...
Or are you trying to say that the Virtual Machine is not suited to host such a website? Even more slick.

One way or the other, their fault, and I don't mean Rackspace Roll Eyes
No, what I am saying is that the admin console/portal is hosted by rackspace themselves, not bitcoinica. It is the page that allows them to provision new hardware, file support tickets, creeate backups, etc. Bitcoinica has no access to those servers for obvious reasons (other RS customers use the same portal).

blah blah blah... Stop kissing Zhou tongs ass, dude.
Now tell me: How much money do you have hostage in Bitcoinica at this exact moment?
Jesus Christ, I am not responsible for how badly Rackspace fails at server administration, I'm just telling you how the fucking setup WORKS. If you can't comprehend how it works, you have no right to be placing blame.

Now obviously, using cloud services in this manner was not a good idea, and there should have been some actual dedicated hardware in use, in a locked cage, "blah blah blah", but it's too late for that now.

It seems you are the one not to understand how things work. Not even going to argue this with you. It's really not worth it lol

I still want Zhou Tong to tell me how much did he pay Rackspace for a FULLY managed server...
For people who understand 1 word is more than enough. You're not such a person, rjk...

We used cloud services and what rjk just described is right...

Founder of NameTerrific (https://www.nameterrific.com/). Co-founder of CoinJar (https://coinjar.io/)

Donations for my future Bitcoin projects: 19Uk3tiD5XkBcmHyQYhJxp9QHoub7RosVb
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480847227
Hero Member
*
Offline Offline

Posts: 1480847227

View Profile Personal Message (Offline)

Ignore
1480847227
Reply with quote  #2

1480847227
Report to moderator
zhoutong
VIP
Hero Member
*
Offline Offline

Activity: 490


View Profile WWW
May 18, 2012, 08:13:44 PM
 #62

If "Bitcoinica Consultancy" is handling things now, why didn't they notify us of the claims page rather than zhoutong? The more I hear from zhoutong, and less from intersango or whatever they call themselves, the more I lose confidence in the new owner/operators.
This +1. To start with, we never saw any communication from them indicating that anything that Zhoutong said was in any way incorrect, or that there was need of an apology to begin with. Of course, that could have been communicated privately, but from what I have seen so far even Zhoutong himself is becoming frustrated with the obvious stonewalling that we are seeing from the Consultancy.

Indeed, stonewalling is the best description that I can imagine for this series of events; to the public, and to those that wish to fix the problems, as it appears - since access to even the domain name has been fraught with problems such as a poor DNS implementation, leading to those that don't even use the forum to be forced to come here and find out the problem, and wait here for a resolution.

From what I've observed, I have a different perspective. The Intersango guys were brought to help with security not PR. For them to take any position of public communications would have been a breach of contract. The fact that Zhou had to become a team player for his creation caused him a lot of frustration. He was the main PR man up till the incident and should have followed through with a splash page and daily email updates (not just the forum), but instead we got a "I'm leaving Bitcoin" thread. He left when the going got tough. Sure, feelings were hurt and emotions were high. Zhou, if you really want to be proud of what you started then get back to doing the PR and be a team player even if you don't agree. You should leave Bitcoinica on much better conditions if it something you really want to be proud of!



The "I'm leaving Bitcoin" has nothing to do with Bitcoinica hack. I'm still here, but I'm not doing other Bitcoin business any more.

I was the main operator before Bitcoinica joins forces with Intersango. After that, neither the investor nor I possesses full decision power. Intersango guys took over the management entirely. Even my position in PR was not fully recognized.

I did suggest some ideas internally, but I shouldn't have criticized them for different ways of doing things (even though I disagreed).

They are working very hard, but at the same time, I have nothing to update either.

Founder of NameTerrific (https://www.nameterrific.com/). Co-founder of CoinJar (https://coinjar.io/)

Donations for my future Bitcoin projects: 19Uk3tiD5XkBcmHyQYhJxp9QHoub7RosVb
zhoutong
VIP
Hero Member
*
Offline Offline

Activity: 490


View Profile WWW
May 18, 2012, 08:20:07 PM
 #63

Regarding the Bitcoin Consultancy and questions about why they haven't been more active in this mess...I don't know what their arrangement with Bitcoinica is, but if they hadn't fully taken over the operation of Bitcoinica and had no responsibility for the security or theft, then they might be wise put their relationship on hold until Bitcoinica sorts everything out first.  If the Bitcoin Consultancy had nothing to do with the security issue there's no reason they should have to clean up someone else's mess.  At the minimum they would probably want to first arrange compensation for the time and effort that will be required for them to clean up the mess.

It's very hard to judge whether they had anything do to with the security issue, because everything contributes to the disaster.

Patrick - compromised email server.
Me - improper access control.

Bitcoin Consultancy has fully taken over the management and the relationship is final. However, during the transition period, the access control is not defined properly and resulted in this problem. I have no knowledge of an insecure email server but I assigned admin rights to its user.

Founder of NameTerrific (https://www.nameterrific.com/). Co-founder of CoinJar (https://coinjar.io/)

Donations for my future Bitcoin projects: 19Uk3tiD5XkBcmHyQYhJxp9QHoub7RosVb
dooglus
Legendary
*
Offline Offline

Activity: 1988



View Profile
May 18, 2012, 08:28:23 PM
 #64

I have violated my promise (of "not to post anything [about Bitcoinica]") yesterday, by posting this in the emergency announcement thread:

It's very hard to judge whether they had anything do to with the security issue, because everything contributes to the disaster.

Patrick - compromised email server.
Me - improper access control.

I think you need to make up your mind; are you going to stop posting about Bitcoinica, or are you going to keep telling us more and more.

rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
May 18, 2012, 08:29:15 PM
 #65

I think you need to make up your mind; are you going to stop posting about Bitcoinica, or are you going to keep telling us more and more.
Doesn't look like any more information than was already available.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
Ichthyo
Hero Member
*****
Offline Offline

Activity: 602


View Profile
May 18, 2012, 08:37:42 PM
 #66

It's very hard to judge whether they had anything do to with the security issue, because everything contributes to the disaster.

Patrick - compromised email server.
Me - improper access control.

I think you need to make up your mind; are you going to stop posting about Bitcoinica, or are you going to keep telling us more and more.

Zouthong didn't say anything new recently. He just repeated again what is publickly known allready.

Unfortunately there seem to be a lot of folks hanging out here, which aren't able to read (but insist in spreading their guesses and opinions very loud.). This whole situation is also embarrasing for us, as a community. Bottom line is we're behaving as if we where a bunch of barely 17 year olds.
Steve
Hero Member
*****
Offline Offline

Activity: 868



View Profile WWW
May 18, 2012, 08:42:38 PM
 #67

Regarding the Bitcoin Consultancy and questions about why they haven't been more active in this mess...I don't know what their arrangement with Bitcoinica is, but if they hadn't fully taken over the operation of Bitcoinica and had no responsibility for the security or theft, then they might be wise put their relationship on hold until Bitcoinica sorts everything out first.  If the Bitcoin Consultancy had nothing to do with the security issue there's no reason they should have to clean up someone else's mess.  At the minimum they would probably want to first arrange compensation for the time and effort that will be required for them to clean up the mess.

It's very hard to judge whether they had anything do to with the security issue, because everything contributes to the disaster.

Patrick - compromised email server.
Me - improper access control.

Bitcoin Consultancy has fully taken over the management and the relationship is final. However, during the transition period, the access control is not defined properly and resulted in this problem. I have no knowledge of an insecure email server but I assigned admin rights to its user.
Oh, I see, well that's a bit different then.  I didn't have a chance to follow all the messages in these threads, but from the sound of it, someone inadvertently sent their hosting control panel password through an email server that was later compromised and gave someone access to the control panel?  I'll use this as a case in point in the future the next time someone dismisses the risk of sending sensitive information in the clear over email.  On a side note, it never ceases to amaze me at how companies (even financial ones) will send scanned forms full of sensitive information over email with no encryption and never give it a second thought.

(gasteve on IRC) Does your website accept cash? https://bitpay.com
allten
Sr. Member
****
Offline Offline

Activity: 447



View Profile
May 18, 2012, 09:02:13 PM
 #68

If "Bitcoinica Consultancy" is handling things now, why didn't they notify us of the claims page rather than zhoutong? The more I hear from zhoutong, and less from intersango or whatever they call themselves, the more I lose confidence in the new owner/operators.
This +1. To start with, we never saw any communication from them indicating that anything that Zhoutong said was in any way incorrect, or that there was need of an apology to begin with. Of course, that could have been communicated privately, but from what I have seen so far even Zhoutong himself is becoming frustrated with the obvious stonewalling that we are seeing from the Consultancy.

Indeed, stonewalling is the best description that I can imagine for this series of events; to the public, and to those that wish to fix the problems, as it appears - since access to even the domain name has been fraught with problems such as a poor DNS implementation, leading to those that don't even use the forum to be forced to come here and find out the problem, and wait here for a resolution.

From what I've observed, I have a different perspective. The Intersango guys were brought to help with security not PR. For them to take any position of public communications would have been a breach of contract. The fact that Zhou had to become a team player for his creation caused him a lot of frustration. He was the main PR man up till the incident and should have followed through with a splash page and daily email updates (not just the forum), but instead we got a "I'm leaving Bitcoin" thread. He left when the going got tough. Sure, feelings were hurt and emotions were high. Zhou, if you really want to be proud of what you started then get back to doing the PR and be a team player even if you don't agree. You should leave Bitcoinica on much better conditions if it something you really want to be proud of!



The "I'm leaving Bitcoin" has nothing to do with Bitcoinica hack. I'm still here, but I'm not doing other Bitcoin business any more.

I was the main operator before Bitcoinica joins forces with Intersango. After that, neither the investor nor I possesses full decision power. Intersango guys took over the management entirely. Even my position in PR was not fully recognized.

I did suggest some ideas internally, but I shouldn't have criticized them for different ways of doing things (even though I disagreed).

They are working very hard, but at the same time, I have nothing to update either.

I see. Thanks for the clarification.

Edit: Looks like the whole Bitcoinica thing is going through a lot of growing pains. Glad to see you are still helping out 'till they are running smoothly again.
If they truly make good on all lost coins and do their best to compensate everyone they will definitely earn all of my trust and respect back.

However, the PR during the initial days was a fiasco and is still not where it should be.
Still waiting for an email with all the news and a splash page with daily updates.
I shouldn't have to find it here in this forum.
Ichthyo
Hero Member
*****
Offline Offline

Activity: 602


View Profile
May 18, 2012, 09:02:52 PM
 #69

On a side note, it never ceases to amaze me at how companies (even financial ones) will send scanned forms full of sensitive information over email with no encryption and never give it a second thought.

Still more funny, try to convince a "conventional" finnancial institution you're working with to use something simple as PGP. You'll hit a wall of consultants not even knowing what encryption is, but communicating very "professionally" all day long....
Transisto
Donator
Legendary
*
Offline Offline

Activity: 1624



View Profile WWW
May 18, 2012, 10:15:16 PM
 #70

...
Still waiting for an email with all the news and a splash page with daily updates.
I shouldn't have to find it here in this forum.
+1

This part of the situation make me cry.  Cry
Soros Shorts
Donator
Legendary
*
Offline Offline

Activity: 1455



View Profile
May 18, 2012, 10:25:57 PM
 #71

Oh, I see, well that's a bit different then.  I didn't have a chance to follow all the messages in these threads, but from the sound of it, someone inadvertently sent their hosting control panel password through an email server that was later compromised and gave someone access to the control panel?  I'll use this as a case in point in the future the next time someone dismisses the risk of sending sensitive information in the clear over email.  On a side note, it never ceases to amaze me at how companies (even financial ones) will send scanned forms full of sensitive information over email with no encryption and never give it a second thought.

I am pretty sure Rackspace does not send passwords over emails - just the password reset link to the list of authorized emails on the account. They also use opportunistic TLS so if the recipient email server supports TLS the in-flight data will be encrypted.

However, in this particular case it didn't matter because it appears that one of the authorized email addresses was hosted on a compromised server.
Steve
Hero Member
*****
Offline Offline

Activity: 868



View Profile WWW
May 18, 2012, 11:49:08 PM
 #72

On a side note, it never ceases to amaze me at how companies (even financial ones) will send scanned forms full of sensitive information over email with no encryption and never give it a second thought.

Still more funny, try to convince a "conventional" finnancial institution you're working with to use something simple as PGP. You'll hit a wall of consultants not even knowing what encryption is, but communicating very "professionally" all day long....
I mentioned PGP once to a mortgage broker I was working with…they clearly had no idea what I was talking about, so I said never mind, I'll just drive over to the office…and they thought I was behind the times in that I couldn't handle it over email.   Roll Eyes

(gasteve on IRC) Does your website accept cash? https://bitpay.com
muyuu
Donator
Legendary
*
Offline Offline

Activity: 924



View Profile
May 20, 2012, 01:38:31 AM
 #73

Later I questioned them "Does this mean that Rackspace Cloud shouldn't be trusted for anything financially serious?", they didn't give a response.

So we're still in this stage, aren't we.

GPG ID: 7294199D - OTC ID: muyuu (470F97EB7294199D)
forum tea fund BTC 1Epv7KHbNjYzqYVhTCgXWYhGSkv7BuKGEU DOGE DF1eTJ2vsxjHpmmbKu9jpqsrg5uyQLWksM CAP F1MzvmmHwP2UhFq82NQT7qDU9NQ8oQbtkQ
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
May 23, 2012, 04:17:53 PM
 #74

http://blockchain.info/address/1EMLwAwseowTkDtKnEHRKrwQvzi4HShxSX
...
Also, the address starts with 1EML

Expect Mass Leak


It actually stands for "Expect Mass Leak when African warlords see excellent online way to keep dollars tucked, knowing not everyone has right key, reveal wallet quietly, vexed Zhou is 4cibly hushed, soon his extravagant system exposed."

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1302


Bitcoin: An Idea Worth Spending


View Profile
May 23, 2012, 04:29:08 PM
 #75

http://blockchain.info/address/1EMLwAwseowTkDtKnEHRKrwQvzi4HShxSX
...
Also, the address starts with 1EML

Expect Mass Leak


It actually stands for "Expect Mass Leak when African warlords see excellent online way to keep dollars tucked, knowing not everyone has right key, reveal wallet quietly, vexed Zhou is 4cibly hushed, soon his extravagant system exposed."

LMAO! Now try this one: 1DkyBEKt5S2GDtv7aQw6rQepAvnsRyHoYM
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
May 23, 2012, 04:52:45 PM
 #76

http://blockchain.info/address/1EMLwAwseowTkDtKnEHRKrwQvzi4HShxSX
...
Also, the address starts with 1EML

Expect Mass Leak


It actually stands for "Expect Mass Leak when African warlords see excellent online way to keep dollars tucked, knowing not everyone has right key, reveal wallet quietly, vexed Zhou is 4cibly hushed, soon his extravagant system exposed."

LMAO! Now try this one: 1DkyBEKt5S2GDtv7aQw6rQepAvnsRyHoYM

Dope kilos?  You bet.  Everyone knows that.  5BTC sent, to golden dropbox travels value.  Seventually, anyone questions whether 6ilk Road quietly extracts payment after various national senates relent, yielding harmless opinion, yes marijuana.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
bitcoinBull
Legendary
*
Offline Offline

Activity: 826


rippleFanatic


View Profile
May 25, 2012, 02:23:01 AM
 #77

http://blockchain.info/address/1EMLwAwseowTkDtKnEHRKrwQvzi4HShxSX
...
Also, the address starts with 1EML

Expect Mass Leak


It actually stands for "Expect Mass Leak when African warlords see excellent online way to keep dollars tucked, knowing not everyone has right key, reveal wallet quietly, vexed Zhou is 4cibly hushed, soon his extravagant system exposed."

LMAO! Now try this one: 1DkyBEKt5S2GDtv7aQw6rQepAvnsRyHoYM

Dope kilos?  You bet.  Everyone knows that.  5BTC sent, to golden dropbox travels value.  Seventually, anyone questions whether 6ilk Road quietly extracts payment after various national senates relent, yielding harmless opinion, yes marijuana.

haha. someone should write a script to translate these vanity acronyms.

College of Bucking Bulls Knowledge
Dalkore
Legendary
*
Offline Offline

Activity: 1176


ASIC Miner Hosting: www.bitcoinasichosting.com


View Profile WWW
May 25, 2012, 07:05:29 PM
 #78

It really makes me smile when people like Zhou take responsibility for their part and explain to the community on what happened so others will learn from this wisdom and bring good will back to this brand.   It shows class and I hope this type of mature behavior spreads in this community, make it the best on the planet.  I am proud to be a part of this and in my business venture coming online very soon, we are going to take the same level of communication and honest information.

Thank you.


Dalkore

[Winter Fire Sale] Hosting: $60.00 per KW) [6-month contracts] - Link
Transaction List: jayson3 +5 - ColdHardMetal +3 - Nolo +2 - CoinHoarder +1 - Elxiliath +1 - tymm0 +1 - Johnniewalker +1 - Oscer +1 - Davidj411 +1 - BitCoiner2012 +1 - dstruct2k +1 - Philj +1 - camolist +1 - exahash +1 - Littleshop +1 - Severian +1 - DebitMe +1 - lepenguin +1 - StringTheory +1 - amagimetals +1 - jcoin200 +1 - serp +1 - klintay +1 - -droid- +1 - FlutterPie +1
Pages: « 1 2 3 [4]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!