A public apology to Donald, Patrick and Amir ("Intersango guys")

[zhoutong]

If "Bitcoinica Consultancy" is handling things now, why didn't they notify us of the claims page rather than zhoutong? The more I hear from zhoutong, and less from intersango or whatever they call themselves, the more I lose confidence in the new owner/operators.

This +1. To start with, we never saw any communication from them indicating that anything that Zhoutong said was in any way incorrect, or that there was need of an apology to begin with. Of course, that could have been communicated privately, but from what I have seen so far even Zhoutong himself is becoming frustrated with the obvious stonewalling that we are seeing from the Consultancy.

Indeed, stonewalling is the best description that I can imagine for this series of events; to the public, and to those that wish to fix the problems, as it appears - since access to even the domain name has been fraught with problems such as a poor DNS implementation, leading to those that don't even use the forum to be forced to come here and find out the problem, and wait here for a resolution.

From what I've observed, I have a different perspective. The Intersango guys were brought to help with security not PR. For them to take any position of public communications would have been a breach of contract. The fact that Zhou had to become a team player for his creation caused him a lot of frustration. He was the main PR man up till the incident and should have followed through with a splash page and daily email updates (not just the forum), but instead we got a "I'm leaving Bitcoin" thread. He left when the going got tough. Sure, feelings were hurt and emotions were high. Zhou, if you really want to be proud of what you started then get back to doing the PR and be a team player even if you don't agree. You should leave Bitcoinica on much better conditions if it something you really want to be proud of!

The "I'm leaving Bitcoin" has nothing to do with Bitcoinica hack. I'm still here, but I'm not doing other Bitcoin business any more.

I was the main operator before Bitcoinica joins forces with Intersango. After that, neither the investor nor I possesses full decision power. Intersango guys took over the management entirely. Even my position in PR was not fully recognized.

I did suggest some ideas internally, but I shouldn't have criticized them for different ways of doing things (even though I disagreed).

They are working very hard, but at the same time, I have nothing to update either.

[1714003486]

1714003486

[1714003486]

1714003486

[1714003486]

1714003486

[zhoutong]

Regarding the Bitcoin Consultancy and questions about why they haven't been more active in this mess...I don't know what their arrangement with Bitcoinica is, but if they hadn't fully taken over the operation of Bitcoinica and had no responsibility for the security or theft, then they might be wise put their relationship on hold until Bitcoinica sorts everything out first.  If the Bitcoin Consultancy had nothing to do with the security issue there's no reason they should have to clean up someone else's mess.  At the minimum they would probably want to first arrange compensation for the time and effort that will be required for them to clean up the mess.

It's very hard to judge whether they had anything do to with the security issue, because everything contributes to the disaster.

Patrick - compromised email server.
Me - improper access control.

Bitcoin Consultancy has fully taken over the management and the relationship is final. However, during the transition period, the access control is not defined properly and resulted in this problem. I have no knowledge of an insecure email server but I assigned admin rights to its user.

[dooglus]

I have violated my promise (of "not to post anything [about Bitcoinica]") yesterday, by posting this in the emergency announcement thread:

It's very hard to judge whether they had anything do to with the security issue, because everything contributes to the disaster.

Patrick - compromised email server.
Me - improper access control.

I think you need to make up your mind; are you going to stop posting about Bitcoinica, or are you going to keep telling us more and more.

[rjk]

I think you need to make up your mind; are you going to stop posting about Bitcoinica, or are you going to keep telling us more and more.

Doesn't look like any more information than was already available.

[Ichthyo]

It's very hard to judge whether they had anything do to with the security issue, because everything contributes to the disaster.

Patrick - compromised email server.
Me - improper access control.

I think you need to make up your mind; are you going to stop posting about Bitcoinica, or are you going to keep telling us more and more.

Zouthong didn't say anything new recently. He just repeated again what is publickly known allready.

Unfortunately there seem to be a lot of folks hanging out here, which aren't able to read (but insist in spreading their guesses and opinions very loud.). This whole situation is also embarrasing for us, as a community. Bottom line is we're behaving as if we where a bunch of barely 17 year olds.

[Steve]

Regarding the Bitcoin Consultancy and questions about why they haven't been more active in this mess...I don't know what their arrangement with Bitcoinica is, but if they hadn't fully taken over the operation of Bitcoinica and had no responsibility for the security or theft, then they might be wise put their relationship on hold until Bitcoinica sorts everything out first.  If the Bitcoin Consultancy had nothing to do with the security issue there's no reason they should have to clean up someone else's mess.  At the minimum they would probably want to first arrange compensation for the time and effort that will be required for them to clean up the mess.

It's very hard to judge whether they had anything do to with the security issue, because everything contributes to the disaster.

Patrick - compromised email server.
Me - improper access control.

Bitcoin Consultancy has fully taken over the management and the relationship is final. However, during the transition period, the access control is not defined properly and resulted in this problem. I have no knowledge of an insecure email server but I assigned admin rights to its user.

Oh, I see, well that's a bit different then.  I didn't have a chance to follow all the messages in these threads, but from the sound of it, someone inadvertently sent their hosting control panel password through an email server that was later compromised and gave someone access to the control panel?  I'll use this as a case in point in the future the next time someone dismisses the risk of sending sensitive information in the clear over email.  On a side note, it never ceases to amaze me at how companies (even financial ones) will send scanned forms full of sensitive information over email with no encryption and never give it a second thought.

[allten]

If "Bitcoinica Consultancy" is handling things now, why didn't they notify us of the claims page rather than zhoutong? The more I hear from zhoutong, and less from intersango or whatever they call themselves, the more I lose confidence in the new owner/operators.

This +1. To start with, we never saw any communication from them indicating that anything that Zhoutong said was in any way incorrect, or that there was need of an apology to begin with. Of course, that could have been communicated privately, but from what I have seen so far even Zhoutong himself is becoming frustrated with the obvious stonewalling that we are seeing from the Consultancy.

Indeed, stonewalling is the best description that I can imagine for this series of events; to the public, and to those that wish to fix the problems, as it appears - since access to even the domain name has been fraught with problems such as a poor DNS implementation, leading to those that don't even use the forum to be forced to come here and find out the problem, and wait here for a resolution.

From what I've observed, I have a different perspective. The Intersango guys were brought to help with security not PR. For them to take any position of public communications would have been a breach of contract. The fact that Zhou had to become a team player for his creation caused him a lot of frustration. He was the main PR man up till the incident and should have followed through with a splash page and daily email updates (not just the forum), but instead we got a "I'm leaving Bitcoin" thread. He left when the going got tough. Sure, feelings were hurt and emotions were high. Zhou, if you really want to be proud of what you started then get back to doing the PR and be a team player even if you don't agree. You should leave Bitcoinica on much better conditions if it something you really want to be proud of!

The "I'm leaving Bitcoin" has nothing to do with Bitcoinica hack. I'm still here, but I'm not doing other Bitcoin business any more.

I was the main operator before Bitcoinica joins forces with Intersango. After that, neither the investor nor I possesses full decision power. Intersango guys took over the management entirely. Even my position in PR was not fully recognized.

I did suggest some ideas internally, but I shouldn't have criticized them for different ways of doing things (even though I disagreed).

They are working very hard, but at the same time, I have nothing to update either.

I see. Thanks for the clarification.

Edit: Looks like the whole Bitcoinica thing is going through a lot of growing pains. Glad to see you are still helping out 'till they are running smoothly again.
If they truly make good on all lost coins and do their best to compensate everyone they will definitely earn all of my trust and respect back.

However, the PR during the initial days was a fiasco and is still not where it should be.
Still waiting for an email with all the news and a splash page with daily updates.
I shouldn't have to find it here in this forum.

[Ichthyo]

On a side note, it never ceases to amaze me at how companies (even financial ones) will send scanned forms full of sensitive information over email with no encryption and never give it a second thought.

Still more funny, try to convince a "conventional" finnancial institution you're working with to use something simple as PGP. You'll hit a wall of consultants not even knowing what encryption is, but communicating very "professionally" all day long....

[Transisto]

...
Still waiting for an email with all the news and a splash page with daily updates.
I shouldn't have to find it here in this forum.

+1

This part of the situation make me cry.  

[Soros Shorts]

Oh, I see, well that's a bit different then.  I didn't have a chance to follow all the messages in these threads, but from the sound of it, someone inadvertently sent their hosting control panel password through an email server that was later compromised and gave someone access to the control panel?  I'll use this as a case in point in the future the next time someone dismisses the risk of sending sensitive information in the clear over email.  On a side note, it never ceases to amaze me at how companies (even financial ones) will send scanned forms full of sensitive information over email with no encryption and never give it a second thought.

I am pretty sure Rackspace does not send passwords over emails - just the password reset link to the list of authorized emails on the account. They also use opportunistic TLS so if the recipient email server supports TLS the in-flight data will be encrypted.

However, in this particular case it didn't matter because it appears that one of the authorized email addresses was hosted on a compromised server.

[Steve]

On a side note, it never ceases to amaze me at how companies (even financial ones) will send scanned forms full of sensitive information over email with no encryption and never give it a second thought.

Still more funny, try to convince a "conventional" finnancial institution you're working with to use something simple as PGP. You'll hit a wall of consultants not even knowing what encryption is, but communicating very "professionally" all day long....

I mentioned PGP once to a mortgage broker I was working with…they clearly had no idea what I was talking about, so I said never mind, I'll just drive over to the office…and they thought I was behind the times in that I couldn't handle it over email.  

[muyuu]

Later I questioned them "Does this mean that Rackspace Cloud shouldn't be trusted for anything financially serious?", they didn't give a response.

So we're still in this stage, aren't we.

[casascius]

http://blockchain.info/address/1EMLwAwseowTkDtKnEHRKrwQvzi4HShxSX
...
Also, the address starts with 1EML

Expect Mass Leak

It actually stands for "Expect Mass Leak when African warlords see excellent online way to keep dollars tucked, knowing not everyone has right key, reveal wallet quietly, vexed Zhou is 4cibly hushed, soon his extravagant system exposed."

[Phinnaeus Gage]

http://blockchain.info/address/1EMLwAwseowTkDtKnEHRKrwQvzi4HShxSX
...
Also, the address starts with 1EML

Expect Mass Leak

It actually stands for "Expect Mass Leak when African warlords see excellent online way to keep dollars tucked, knowing not everyone has right key, reveal wallet quietly, vexed Zhou is 4cibly hushed, soon his extravagant system exposed."

LMAO! Now try this one: 1DkyBEKt5S2GDtv7aQw6rQepAvnsRyHoYM

[casascius]

http://blockchain.info/address/1EMLwAwseowTkDtKnEHRKrwQvzi4HShxSX
...
Also, the address starts with 1EML

Expect Mass Leak

It actually stands for "Expect Mass Leak when African warlords see excellent online way to keep dollars tucked, knowing not everyone has right key, reveal wallet quietly, vexed Zhou is 4cibly hushed, soon his extravagant system exposed."

LMAO! Now try this one: 1DkyBEKt5S2GDtv7aQw6rQepAvnsRyHoYM

Dope kilos?  You bet.  Everyone knows that.  5BTC sent, to golden dropbox travels value.  Seventually, anyone questions whether 6ilk Road quietly extracts payment after various national senates relent, yielding harmless opinion, yes marijuana.

[bitcoinBull]

http://blockchain.info/address/1EMLwAwseowTkDtKnEHRKrwQvzi4HShxSX
...
Also, the address starts with 1EML

Expect Mass Leak

It actually stands for "Expect Mass Leak when African warlords see excellent online way to keep dollars tucked, knowing not everyone has right key, reveal wallet quietly, vexed Zhou is 4cibly hushed, soon his extravagant system exposed."

LMAO! Now try this one: 1DkyBEKt5S2GDtv7aQw6rQepAvnsRyHoYM

Dope kilos?  You bet.  Everyone knows that.  5BTC sent, to golden dropbox travels value.  Seventually, anyone questions whether 6ilk Road quietly extracts payment after various national senates relent, yielding harmless opinion, yes marijuana.

haha. someone should write a script to translate these vanity acronyms.

[Dalkore]

It really makes me smile when people like Zhou take responsibility for their part and explain to the community on what happened so others will learn from this wisdom and bring good will back to this brand.   It shows class and I hope this type of mature behavior spreads in this community, make it the best on the planet.  I am proud to be a part of this and in my business venture coming online very soon, we are going to take the same level of communication and honest information.

Thank you.


Dalkore