Bitcoin Forum
December 10, 2016, 10:32:06 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2]  All
  Print  
Author Topic: Does anyone get the money back from Bitcoinica?  (Read 2659 times)
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
June 03, 2012, 12:04:36 AM
 #21

It's inconceivable to me that after the Linode compromise they chose one of the cheapest shared hosting options with Rackspace and that they didn't regard redundancy and being able to shut down access to the server if it was compromised as critical.  They made these choices after they'd performed a security audit which should have revealed that their servers were still vulnerable.
Just to make sure everyone has it straight - Bitcoinica was on the RS cloud long before the Consultancy came along. The Linode VPS was just an attempt to keep the hot wallet off the rackspace cluster to spread the risk around. Obviously we saw how that failed.

I'm sure that excuses them from not tightening up their security at Rackspace after the Linode hack.  They performed a security audit in March according to Tihan - a proper audit should have revealed the Rackspace vulnerability.  Another attack should have been expected.  Even if the same attacker doesn't come back for a second bite at the cherry, once a vulnerability has been exploited other people will try to exploit that same vulnerability in respect of both the company which was originally attacked and similar businesses.
I'm just saying this from the point of view as someone who has read all the things said about this incident and not as defending them in any way, but if an audit had been performed at that time it wouldn't have caught a later security breach. The later breach was that of an insecure server containing the credentials to access an otherwise-secure mail server, which then cascaded into allowing access via a password reset into the control panel. The 2 Bitcoinica incidents had similar qualities, but were not the same hack.

It's kind of hard to audit the hosting provider's control panel from all angles, especially when you have no access to the backend of it. Obviously all this stuff should have been on a dedicated server stack a long time ago.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
1481409126
Hero Member
*
Offline Offline

Posts: 1481409126

View Profile Personal Message (Offline)

Ignore
1481409126
Reply with quote  #2

1481409126
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
snoleo
Member
**
Offline Offline

Activity: 79


A Colt Crossed the River


View Profile
June 05, 2012, 01:37:46 AM
 #22

There are dollars and bitcoins in my Bitcoinica account.
The following 5 refunding solutions , which Bitcoinica will choose? :

1. refund dollars AND bitcoins
2. refund dollars ONLY
3. refund bitcoins ONLY
4. exchange bitcoins to dollars at SOME rate, and refund dollars
5. exchange dollars to bitcoins at SOME rate, and refund bitcoins

btc123.com - bitcoin Info & Web directory
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!