Bitcoin Forum
December 04, 2016, 10:27:21 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2]  All
  Print  
Author Topic: Zhoutong  (Read 2751 times)
Vladimir
Hero Member
*****
Offline Offline

Activity: 812


-


View Profile
May 26, 2012, 05:40:01 PM
 #21

Right, here is a VC backed company with Bitcoin developers and "with specialisation in information security" CTO on board who own and operate a service that got hacked. And you think that it is all fault of a 17 yo who they have hired and who was an employee and later got effectively fired.

Good luck convincing any judge or anyone with a modicum of common sense.

Your post is so hindsight is 20/20.

It is bad practice to make sudden disruptive changes overnight to a production system. Instead the theory was a very gradual replacing of the system while observing changes. Bitcoinica was already very fragile. I still think that was a good decision.

Absolutely! It is in hindsight, no arguments here. But note that I am not attacking you at all. I am just pointing out how unreasonable it is to attack Zhou.

Frankly, the only thing I could fault Zhou for, big time, is not taking my information security related advise early on and accepting my resignation over that.

At least since then I had multiply opportunities to enjoy "I told you so" moments.

Sincerely Yours,
Captain Gloat. LOL

-
1480847241
Hero Member
*
Offline Offline

Posts: 1480847241

View Profile Personal Message (Offline)

Ignore
1480847241
Reply with quote  #2

1480847241
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480847241
Hero Member
*
Offline Offline

Posts: 1480847241

View Profile Personal Message (Offline)

Ignore
1480847241
Reply with quote  #2

1480847241
Report to moderator
tvbcof
Legendary
*
Offline Offline

Activity: 1974


View Profile
May 26, 2012, 06:18:13 PM
 #22

Why hasn't anyone started a new thread in General Discussion about InterScamgo yet??? Really, they deserve to be put out of business in any case.

There's nothing stopping you from starting one if you believe one should exist.

Sure anyone could start one (for now) but if the increasingly aggressive forum moderators don't like it it'll be burried.

---

FTR, I remain relatively impressed with the 'moderation in moderation' on the forum though there does seem to be the beginnings of a shift toward increasing censorship of unpopular lines of thought.


bitcoinBull
Legendary
*
Offline Offline

Activity: 826


rippleFanatic


View Profile
May 26, 2012, 10:27:52 PM
 #23

I don't have. I don't even know how much we have in cold storage before the hack.
If you don't know how much is in cold storage, how in the world can you guarantee 98% of deposits?!


I'm not the owner of Bitcoinica and I'm not liable for anything that happened. 
You may not be liable legally, but you are responsible. How long was bitcoinica consultancy (patrick) on the info@bitcoinica.com mailing list? The announcement was only made on April 25:


I didn't even initiate the interest system.
you didn't?
We are glad to announce that we have started the public test run of our interest system. 

College of Bucking Bulls Knowledge
repentance
Hero Member
*****
Offline Offline

Activity: 840


View Profile
May 26, 2012, 11:18:03 PM
 #24

Right, here is a VC backed company with Bitcoin developers and "with specialisation in information security" CTO on board who own and operate a service that got hacked. And you think that it is all fault of a 17 yo who they have hired and who was an employee and later got effectively fired.

Good luck convincing any judge or anyone with a modicum of common sense.

Your post is so hindsight is 20/20.

It is bad practice to make sudden disruptive changes overnight to a production system. Instead the theory was a very gradual replacing of the system while observing changes. Bitcoinica was already very fragile. I still think that was a good decision.

I think what people are having trouble with is the idea that you didn't expect another attack using a similar method to the one which was used the first time around and that no-one ensured that the new hosting service you chose had a way to lock an attacker out in the event of an intrusion.  Those things seem like massive oversights for people whose reputation is one of being security specialists.  It seems like changes to prevent further attacks are not something which should have been implemented gradually - they're something which should have been a top priority given how often further attacks (whether by the same person or by others) occur following an initial successful intrusion .

All I can say is that this is Bitcoin. I don't believe it until I see six confirmations.
genjix
Legendary
*
Offline Offline

Activity: 1232


View Profile
May 27, 2012, 02:27:27 AM
 #25

Step 1 - fix the code.

Flaws were already being found in the code. That was the logical first step. That the environment ended up being exploited is simply hindsight. I would prefer not changing a working environment until after knowing how the code operates. An example is that the early Intersango accidentally made out a 500 BTC payment when the file permissions were too strict. Similarly changing an aspect of Bitcoinica without proper insight could have had grave consequences.

First you understand the code. Then you run the code. You experiment with a test system. Make improvements. Deploy changes. Change production environment.

The Bitcoinica plan was to do the above while creating a new platform to replace it in the long term.
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!