Zhoutong

[tvbcof]

Why hasn't anyone started a new thread in General Discussion about InterScamgo yet??? Really, they deserve to be put out of business in any case.

There's nothing stopping you from starting one if you believe one should exist.

Sure anyone could start one (for now) but if the increasingly aggressive forum moderators don't like it it'll be burried.

---

FTR, I remain relatively impressed with the 'moderation in moderation' on the forum though there does seem to be the beginnings of a shift toward increasing censorship of unpopular lines of thought.

[1715517700]

1715517700

[1715517700]

1715517700

[1715517700]

1715517700

[bitcoinBull]

I don't have. I don't even know how much we have in cold storage before the hack.

If you don't know how much is in cold storage, how in the world can you guarantee 98% of deposits?!

I'm not the owner of Bitcoinica and I'm not liable for anything that happened. 

You may not be liable legally, but you are responsible. How long was bitcoinica consultancy (patrick) on the info@bitcoinica.com mailing list? The announcement was only made on April 25:

Press Release: https://www.bitcoinica.com/posts/joining-forces-with-bitcoin-consultancy

April 25, 2012 —

I didn't even initiate the interest system.

you didn't?

We are glad to announce that we have started the public test run of our interest system. 

[repentance]

Right, here is a VC backed company with Bitcoin developers and "with specialisation in information security" CTO on board who own and operate a service that got hacked. And you think that it is all fault of a 17 yo who they have hired and who was an employee and later got effectively fired.

Good luck convincing any judge or anyone with a modicum of common sense.

Your post is so hindsight is 20/20.

It is bad practice to make sudden disruptive changes overnight to a production system. Instead the theory was a very gradual replacing of the system while observing changes. Bitcoinica was already very fragile. I still think that was a good decision.

I think what people are having trouble with is the idea that you didn't expect another attack using a similar method to the one which was used the first time around and that no-one ensured that the new hosting service you chose had a way to lock an attacker out in the event of an intrusion.  Those things seem like massive oversights for people whose reputation is one of being security specialists.  It seems like changes to prevent further attacks are not something which should have been implemented gradually - they're something which should have been a top priority given how often further attacks (whether by the same person or by others) occur following an initial successful intrusion .

[genjix]

Step 1 - fix the code.

Flaws were already being found in the code. That was the logical first step. That the environment ended up being exploited is simply hindsight. I would prefer not changing a working environment until after knowing how the code operates. An example is that the early Intersango accidentally made out a 500 BTC payment when the file permissions were too strict. Similarly changing an aspect of Bitcoinica without proper insight could have had grave consequences.

First you understand the code. Then you run the code. You experiment with a test system. Make improvements. Deploy changes. Change production environment.

The Bitcoinica plan was to do the above while creating a new platform to replace it in the long term.