|
Mushoz
|
|
July 15, 2012, 03:23:23 PM |
|
So how is this latest disaster going to affect the payouts? When will the payouts resume?
|
www.bitbuy.nl - Koop eenvoudig, snel en goedkoop bitcoins bij Bitbuy!
|
|
|
HorseRider
Donator
Legendary
Offline
Activity: 1120
Merit: 1001
|
|
July 15, 2012, 03:28:40 PM |
|
it's really astonishing for me that after 70+ pages of dicussion, genjix has been able to remain silence.
|
16SvwJtQET7mkHZFFbJpgPaDA1Pxtmbm5P
|
|
|
proudhon
Legendary
Offline
Activity: 2198
Merit: 1311
|
|
July 15, 2012, 03:33:08 PM |
|
it's really astonishing for me that after 70+ pages of dicussion, genjix has been able to remain silence.
What else is there to say, really?
|
Bitcoin Fact: the price of bitcoin will not be greater than $70k for more than 25 consecutive days at any point in the rest of recorded human history.
|
|
|
Vod
Legendary
Offline
Activity: 3836
Merit: 3123
Licking my boob since 1970
|
|
July 15, 2012, 03:40:25 PM |
|
What else is there to say, really?
July 15, 2012 - We are sad to report someone has broken into our home and taken our laptop containing the cold storage wallet for the remainder of the bitcoinica funds. We didn't think to encrypt the wallet because we thought it was safe. Sorry
|
https://nastyscam.com - featuring 13 years of OGNasty bitcoin scams https://vod.fan - fast/free image sharing - cleaning it up! (240905) Will Theymos finish his $100,000,000 forum before this one shuts down?
|
|
|
Phinnaeus Gage
Legendary
Offline
Activity: 1918
Merit: 1570
Bitcoin: An Idea Worth Spending
|
|
July 15, 2012, 03:44:29 PM |
|
Intersango guys were paid to do a review of the source code. I got this personally from an Intersango guy. If they checked this out and left the password in the code? Umm? WTF?
And if Intersango guys uploaded that code and password to the public?
WTF!!
I see why police will not be called....
For several hours last night, I conducted a lot of research and meant to comment on this post before calling it a night. I, too, find it odd that Bitcoinica's security audit was conducted by Intersango. That's akin to Mt Gox having their exchange audited by their own (made-up) Security: The Gathering. ~Bruno~
|
|
|
|
Otoh
Donator
Legendary
Offline
Activity: 3066
Merit: 1165
|
|
July 15, 2012, 05:19:05 PM Last edit: July 15, 2012, 05:45:44 PM by Otoh |
|
Please to excuse me if someone has already asked about this as I don't wish to wade through the entire thread, (I have now & it doesn't seem to have been brought up as yet), but it has just stuck me that in addition to not using the free Lastpass 2FA or the Yubi key that comes with a pro-account which Lastpass promote heavily & is an obvious must, they also can't have had any 2FA on their Mt. Gox account like the Mt. Gox Yubi key that is needed for both logging on & for withdrawals.
This has got to be deliberate imo to leave such a stash of client's cash just sitting there & then to not use the most basic protections that secure it, looks like a clear case of leaving plausible deny-ability to me - that is if anyone could imagine them being so negligent about the funds they were meant to be looking after in the first place.
Of course with the Yubi keys it would need a staged physical break in to pull off - far too risky, police have to be informed etc, so playing the incompetence card instead imo, Oh we put it all in this Online wallet & didn't bother to secure it or the access to it just like last time & the time before, even Inspector Clueless might just have spotted a pattern here.
|
|
|
|
repentance
|
|
July 15, 2012, 06:21:27 PM |
|
Intersango guys were paid to do a review of the source code. I got this personally from an Intersango guy. If they checked this out and left the password in the code? Umm? WTF?
And if Intersango guys uploaded that code and password to the public?
WTF!!
I see why police will not be called....
Tihan said in his first post that Intersango was brought in to do a security audit in March. No-one has disputed that. When asked about why the Rackspace hack happened after they'd completed the audit and become general partners, they said they'd been focusing on the fixing the code. All of this was publicly known prior to the MtGox intrusion.
|
All I can say is that this is Bitcoin. I don't believe it until I see six confirmations.
|
|
|
Phinnaeus Gage
Legendary
Offline
Activity: 1918
Merit: 1570
Bitcoin: An Idea Worth Spending
|
|
July 15, 2012, 06:32:08 PM |
|
Intersango guys were paid to do a review of the source code. I got this personally from an Intersango guy. If they checked this out and left the password in the code? Umm? WTF?
And if Intersango guys uploaded that code and password to the public?
WTF!!
I see why police will not be called....
Tihan said in his first post that Intersango was brought in to do a security audit in March. No-one has disputed that. When asked about why the Rackspace hack happened after they'd completed the audit and become general partners, they said they'd been focusing on the fixing the code. All of this was publicly known prior to the MtGox intrusion. Exactly! Tihan Seale bought in the Intersango team to do a security audit on Bitcoinica then owned by the same team. http://en.wikipedia.org/wiki/Information_security_audit- Meet with IT management to determine possible areas of concern
- Review the current IT organization chart
- Review job descriptions of data center employees
- Research all operating systems, software applications and data center equipment operating within the data center
- Review the company’s IT policies and procedures
- Evaluate the company’s IT budget and systems planning documentation
- Review the data center’s disaster recovery plan (they may have missed this one, but 6(?) outta 7 ain't bad)
|
|
|
|
tbcoin
Legendary
Offline
Activity: 1022
Merit: 1000
|
|
July 15, 2012, 06:41:23 PM |
|
So how is this latest disaster going to affect the payouts? When will the payouts resume?
(no comments) Bitcoinica will reimburse 100% of claims before 2013? http://betsofbitco.in/item?id=499
|
|
|
|
repentance
|
|
July 15, 2012, 06:53:17 PM |
|
Exactly! Tihan Seale bought in the Intersango team to do a security audit on Bitcoinica owned by the same team.
The Intersango guys were not the owners of Bitcoinica when they were brought in to do the security audit. That's a rather important point in itself because it means that they assumed responsibility for operating the company knowing there were existing vulnerabilities. Whether Bitcoinica should have been taken offline at that (ie, prior to the Rackspace intrusion) point until those vulnerabilities were addressed is an interesting question.
|
All I can say is that this is Bitcoin. I don't believe it until I see six confirmations.
|
|
|
Vladimir
|
|
July 15, 2012, 06:57:04 PM |
|
I would speculate that "CTO with specialisation in information security" thought that "Information Security Audit" = "code audit for SQL injection and XSS and such" plus maybe a port scan.
Given all that we know now this would be the most plausible and simple explanation.
|
-
|
|
|
proudhon
Legendary
Offline
Activity: 2198
Merit: 1311
|
|
July 15, 2012, 06:58:12 PM |
|
What else is there to say, really?
July 15, 2012 - We are sad to report someone has broken into our home and taken our laptop containing the cold storage wallet for the remainder of the bitcoinica funds. We didn't think to encrypt the wallet because we thought it was safe. Sorry They might as well hurry up and get on with that announcement then.
|
Bitcoin Fact: the price of bitcoin will not be greater than $70k for more than 25 consecutive days at any point in the rest of recorded human history.
|
|
|
Vladimir
|
|
July 15, 2012, 07:03:23 PM |
|
- Review the data center’s disaster recovery plan (they may have missed this one, but 6(?) outta 7 ain't bad)
Basically Information Security is mostly concerned with so called CIA of data. i.e. confidentiality, integrity, availability (CIA) of data. Integrity is one of the major goals here and "offsite backups" is always the very first thing one looks into when dealing with data integrity. From my point of view they blew not 1 of of 7, but 3 out of 3.
|
-
|
|
|
Blind
|
|
July 15, 2012, 08:03:54 PM |
|
Please to excuse me if someone has already asked about this as I don't wish to wade through the entire thread, (I have now & it doesn't seem to have been brought up as yet), but it has just stuck me that in addition to not using the free Lastpass 2FA or the Yubi key that comes with a pro-account which Lastpass promote heavily & is an obvious must, they also can't have had any 2FA on their Mt. Gox account like the Mt. Gox Yubi key that is needed for both logging on & for withdrawals.
This has got to be deliberate imo to leave such a stash of client's cash just sitting there & then to not use the most basic protections that secure it, looks like a clear case of leaving plausible deny-ability to me - that is if anyone could imagine them being so negligent about the funds they were meant to be looking after in the first place.
Of course with the Yubi keys it would need a staged physical break in to pull off - far too risky, police have to be informed etc, so playing the incompetence card instead imo, Oh we put it all in this Online wallet & didn't bother to secure it or the access to it just like last time & the time before, even Inspector Clueless might just have spotted a pattern here.
Is it possible that 2FA would prevent them from having shared access to accounts, so they skipped it? Still bad practice, but at least provides some explanation for this madness.
|
Government is not the solution to our problem. Government is the problem. -- Ronald Reagan
|
|
|
rjk
Sr. Member
Offline
Activity: 448
Merit: 250
1ngldh
|
|
July 15, 2012, 09:57:28 PM |
|
Please to excuse me if someone has already asked about this as I don't wish to wade through the entire thread, (I have now & it doesn't seem to have been brought up as yet), but it has just stuck me that in addition to not using the free Lastpass 2FA or the Yubi key that comes with a pro-account which Lastpass promote heavily & is an obvious must, they also can't have had any 2FA on their Mt. Gox account like the Mt. Gox Yubi key that is needed for both logging on & for withdrawals.
This has got to be deliberate imo to leave such a stash of client's cash just sitting there & then to not use the most basic protections that secure it, looks like a clear case of leaving plausible deny-ability to me - that is if anyone could imagine them being so negligent about the funds they were meant to be looking after in the first place.
Of course with the Yubi keys it would need a staged physical break in to pull off - far too risky, police have to be informed etc, so playing the incompetence card instead imo, Oh we put it all in this Online wallet & didn't bother to secure it or the access to it just like last time & the time before, even Inspector Clueless might just have spotted a pattern here.
Is it possible that 2FA would prevent them from having shared access to accounts, so they skipped it? Still bad practice, but at least provides some explanation for this madness. No. LastPass allows several Yubikeys to be used on a single account, I believe the limit is 6 or 8. However, this would have been an issue with MtGox, unless they used GA and shared the GA secret.
|
|
|
|
almackska
Guest
|
|
July 16, 2012, 03:45:01 AM |
|
Wheres my money!!! I sent you all my bitcoinica emails, all my mtgox codes (Only method used to fund account), I filed a claim and haven received ANY emails back. I talked to phantomcircuit in IRC and he told me that my account was small and i should wait an additional 3-4 days. That was two weeks ago. Not getting paid is one thing, not getting a SINGLE REPLY from my emails is another. WTF is taking so long! I want my M*therF*cking MONEY!
|
|
|
|
repentance
|
|
July 16, 2012, 04:11:19 AM |
|
Wheres my money!!! I sent you all my bitcoinica emails, all my mtgox codes (Only method used to fund account), I filed a claim and haven received ANY emails back. I talked to phantomcircuit in IRC and he told me that my account was small and i should wait an additional 3-4 days. That was two weeks ago. Not getting paid is one thing, not getting a SINGLE REPLY from my emails is another. WTF is taking so long! I want my M*therF*cking MONEY!
Last week was before another ~$350,000 was stolen. I suspect that everyone will now be waiting more than a few additional days for the processing of claims to resume.
|
All I can say is that this is Bitcoin. I don't believe it until I see six confirmations.
|
|
|
aq
|
|
July 16, 2012, 09:20:42 AM |
|
Wheres my money!!! I sent you all my bitcoinica emails, all my mtgox codes (Only method used to fund account), I filed a claim and haven received ANY emails back. I talked to phantomcircuit in IRC and he told me that my account was small and i should wait an additional 3-4 days. That was two weeks ago. Not getting paid is one thing, not getting a SINGLE REPLY from my emails is another. WTF is taking so long! I want my M*therF*cking MONEY!
Last week was before another ~$350,000 was stolen. I suspect that everyone will now be waiting more than a few additional days for the processing of claims to resume. I am afraid they will completely stop the payouts because of this: https://bitcointalk.org/index.php?topic=93109.0
|
|
|
|
repentance
|
|
July 16, 2012, 09:40:52 AM |
|
It could also get messy if the limited partner sues the general partner. There really aren't any good options any more, only least worst ones.
|
All I can say is that this is Bitcoin. I don't believe it until I see six confirmations.
|
|
|
|