robix
|
|
February 14, 2014, 02:01:58 PM |
|
I'd guess his mail account got compromised. It's simply the biggest hole you can get through. I guess it's futile to discuss what is 'probable' because why would someone do something improbable - because it is improbable. Circular logic, we'll have to wait and see...
Is 2FA disabled when you request a new password? I don't think so. But in case of Google Mail you could have control over the 2FA authenticating entity... ok
|
|
|
|
dmcdad
|
|
February 14, 2014, 02:08:52 PM |
|
empoweoqwj: very sorry to hear about this, and I hope you or havelock track down exactly what happened. Man, this has been a really crappy week for BTC.
|
|
|
|
shawshankinmate37927
|
|
February 14, 2014, 04:19:35 PM |
|
nope - Mac - and no, I didn't install that "Stealth Bit" malware
That's the only computer you've used to logon to Havelock? Yep. Just my Macbook Did you have Google Authenticator installed on this or a different device?
|
"It is well enough that people of the nation do not understand our banking and monetary system, for if they did, I believe there would be a revolution before tomorrow morning." - Henry Ford
|
|
|
silverfuture
Legendary
Offline
Activity: 947
Merit: 1008
central banking = outdated protocol
|
|
February 14, 2014, 04:37:54 PM |
|
I'd guess his mail account got compromised. It's simply the biggest hole you can get through. I guess it's futile to discuss what is 'probable' because why would someone do something improbable - because it is improbable. Circular logic, we'll have to wait and see...
Is 2FA disabled when you request a new password? I don't think so. But in case of Google Mail you could have control over the 2FA authenticating entity... Compromised gmail account seems like the simplest and most likely scenario.
|
|
|
|
havelock
|
|
February 14, 2014, 04:50:22 PM |
|
Here at Havelock we take security issues very seriously.
We have never had any issues with users that enabled 2FA on their account. We have contacted the person that has made the claim that is account has been compromised and are looking to resolve the matter has soon as possible.
Trying to balance ease of use and security is never easy, especially in the Bitcoin realm. We can always add additional security features but those will always slow down the user experience.
So we turn to you, our valued customers, what features would like us to add to our platform?
1. Confirmation email before any action is taken; some but not all actions.
2. Pending withdrawal of your Bitcoins; time lock?
3. Lock account by IP address?
We always value your opinions and we strive to serve the Bitcoin community to the best of our ability.
Also we can assure everyone that it was not an "inside rogue employee"
Thank you,
Support Team Havelock Investments
|
|
|
|
Caesium
|
|
February 14, 2014, 04:54:02 PM |
|
2. Pending withdrawal of your Bitcoins; time lock?
How about allowing us to specify a withdrawal address that is then locked; coins can only be sent to this address. It can be unlocked, but upon doing so an email is sent notifying me that it's been unlocked and it takes a further 7 days or so before a new address can be entered?
|
|
|
|
jimmothy
|
|
February 14, 2014, 04:56:02 PM |
|
Here at Havelock we take security issues very seriously.
We have never had any issues with users that enabled 2FA on their account. We have contacted the person that has made the claim that is account has been compromised and are looking to resolve the matter has soon as possible.
Trying to balance ease of use and security is never easy, especially in the Bitcoin realm. We can always add additional security features but those will always slow down the user experience.
So we turn to you, our valued customers, what features would like us to add to our platform?
1. Confirmation email before any action is taken; some but not all actions.
2. Pending withdrawal of your Bitcoins; time lock?
3. Lock account by IP address?
We always value your opinions and we strive to serve the Bitcoin community to the best of our ability.
Also we can assure everyone that it was not an "inside rogue employee"
Thank you,
Support Team Havelock Investments
Yes to every one of those. (Instant bitcoin withdrawals worries me a bit) Also maybe requiring a pin before placing orders/doing anything like btct.co would be nice.
|
|
|
|
michaelGedi
Sr. Member
Offline
Activity: 364
Merit: 250
"to be or not to be, that is the bitcoin"
|
|
February 14, 2014, 05:01:24 PM |
|
Here at Havelock we take security issues very seriously.
We have never had any issues with users that enabled 2FA on their account. We have contacted the person that has made the claim that is account has been compromised and are looking to resolve the matter has soon as possible.
Trying to balance ease of use and security is never easy, especially in the Bitcoin realm. We can always add additional security features but those will always slow down the user experience.
So we turn to you, our valued customers, what features would like us to add to our platform?
1. Confirmation email before any action is taken; some but not all actions.
2. Pending withdrawal of your Bitcoins; time lock?
3. Lock account by IP address?
We always value your opinions and we strive to serve the Bitcoin community to the best of our ability.
Also we can assure everyone that it was not an "inside rogue employee"
Thank you,
Support Team Havelock Investments
Yes to every one of those. (Instant bitcoin withdrawals worries me a bit) Also maybe requiring a pin before placing orders/doing anything like btct.co would be nice. I somewhat agree, you can never have too many security options at this stage with bitcoin... perhaps a poll should be offered via email or on the forum to put possible security additions in order of priority?
|
|
|
|
hdbuck
Legendary
Offline
Activity: 1260
Merit: 1002
|
|
February 14, 2014, 05:11:47 PM |
|
Here at Havelock we take security issues very seriously.
We have never had any issues with users that enabled 2FA on their account. We have contacted the person that has made the claim that is account has been compromised and are looking to resolve the matter has soon as possible.
Trying to balance ease of use and security is never easy, especially in the Bitcoin realm. We can always add additional security features but those will always slow down the user experience.
So we turn to you, our valued customers, what features would like us to add to our platform?
1. Confirmation email before any action is taken; some but not all actions.
2. Pending withdrawal of your Bitcoins; time lock?
3. Lock account by IP address?
We always value your opinions and we strive to serve the Bitcoin community to the best of our ability.
Also we can assure everyone that it was not an "inside rogue employee"
Thank you,
Support Team Havelock Investments
Yes to every one of those. (Instant bitcoin withdrawals worries me a bit) Also maybe requiring a pin before placing orders/doing anything like btct.co would be nice. yes to every of those + YUBIKEY!!!!
|
|
|
|
runam0k
Legendary
Offline
Activity: 1092
Merit: 1001
Touchdown
|
|
February 14, 2014, 05:18:28 PM |
|
Here at Havelock we take security issues very seriously.
We have never had any issues with users that enabled 2FA on their account. We have contacted the person that has made the claim that is account has been compromised and are looking to resolve the matter has soon as possible.
Trying to balance ease of use and security is never easy, especially in the Bitcoin realm. We can always add additional security features but those will always slow down the user experience.
So we turn to you, our valued customers, what features would like us to add to our platform?
1. Confirmation email before any action is taken; some but not all actions.
2. Pending withdrawal of your Bitcoins; time lock?
3. Lock account by IP address?
We always value your opinions and we strive to serve the Bitcoin community to the best of our ability.
Also we can assure everyone that it was not an "inside rogue employee"
Thank you,
Support Team Havelock Investments
PIN for orders or withdrawals, perhaps, or lock the BTC withrawal address for x days. Instant BTC withdrawals to any old BTC address is a problem.
|
|
|
|
shawshankinmate37927
|
|
February 14, 2014, 05:20:54 PM |
|
Here at Havelock we take security issues very seriously.
We have never had any issues with users that enabled 2FA on their account. We have contacted the person that has made the claim that is account has been compromised and are looking to resolve the matter has soon as possible.
Trying to balance ease of use and security is never easy, especially in the Bitcoin realm. We can always add additional security features but those will always slow down the user experience.
So we turn to you, our valued customers, what features would like us to add to our platform?
1. Confirmation email before any action is taken; some but not all actions.
2. Pending withdrawal of your Bitcoins; time lock?
3. Lock account by IP address?
We always value your opinions and we strive to serve the Bitcoin community to the best of our ability.
Also we can assure everyone that it was not an "inside rogue employee"
Thank you,
Support Team Havelock Investments
2FA via e-mail, like on blockchain.info.
|
"It is well enough that people of the nation do not understand our banking and monetary system, for if they did, I believe there would be a revolution before tomorrow morning." - Henry Ford
|
|
|
Herp
|
|
February 14, 2014, 05:26:18 PM |
|
2. Pending withdrawal of your Bitcoins; time lock?
How about allowing us to specify a withdrawal address that is then locked; coins can only be sent to this address. It can be unlocked, but upon doing so an email is sent notifying me that it's been unlocked and it takes a further 7 days or so before a new address can be entered? Yep, this would be a great feature.
|
|
|
|
Fabrizio89
|
|
February 14, 2014, 05:34:17 PM |
|
How about allowing us to specify a withdrawal address that is then locked; coins can only be sent to this address. [...]
+1
|
|
|
|
elasticband
Legendary
Offline
Activity: 1036
Merit: 1000
Nighty Night Don't Let The Trolls Bite Nom Nom Nom
|
|
February 14, 2014, 06:07:46 PM |
|
2. Pending withdrawal of your Bitcoins; time lock?
How about allowing us to specify a withdrawal address that is then locked; coins can only be sent to this address. It can be unlocked, but upon doing so an email is sent notifying me that it's been unlocked and it takes a further 7 days or so before a new address can be entered? Yep, this would be a great feature. Does not stop a hacker selling your shares for dirt cheap to himself.
|
|
|
|
silverfuture
Legendary
Offline
Activity: 947
Merit: 1008
central banking = outdated protocol
|
|
February 14, 2014, 06:10:44 PM |
|
2. Pending withdrawal of your Bitcoins; time lock?
How about allowing us to specify a withdrawal address that is then locked; coins can only be sent to this address. It can be unlocked, but upon doing so an email is sent notifying me that it's been unlocked and it takes a further 7 days or so before a new address can be entered? Yep, this would be a great feature. Does not stop a hacker selling your shares for dirt cheap to himself. ...or transferring them to another account for free.
|
|
|
|
twentyseventy
Legendary
Offline
Activity: 1386
Merit: 1000
|
|
February 14, 2014, 06:34:41 PM |
|
Here at Havelock we take security issues very seriously.
We have never had any issues with users that enabled 2FA on their account. We have contacted the person that has made the claim that is account has been compromised and are looking to resolve the matter has soon as possible.
Trying to balance ease of use and security is never easy, especially in the Bitcoin realm. We can always add additional security features but those will always slow down the user experience.
So we turn to you, our valued customers, what features would like us to add to our platform?
1. Confirmation email before any action is taken; some but not all actions.
2. Pending withdrawal of your Bitcoins; time lock?
3. Lock account by IP address?
We always value your opinions and we strive to serve the Bitcoin community to the best of our ability.
Also we can assure everyone that it was not an "inside rogue employee"
Thank you,
Support Team Havelock Investments
PIN for orders or withdrawals, perhaps, or lock the BTC withrawal address for x days. Instant BTC withdrawals to any old BTC address is a problem. I like that idea - PIN for withdrawals, BTC withdrawal address can only be changed after 7-day waiting period. You could even make the second part optional.
|
|
|
|
havelock
|
|
February 14, 2014, 06:48:12 PM |
|
Thank you for all of your quick replies,
We will start to work on the following security implementations:
1. The option to Lock your account to a specific IP
2. Required 2FA for withdrawal / optional for order execution
3. Once 2FA is enabled, you will be required to enter your 2FA to view the private key or to disable 2FA on your account.
Once again thank you for all of your support,
Havelock Investments
|
|
|
|
electerium
|
|
February 14, 2014, 07:06:41 PM |
|
2fa on withdraw is a decent roadblock to mitm attacks that can circumvent the initial 2fa sign in. Additionally I think the 2fa email is also a decent idea but less robust for obvious reasons
|
|
|
|
shawshankinmate37927
|
|
February 14, 2014, 08:22:09 PM |
|
2fa on withdraw is a decent roadblock to mitm attacks that can circumvent the initial 2fa sign in. Additionally I think the 2fa email is also a decent idea but less robust for obvious reasons
I like 2FA via e-mail because my e-mail account is set up with 2FA via a text message to my cell phone. With 2FA via e-mail, a hacker would have to hack my e-mail account in order to access my Havelock account. In order to hack my e-mail account, he would also have to hack my cell phone.
|
"It is well enough that people of the nation do not understand our banking and monetary system, for if they did, I believe there would be a revolution before tomorrow morning." - Henry Ford
|
|
|
runam0k
Legendary
Offline
Activity: 1092
Merit: 1001
Touchdown
|
|
February 14, 2014, 08:31:35 PM |
|
Thank you for all of your quick replies,
We will start to work on the following security implementations:
1. The option to Lock your account to a specific IP
2. Required 2FA for withdrawal / optional for order execution
3. Once 2FA is enabled, you will be required to enter your 2FA to view the private key or to disable 2FA on your account.
Once again thank you for all of your support,
Havelock Investments
No locking the BTC withdraw address (which seemed to be the most popular suggestion here)?
|
|
|
|
|