Slush really needs to implement the following two features:
1. Login/my account under HTTPS.
2. Twenty-four hour payout lock when wallet address changes.
Not running login over https is pretty dang bad. The 24 hour payout lock would certainly be nice.
1. Login/my account under HTTPS.
2. Twenty-four hour payout lock when wallet address changes.
Not running login over https is pretty dang bad. The 24 hour payout lock would certainly be nice.
True.
There are certainly people preying on his site. My account was broken into but it was my own fault..... Noob mistake but the predators are out there. Kinda sad really. You have high hopes for Bitcoin but the criminal mind is relentless and ever present. May their armpits be infested with the fleas from a thousand camels!!!
How did it happen to you out of curiosity. The reason I'm asking is I'd like to know whether this is my screwup somehow or if it's slush's fault.
Well as you say you were not stupid enough to use the same password for your worker, I was. I'm man enough to admit it
I was in a hurry and excited to get starterd. It had nothing to do with slush. The net has really made the criminal bold. They see it as a "well if your that dumb" mistake you deserve to be stolen from. But blaming stupidity for criminal justification doesn't improve the morality of it. I'd like the dweeb who did it try and come to my house and steal from me.
Yeap, unfortunately I see security as being a major future issue for bitcoiners. Just watch the string of newbies who get their bitcoins stolen by from trojan/virus/malware etc. We really really really badly need the wallet.dat to be encrypted by the official client.
Also slush needs to use SSL for all pool website traffic. C'mon slush invest in a damn certificate, they're not that expensive any more.
One can technically load up his site via ssl but it's a self signed certificate and even then ssl is not enabled by default. When someone types in the pool's website it should redirect to https://mining.bitcoin.cz
.