Author

Topic: ASICMINER: Entering the Future of ASIC Mining by Inventing It - page 1334. (Read 3917468 times)

sr. member
Activity: 476
Merit: 250
No problem.

Thank you for the response.
donator
Activity: 848
Merit: 1005
I consider that a reasonable compromise. And would be willing to vote "aye" for such a motion.

I'm merely pointing out the dangers of your "I'm considering" statement about actions being taken unilaterally.

You are now operating with some binding commitments. Or, you are now bound by nothing and we have no reason to expect any eventual payoffs for our investment.
Yes, I'm operating with binding commitments. There should be compensation if the result of the drama is not ideal. I used "I'm considering" to say that I'm thinking of some more compensating plans other than the plan-A. It will of course be the shareholders who would decide.
sr. member
Activity: 476
Merit: 250
However, the proportion of the company represented by each share could be adjusted. I'm considering making it a little higher to compensate the shareholders if the recent 300BTC trade doesn't end up well, as a plan-B (plan-A is that my partners and I fill the gap).
I consider that a reasonable compromise. And would be willing to vote "aye" for such a motion.

I'm merely pointing out the dangers of your "I'm considering" statement about actions being taken unilaterally.

You are now operating with some binding commitments. Or, you are now bound by nothing and we have no reason to expect any eventual payoffs for our investment.
sr. member
Activity: 476
Merit: 250
On the point of 2FA.  Yes, it's a big deal and it's foolish not to use it.
So, even though using 2FA might not have prevented your loss, you are telling people to:
1) Sign up with Google, whether they want to or not.
2) Rely on Google for access to your finances.

I would be interested in a solid 2FA mechanism.

I'm not interested in letting Google be the gateway to my life.
sr. member
Activity: 476
Merit: 250
Sending leftover shares proportionally to shareholders is technically very hard.
I'm sorry to hear that.

However, isn't that a commitment you made?

--

edit - added the below:

Any other approach is a modification to the terms under which we bought shares. That is, gave you BTC/money with the understanding that "this is how things will be done - do you wish to buy in under those conditions?".

*Any* changes of those terms is non-trivial. It is a slippery slope. The more the original terms are changed, without a formal share-holder vote, the less confidence that those terms will be ultimately honored.

--

"without a formal share-holder vote"

BTW, this is also a problem inherent in how only 30k shares were offered to the general public. This mechanism allows, for example, votes of the following nature to be passed by the 'big players' who gave you BTC directly rather than via the GLBSE public auction.

1) Any holder of less than 5000 shares will be deemed a 'Class B' shareholder.
2) Holders of 5000 shares or more will be deemed 'Class A' shareholders.
3) All benefits and remunerations described in the original terms will only apply to 'Class A' shareholders.
4) 'Class B' shareholders will get whatever is left over, if anything, after the 'Class A' shareholders get all they want.
 
sr. member
Activity: 252
Merit: 250
Inactive
You want a told you so? If a website has 2FA of any kind, USE IT. PERIOD. DOUBLY SO IF IT IS A FINANCIAL WEBSITE LIKE GLBSE.

I have no clue why the fuck people think this is optional. I've asked nefario to mandate it to use GLBSE, but he gets all bitchy about it. Banks frequently do it (especially in Europe), so why not GLBSE? Just fucking do it.

You're bashing the wrong guy. Wait for when you learn something the hard way and then receive nothing but contempt. That's no way to tread someone who fell victim. The way I see it there are currently a few explanations: 1) hacked windows 2) leaked password hash (does anybody know which hash function GBLSE uses?) 3) Not enough entropy in the password 4) glitch in GLBSE (actually the exact match with 17:00:00 makes me worried, let's see what others have)


I see I've started to derail the thread.  Obviously, my comments were meant to inform everyone of what happened and I should have expected a number of responses.

Sorry for that.


On the point of 2FA.  Yes, it's a big deal and it's foolish not to use it.  It's foolish just the same for a financial service to operate at less than secure mode as default and then not take a rigorous approach to inform users by explicit notification and links to any 3rd party OSS software required to establish a sufficient level of protection (and this is especially true in the case for Google 2FA as Google's primary use case is with the use of smart phones and can mislead uninitiated users).  I'm just re-iterating what I said in my original post, so obviously this falls on deaf ears to some.  I fault Mt. Gox and any other site that doesn't enforce 2FA.  I use Yubikey.  So, there.

In my case the problem is two fold.  One, neither Nefario or I know exactly what happened.  Though on the day of the compromise circumstances could have allowed a security vulnerability not limited by 2FA.  
That's the Session Fixation vulnerability.  Despite Nefario's refusal to take any responsibility for such a vulnerability it's an old, common vulnerability where security whitepapers have stated that the only effective countermeasure for Session Fixation is to design the Web application to use strict session controls that limit session id creation and tightly control their invalidation - or need for revalidation.

Edit:  Some have jumped to the conclusion that this *IS* what happened.  This is my best assumption.  I typically log out and don't leave sensitive sites open.
I think I have a good idea what might have happened.  My GLBSE session was still active after closing the browser tab.  I spent some time on web freenode and was probed and compromised from that source.
Speculation, but it's the best thing I can come up with.

Use 2FA and don't have any other browser window open while using GLBSE.  I am your example to learn from.


vip
Activity: 574
Merit: 500
Don't send me a pm unless you gpg encrypt it.
@nedbert9

I have get 168 shares during this hack @0.085 per share. I would like to give 0.00388888BTC*168=0.64BTC to you.

please give me your GLBSE account.

I guess the bitcoin transfer between GLBSE accounts is free, right? who can give me a confirmation.

bitcoin transfer is free, shares aren't.
donator
Activity: 1120
Merit: 1001
@nedbert9

I have get 168 shares during this hack @0.085 per share. I would like to give 0.00388888BTC*168=0.64BTC to you.

please give me your GLBSE account.

I guess the bitcoin transfer between GLBSE accounts is free, right? who can give me a confirmation.
vip
Activity: 198
Merit: 101
I was also surprised friedcat sent me so many shares before I had paid him.. and I don't even have a good forum reputation yet.
legendary
Activity: 1274
Merit: 1004
I think I must be misreading this, but are you saying that friedcat transferred the shares to you before you paid? And that some time between when you got them and when you would have paid you got hacked, lost the money, and now you can't afford to pay friedcat back?

Yes thats what hes saying.
Then it doesn't sounds like a $3000 debt for the issuer, it sounds likely nedbert needs to start selling his hair, blood and sperm to raise $3000 pay friedcat for the shares he bought.
hero member
Activity: 686
Merit: 500
Wat
I think I must be misreading this, but are you saying that friedcat transferred the shares to you before you paid? And that some time between when you got them and when you would have paid you got hacked, lost the money, and now you can't afford to pay friedcat back?

Yes thats what hes saying.
legendary
Activity: 1274
Merit: 1004
I think I must be misreading this, but are you saying that friedcat transferred the shares to you before you paid? And that some time between when you got them and when you would have paid you got hacked, lost the money, and now you can't afford to pay friedcat back?
donator
Activity: 848
Merit: 1005
The difference gets distributed to existing shareholders.
https://bitcointalksearch.org/topic/m.1107204
I'm very sorry, but the "extra shares" here means the extra shares for bulk purchasers. (10% for >=5,000 & 12.5% for >=10,000)
Sending leftover shares proportionally to shareholders is technically very hard. It is hard to track who owns how many, and for people who hold only a handful of shares it is impossible to give them fractional shares.

However, the proportion of the company represented by each share could be adjusted. I'm considering making it a little higher to compensate the shareholders if the recent 300BTC trade doesn't end up well, as a plan-B (plan-A is that my partners and I fill the gap).
donator
Activity: 994
Merit: 1000
You want a told you so? If a website has 2FA of any kind, USE IT. PERIOD. DOUBLY SO IF IT IS A FINANCIAL WEBSITE LIKE GLBSE.

I have no clue why the fuck people think this is optional. I've asked nefario to mandate it to use GLBSE, but he gets all bitchy about it. Banks frequently do it (especially in Europe), so why not GLBSE? Just fucking do it.

You're bashing the wrong guy. Wait for when you learn something the hard way and then receive nothing but contempt. That's no way to tread someone who fell victim. The way I see it there are currently a few explanations: 1) hacked windows 2) leaked password hash (does anybody know which hash function GBLSE uses?) 3) Not enough entropy in the password 4) glitch in GLBSE (actually the exact match with 17:00:00 makes me worried, let's see what others have)
legendary
Activity: 1162
Merit: 1000
DiabloMiner author
You want a told you so? If a website has 2FA of any kind, USE IT. PERIOD. DOUBLY SO IF IT IS A FINANCIAL WEBSITE LIKE GLBSE.

I have no clue why the fuck people think this is optional. I've asked nefario to mandate it to use GLBSE, but he gets all bitchy about it. Banks frequently do it (especially in Europe), so why not GLBSE? Just fucking do it.
donator
Activity: 994
Merit: 1000
New, unused password.  Win 7, chrome.  Only antivirus, chrome, trucrypt and serviio running.  Nothing out of the ordinary for the day of the compromise other than visiting #bitcoin-otc.
Yes that's odd. I take it the Win 7 comes from a legit source... Pirated OS are a major technique to set up botnets.

I have no cash to handle the debt and also buy significant amount of shares.
If the Nefarios investigations turn out that it's not entirely your fault, but likely a bad combination of security weaknesses, I guess ASICminer may just write the debt off. But that's not up to me to decide.
However, I find it odd that the position is a debt - are you just reluctant to pay for shares you received and got "stolen" from your account?
 
The proceeds of the theft were withdrawn immediately to
http://blockchain.info/address/1FxjKn6fsdQ9iYoiH1otehKbkDXJj9Jkdg
The balance is 42 BTC.  I have no idea why since I summed the sale transactions to about 23 BTC.
Ok. It's fresh. Lets see where the money goes.


I appreciate the sympathy.
I had a standing buy order for 100 shares at 0.08 which got filled. All I can offer is to sell it back to you at this price. Maybe we could organize the share reversal ourselves if Nefario doesn't want to do it. All which is required for people to step up and provide their transaction information which is available as csv on GLBSE. Here's mine:

buy,2012-08-23 17:00:00,0.08,ASICMINER,100,,,

Funny. It's exactly 17:00:00. Now that's timing Wink

To prevent this thread from getting spammed with these messages I offer to organize this list. Just send me a PM with the corresponding transactions. I'll then compose a summary post.
sr. member
Activity: 252
Merit: 250
Inactive
The account password was a 14 character, mixed case, mixed character class.  

Sorry for the obvious question. But did you use that password also for a different website?
Also, if you talk about security breaches, please state the OS, browser, other software running and whether you were on a public network or at home..

A 22 BTC theft costing me both a good investment opportunity and a $3000+ debt to the security issuer.

I sincerely wish ASICMINER success.  Enjoy the cheap shares.  

If you need to get some more shares I bet friedcat will understand and give you an opportunity to buy some from the left-over stack of shares before they get handed out. I certainly wouldn't mind.

Share reversals are tricky so I am not surprised to hear that Nefario refrains from doing that.

That leaves the question about who's liable for the 300 BTC damage. I am surprised that Nefario has problems retracing the BTC flow. (unless of course the attack "only" intended to do damage to you and the 22 BTC are still in your account)


New, unused password.  Win 7, chrome.  Only antivirus, chrome, trucrypt and serviio running.  Nothing out of the ordinary for the day of the compromise other than visiting #bitcoin-otc.

I have no cash to handle the debt and also buy significant amount of shares.

The proceeds of the theft were withdrawn immediately to
http://blockchain.info/address/1FxjKn6fsdQ9iYoiH1otehKbkDXJj9Jkdg
The balance is 42 BTC.  I have no idea why since I summed the sale transactions to about 23 BTC.

I appreciate the sympathy.
donator
Activity: 994
Merit: 1000
The account password was a 14 character, mixed case, mixed character class.  

Sorry for the obvious question. But did you use that password also for a different website?
Also, if you talk about security breaches, please state the OS, browser, other software running and whether you were on a public network or at home..

A 22 BTC theft costing me both a good investment opportunity and a $3000+ debt to the security issuer.

I sincerely wish ASICMINER success.  Enjoy the cheap shares.  

If you need to get some more shares I bet friedcat will understand and give you an opportunity to buy some from the left-over stack of shares before they get handed out. I certainly wouldn't mind.

Share reversals are tricky so I am not surprised to hear that Nefario refrains from doing that.

That leaves the question about who's liable for the 300 BTC damage. I am surprised that Nefario has problems retracing the BTC flow. (unless of course the attack "only" intended to do damage to you and the 22 BTC are still in your account)
sr. member
Activity: 364
Merit: 250
firstbits 1LoCBS
(case for 2FA)

You convinced me. 2FA is now enabled.
hero member
Activity: 868
Merit: 1000
How does this give a 3000+ dollar debt to the issuer? Wouldn't they be ambivalent to share sales not involving them?

The transaction between myself and friedcat hadn't been finalized.

Sorry to hear !!!  Sad
Jump to: