ASICMINER: Entering the Future of ASIC Mining by Inventing It - page 493.

silverfuture

legendary

Activity: 947

Merit: 1008

central banking = outdated protocol

Quote from: elasticband on February 14, 2014, 01:07:46 PM

Quote from: Herp on February 14, 2014, 12:26:18 PM

Quote from: Caesium on February 14, 2014, 11:54:02 AM

Quote from: havelock on February 14, 2014, 11:50:22 AM

2. Pending withdrawal of your Bitcoins; time lock?

How about allowing us to specify a withdrawal address that is then locked; coins can only be sent to this address. It can be unlocked, but upon doing so an email is sent notifying me that it's been unlocked and it takes a further 7 days or so before a new address can be entered?

Yep, this would be a great feature.

Does not stop a hacker selling your shares for dirt cheap to himself.

...or transferring them to another account for free.

elasticband

legendary

Activity: 1036

Merit: 1000

Nighty Night Don't Let The Trolls Bite Nom Nom Nom

Quote from: Herp on February 14, 2014, 12:26:18 PM

Quote from: Caesium on February 14, 2014, 11:54:02 AM

Quote from: havelock on February 14, 2014, 11:50:22 AM

2. Pending withdrawal of your Bitcoins; time lock?

How about allowing us to specify a withdrawal address that is then locked; coins can only be sent to this address. It can be unlocked, but upon doing so an email is sent notifying me that it's been unlocked and it takes a further 7 days or so before a new address can be entered?

Yep, this would be a great feature.

Does not stop a hacker selling your shares for dirt cheap to himself.

Fabrizio89

hero member

Activity: 924

Merit: 1000

Quote from: Caesium on February 14, 2014, 11:54:02 AM

How about allowing us to specify a withdrawal address that is then locked; coins can only be sent to this address. [...]

+1

Herp

sr. member

Activity: 294

Merit: 250

Quote from: Caesium on February 14, 2014, 11:54:02 AM

Quote from: havelock on February 14, 2014, 11:50:22 AM

2. Pending withdrawal of your Bitcoins; time lock?

How about allowing us to specify a withdrawal address that is then locked; coins can only be sent to this address. It can be unlocked, but upon doing so an email is sent notifying me that it's been unlocked and it takes a further 7 days or so before a new address can be entered?

Yep, this would be a great feature.

shawshankinmate37927

hero member

Activity: 854

Merit: 1000

Bitcoin: The People's Bailout

Quote from: havelock on February 14, 2014, 11:50:22 AM

Here at Havelock we take security issues very seriously.

We have never had any issues with users that enabled 2FA on their account. We have contacted the person that has made the claim that is account has been compromised and are looking to resolve the matter has soon as possible.

Trying to balance ease of use and security is never easy, especially in the Bitcoin realm. We can always add additional security features but those will always slow down the user experience.

So we turn to you, our valued customers, what features would like us to add to our platform?

1. Confirmation email before any action is taken; some but not all actions.

2. Pending withdrawal of your Bitcoins; time lock?

3. Lock account by IP address?

We always value your opinions and we strive to serve the Bitcoin community to the best of our ability.

Also we can assure everyone that it was not an "inside rogue employee"

Thank you,

Support Team
Havelock Investments

2FA via e-mail, like on blockchain.info.

runam0k

legendary

Activity: 1092

Merit: 1001

Touchdown

Quote from: havelock on February 14, 2014, 11:50:22 AM

Here at Havelock we take security issues very seriously.

We have never had any issues with users that enabled 2FA on their account. We have contacted the person that has made the claim that is account has been compromised and are looking to resolve the matter has soon as possible.

Trying to balance ease of use and security is never easy, especially in the Bitcoin realm. We can always add additional security features but those will always slow down the user experience.

So we turn to you, our valued customers, what features would like us to add to our platform?

1. Confirmation email before any action is taken; some but not all actions.

2. Pending withdrawal of your Bitcoins; time lock?

3. Lock account by IP address?

We always value your opinions and we strive to serve the Bitcoin community to the best of our ability.

Also we can assure everyone that it was not an "inside rogue employee"

Thank you,

Support Team
Havelock Investments

PIN for orders or withdrawals, perhaps, or lock the BTC withrawal address for x days.

Instant BTC withdrawals to any old BTC address is a problem.

hdbuck

legendary

Activity: 1260

Merit: 1002

Quote from: jimmothy on February 14, 2014, 11:56:02 AM

Quote from: havelock on February 14, 2014, 11:50:22 AM

Here at Havelock we take security issues very seriously.

We have never had any issues with users that enabled 2FA on their account. We have contacted the person that has made the claim that is account has been compromised and are looking to resolve the matter has soon as possible.

Trying to balance ease of use and security is never easy, especially in the Bitcoin realm. We can always add additional security features but those will always slow down the user experience.

So we turn to you, our valued customers, what features would like us to add to our platform?

1. Confirmation email before any action is taken; some but not all actions.

2. Pending withdrawal of your Bitcoins; time lock?

3. Lock account by IP address?

We always value your opinions and we strive to serve the Bitcoin community to the best of our ability.

Also we can assure everyone that it was not an "inside rogue employee"

Thank you,

Support Team
Havelock Investments

Yes to every one of those. (Instant bitcoin withdrawals worries me a bit)

Also maybe requiring a pin before placing orders/doing anything like btct.co would be nice.

yes to every of those + YUBIKEY!!!!

michaelGedi

sr. member

Activity: 364

Merit: 250

"to be or not to be, that is the bitcoin"

Quote from: jimmothy on February 14, 2014, 11:56:02 AM

Quote from: havelock on February 14, 2014, 11:50:22 AM

Here at Havelock we take security issues very seriously.

We have never had any issues with users that enabled 2FA on their account. We have contacted the person that has made the claim that is account has been compromised and are looking to resolve the matter has soon as possible.

Trying to balance ease of use and security is never easy, especially in the Bitcoin realm. We can always add additional security features but those will always slow down the user experience.

So we turn to you, our valued customers, what features would like us to add to our platform?

1. Confirmation email before any action is taken; some but not all actions.

2. Pending withdrawal of your Bitcoins; time lock?

3. Lock account by IP address?

We always value your opinions and we strive to serve the Bitcoin community to the best of our ability.

Also we can assure everyone that it was not an "inside rogue employee"

Thank you,

Support Team
Havelock Investments

Yes to every one of those. (Instant bitcoin withdrawals worries me a bit)

Also maybe requiring a pin before placing orders/doing anything like btct.co would be nice.

I somewhat agree, you can never have too many security options at this stage with bitcoin...

perhaps a poll should be offered via email or on the forum to put possible security additions in order of priority?

jimmothy

hero member

Activity: 770

Merit: 509

Quote from: havelock on February 14, 2014, 11:50:22 AM

Here at Havelock we take security issues very seriously.

We have never had any issues with users that enabled 2FA on their account. We have contacted the person that has made the claim that is account has been compromised and are looking to resolve the matter has soon as possible.

Trying to balance ease of use and security is never easy, especially in the Bitcoin realm. We can always add additional security features but those will always slow down the user experience.

So we turn to you, our valued customers, what features would like us to add to our platform?

1. Confirmation email before any action is taken; some but not all actions.

2. Pending withdrawal of your Bitcoins; time lock?

3. Lock account by IP address?

We always value your opinions and we strive to serve the Bitcoin community to the best of our ability.

Also we can assure everyone that it was not an "inside rogue employee"

Thank you,

Support Team
Havelock Investments

Yes to every one of those. (Instant bitcoin withdrawals worries me a bit)

Also maybe requiring a pin before placing orders/doing anything like btct.co would be nice.

Caesium

hero member

Activity: 546

Merit: 500

Quote from: havelock on February 14, 2014, 11:50:22 AM

2. Pending withdrawal of your Bitcoins; time lock?

How about allowing us to specify a withdrawal address that is then locked; coins can only be sent to this address. It can be unlocked, but upon doing so an email is sent notifying me that it's been unlocked and it takes a further 7 days or so before a new address can be entered?

havelock

sr. member

Activity: 328

Merit: 250

Here at Havelock we take security issues very seriously.

We have never had any issues with users that enabled 2FA on their account. We have contacted the person that has made the claim that is account has been compromised and are looking to resolve the matter has soon as possible.

Trying to balance ease of use and security is never easy, especially in the Bitcoin realm. We can always add additional security features but those will always slow down the user experience.

So we turn to you, our valued customers, what features would like us to add to our platform?

1. Confirmation email before any action is taken; some but not all actions.

2. Pending withdrawal of your Bitcoins; time lock?

3. Lock account by IP address?

We always value your opinions and we strive to serve the Bitcoin community to the best of our ability.

Also we can assure everyone that it was not an "inside rogue employee"

Thank you,

Support Team
Havelock Investments

silverfuture

legendary

Activity: 947

Merit: 1008

central banking = outdated protocol

Quote from: minerpumpkin on February 14, 2014, 07:44:06 AM

Quote from: robix on February 14, 2014, 07:12:47 AM

Quote from: minerpumpkin on February 14, 2014, 06:43:47 AM

I'd guess his mail account got compromised. It's simply the biggest hole you can get through. I guess it's futile to discuss what is 'probable' because why would someone do something improbable - because it is improbable. Circular logic, we'll have to wait and see...

Is 2FA disabled when you request a new password? I don't think so.

But in case of Google Mail you could have control over the 2FA authenticating entity...

Compromised gmail account seems like the simplest and most likely scenario.

shawshankinmate37927

hero member

Activity: 854

Merit: 1000

Bitcoin: The People's Bailout

Quote from: empoweoqwj on February 14, 2014, 03:58:20 AM

Quote from: shawshankinmate37927 on February 14, 2014, 01:19:52 AM

Quote from: empoweoqwj on February 14, 2014, 01:04:39 AM

nope - Mac - and no, I didn't install that "Stealth Bit" malware

That's the only computer you've used to logon to Havelock?

Yep. Just my Macbook

Did you have Google Authenticator installed on this or a different device?

dmcdad

sr. member

Activity: 302

Merit: 250

empoweoqwj: very sorry to hear about this, and I hope you or havelock track down exactly what happened. Man, this has been a really crappy week for BTC.

robix

sr. member

Activity: 360

Merit: 250

Quote from: minerpumpkin on February 14, 2014, 07:44:06 AM

Quote from: robix on February 14, 2014, 07:12:47 AM

Quote from: minerpumpkin on February 14, 2014, 06:43:47 AM

I'd guess his mail account got compromised. It's simply the biggest hole you can get through. I guess it's futile to discuss what is 'probable' because why would someone do something improbable - because it is improbable. Circular logic, we'll have to wait and see...

Is 2FA disabled when you request a new password? I don't think so.

But in case of Google Mail you could have control over the 2FA authenticating entity...

ok

minerpumpkin

hero member

Activity: 686

Merit: 500

A pumpkin mines 27 hours a night

Quote from: robix on February 14, 2014, 07:12:47 AM

Quote from: minerpumpkin on February 14, 2014, 06:43:47 AM

I'd guess his mail account got compromised. It's simply the biggest hole you can get through. I guess it's futile to discuss what is 'probable' because why would someone do something improbable - because it is improbable. Circular logic, we'll have to wait and see...

Is 2FA disabled when you request a new password? I don't think so.

But in case of Google Mail you could have control over the 2FA authenticating entity...

robix

sr. member

Activity: 360

Merit: 250

Quote from: minerpumpkin on February 14, 2014, 06:43:47 AM

I'd guess his mail account got compromised. It's simply the biggest hole you can get through. I guess it's futile to discuss what is 'probable' because why would someone do something improbable - because it is improbable. Circular logic, we'll have to wait and see...

Is 2FA disabled when you request a new password? I don't think so.

101111

hero member

Activity: 525

Merit: 500

very sorry to hear about that Empow, I hope you can catch the thief

minerpumpkin

hero member

Activity: 686

Merit: 500

A pumpkin mines 27 hours a night

Quote from: Herp on February 14, 2014, 05:57:00 AM

Quote from: minerpumpkin on February 14, 2014, 05:52:01 AM

We can't know if the story is true, sure. But I have no reason not to believe him as long as I don't make any important decisions due to that fact.
If his computer is compromised, everything is lost, of course! But the reason I'm asking is, if he maybe changed his password just yesterday, this could indicate another attack vector (keylogger) than maybe a break-in to his email account or a breach in Havelock itself.

Physical theft is an option, yeah. So: How many people do know you're "into Bitcoin" or own AM shares? Do they even know what AM shares are? Did you tell people about it?

There are lots of pathological liars in this world who can be amazingly convincing.

Physical theft is a very real option. Many people tell their friends, spouse or love ones about their investments. Very few people can keep it a secret.
You'd be amazed how often the person responsible is a room mate or someone close.

In this described event of getting access to 2 factor I think these 2 scenarios are highly probable.

I think a Havelock "rogue" trader would have targeted an even bigger account or several such accounts so I don't think that's the case.

I'd guess his mail account got compromised. It's simply the biggest hole you can get through. I guess it's futile to discuss what is 'probable' because why would someone do something improbable - because it is improbable. Circular logic, we'll have to wait and see...

Herp

sr. member

Activity: 294

Merit: 250

Quote from: minerpumpkin on February 14, 2014, 05:52:01 AM

We can't know if the story is true, sure. But I have no reason not to believe him as long as I don't make any important decisions due to that fact.
If his computer is compromised, everything is lost, of course! But the reason I'm asking is, if he maybe changed his password just yesterday, this could indicate another attack vector (keylogger) than maybe a break-in to his email account or a breach in Havelock itself.

Physical theft is an option, yeah. So: How many people do know you're "into Bitcoin" or own AM shares? Do they even know what AM shares are? Did you tell people about it?

There are lots of pathological liars in this world who can be amazingly convincing.

Physical theft is a very real option. Many people tell their friends, spouse or love ones about their investments. Very few people can keep it a secret.
You'd be amazed how often the person responsible is a room mate or someone close.

In this described event of getting access to 2 factor I think these 2 scenarios are highly probable.

I think a Havelock "rogue" trader would have targeted an even bigger account or several such accounts so I don't think that's the case.

Topic: ASICMINER: Entering the Future of ASIC Mining by Inventing It - page 493. (Read 3917543 times)