Pages:
Author

Topic: Bitcoinica MtGox account compromised - page 2. (Read 156012 times)

donator
Activity: 980
Merit: 1000
July 28, 2012, 06:38:35 AM
Does death punishment apply to minors in China?
full member
Activity: 196
Merit: 100
July 26, 2012, 08:36:05 AM
Come on, you can't say it's a "bitcoin bug" the fact that so many "bitcoin-banks" have failed. It is really unfortunate and even tragic to some, but it is not a "bug".
It's not a "bitcoin bug" in the sense that it's a bug in bitcoin itself. It's a "bitcoin bug" in the sense that it's a defect in the ecosystem.

Yes? Somebody called me?
(sorry, couldn't resist Smiley)

newbie
Activity: 54
Merit: 0
July 26, 2012, 07:07:10 AM
New evidence shows that zhoutong is the hacker.

After Bitcoinica MtGox account compromised ,zhoutong sell LR in China.

日期:2012-7-12

Ryan(11853074) 20:03:18

6.2出LR,财付通付款

Ryan(11853074) 20:13:06

要多少有多少

Ryan(11853074) 20:13:12

我帮一个朋友出的

Ryan(11853074) 20:14:06

1万美元之内都没什么问题

Ryan(11853074) 20:17:18

LibertyReserve

And  zhoutong's LR account is :
http://cnbtcnews.com/wp-content/uploads/2012/07/zhongtongLRaccount.jpg

zhoutong said The hacker registered a Liberty Reserve account U9236056 at Jul 12, 2012 9:42 PM.

So now everyone knows zhoutong is the hacker!!!
legendary
Activity: 1106
Merit: 1004
July 26, 2012, 04:23:02 AM
And the fact that using Bitcoins requires me to do something that's incredibly difficult to do right is a serious problem.

I agree. That's why I don't yet recommend bitcoin to non-technical people. At least not in any sensible amounts.
I do believe though it's just a matter of time until the resources necessary to overcome such problem are available.
legendary
Activity: 1596
Merit: 1012
Democracy is vulnerable to a 51% attack.
July 26, 2012, 04:20:37 AM
Come on, you can't say it's a "bitcoin bug" the fact that so many "bitcoin-banks" have failed. It is really unfortunate and even tragic to some, but it is not a "bug".
It's not a "bitcoin bug" in the sense that it's a bug in bitcoin itself. It's a "bitcoin bug" in the sense that it's a defect in the ecosystem.

Quote
Most people, even professionals, don't really know how to secure critical private data. Even Sony lost lots of its private data once. Is it really such a surprise that small companies, however motivated they are, fail in something that big companies with tons of money to spend in security have also failed?
No, it's not. And the fact that using Bitcoins requires me to do something that's incredibly difficult to do right is a serious problem.

With fiat currency, banks are insured. If it's stolen, I can call the police and they at least understand the issue.
legendary
Activity: 1106
Merit: 1004
July 26, 2012, 02:31:21 AM
It just sucks that the Bitcoin world is so screwed up you basically have to stuff your money in your mattress

That's actually a feature, not a bug. Don't trust the bank, keep your money with you Smiley
"You don't have to X" is a feature. "You can't X" is a bug.

Come on, you can't say it's a "bitcoin bug" the fact that so many "bitcoin-banks" have failed. It is really unfortunate and even tragic to some, but it is not a "bug".

Most people, even professionals, don't really know how to secure critical private data. Even Sony lost lots of its private data once. Is it really such a surprise that small companies, however motivated they are, fail in something that big companies with tons of money to spend in security have also failed?

The main "problem", if you will, is that in bitcoin, differently from the "fiat world", your private data is your money. But that's also an advantage of the system, in some situations.

Plus, an equally serious adoption problem is that it is *very* hard to properly create and manage a secure wallet.

Agreed. But again, that's not that easy to solve either.
I expect these dedicated devices like bitcoincard and Ellet to be a huge contribution into solving this issue.
legendary
Activity: 2126
Merit: 1001
July 26, 2012, 02:09:51 AM
It just sucks that the Bitcoin world is so screwed up you basically have to stuff your money in your mattress

That's actually a feature, not a bug. Don't trust the bank, keep your money with you Smiley
"You don't have to X" is a feature. "You can't X" is a bug.

Plus, an equally serious adoption problem is that it is *very* hard to properly create and manage a secure wallet.


I was sure just about anyone sees it as a great plus, that you *can* securely stuff all coins in your mattress. On paper, on a usb drive, engraved in stone, in an encrypted email. That, for me, is one of the key features (among others). You don't have to, though. With results one can observe now, and could observe several times in the past.

On the contrary. It is now pretty simple and reasonably secure to create and manage a secure wallet. No matter if offline/paper (bitaddress.org) or cold (armory) or hot (encryption). It still involves more clicks, more live-cd-booting, more planning and more thoughts than a regular bank account, paypal, or buying bullion.

And yet, to me it seems a million times more secure and reasonable than those!

Ente
legendary
Activity: 1596
Merit: 1012
Democracy is vulnerable to a 51% attack.
July 26, 2012, 12:58:28 AM
It just sucks that the Bitcoin world is so screwed up you basically have to stuff your money in your mattress

That's actually a feature, not a bug. Don't trust the bank, keep your money with you Smiley
"You don't have to X" is a feature. "You can't X" is a bug.

Plus, an equally serious adoption problem is that it is *very* hard to properly create and manage a secure wallet.
hero member
Activity: 532
Merit: 500
July 26, 2012, 12:23:42 AM

How would it not help?  A few pages back he entered the LastPass account again without authorization.

It probably doesn't matter much at this point considering no one is going to trust bitcoinica with money anymore, but if a company doesn't bother to change passwords after hacks it's worth noting.

I don't think you followed the link, those accusations would be called embezzlement, money laundering, and wire fraud.  After this those previous 'hacks' could be called into question as well.
legendary
Activity: 1246
Merit: 1016
Strength in numbers
July 26, 2012, 12:20:25 AM

How would it not help?  A few pages back he entered the LastPass account again without authorization.

It probably doesn't matter much at this point considering no one is going to trust bitcoinica with money anymore, but if a company doesn't bother to change passwords after hacks it's worth noting.
hero member
Activity: 532
Merit: 500
July 26, 2012, 12:15:25 AM

How would it not help?  A few pages back he entered the LastPass account again without authorization.
legendary
Activity: 1246
Merit: 1016
Strength in numbers
hero member
Activity: 504
Merit: 500
July 26, 2012, 12:06:46 AM
Nothing makes me feel more safe than the sweet sound of words like, "Javascript in the browser."

I run NotScripts in Chrome, and NoScript in Firefox.

aye, noscript, noadd, https everywhere, and tls 1.0, 1.1 and ssl 2.0 UNchecked in any browser. amongst other things. DropMyRights, or similar app to reduce your browser or any other internet facing apps user privledges from administrator..

oh, and

legendary
Activity: 1500
Merit: 1022
I advocate the Zeitgeist Movement & Venus Project.
legendary
Activity: 1288
Merit: 1227
Away on an extended break
July 25, 2012, 11:53:18 PM
Nothing makes me feel more safe than the sweet sound of words like, "Javascript in the browser."

I run NotScripts in Chrome, and NoScript in Firefox.
sr. member
Activity: 440
Merit: 251
July 25, 2012, 11:35:21 PM
Nothing makes me feel more safe than the sweet sound of words like, "Javascript in the browser."
legendary
Activity: 2940
Merit: 1333
July 25, 2012, 11:04:50 PM
Its possible to login to your account via the website without downloading/installing anything. Therefore the password does get sent to their servers. Not that any of this is entirely relevant to the situation...

I don't think you're correct there.  LastPass doesn't even know my password.  Javascript on the browser is used to authenticate my login.

[...] LastPass employs localized, government-level encryption (256-bit AES implemented in C++ and JavaScript) and local one-way salted hashes to give you complete security with the go-anywhere convenience of syncing through the cloud. All encrypting and decrypting happens on your computer - no one at LastPass can ever access your sensitive data.

[unless you paste the master password into your source code and leak it to the world].
Pages:
Jump to: