Pages:
Author

Topic: [Emergency ANN] Bitcoinica site is taken offline for security investigation (Read 224563 times)

member
Activity: 63
Merit: 10
Bitcoins Gold Silver
Thanks Proudhon, saves me some time.

no money returned yet :-( ah well, thats what I thought.

legendary
Activity: 2198
Merit: 1311


Just been trying to catch up with the claims process by reading this thread.   Angry  Angry  Angry


The shit fight between bitcoinicca consulting and zhoutong is NOT very inspiring. Frankly I don't give a shit about that stuff. Haven't read many of the latest pages of comments.



Has there been any real information about when we can expect our claims to be actioned Huh??

Has anyone had money refunded yet Huh?





No money has been returned yet, and there haven't been any statements about when money will be returned.
member
Activity: 63
Merit: 10
Bitcoins Gold Silver


Just been trying to catch up with the claims process by reading this thread.   Angry  Angry  Angry


The shit fight between bitcoinicca consulting and zhoutong is NOT very inspiring. Frankly I don't give a shit about that stuff. Haven't read many of the latest pages of comments.



Has there been any real information about when we can expect our claims to be actioned Huh??

Has anyone had money refunded yet Huh?



hero member
Activity: 812
Merit: 1001
-
Why retailers would make a big deal out of a server wholesaler's new buzzword for shit service is totally beyond me. Guess it sounds fancy to their customers.

Indeed, this is beyond comprehension. Apparently these cloud things have hypnotizing effect on Zhou's generation of Internet Pros "powered by google search".

People stop eating all the marketing BS you are being fed.

hero member
Activity: 568
Merit: 500
And yeah, the "rule of three" has been around for a long time.  Back in the days of DOS and 5 1/4 floppy disks we used to work on a three days worth of back ups (we had physical back ups for each of the last three days) and three locations rule (in practice, this meant that one set of backups stayed at the office and the boss and I each took home a set of back up disks).

Been around long enough to have discovered that for myself (and to remember backing up to disks that were actually floppy). Hell, when I ran a 2400bps hermes board outta my mom's house I was backing up my user lists and warez to disks as fast as I could. I've still got boxes of disks full of gif porn and the names and phone numbers of freaks in Los Angeles somewhere in a storage unit, if those disks haven't degraded yet. "The cloud" is a fucking euphemism for shared hosting without the customer service and accountability that used to come with shared hosting. Why retailers would make a big deal out of a server wholesaler's new buzzword for shit service is totally beyond me. Guess it sounds fancy to their customers.

Most tripods can stand on two legs if you prop them up a little. Anyway, if everything was wiped out, one server hacked and the other two had drive malfunctions or whatever, it's not like you can blame people. But a few extra precautions might be in order when dealing with half a million dollars, even if they do cost a few hundred bucks a month. After all, what's that money worth if your reputation is shit?
hero member
Activity: 868
Merit: 1000

There is no formulaic way yet of definitively securing a site that deals in BTC, but having lots of backups and dedicated servers seems like kind of a no-brainer place to start. It's a shame all the "security experts" floating around the Bitcoinica scene couldn't afford an extra $200 a month for a dedicated / offline backup solution. We don't make the kind of money they do, and we trusted them with our profit; if I'd known they were so poverty-stricken I would have paid for it myself goddamn it.

They openly stated upthread that their priority was fixing the code rather than addressing other possible/known vulnerabilities and that they still believe that was the correct choice, so I don't think that money was the concern - it seems more like a case of tunnel vision.  I'm not sure why fixing the code and preventing further attacks/securing data against catastrophic loss were regarded as mutually exclusive options.

And yeah, the "rule of three" has been around for a long time.  Back in the days of DOS and 5 1/4 floppy disks we used to work on a three days worth of back ups (we had physical back ups for each of the last three days) and three locations rule (in practice, this meant that one set of backups stayed at the office and the boss and I each took home a set of back up disks).
hero member
Activity: 568
Merit: 500
If I'd known they were so poverty-stricken I would have paid for it myself goddamn it.

Now all you have to do is offer margin trading.

what, blackjack ain't good enough for ya?
R-
full member
Activity: 238
Merit: 100
Pasta
If I'd known they were so poverty-stricken I would have paid for it myself goddamn it.

Now all you have to do is offer margin trading.
hero member
Activity: 568
Merit: 500

I guess this would be a perfect time to ask the operators of every single Bitcoin exchange if they have a backup of their database. Each and every one of them should go on record stating that they do. I suggest that this should be done within the next 48 hours. Any exchange that does not go on record in stating that they do within this time frame, users of those exchanges should immediately remove their funds from those exchanges.

~Bruno~


We're not an exchange, but given that we deal with people's Bitcoins we do have an obligation to state this: We have always maintained 1) hourly database backups to a second data center, 2) daily offline backups, 3) a hot wallet stored in a third datacenter, on a dedicated server, and 4) offline wallet storage of all funds other than petty cash. Furthermore, everything we run other than our blog is on offshore dedicated servers at datacenters with casino-grade physical security measures, NOT on VPS. A hacker who accessed one of our dedis would find our hot wallet basically empty and our user passwords hashed. At most we'd lose a hundred bucks or so.

We don't have anything near the volume of Bitcoinica. We've got about 1000 users. When we launched, and started paying for the servers involved in this elaborate setup, we had no users. There's no doubt the added security has come at a cost that dug into our bottom line. But what's the alternative? Hosting on a VPS somewhere and waiting for disaster? You don't screw around with cutting costs on security; a wise guy once told me it's better to be "insurance poor" than temporarily rich and waiting for the other shoe to drop. One of the dumbest things I've done in recent memory was send some of our first positive revenues into a Bitcoinica account. I would never have imagined the security there would be more lax than ours, but it's my fault for not doing more research. I accept that.

There is no formulaic way yet of definitively securing a site that deals in BTC, but having lots of backups and dedicated servers seems like kind of a no-brainer place to start. It's a shame all the "security experts" floating around the Bitcoinica scene couldn't afford an extra $200 a month for a dedicated / offline backup solution. We don't make the kind of money they do, and we trusted them with our profit; if I'd known they were so poverty-stricken I would have paid for it myself goddamn it.
legendary
Activity: 1162
Merit: 1000
DiabloMiner author
Theres an old saying that a backup doesnt exist untill its in 3 separate places Smiley

thats a good saying.
Additionally, rjk's Third Law Of Backups states that if your backup procedures are rigorous and the backups are stored in at least 3 locations, you will never ever have to recover from them. If however they suddenly disappear due to a freak accident, that is the day you are guaranteed to need them the most.

Kind of like the Law Of Extra Parts also by rjk: if you need 5 screws to complete a project, and you bring only 5, you are guaranteed to lose one of them. If however you bring 6 screws to a project that needs only 5, you are guaranteed to always have 1 left over.

Grin

Lol!  You're just taking credit for Murphy's Law! Wink

In rjk's defense, Murphy's Law states that anything that can go wrong, will go wrong. This is similar but with a slight modification. In other words, "Any problem that you anticipate won't happen and every other one will."

Surely we're not talking about Hanlon's Razor on this thread, are we?

Quote
Never attribute to malice that which is adequately explained by stupidity.

~BrunO~


No. Its a special corollary of Murphy's Law that I don't think has a name but most people are aware of: Murphy's Law is efficient, if you're sufficiently guarded against it in one way, it'll just strike you some other way.
legendary
Activity: 1918
Merit: 1570
Bitcoin: An Idea Worth Spending
Theres an old saying that a backup doesnt exist untill its in 3 separate places Smiley

thats a good saying.
Additionally, rjk's Third Law Of Backups states that if your backup procedures are rigorous and the backups are stored in at least 3 locations, you will never ever have to recover from them. If however they suddenly disappear due to a freak accident, that is the day you are guaranteed to need them the most.

Kind of like the Law Of Extra Parts also by rjk: if you need 5 screws to complete a project, and you bring only 5, you are guaranteed to lose one of them. If however you bring 6 screws to a project that needs only 5, you are guaranteed to always have 1 left over.

Grin

Lol!  You're just taking credit for Murphy's Law! Wink

In rjk's defense, Murphy's Law states that anything that can go wrong, will go wrong. This is similar but with a slight modification. In other words, "Any problem that you anticipate won't happen and every other one will."

Surely we're not talking about Hanlon's Razor on this thread, are we?

Quote
Never attribute to malice that which is adequately explained by stupidity.

~BrunO~
edd
donator
Activity: 1414
Merit: 1002
Theres an old saying that a backup doesnt exist untill its in 3 separate places Smiley

thats a good saying.
Additionally, rjk's Third Law Of Backups states that if your backup procedures are rigorous and the backups are stored in at least 3 locations, you will never ever have to recover from them. If however they suddenly disappear due to a freak accident, that is the day you are guaranteed to need them the most.

Kind of like the Law Of Extra Parts also by rjk: if you need 5 screws to complete a project, and you bring only 5, you are guaranteed to lose one of them. If however you bring 6 screws to a project that needs only 5, you are guaranteed to always have 1 left over.

Grin

Lol!  You're just taking credit for Murphy's Law! Wink

In rjk's defense, Murphy's Law states that anything that can go wrong, will go wrong. This is similar but with a slight modification. In other words, "Any problem that you anticipate won't happen and every other one will."
legendary
Activity: 1918
Merit: 1570
Bitcoin: An Idea Worth Spending
http://www.rackspace.com/knowledge_center/rackspace_cloud_backup_faq
Quote
Where are my backups stored?
Your backups are stored in your personal Cloud Files storage account.

While penning my dad's obituary a couple years ago, I kept a copy in documents on this laptop as well as putting a copy in a dedicated image file. I see my error now. I should have also created a public folder to store a third copy. Luckily nobody logged into my laptop and deleted said files, for I wouldn't have had that third backup available to me at the time.
legendary
Activity: 1764
Merit: 1002
Theres an old saying that a backup doesnt exist untill its in 3 separate places Smiley

thats a good saying.
Additionally, rjk's Third Law Of Backups states that if your backup procedures are rigorous and the backups are stored in at least 3 locations, you will never ever have to recover from them. If however they suddenly disappear due to a freak accident, that is the day you are guaranteed to need them the most.

Kind of like the Law Of Extra Parts also by rjk: if you need 5 screws to complete a project, and you bring only 5, you are guaranteed to lose one of them. If however you bring 6 screws to a project that needs only 5, you are guaranteed to always have 1 left over.

Grin

Lol!  You're just taking credit for Murphy's Law! Wink
vip
Activity: 490
Merit: 271
Theres an old saying that a backup doesnt exist untill its in 3 separate places Smiley

Nice to see the Rule of 3 is still a universal constant.

Guy: How many guys have you slept with?
Girl: 2

Answer: 2*3=6



Girl: How many girls have you slept with?
Guy: 9

Answer: 9/3=3


How many back-ups should you have?

Answer: 3

legendary
Activity: 924
Merit: 1004
Firstbits: 1pirata
Yes, believe it or not, but your posts and PMs on this forum are actually safer than your current balance at Bitcoinica.

I lol'd.

Great, seems like some people would have done a better job by asking you guys how it's done.  Roll Eyes
legendary
Activity: 1162
Merit: 1000
DiabloMiner author
Theres an old saying that a backup doesnt exist untill its in 3 separate places Smiley

thats a good saying.
Additionally, rjk's Third Law Of Backups states that if your backup procedures are rigorous and the backups are stored in at least 3 locations, you will never ever have to recover from them. If however they suddenly disappear due to a freak accident, that is the day you are guaranteed to need them the most.

Kind of like the Law Of Extra Parts also by rjk: if you need 5 screws to complete a project, and you bring only 5, you are guaranteed to lose one of them. If however you bring 6 screws to a project that needs only 5, you are guaranteed to always have 1 left over.

Grin

The generic version of that is just Diablo's Rule #1: Redundancy in planning is not paranoia.
rjk
sr. member
Activity: 448
Merit: 250
1ngldh
Theres an old saying that a backup doesnt exist untill its in 3 separate places Smiley

thats a good saying.
Additionally, rjk's Third Law Of Backups states that if your backup procedures are rigorous and the backups are stored in at least 3 locations, you will never ever have to recover from them. If however they suddenly disappear due to a freak accident, that is the day you are guaranteed to need them the most.

Kind of like the Law Of Extra Parts also by rjk: if you need 5 screws to complete a project, and you bring only 5, you are guaranteed to lose one of them. If however you bring 6 screws to a project that needs only 5, you are guaranteed to always have 1 left over.

Grin
donator
Activity: 56
Merit: 0
you got hacked bitch!
Theres an old saying that a backup doesnt exist untill its in 3 separate places Smiley

VERY good saying.
Pages:
Jump to: