Quote
For the technically inclined, we salt and encrypt passwords with bcrypt.
Bcrypt hashes passwords it doesn't encrypt them.
Topic: [Emergency ANN] Bitcoinica site is taken offline for security investigation - page 43. (Read 224562 times)
May 14, 2012, 09:03:53 PM
From the new site:
Bcrypt hashes passwords it doesn't encrypt them.
Bcrypt hashes passwords it doesn't encrypt them.
May 14, 2012, 08:44:04 PM
I'm feeling sad for this "new owner" trusting his business operation to Intersango.
My apologies for double posting, but I'm wondering if "the investor" also has control of bitcoin.com.
May 14, 2012, 08:41:40 PM
If the plan is for the forums to be the primary source of information for bitcoinica.com, there should at least be a PR rep to answer questions. Who is it and why aren't they posting?
Or maybe they are. Do all of Zhowtong's most recent postings stem from the same IP (assuming it's not masked)?
May 14, 2012, 08:22:34 PM
If the plan is for the forums to be the primary source of information for bitcoinica.com, there should at least be a PR rep to answer questions. Who is it and why aren't they posting?
May 14, 2012, 08:19:56 PM
It's great to see the new site up at bitcoinica.com to put everyone's mind at ease that things are progressing well in restoring the site...
Nothing restores confidence like no official statements from the main source (Zhoutong was just an employee, not the owner).
Nothing restores confidence like no official statements from the main source (Zhoutong was just an employee, not the owner).
May 14, 2012, 08:09:27 PM
I'm feeling sad for this "new owner" trusting his business operation to Intersango.
May 14, 2012, 07:54:07 PM
May 14, 2012, 07:36:15 PM
Uggggg. So many mistakes and unclear statements in that article.
May 14, 2012, 07:29:46 PM
All I know is, I prefer my systems to be owned by people that can fix them, not people that have to hire others to fix them. Not only that, but I forsee that there will be more of the same since Intersango et al are suddenly more valuable due to the acquisition of control of Bitcoinica.
Not many businesses work that way.
May 14, 2012, 07:19:03 PM
All I know is, I prefer my systems to be owned by people that can fix them, not people that have to hire others to fix them. Not only that, but I forsee that there will be more of the same since Intersango et al are suddenly more valuable due to the acquisition of control of Bitcoinica.
Not many businesses work that way.
May 14, 2012, 06:57:57 PM
Um anyone else find the answer lacking?
There was never any exploit against the code base. In linode hack the attacker used a "super-admin" account and the administrative console to reset an admin password, logged into the server and copied the private keys from the wallet. End result was 40K BTC stolen. So the "solution" to leaving server vulnerable to remote password reset was to do a tedious line by line analysis of the codebase (which has never exploited) and meanwhile install the code on a new server which had (almost) the same vulnerability as the prior server.
Really? That was the impossible to determine flaw? The attacker did almost the same thing ALL OVER AGAIN in the recent attack. Compromise an off site email account, use the remote admin console, reset the admin password, login to the server and copy the private keys stealing 20K BTC.
Linode: Compromise a super-admin account, reset admin password, login to server, steal private keys from wallet, profit.
Rackspace: Compromise off-site email, reset admin password, login to server, steal private keys from wallet, profit.
Starting to see the pattern?
There was never any exploit against the code base. In linode hack the attacker used a "super-admin" account and the administrative console to reset an admin password, logged into the server and copied the private keys from the wallet. End result was 40K BTC stolen. So the "solution" to leaving server vulnerable to remote password reset was to do a tedious line by line analysis of the codebase (which has never exploited) and meanwhile install the code on a new server which had (almost) the same vulnerability as the prior server.
Really? That was the impossible to determine flaw? The attacker did almost the same thing ALL OVER AGAIN in the recent attack. Compromise an off site email account, use the remote admin console, reset the admin password, login to the server and copy the private keys stealing 20K BTC.
Linode: Compromise a super-admin account, reset admin password, login to server, steal private keys from wallet, profit.
Rackspace: Compromise off-site email, reset admin password, login to server, steal private keys from wallet, profit.
Starting to see the pattern?
May 14, 2012, 06:56:00 PM
All I know is, I prefer my systems to be owned by people that can fix them, not people that have to hire others to fix them. Not only that, but I forsee that there will be more of the same since Intersango et al are suddenly more valuable due to the acquisition of control of Bitcoinica.
May 14, 2012, 06:53:12 PM
Finally there is a notice on bitcoinica.com for users not on This forum.
May 14, 2012, 06:52:18 PM
Who are these so-called "owners" ?
Zhoutong claims it is not him => you claim it is not you => then who is it
Zhoutong claims it is not him => you claim it is not you => then who is it
Just a hint from a another lurker here in the forum
Zhoutong pointed out that the owner requested not to be publickly known.
This started a rather lengthy discussion right here in this thread about business and ownership in generall, but like it or not, such things are very common in the current world of business. I might be wrong, but just from the answers available here in the forum, I would be surprised to get any further disclosure on that topic.
Personally I'm glad that Team Intersango spoke up and clarified their position and the technical details.
--Ichthyo
May 14, 2012, 06:42:47 PM
May 14, 2012, 05:17:48 PM
Damn it! We nearly got rid of bulanula permanently!
Indeed. Too bad I did not die !The world would have been a better place that way with evil people like me out of it ...
May 14, 2012, 05:17:25 PM
Damn it ! I almost got an epileptic seizure from that rjk.
Not trolling. I suffer from that and almost got shocked.
Please put a warning up for people like me affected.
Sounds like a scam
May 14, 2012, 05:16:07 PM
Damn it! We nearly got rid of bulanula permanently!
May 14, 2012, 05:05:39 PM
Damn it ! I almost got an epileptic seizure from that rjk.
Not trolling. I suffer from that and almost got shocked.
Please put a warning up for people like me affected.
I was thinkin' 'bout postin' the same thing, but opted not to. Although I'm not epileptic (think not), I too felt strange afterwards of only viewing the images a couple secs. Odd!
~Bruno~
Jump to: