Bitcoin Forum>Bitcoin>Bitcoin Discussion
Pages:
Author

Topic: [Emergency ANN] Bitcoinica site is taken offline for security investigation - page 69. (Read 224562 times)

Raoul Duke
legendary
Activity: 1358
Merit: 1002
Re: [Emergency ANN] Bitcoinica site is taken offline for security investigation
May 11, 2012, 01:44:31 PM
#221
Quote from: zellfaze on May 11, 2012, 01:41:19 PM
Quote from: Raoul Duke on May 11, 2012, 01:28:49 PM
Quote from: ?? on ??
Quote from: ataranlen on May 11, 2012, 08:36:50 AM
This is very interesting. Hopefully someone actually knows about the transfer.

And hopefully someone will finally learn a lesson from this.


You're probably right. Someone will. If not Bitcoinica, the users. lol

http://blockchain.info/tx-index/5441766/51fa68b27169195618ba30a9b1f12d5590ed4c544e01699929260f0990ca5a2f

More 0.31337 BTC... Is it a message from the thieves or someone congratulating them? Wink

Yeah that one was me actually.  I figured it was a pretty 1337 hack.

Anyhow.  If they stole the private keys why would they make such a huge withdrawl?  I would import those private keys into another bitcoind and make lots and lots of smaller withdrawls over the course of the next few months.

Sign a message with the private key of the address 114t2bCfrmw44qgZQijNzVU75YphuyZCGk and I'll believe it was you.
zellfaze
full member
Activity: 141
Merit: 101
Security Enthusiast
Re: [Emergency ANN] Bitcoinica site is taken offline for security investigation
May 11, 2012, 01:41:19 PM
#220
Quote from: Raoul Duke on May 11, 2012, 01:28:49 PM
Quote from: ?? on ??
Quote from: ataranlen on May 11, 2012, 08:36:50 AM
This is very interesting. Hopefully someone actually knows about the transfer.

And hopefully someone will finally learn a lesson from this.


You're probably right. Someone will. If not Bitcoinica, the users. lol

http://blockchain.info/tx-index/5441766/51fa68b27169195618ba30a9b1f12d5590ed4c544e01699929260f0990ca5a2f

More 0.31337 BTC... Is it a message from the thieves or someone congratulating them? Wink

Yeah that one was me actually.  I figured it was a pretty 1337 hack.

Anyhow.  If they stole the private keys why would they make such a huge withdrawl?  I would import those private keys into another bitcoind and make lots and lots of smaller withdrawls over the course of the next few months.
Yankee (BitInstant)
legendary
Activity: 1078
Merit: 1000
Charlie 'Van Bitcoin' Shrem
Re: [Emergency ANN] Bitcoinica site is taken offline for security investigation
May 11, 2012, 01:34:55 PM
#219
Quote from: girlsgonebitcoin on May 11, 2012, 01:21:43 PM
Quote from: rjk on May 11, 2012, 01:20:20 PM
Quote from: girlsgonebitcoin on May 11, 2012, 01:14:51 PM
Quote from: bulanula on May 11, 2012, 01:12:57 PM
Quote from: girlsgonebitcoin on May 11, 2012, 01:09:05 PM
Quote from: bulanula on May 11, 2012, 01:05:46 PM
Quote from: ?? on ??
ding dong MR Z i see you online where are the updates Huh

No updates. They are probably busy packing up. Why wouldn't they ? BTC is 0 value in legal system Cry

As long as they give you all the USD / fiat back then they are 100% clean legally.

Very funny putting the meatspin crap up AFTER the BTC was stolen ... real clever proof of you getting hacked zhoutong !

What a joke !

Dude, what is up with your profile on this forum ? what a mess lol

I am celebrating my 1 year anniversary on this forum with a proud scammer tag.

Soon zhoutong will join me, by the looks of things Cheesy

ROFL!!!   Whole bunch of these guys are going to be given scammer tags LOL     either that or long prison sentences!

Who are these "founders"  can someone list them here ?
WTF you idiots, shut the fuck up about a scammer tag already. It hasn't even been 12 hours for them to review the security of the system, and you think that it is all gone. No it isn't all gone it just takes a while to get things back into a secure and operational state.

ROFL! cool story bro.  You clearly know this is it for Bitcoinica what stake do you have in this ?


You have absolutely no idea what your talking about.

Furthermore, you make yourself look quite pathetic being completely ignorant.

I feel stupid for ever responding to your post and giving it justice

I know all the owners of Bitcoinca personally, in fact I spoke to one of them not a few hours ago.
They have families, live in house, and are not going anywhere.
Raoul Duke
legendary
Activity: 1358
Merit: 1002
Re: [Emergency ANN] Bitcoinica site is taken offline for security investigation
May 11, 2012, 01:28:49 PM
#218
Quote from: ?? on ??
Quote from: ataranlen on May 11, 2012, 08:36:50 AM
This is very interesting. Hopefully someone actually knows about the transfer.

And hopefully someone will finally learn a lesson from this.


You're probably right. Someone will. If not Bitcoinica, the users. lol

http://blockchain.info/tx-index/5441766/51fa68b27169195618ba30a9b1f12d5590ed4c544e01699929260f0990ca5a2f

More 0.31337 BTC... Is it a message from the thieves or someone congratulating them? Wink
rjk
sr. member
Activity: 448
Merit: 250
1ngldh
Re: [Emergency ANN] Bitcoinica site is taken offline for security investigation
May 11, 2012, 01:24:35 PM
#217
Quote from: girlsgonebitcoin on May 11, 2012, 01:21:43 PM
ROFL! cool story bro.  You clearly know this is it for Bitcoinica what stake do you have in this ?
Quote from: zhoutong on May 11, 2012, 08:32:55 AM
We have over 80% of our Bitcoins in offline wallets at the moment before the attack.
Offline == not stolen. Try again.
girlsgonebitcoin
member
Activity: 99
Merit: 10
Re: [Emergency ANN] Bitcoinica site is taken offline for security investigation
May 11, 2012, 01:21:43 PM
#216
Quote from: rjk on May 11, 2012, 01:20:20 PM
Quote from: girlsgonebitcoin on May 11, 2012, 01:14:51 PM
Quote from: bulanula on May 11, 2012, 01:12:57 PM
Quote from: girlsgonebitcoin on May 11, 2012, 01:09:05 PM
Quote from: bulanula on May 11, 2012, 01:05:46 PM
Quote from: ?? on ??
ding dong MR Z i see you online where are the updates Huh

No updates. They are probably busy packing up. Why wouldn't they ? BTC is 0 value in legal system Cry

As long as they give you all the USD / fiat back then they are 100% clean legally.

Very funny putting the meatspin crap up AFTER the BTC was stolen ... real clever proof of you getting hacked zhoutong !

What a joke !

Dude, what is up with your profile on this forum ? what a mess lol

I am celebrating my 1 year anniversary on this forum with a proud scammer tag.

Soon zhoutong will join me, by the looks of things Cheesy

ROFL!!!   Whole bunch of these guys are going to be given scammer tags LOL     either that or long prison sentences!

Who are these "founders"  can someone list them here ?
WTF you idiots, shut the fuck up about a scammer tag already. It hasn't even been 12 hours for them to review the security of the system, and you think that it is all gone. No it isn't all gone it just takes a while to get things back into a secure and operational state.

ROFL! cool story bro.  You clearly know this is it for Bitcoinica what stake do you have in this ?
rjk
sr. member
Activity: 448
Merit: 250
1ngldh
Re: [Emergency ANN] Bitcoinica site is taken offline for security investigation
May 11, 2012, 01:21:05 PM
#215
Quote from: bbulker on May 11, 2012, 01:19:50 PM
Quote from: rjk on May 11, 2012, 01:11:14 PM
Quote from: bbulker on May 11, 2012, 01:08:51 PM
Quote from: DeathAndTaxes on May 11, 2012, 12:58:14 PM
Quote from: bbulker on May 11, 2012, 12:55:49 PM
I don't keep my real wallet in a public lockbox at a train station and I wouldn't keep a bitcoin wallet on public server at a datacenter.

Yes that was already covered extensively before you went off with a derail involving your "non solution".

If Bitcoinica had avoided the attackers gaining access to the server containing the private keys then the theft wouldn't have occured.  No custom protocol was required.

If the attackers gained access to the server containing the private keys then the theft still would have happened.  No custom protocol would have helped.

Hence the whole point about your "custom timed delayed protocol" being of dubious value.  Most (all ?) major thefts involving bitcoins was a result of attacker gaining access to the private keys.

Not sure how the hacker would gain access to the server when the only network-accessible thing is the custom interface as previously stated. Did you think I was trying to come up with a solution to stop the hacker after he already gained access or something?
Yes it sounded like that, because that's what happened. The "only network accessible things" extend to the control panel as well as the server itself. Sure, if you are in complete control of the hardware, making that interface difficult to access is common sense (actually it is always common sense), but when someone can reset the root password at the click of a button, that isn't going to help you.

In that case there is no possible solution. Not even an encrypted filesystem will help because it will still be mounted.
You can't reset the root password on a mounted filesystem, and you can't access an encrypted filesystem after a reboot without the password.
EDIT: I might as well make it crystal clear that you can't reset the root password on a mounted filesystem externally without access to the password itself.
rjk
sr. member
Activity: 448
Merit: 250
1ngldh
Re: [Emergency ANN] Bitcoinica site is taken offline for security investigation
May 11, 2012, 01:20:20 PM
#214
Quote from: girlsgonebitcoin on May 11, 2012, 01:14:51 PM
Quote from: bulanula on May 11, 2012, 01:12:57 PM
Quote from: girlsgonebitcoin on May 11, 2012, 01:09:05 PM
Quote from: bulanula on May 11, 2012, 01:05:46 PM
Quote from: ?? on ??
ding dong MR Z i see you online where are the updates Huh

No updates. They are probably busy packing up. Why wouldn't they ? BTC is 0 value in legal system Cry

As long as they give you all the USD / fiat back then they are 100% clean legally.

Very funny putting the meatspin crap up AFTER the BTC was stolen ... real clever proof of you getting hacked zhoutong !

What a joke !

Dude, what is up with your profile on this forum ? what a mess lol

I am celebrating my 1 year anniversary on this forum with a proud scammer tag.

Soon zhoutong will join me, by the looks of things Cheesy

ROFL!!!   Whole bunch of these guys are going to be given scammer tags LOL     either that or long prison sentences!

Who are these "founders"  can someone list them here ?
WTF you idiots, shut the fuck up about a scammer tag already. It hasn't even been 12 hours for them to review the security of the system, and you think that it is all gone. No it isn't all gone it just takes a while to get things back into a secure and operational state.
bbulker
full member
Activity: 124
Merit: 100
Re: [Emergency ANN] Bitcoinica site is taken offline for security investigation
May 11, 2012, 01:19:50 PM
#213
Quote from: rjk on May 11, 2012, 01:11:14 PM
Quote from: bbulker on May 11, 2012, 01:08:51 PM
Quote from: DeathAndTaxes on May 11, 2012, 12:58:14 PM
Quote from: bbulker on May 11, 2012, 12:55:49 PM
I don't keep my real wallet in a public lockbox at a train station and I wouldn't keep a bitcoin wallet on public server at a datacenter.

Yes that was already covered extensively before you went off with a derail involving your "non solution".

If Bitcoinica had avoided the attackers gaining access to the server containing the private keys then the theft wouldn't have occured.  No custom protocol was required.

If the attackers gained access to the server containing the private keys then the theft still would have happened.  No custom protocol would have helped.

Hence the whole point about your "custom timed delayed protocol" being of dubious value.  Most (all ?) major thefts involving bitcoins was a result of attacker gaining access to the private keys.

Not sure how the hacker would gain access to the server when the only network-accessible thing is the custom interface as previously stated. Did you think I was trying to come up with a solution to stop the hacker after he already gained access or something?
Yes it sounded like that, because that's what happened. The "only network accessible things" extend to the control panel as well as the server itself. Sure, if you are in complete control of the hardware, making that interface difficult to access is common sense (actually it is always common sense), but when someone can reset the root password at the click of a button, that isn't going to help you.

In that case there is no possible solution. Not even an encrypted filesystem will help because it will still be mounted.
Vladimir
hero member
Activity: 812
Merit: 1001
-
Re: [Emergency ANN] Bitcoinica site is taken offline for security investigation
May 11, 2012, 01:16:16 PM
#212
Quote from: N12 on May 11, 2012, 12:45:59 PM
Vladimir, I have the biggest respect for you and cypherdoc, and because of this it amazes me how you guys only can be so oblivious to the social dynamics at play here. If Bitcoin keeps destroying value instead of creating value, the market will simply drop it. Not even to mention the image problems Bitcoin already has with anyone who is not already a Bitcoiner (couple ten k guys). We cannot continue at this rate and transfer hard earned Bitcoins from market participants to hackers, scammers and leeches forever expecting Bitcoin to have any value.

You have reasonable point here, and I do not think that either myself or doc are directly arguing it with you. We are just a bit more relaxed and not so much concerned with short term noise.
girlsgonebitcoin
member
Activity: 99
Merit: 10
Re: [Emergency ANN] Bitcoinica site is taken offline for security investigation
May 11, 2012, 01:14:51 PM
#211
Quote from: bulanula on May 11, 2012, 01:12:57 PM
Quote from: girlsgonebitcoin on May 11, 2012, 01:09:05 PM
Quote from: bulanula on May 11, 2012, 01:05:46 PM
Quote from: ?? on ??
ding dong MR Z i see you online where are the updates Huh

No updates. They are probably busy packing up. Why wouldn't they ? BTC is 0 value in legal system Cry

As long as they give you all the USD / fiat back then they are 100% clean legally.

Very funny putting the meatspin crap up AFTER the BTC was stolen ... real clever proof of you getting hacked zhoutong !

What a joke !

Dude, what is up with your profile on this forum ? what a mess lol

I am celebrating my 1 year anniversary on this forum with a proud scammer tag.

Soon zhoutong will join me, by the looks of things Cheesy

ROFL!!!   Whole bunch of these guys are going to be given scammer tags LOL     either that or long prison sentences!

Who are these "founders"  can someone list them here ?
bulanula
hero member
Activity: 518
Merit: 500
Re: [Emergency ANN] Bitcoinica site is taken offline for security investigation
May 11, 2012, 01:12:57 PM
#210
Quote from: girlsgonebitcoin on May 11, 2012, 01:09:05 PM
Quote from: bulanula on May 11, 2012, 01:05:46 PM
Quote from: ?? on ??
ding dong MR Z i see you online where are the updates Huh

No updates. They are probably busy packing up. Why wouldn't they ? BTC is 0 value in legal system Cry

As long as they give you all the USD / fiat back then they are 100% clean legally.

Very funny putting the meatspin crap up AFTER the BTC was stolen ... real clever proof of you getting hacked zhoutong !

What a joke !

Dude, what is up with your profile on this forum ? what a mess lol

I am celebrating my 1 year anniversary on this forum with a proud scammer tag.

Soon zhoutong will join me, by the looks of things Cheesy
rjk
sr. member
Activity: 448
Merit: 250
1ngldh
Re: [Emergency ANN] Bitcoinica site is taken offline for security investigation
May 11, 2012, 01:11:14 PM
#209
Quote from: bbulker on May 11, 2012, 01:08:51 PM
Quote from: DeathAndTaxes on May 11, 2012, 12:58:14 PM
Quote from: bbulker on May 11, 2012, 12:55:49 PM
I don't keep my real wallet in a public lockbox at a train station and I wouldn't keep a bitcoin wallet on public server at a datacenter.

Yes that was already covered extensively before you went off with a derail involving your "non solution".

If Bitcoinica had avoided the attackers gaining access to the server containing the private keys then the theft wouldn't have occured.  No custom protocol was required.

If the attackers gained access to the server containing the private keys then the theft still would have happened.  No custom protocol would have helped.

Hence the whole point about your "custom timed delayed protocol" being of dubious value.  Most (all ?) major thefts involving bitcoins was a result of attacker gaining access to the private keys.

Not sure how the hacker would gain access to the server when the only network-accessible thing is the custom interface as previously stated. Did you think I was trying to come up with a solution to stop the hacker after he already gained access or something?
Yes it sounded like that, because that's what happened. The "only network accessible things" extend to the control panel as well as the server itself. Sure, if you are in complete control of the hardware, making that interface difficult to access is common sense (actually it is always common sense), but when someone can reset the root password at the click of a button, that isn't going to help you.
girlsgonebitcoin
member
Activity: 99
Merit: 10
Re: [Emergency ANN] Bitcoinica site is taken offline for security investigation
May 11, 2012, 01:09:05 PM
#208
Quote from: bulanula on May 11, 2012, 01:05:46 PM
Quote from: ?? on ??
ding dong MR Z i see you online where are the updates Huh

No updates. They are probably busy packing up. Why wouldn't they ? BTC is 0 value in legal system Cry

As long as they give you all the USD / fiat back then they are 100% clean legally.

Very funny putting the meatspin crap up AFTER the BTC was stolen ... real clever proof of you getting hacked zhoutong !

What a joke !

Dude, what is up with your profile on this forum ? what a mess lol
bbulker
full member
Activity: 124
Merit: 100
Re: [Emergency ANN] Bitcoinica site is taken offline for security investigation
May 11, 2012, 01:08:51 PM
#207
Quote from: DeathAndTaxes on May 11, 2012, 12:58:14 PM
Quote from: bbulker on May 11, 2012, 12:55:49 PM
I don't keep my real wallet in a public lockbox at a train station and I wouldn't keep a bitcoin wallet on public server at a datacenter.

Yes that was already covered extensively before you went off with a derail involving your "non solution".

If Bitcoinica had avoided the attackers gaining access to the server containing the private keys then the theft wouldn't have occured.  No custom protocol was required.

If the attackers gained access to the server containing the private keys then the theft still would have happened.  No custom protocol would have helped.

Hence the whole point about your "custom timed delayed protocol" being of dubious value.  Most (all ?) major thefts involving bitcoins was a result of attacker gaining access to the private keys.

Not sure how the hacker would gain access to the server when the only network-accessible thing is the custom interface as previously stated. Did you think I was trying to come up with a solution to stop the hacker after he already gained access or something?
rjk
sr. member
Activity: 448
Merit: 250
1ngldh
Re: [Emergency ANN] Bitcoinica site is taken offline for security investigation
May 11, 2012, 01:08:38 PM
#206
Quote from: PawShaker on May 11, 2012, 01:06:31 PM
Quote from: DeathAndTaxes on May 11, 2012, 12:58:14 PM
Quote from: bbulker on May 11, 2012, 12:55:49 PM
I don't keep my real wallet in a public lockbox at a train station and I wouldn't keep a bitcoin wallet on public server at a datacenter.

Yes that was already covered extensively before you went off with a derail involving your "non solution".

If Bitcoinica had avoided the attackers gaining access to the server containing the private keys then the theft wouldn't have occured.  No custom protocol was required.

If the attackers gained access to the server containing the private keys then the theft still would have happened.  No custom protocol would have helped.

Hence the whole point about your "custom timed delayed protocol" being of dubious value.  Most (all ?) major thefts involving bitcoins was a result of attacker gaining access to the private keys.

What about a setup where hot wallet is on separate machine which periodically fetches instructions for transfers. Attacker would have to reverse engineer the setup in short time from obtaining access to alarm being raised. The main server can be collocated while hot wallet server can be in a basement of undisclosed private home.
You can do this with multisig transactions.
PawShaker
full member
Activity: 140
Merit: 100
Re: [Emergency ANN] Bitcoinica site is taken offline for security investigation
May 11, 2012, 01:06:31 PM
#205
Quote from: DeathAndTaxes on May 11, 2012, 12:58:14 PM
Quote from: bbulker on May 11, 2012, 12:55:49 PM
I don't keep my real wallet in a public lockbox at a train station and I wouldn't keep a bitcoin wallet on public server at a datacenter.

Yes that was already covered extensively before you went off with a derail involving your "non solution".

If Bitcoinica had avoided the attackers gaining access to the server containing the private keys then the theft wouldn't have occured.  No custom protocol was required.

If the attackers gained access to the server containing the private keys then the theft still would have happened.  No custom protocol would have helped.

Hence the whole point about your "custom timed delayed protocol" being of dubious value.  Most (all ?) major thefts involving bitcoins was a result of attacker gaining access to the private keys.

What about a setup where hot wallet is on separate machine which periodically fetches instructions for transfers. Attacker would have to reverse engineer the setup in short time from obtaining access to alarm being raised. The main server can be collocated while hot wallet server can be in a basement of undisclosed private home.
bulanula
hero member
Activity: 518
Merit: 500
Re: [Emergency ANN] Bitcoinica site is taken offline for security investigation
May 11, 2012, 01:05:46 PM
#204
Quote from: ?? on ??
ding dong MR Z i see you online where are the updates Huh

No updates. They are probably busy packing up. Why wouldn't they ? BTC is 0 value in legal system Cry

As long as they give you all the USD / fiat back then they are 100% clean legally.

Very funny putting the meatspin crap up AFTER the BTC was stolen ... real clever proof of you getting hacked zhoutong !

What a joke !
DeathAndTaxes
donator
Activity: 1218
Merit: 1079
Gerald Davis
Re: [Emergency ANN] Bitcoinica site is taken offline for security investigation
May 11, 2012, 12:58:14 PM
#203
Quote from: bbulker on May 11, 2012, 12:55:49 PM
I don't keep my real wallet in a public lockbox at a train station and I wouldn't keep a bitcoin wallet on public server at a datacenter.

Yes that was already covered extensively before you went off with a derail involving your "non solution".

If Bitcoinica had avoided the attackers gaining access to the server containing the private keys then the theft wouldn't have occured.  No custom protocol was required.

If the attackers gained access to the server containing the private keys then the theft still would have happened.  No custom protocol would have helped.

Hence the whole point about your "custom timed delayed protocol" being of dubious value.  Most (all ?) major thefts involving bitcoins have been a result of the attacker gaining access to the server with the private keys and simply copying them.
MrTeal
legendary
Activity: 1274
Merit: 1004
Re: [Emergency ANN] Bitcoinica site is taken offline for security investigation
May 11, 2012, 12:58:02 PM
#202
Quote from: bbulker on May 11, 2012, 12:49:00 PM
Quote from: MrTeal on May 11, 2012, 12:47:26 PM
Quote from: bbulker on May 11, 2012, 12:44:19 PM
Quote from: DeathAndTaxes on May 11, 2012, 12:36:18 PM
Quote from: bbulker on May 11, 2012, 12:33:14 PM
There is nothing to reverse if the transaction is canceled during the grace time before it is executed on bitcoind. There is no server to hack into when the only network-accessible thing is the custom interface.

There always is a server.  Some custom protocol doesn't change the fact that a server exists.  When you send a command using the costom protocol where is going?  Obviously bitcoind is running somewhere.  Your solution is no solution.  Attacker would simply bypass the stupid "interface" hit the real server and steal the private keys.

You do understand the private keys are simply numbers right?  If you have the numbers you have the funds.  Thieves don't need to use the lockdown bitcoind.  They steal the private keys and execute a transaction from anywhere in the world.

Why would you have a custom interface but leave the bitcoind rpc port and ssh open to the public?

Are you intentionally missing their point?

Are they implying the hacker would have physical access to the machine? I thought computers could only communicate through ports.

If the server is sitting in Zhoutong's basement, you can set it up that way. If you buy server space from a company, you obviously need a way even outside of whatever software you load on it to manage that server. If you get control of the server, it doesn't matter what obfuscation you use on your bitcoin client, they now own your client and everything else. You're arguing that a car dealer should use non-standard keys and awesome alarms on the cars they sell, people here are telling you that won't do a whole lot of good when the thieves smash down the walls and load all the cars onto 20 semis.
Pages:
Bitcoin Forum>Bitcoin>Bitcoin Discussion
Jump to: