Great post. These are very real growing pains that this emerging currency is going through. It's not gonna be a smooth ride with the amount of people who feel threatened by the idea of a decentralized currency becoming mainstream, but as long as you try and keep a level head while ignoring the chicken little doomers you should be fine.
Topic: Everyone stop panicking and read this (Read 3830 times)
i totally agree with all you said
+1
One principle of web site design for the Exchanges to follow is "Defense in Depth". don't depend on a single feature to be your security, all aspects of the system require minimum access privileges and very fine grained audit controls and monitoring. If one has permissions to access a database it should be further restricted to what tables and rows are appropriate. All the way down to every file on every system in the enterprise. Who owns it , who can read it (and how often!), who can change it. who can delete it. Keep in mind that once it is read it can be let loose in the wild with another few steps. That has to all be monitored and logged. and the system must do it automatically and with alerts to the watchers.
+1
Finally it's like we are back at the beginning of the year when forum was still filled with adults. Thank you for this because I share the exact same sentiment.
Most important thing we have to remember now and in the future is that this is just the beginning. We are all early adapters and we have got to play the part in helping it become mainstream. No one else will do this for us. We have yet to face the real challenges of bitcoin which are ahead and the community can't forget that many people/organization with lot to lose will try to throw wrenches in bitcoin's path. This is just small bump of the road that really didn't do anything to compromise Bitcoin's actual security. Media outlets will already do the jobs of sensational reporting when infact it was just a compromised computer of an auditor which compromised the db of a single exchange.
Most important thing we have to remember now and in the future is that this is just the beginning. We are all early adapters and we have got to play the part in helping it become mainstream. No one else will do this for us. We have yet to face the real challenges of bitcoin which are ahead and the community can't forget that many people/organization with lot to lose will try to throw wrenches in bitcoin's path. This is just small bump of the road that really didn't do anything to compromise Bitcoin's actual security. Media outlets will already do the jobs of sensational reporting when infact it was just a compromised computer of an auditor which compromised the db of a single exchange.
So it was not website insecurity, but poor practices.
Yes... Somehow a cracker just happened to manually discover and root a box with a db connection to Mt. Gox out of the blue. And this excuse comes from the same people who have been disregarding all the recent reports of compromised accounts as client infections?
to me it sounds like a rouge auditor not getting paid enough ... or a semi pro using a compromised windows machine.. eitherr way there is going to be many more heists oof btc in the future like this.. its to be expected.. i think only looser here is mtgox as their rep is screwed now.. time for more exchamges to come out of the woodwork and put down the mtgox monopoly... but who to trust .. whos next to get greedy and slam some more bad press around .. totally expect more of the same
One thing that will help is if someone can post up a set of good secure design practices. This will help those developing new Bitcoin based websites to ensure that their sites won't get immediately cracked. I'm thinking of a minimum set of architecture requirements that can be used as a ticklist.
I'm not simply saying "TrueCrypt your wallet!" - that advice is fine for casual users. If you're developing a large scale system with lots of wallets what would you do to ensure the safety of your clients?
I'm not simply saying "TrueCrypt your wallet!" - that advice is fine for casual users. If you're developing a large scale system with lots of wallets what would you do to ensure the safety of your clients?
+1
Hooray!
Hooray!
+1 Great !
+1
Quote
One large such example is an attempt to split the blockchain. I fear that until someone actually tries this, there may be more serious issues lurking which we can't forsee.
How do you know with such certainty that this "test" has not already taken place?
If you can find a suitably sized machine/network (~6Thash/s) we could test it ... but the days of a feasible >50% attack are behind us with the current technology ...
... there have been some pretty impressive ramp-ups and collapses in network hashrate that suggest such "tests" have already taken place in the past.
+1
It's a learning process. It's going to be painful but hopefully in the end, it will make the bitcoin stronger.
Everyone stop panicking and read this.
+1
For helping remind people not to panic.
I'm trying to do the same:
When the Hot Deadly Lava from MtGox is Inches from Your Feet how Will YOU React?
+1
For helping remind people not to panic.
I'm trying to do the same:
When the Hot Deadly Lava from MtGox is Inches from Your Feet how Will YOU React?
Buy and hold. Good luck men. If it goes lower buy more.
Apparently Mt Gox was not hacked through SQL injection.
"It appears that someone who performs audits on our system and had read-only access to our database had their computer compromised. This allowed for someone to pull our database. The site was not compromised with a SQL injection as many are reporting, so in effect the site was not hacked."
So it was not website insecurity, but poor practices.
"It appears that someone who performs audits on our system and had read-only access to our database had their computer compromised. This allowed for someone to pull our database. The site was not compromised with a SQL injection as many are reporting, so in effect the site was not hacked."
So it was not website insecurity, but poor practices.
I agree. This is NOT a result of the shortcomings of BTC. It appears to be a website security issue. Bitcoins are OK.
+1
Jump to: