Topic: GLBSE 2.0, Is safer now. - page 7. (Read 8809 times)

Just pm Nefario and ask him to change your email address? Why this drama?

OK, I agree that it is an issue in the sense that you should have been able to adjust prior, and people should be able to change their e-mail adress now with their GLBSE password.

But this is not an issue that has to do with whether GLBSE is safe but if your email account you registered with is safe …

How can you expect "this" to be fixed when you don’t even know what should be done about it? The first version of GLBSE used a long string representing your private key in addition to your password which you stored on your computer. You can do the exact same thing today and store both your email password and GLBSE password encrypted on your computer – no difference.

And the reason it got changed is that noone used GLBSE due to it, because it severely cut into usability. GLBSE 2.0 is way more popular now.

The only thing that can be done is add multifactor authentication, and it definitely should be done.

And yes, EDIT YOUR PREVIOUS POST NOW. I reported it.

Can you please edit your post and remove what people need to know? You're only making it easier for people to hijack your account. I agree current security is lackluster for this site if they want to become big, but you've made your point already. No need to make it easier for people

One of the only reasons why I'm trading with ~10 BTC over there, rather than 100+
I'd really like this to get fixed/improved, as I'd love to learn more about trading shares and bonds (just trying things out atm).
How was the security done on GLBSE 1.0 that you needed psychical access to your computer?
And why wasn't this implemented in version 2.0?

What is not solid about that? Take care of your passwords and make them secure enough with something like KeePass. Most users on most Bitcoin exchanges have the same kind of protection.

You can take your password and encrypt it exactly like you encrypted your private key if you want.

I agree though that a 2nd auth with your phone would be preferable here, but I don’t think your topic’s title is appropriate, because yes, having a PW is safe if you can take care of it.

Much more concerning is the question whether GLBSE now has any exploitable vulnerabilities etc., I would really like to see Patrick Strateman (from Intersango, where Nefario works too) do some penetration testing like he did with other exchanges if it hasn’t yet happened.

+1 to this. Have you got your account back yet?
I personally am not as bothered because all I have is about 40 shares of TyGrr-Bank but even then I am concerned and see no benefits of GLBSE 2.0.
Just like blockchain.info wallet, it is trusted with thousands of bitcoin, and wouldn't be nearly as popular if they didn't only store encrypted wallets on their server.

EDIT: Would it be too hard to just create your own front end for shares? It would mean you can stop people selling for inflated prices if you want, and eliminate the glbse tx fees. You could make it so you sell to and buy from you for set prices, nothing else.

First of all I do not like to talk in public about this sort of stuff but I am doing so because I have a duty to my shareholders and people who hold my assets.  I apologize in advance. Nafario will be PMed a link to this thread.

GLBSE 1.0 was extremely solid. For the user to be at fault for a hack not only did someone need to have access to their physical computer but they also needed the password. I only kept the account on one computer and encrypted the HDD. If I got hacked it was not going to be my fault.
GLBSE2.0 is nothing close to solid. All you need now to get access to someone’s account is their e-mail address and password. That is it!

https://bitcointalksearch.org/topic/m.829923

Nefario himself understand how risky this is and claims he will take no responsibility. I understand that point of view and I am going to make it very clear that I also take no responsibility!

Hold assets created by me at your own risk. If I am hacked I will take no responsibility. Why? My account is attached to a free e-mail account that I have used for years on public computers all over the world. Would I even dream of putting 1000s of bitcoins on the security of this free junk mail account? No, never and to do so would be negligent! This was forced upon me without warning or consent!

Sunday morning I woke up and found that I could not get into my GLBSE account. I was almost physically ill because I knew the password I was using was correct. I had no idea what was wrong. I first checked the stock prices to see if there was a massive sell off on things I held. There was not. This made me feel better. However there is a massive amount of bitcoin in that account and I had no idea if it was still there or not. I messaged and e-mail Nefario. He did not get back to me for 24 hours and finally told me that he is having problems with my account.

I do not want to deal with level of stress again so I’m making it very clear now that I will not be held responsible for what I consider to be Nefario’s negligence. Right now I still do not have access to my account and assume no one else does either.

This whole thing just blows me away. I’m truly in shock.