My point is that VPS should never be used to host projects which need to handle non-negligible amounts of users' bitcoins as virtual private servers have extra attack surface as compared to dedicated servers.
If your security model depends on not having one or more servers compromised it's probably flawed anyway.
A correct security model depends much more on thorough continuous auditing and business operations procedures than it does on technical considerations.
Designing your system to fail gracefully without financial consequences is far more important than designing it not to fail or get compromised.
This reminds me, have you published a debriefing about the technical details of your problems davout? If so, can you point to it?
If not, do you have a plan to? I would think that by now
- enough time has passed to have re-constructed your procedures
- any defects which made the attacks possible would be resolved and those mistakes would not be made again.
For my part, I just have curiosity about things. Believe it or not I actually
want the Instawallet hassles to be an understandable failure against a significant attack (vs. a bogus story invented to mop up unclaimed Instalwallet funds or some such.) Also, I think it would help other system designers to understand the nature and capabilities of attackers. If it helps others, great. It is in no ones interest when hacks occur (except criminals, bankers, politicians, etc.)
