Quote
Do not touch them with a bargepole.
HAHA. That is the best line I heard all day.
Topic: Instawallet security breach (Read 2160 times)
Do not touch them with a bargepole.
HAHA. That is the best line I heard all day.
Also look at this related thread and its second post: https://bitcointalksearch.org/topic/instawallet-down-should-we-be-worried-164126
This confirms my suspicion it has something to do with the hot wallet (maybe they were shared)...
Pure speculation (hence why I'm posting here instead of on all other threads about this breach):
Could it be that this is an elaborate April fools by Paytunia et al. just to see if the USD/BTC value goes down, so they can get cheap coins?
This confirms my suspicion it has something to do with the hot wallet (maybe they were shared)...
Pure speculation (hence why I'm posting here instead of on all other threads about this breach):
Could it be that this is an elaborate April fools by Paytunia et al. just to see if the USD/BTC value goes down, so they can get cheap coins?
I find somewhat funny that it happened on 1st April... Still, and if this is not a April Fools joke*, I don't think the URL issue would be enough to have them decide going down for maintenance - they didn't do anything like it when the issue with Google listing was popularized, and that was the right time to go down, not now. I say the security breach is of another kind and maybe completely unrelated.
I saw on some other threads people saying they couldn't send funds out of their Instawallet (as if the hot coins wallet had become empty) for some days. I guess the URLs thing made some people with bad intentions look more closely to Instawallet. I say they found an exploit, and used it.
*if it's a joke, it's preventing every user of their website from sending coins and I'm sure they are not finding it funny (that's why I don't think this is a fools joke).
I saw on some other threads people saying they couldn't send funds out of their Instawallet (as if the hot coins wallet had become empty) for some days. I guess the URLs thing made some people with bad intentions look more closely to Instawallet. I say they found an exploit, and used it.
*if it's a joke, it's preventing every user of their website from sending coins and I'm sure they are not finding it funny (that's why I don't think this is a fools joke).
Is this a big deal for some reason?
With the right url, you essentially have open access to that wallet.
Them being index, basically gave you a gaint list of accounts steal from.
edit: spelling
Is this a big deal for some reason?
Never underestimate human stupidity.
Someone will eventually do it (store loads of Btc on there)
Someone will eventually do it (store loads of Btc on there)
doubt anybody is reckless enough to store anything but some change for a brief periods of time there (less than it takes for search engines to pick up the url). so non-issue.
I wish this were true, but people seem to fall for the same mistakes over and over.
doubt anybody is reckless enough to store anything but some change for a brief periods of time there (less than it takes for search engines to pick up the url). so non-issue.
Its a fundamental issue with the "url" concepts. Chrome and IE and some ff browser extensions work like a trojan, sending users history to search engines for indexing.. After they "fixed" the google flaw, I tried with bing and sure enough got several instawallet urls.. All with zero btc though but some had received coins in the past.
instawallet.org says:
Down for Maintenance
We have detected a security breach. Services are temporarily suspended until we have thoroughly investigated the situation. We will resume services as soon as possible.
Please do not send funds to your address for the time being.
Stay tuned for further updates, thank you for your understanding.
the founder (user here on bitcointalk) has locked his thread but it has some details
Down for Maintenance
We have detected a security breach. Services are temporarily suspended until we have thoroughly investigated the situation. We will resume services as soon as possible.
Please do not send funds to your address for the time being.
Stay tuned for further updates, thank you for your understanding.
the founder (user here on bitcointalk) has locked his thread but it has some details
Jump to: