Pages:
Author

Topic: Instawallet/Bitcoin-Central Security Breach (Read 85333 times)

legendary
Activity: 1918
Merit: 1570
Bitcoin: An Idea Worth Spending
http://www.webhostingtalk.com/showthread.php?t=1193737

Quote
Hosting won't keep you safe if the actual source code is vulnerable. The only way to protect is to see how the attacks happen. That is what we do when we work with clients. We check logs to see what really is going on. In this case it sounds like it is the code and not web hosting.
sr. member
Activity: 462
Merit: 250
glad i never heard of them until now


They are only the biggest hosting company in the world.

and thank god not the ONLY one
newbie
Activity: 39
Merit: 0
^ if they had chosen a cheap crappy provider, then I would agree, but AFAIK then OVH isn't known for "being crappy" or use insecure/outdated software on their systems.
hero member
Activity: 868
Merit: 1000
"2 identical hacks in 2 days for #bitcoin services hosted at #OVH. @olesovhcom your manager will reset a password without e-mail confirmation"
https://twitter.com/Bitcoin_Central/status/327131323342942209

Looks like OVH is to blame Angry

And srsly host critic websites on your own servers, don't trust OVH/Linode or anyone Sad

Nope, they chose their hosting service.  If they chose a hosting service which allows password resets without adequate verification, that's on them, not the hosting service.  It'd be interesting to know if there was a more secure option available to them with OVH and they simply chose not to use it (which has happened in the past with other intrusions - the services haven't paid for full database back up or haven't utilised all the security options available to them).
hero member
Activity: 952
Merit: 1009
glad i never heard of them until now


They are only the biggest hosting company in the world.
sr. member
Activity: 462
Merit: 250
glad i never heard of them until now
newbie
Activity: 39
Merit: 0
"2 identical hacks in 2 days for #bitcoin services hosted at #OVH. @olesovhcom your manager will reset a password without e-mail confirmation"
https://twitter.com/Bitcoin_Central/status/327131323342942209

Looks like OVH is to blame Angry

And srsly host critic websites on your own servers, don't trust OVH/Linode or anyone Sad
legendary
Activity: 1918
Merit: 1570
Bitcoin: An Idea Worth Spending
This is Boussac's response when you ask for a police report number:

Unignore

I see how the game is played now: Hack your own sites, claim money was stolen, claim to fill out a police report, ignore all requests from those who entrusted you with their assets, then call them trolls for requesting a simple number to set them at ease.

You sir, are one sick mother fucker!

Couldn't agree more...

All ease aside, the one hint is the lack of a police report number (and possibly them being one sick motherfuckers).

Ignore




Meanwhile, I will have to wait till after the 90 days that he has set before I even have a chance in hell to ever see my bitcoins again.

This guy is one sick motherfucker!
legendary
Activity: 1918
Merit: 1570
Bitcoin: An Idea Worth Spending
Any news on how many claims are coming in Boussac?

Also, have you got the details of the crime reported with BEFTI? I need to pass the info to my insurance provider.

Thanks

A reasonable request methinks...

Still refusing to answer, Boussac? Smiley

Sure it's reasonable, hence Boussac putting him on his ignore list after he posted such a kind request. In his mind, it's fuck you and your insurance computer, for I got mine after all this time providing a free service to all you dumb fucks.

Here's a question: Does that mean that all the other principles are also ignoring this very important issue? Nary a one has come to our rescue. Sure the hell says a lot of them, don't you think? Time to hunt down their accounts and see if they too have gone dark just like davout.
full member
Activity: 172
Merit: 100
Any news on how many claims are coming in Boussac?

Also, have you got the details of the crime reported with BEFTI? I need to pass the info to my insurance provider.

Thanks

A reasonable request methinks...

Still refusing to answer, Boussac? Smiley
newbie
Activity: 12
Merit: 0
What the fuck is this?: https://www.instawallet.org/ (very top)

Quote


  Instawallet
  
  


Could simply mean that weak security was good enough when btc weren't so expensive, but now the instawallet model won't work. Trying to put a positive spin on this ... I'd hate to believe paymium is intentionally swindling people. If they were, there would be hell to pay.
full member
Activity: 172
Merit: 100
I have started a new thread https://bitcointalksearch.org/topic/was-paymium-really-hacked-or-are-they-running-a-scam-latter-appearing-likely-177317 about Boussac's refusal to provide the police report reference number.

I invite anyone who shares my point of view to provide comment there.
hero member
Activity: 756
Merit: 1000
Any news on how many claims are coming in Boussac?

Also, have you got the details of the crime reported with BEFTI? I need to pass the info to my insurance provider.

Thanks
member
Activity: 106
Merit: 10
Oh boy, is this for real?, i mean, post like this can really damage the confidence of the people.

i sincerely hope they are upgrading their security and hiring more people,

just look at what happend with bitcoin-24, it's really bad news, specially for the ones that bought bitcoin at 180€

i guess i will withdraw my 2 coins to a coldwallet and come back in a few years.
member
Activity: 98
Merit: 10
No apologies for the cross-post:

What the fuck is this?: https://www.instawallet.org/ (very top)

Quote


  Instawallet
  
  
Damn. That doesn't look good.

EDIT: Correct URL and adding an image: view-source:https://www.instawallet.org/



You had your time when coins weren't so precious.

Goodbye, bitcoins. I tried to protect you. Enjoy you new life in Pattaya.





i love that place.
legendary
Activity: 1008
Merit: 1000
Okay, Instawallet website has been back up for a while.
The wallet URLs also work now. File your claims!
legendary
Activity: 1008
Merit: 1000
WTF
Look at instawallet.org's source code now:
Code:


 
    Instawallet
   
 
 
 

It was made PURPOSELY to keep refreshing the site.
WTF.
legendary
Activity: 1918
Merit: 1570
Bitcoin: An Idea Worth Spending
No apologies for the cross-post:

What the fuck is this?: https://www.instawallet.org/ (very top)

Quote


  Instawallet
  
  
Damn. That doesn't look good.

EDIT: Correct URL and adding an image: view-source:https://www.instawallet.org/



You had your time when coins weren't so precious.

Goodbye, bitcoins. I tried to protect you. Enjoy you new life in Pattaya.

legendary
Activity: 1008
Merit: 1000
New Instawallet Notice:
Quote
Instawallet is closed
Visit your wallet's URL to file a claim.

Submit your claim now: claims will be processed in the order they were received. Multiple claims for a same wallet will require more time to process.

The claim process started April 11, 2013 at 10PM CEST.

I visited a few of my Instawallet URLs, but there was still a 404 error?
IDK.
EDIT: Now, when I visit the main Instawallet site, it's an infinite load loop?
Tongue

Same here, 404 error on all 5 of my wallet addresses.


You guys are so lucky! I don't even get a 404 error, just the endless fruit-loop (actually stops at the static page, but that wouldn't have worked as humor).

For my wallet URLs, I get the 404 error, but for the main site, I get the endless fruit-loop Cheesy
Pages:
Jump to: