Pages:
Author

Topic: Newbie Experience with MtGox (Read 3241 times)

hero member
Activity: 518
Merit: 500
December 18, 2011, 08:39:41 PM
#38
Just doing some hunting - is there a "terms of use" for Gox?  I couldn't see it.  Pretty crummy for the so called #1 exchange.
If it's based in Japan, then what good would legalese do for you? Use at your own risk until something better comes along. There's lots of ideas floating around, but mtgox is here and now.

Legalese would be fine, even if in Japanese.  I will not be back there until the end of March, but that doesn't matter.  I know where they are located.
donator
Activity: 1736
Merit: 1014
Let's talk governance, lipstick, and pigs.
December 18, 2011, 04:37:18 AM
#37
Just doing some hunting - is there a "terms of use" for Gox?  I couldn't see it.  Pretty crummy for the so called #1 exchange.
If it's based in Japan, then what good would legalese do for you? Use at your own risk until something better comes along. There's lots of ideas floating around, but mtgox is here and now.

I think this is a photo from 2006 of the CEO and trainees (looks like spring break) when Mutum Sigillum (the USA counterpart where your money actually goes) started:
MUTUM SIGILLUM LLC — 2915 OGLETOWN ROAD, # 1085 — NEWARK, DE 19713 — U.S.A.
hero member
Activity: 518
Merit: 500
December 18, 2011, 03:39:24 AM
#36
Just doing some hunting - is there a "terms of use" for Gox?  I couldn't see it.  Pretty crummy for the so called #1 exchange.
hero member
Activity: 602
Merit: 502
December 17, 2011, 07:48:51 PM
#35
I think the overall point I'm trying to make is that BTC will never be mainstream if the #1 exchange has so many security holes, and money just disappears.  Plus, the customer service at MTGox is complete shit.

The #1 exchange is chosen by people. If you are looking into alternatives I recommend CampBX for US users. They have excellent support.

Personally I never had any problem with MtGox, but I don't use it for the same reasons I wouldn't mine at Deepbit: they have a huge market share.
legendary
Activity: 1470
Merit: 1004
December 17, 2011, 06:24:00 PM
#34
I think the overall point I'm trying to make is that BTC will never be mainstream if the #1 exchange has so many security holes, and money just disappears.  Plus, the customer service at MTGox is complete shit.
legendary
Activity: 1470
Merit: 1004
December 17, 2011, 06:17:03 PM
#33
@msin

Did you have browser windows/tabs from other websites open in the same time as when you were logged in to Mt Gox?

I always make sure to open Mt Gox in a new Incognito Chromium Window, which basically creates an independent and private browsing session that I use just for Mt Gox. Otherwise, I think you can have an attack from a rogue website looking for things like a Mt Gox cookie for your current session.

You know, I really don't remember, I could have had additional windows open.  I'll definitely keep that in mind.
legendary
Activity: 1470
Merit: 1004
December 17, 2011, 06:16:02 PM
#32
AFAIK, MtGox is the only one offering the Yubikey option (someone correct me if I'm wrong, or if any other exchange has two factor authentication).

Both TradeHill and CampBX have free 2 factor authentication with an SMS/phone call to your cellphone.

Thanks, I'll probably be using TradeHill from now on. 
legendary
Activity: 1470
Merit: 1004
December 17, 2011, 06:15:11 PM
#31
They should go the route of a pin requirement for any actions.  The thing that really bothers me is that you can change your account email within MtGox without any confirmation whatsoever.  That's what really screwed my over, I was unable to put a stop to any actions.

confirmed - that really seems like an invitation to be goxxed. why the heck would they do that?

also I would like to see an option for an email confirmation for all withdrawals



Couldn't agree more, my email was allowed to be changed once the hacker was in my account, then they could do whatever they wanted.  So lame.
legendary
Activity: 1470
Merit: 1004
December 17, 2011, 06:12:56 PM
#30
Did you click a link in an "Mt Gox" email? Or basically, were you phished?
They have been warning about phishing emails for months.

Nope,  I wasn't phished, that's what's so frustrating, my account was just hacked and MtGox didn't do anything to stop it.
legendary
Activity: 1470
Merit: 1004
December 17, 2011, 06:11:45 PM
#29
Msin, what email service did you use?

If email companies have access to so many details about your account then they can actually request password change first then get into your account do whatever they want and then delete certain incoming emails to make it look like it was an attacker.

We need to start thinking about decentralized email service!

I use Gmail, but it has nothing to do with my emai, it's my MtGox account that was hacked.  Still nothing from MtGox, they refuse to respond to me.
member
Activity: 100
Merit: 16
December 16, 2011, 04:43:57 PM
#28
@msin

Did you have browser windows/tabs from other websites open in the same time as when you were logged in to Mt Gox?

I always make sure to open Mt Gox in a new Incognito Chromium Window, which basically creates an independent and private browsing session that I use just for Mt Gox. Otherwise, I think you can have an attack from a rogue website looking for things like a Mt Gox cookie for your current session.
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
December 16, 2011, 04:27:34 PM
#27
AFAIK, MtGox is the only one offering the Yubikey option (someone correct me if I'm wrong, or if any other exchange has two factor authentication).

Both TradeHill and CampBX have free 2 factor authentication with an SMS/phone call to your cellphone.

That's excellent... sort of like how Chase and PayPal have the same thing.
hero member
Activity: 602
Merit: 502
December 16, 2011, 03:38:17 PM
#26
AFAIK, MtGox is the only one offering the Yubikey option (someone correct me if I'm wrong, or if any other exchange has two factor authentication).

Both TradeHill and CampBX have free 2 factor authentication with an SMS/phone call to your cellphone.
hero member
Activity: 496
Merit: 500
December 16, 2011, 03:26:48 PM
#25
Msin, what email service did you use?

If email companies have access to so many details about your account then they can actually request password change first then get into your account do whatever they want and then delete certain incoming emails to make it look like it was an attacker.

We need to start thinking about decentralized email service!
donator
Activity: 308
Merit: 250
December 16, 2011, 02:43:55 PM
#24
They should go the route of a pin requirement for any actions.  The thing that really bothers me is that you can change your account email within MtGox without any confirmation whatsoever.  That's what really screwed my over, I was unable to put a stop to any actions.

confirmed - that really seems like an invitation to be goxxed. why the heck would they do that?

also I would like to see an option for an email confirmation for all withdrawals
How about disabling withdrawals for new IP addresses until confirmed by email?
legendary
Activity: 1708
Merit: 1020
December 16, 2011, 02:04:02 PM
#23
They should go the route of a pin requirement for any actions.  The thing that really bothers me is that you can change your account email within MtGox without any confirmation whatsoever.  That's what really screwed my over, I was unable to put a stop to any actions.

confirmed - that really seems like an invitation to be goxxed. why the heck would they do that?

also I would like to see an option for an email confirmation for all withdrawals






vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
December 16, 2011, 12:06:25 PM
#22
They should go the route of a pin requirement for any actions.  The thing that really bothers me is that you can change your account email within MtGox without any confirmation whatsoever.  That's what really screwed my over, I was unable to put a stop to any actions.

Even if account e-mail required confirmation, withdrawal does not.  Withdrawals are instant.  By the time you received the confirmation e-mail, it's already too late.

If withdrawal requires a PIN, and you have a keylogger, the attacker would also have your PIN.
legendary
Activity: 1470
Merit: 1004
December 16, 2011, 11:53:10 AM
#21
Yep, I agree with you, I have learned my lesson and will definitely use a Yubikey.  I will not use MtGox as they have many security flaws in their system.  I've never had my bank accounts, equity accounts, or even email accounts hacked, because of basic security precautions taken by those companies.  Would be really easy for MtGox to avoid issues like this with a simple email confirmation.

AFAIK, MtGox is the only one offering the Yubikey option (someone correct me if I'm wrong, or if any other exchange has two factor authentication).

I would agree that there are simple things MtGox could do to improve security - for example, like requiring a 2nd password for withdrawal above a limit, or making withdrawals wait a little while to give you time to blow the whistle, or requiring a PGP signature to withdraw.  On the other hand, if you have a compromised machine, or a compromised e-mail account, none of this will be much help.

They should go the route of a pin requirement for any actions.  The thing that really bothers me is that you can change your account email within MtGox without any confirmation whatsoever.  That's what really screwed my over, I was unable to put a stop to any actions.
legendary
Activity: 1470
Merit: 1004
December 16, 2011, 11:51:18 AM
#20
Did you click a link in an "Mt Gox" email? Or basically, were you phished?
They have been warning about phishing emails for months.

Nope I didn't.  I just received an email saying that there was a withdrawal.  I went to MtGox on a separate page and tried to login to my account and I couldn't login.
legendary
Activity: 2408
Merit: 1009
Legen -wait for it- dary
December 16, 2011, 11:47:12 AM
#19
Did you click a link in an "Mt Gox" email? Or basically, were you phished?
They have been warning about phishing emails for months.
Pages:
Jump to: