Quote
However, says the post, various security measures, such as multi-factor authentication and auto lockdowns prevented any more theft and no personal or transactional information from users has been leaked.
+1 for BitInstant
Topic: Sell, sell, sell The hack of Bitcoin 2013 again - page 2. (Read 2963 times)
+1 for BitInstant
It wasn't the hosting company it was the domain registrar, they used Site5 to register the domain and the hacker convinced them to hand over control of the domain name to him/her. IMO it isn't such a good idea to use Site5 to register domains seeing as it isn't actually an accredited registrar but a reseller for eNom.
I've seen similar happen before, I don't know the exact details of this attack, but the problem of using a reseller like Site5 is that eNom, the actual registrar, don't have the customers details on file, and a hacker can contact eNom directly claiming to own the domain and they would have no idea if its true or not.
I've seen similar happen before, I don't know the exact details of this attack, but the problem of using a reseller like Site5 is that eNom, the actual registrar, don't have the customers details on file, and a hacker can contact eNom directly claiming to own the domain and they would have no idea if its true or not.
In which case, why are Bitinstant using virtual servers hosted by someone else?
A good question - perhaps Bitinstant can answer it ?
The article doesn't explain the vector from getting access to domain registration administration via the domain registrar, to how the Bitcoins were stolen. It isn't obvious what this vector would be, and must depend on the specifics of Bitinstant's setup. Does anyone have more details on this? Was it actually that they got access to a virtual server? In which case, why are Bitinstant using virtual servers hosted by someone else?
Hosting companies and the like have become fruitful attack vectors. A lot of them clearly don't take security seriously enough if you can call up or write in with a close enough looking email address and get elevated rights.
Well - for the average customer - security is good enough - bitcoin businesses on the other hand has a lot higher demands for security.
Hosting companies and the like have become fruitful attack vectors. A lot of them clearly don't take security seriously enough if you can call up or write in with a close enough looking email address and get elevated rights.
12K USD was an unfortunate loss, but I do think that this also showed that BitInstant had security measures in place, it could've been worse. This sounds like basically one of the worst things that can happen.
But now that this vector of attach has been revealed, it's time to learn and secure it even more.
But now that this vector of attach has been revealed, it's time to learn and secure it even more.
12 000 dollars, really? my grandma gets regularly hacked for more money.
+2 for piramida.. I lol'd at this and the 'religion permits you from using google'
Well played sir.
12 000 dollars, really? my grandma gets regularly hacked for more money.
Well, is not like that, But it looks that Bitinstant was hacked.
http://www.finextra.com/News/FullStory.aspx?newsitemid=24607
So sell your BTC now, so I can buy more.
http://www.finextra.com/News/FullStory.aspx?newsitemid=24607
So sell your BTC now, so I can buy more.
Jump to: