Topic: Something I don't get about GOX. (Read 1295 times)
ITS UP! I'M IN!
Security is not just about software, but about the company guidelines when dealing with wetware as well
Where did all the "hehehe" usernames come from? I think those most have been SQL injected. The hackers tested the system injecting users, then went for the whole database. Gox is liars. I don't know why anyone would trust any money with them.
We need more Mt.Gox threads guys, I think you are falling behind.
Only a few more before the front discussion page will be nothing but Gox! (As if that was the only thing going on at the moment.)
Only a few more before the front discussion page will be nothing but Gox! (As if that was the only thing going on at the moment.)
...If their site was already secure, why do they need to 'vastly improve' the security?
It sounds like a tacit admition to the sql injection rumors floating around.
It sounds like a tacit admition to the sql injection rumors floating around.
The database leak showed that the passwords were not stored particularly securely - so that at least needed to be fixed.
Because a fair amount of the account info is now public - that also forced them to implement extra security features e.g the IP address checking they did for account reclamation.
Also - they said they intended to keep the existing server 'as is' for investigation purposes.
It does seem a possibility that the auditor story is a cover story for an underlying sql injection vulnerability - but I don't see this as a tacit admission
- it's still just speculation as far as I can tell.
Because it's what the people demanded.
Typical reaction: if someone tried to break your door but finally stole your keys, you will want a more secure door.
In a sense, it is logical because they realized that, next time, someone might be able to break the door.
In a sense, it is logical because they realized that, next time, someone might be able to break the door.
their official story is so full of BS I'm tired of even discussing it.
There was your money, ..... GONE!
There is something about their announcement that has been bothering me. They said that their site wasn't hacked, but an auditor 'lost' the password hashes. If that is correct, then why does their site say that it has vastly improved security? If their site was already secure, why do they need to 'vastly improve' the security?
It sounds like a tacit admition to the sql injection rumors floating around.
It sounds like a tacit admition to the sql injection rumors floating around.
Jump to: