Author

Topic: Something I don't get about GOX. (Read 1306 times)

full member
Activity: 168
Merit: 100
June 25, 2011, 10:33:59 AM
#10
ITS UP! I'M IN!
hero member
Activity: 616
Merit: 500
Firstbits.com/1fg4i :)
June 25, 2011, 10:30:29 AM
#9
Security is not just about software, but about the company guidelines when dealing with wetware as well
member
Activity: 112
Merit: 10
June 25, 2011, 10:29:04 AM
#8
Where did all the "hehehe" usernames come from?  I think those most have been SQL injected.  The hackers tested the system injecting users, then went for the whole database.  Gox is liars.  I don't know why anyone would trust any money with them.
legendary
Activity: 2408
Merit: 1121
June 25, 2011, 10:27:15 AM
#7
We need more Mt.Gox threads guys, I think you are falling behind.

Only a few more before the front discussion page will be nothing but Gox! (As if that was the only thing going on at the moment.)
legendary
Activity: 1092
Merit: 1001
June 25, 2011, 10:25:40 AM
#6
...If their site was already secure, why do they need to 'vastly improve' the security?
It sounds like a tacit admition to the sql injection rumors floating around. 

The database leak showed that the passwords were not stored particularly securely - so that at least needed to be fixed.
Because a fair amount of the account info is now public - that also forced them to implement extra security features e.g the IP address checking they did for account reclamation.
Also - they said they intended to keep the existing server 'as is' for investigation purposes.

It does seem a possibility that the auditor story is a cover story for an underlying sql injection vulnerability - but I don't see this as a tacit admission
 -  it's still just speculation as far as I can tell.


hero member
Activity: 551
Merit: 500
June 25, 2011, 10:25:02 AM
#5
Because it's what the people demanded.
sr. member
Activity: 428
Merit: 254
June 25, 2011, 10:23:14 AM
#4
Typical reaction: if someone tried to break your door but finally stole your keys, you will want a more secure door.

In a sense, it is logical because they realized that, next time, someone might be able to break the door.
newbie
Activity: 56
Merit: 0
June 25, 2011, 10:18:57 AM
#3
their official story is so full of BS I'm tired of even discussing it.
hero member
Activity: 770
Merit: 500
You're fat, because you dont have any pics on FB
June 25, 2011, 10:18:26 AM
#2
There was your money, .....     GONE!

newbie
Activity: 56
Merit: 0
June 25, 2011, 10:16:47 AM
#1
There is something about their announcement that has been bothering me.  They said that their site wasn't hacked, but an auditor 'lost' the password hashes.  If that is correct, then why does their site say that it has vastly improved security?  If their site was already secure, why do they need to 'vastly improve' the security?

It sounds like a tacit admition to the sql injection rumors floating around. 
Jump to: