To Magical Tux - page 2. | Bitcointalksearch.org

Bit_Happy

legendary

Activity: 2114

Merit: 1040

A Great Time to Start Something!

Quote from: speeder on June 21, 2011, 07:52:07 AM

Quote from: relative on June 21, 2011, 07:50:32 AM

Quote

And many accounts of that era are abandoned and thus never got salted after MagicalTux bought MtGox and introduced salting. Thus if any of those accounts had absurd amounts of BTC (for our standards), something that is quite likely, they also happen to be the easiest accounts to break in using the leaked database.

MtGox claims it was ONE account.

Again, there are many accounts that are abandoned, and probably have high amount of BTC, if ANY of those accounts get hacked, it is lots of crashing power.

Nearly 100% impossible, since MtGox did not exist during the 20,000 BTC pizza era. The idea of a single 500,000 BTC account is complete BS, IMO.

I would Love to see them recover soon, and very concerned the facts are not lining up right.

NO_SLAVE

newbie

Activity: 56

Merit: 0

I'll be sticking with MT gox....why you ask....its simple really.

all the angry locust will be leaving....swarming over to tradehill.....goodbye, then there will be less volume on MT gox,
and the service will be better in terms of communication because of less angry locusts
demanding service. Also MTGOX has had their lessons, and have seemingly learned.
They wont repeat those mistakes again. As the masses leave for tradehill, the focus of hacktack will be.....you guessed it....tradehill....

have fun...its bitcoin hell.

BCEmporium

legendary

Activity: 1218

Merit: 1000

@ottodv

I would agree if that was the case, I see it right for them to report unusual activity or be regulated.
However I don't see why the FBI or why the DEA, they were reacting hysterically to the reactions of two tech-savvy US senators.
They should try to apply to financial regulators, lobbying with politics, not going straight to the police offering help as if some sort of vigilante/snitch recruitment was going on.

ottodv

newbie

Activity: 59

Merit: 0

Quote

However, I have a BIG PROBLEM with MtGox contacting the CIA or FBI or whoever. It's bad enough that I have to worry about whoever getting my information from the leaked database. Now I have to worry about the Feds looking through my account and coming for my bitcoins? Hell no...

Due to the amount of money involved in MtGox, they are most likely bound by certain rules and regulations (regardless of the Bitcoin side of the story). They are probably legally obliged to report any incident above a certain threshold. Just as they are obliged to report suspicious transactions, as is any other financial institution.

If MtGox chose not to abide by those laws all our Bitcoins at MtGox would be at risk, so I for one want them to be 100% legit and go by the book.

As for why the FBI was involved, my guess is that some suspicious activities took place in the US.

BCEmporium

legendary

Activity: 1218

Merit: 1000

Quote from: silverman on June 22, 2011, 08:49:29 AM

You might want to consider what this would mean if you were to make these little mistakes in Chicago of the '20s, or maybe Central America today.

Already crossed my mind, with places like SR around this M'Tux seams to been doing too many f**kups lately.
I understand they wish to make BTC more "legit", but write to the FBI to become a snitch is a damn too dangerous and actually adds nothing to the purpose! Who can or can't go for or against BTC are the politicians, Feds don't make laws. Hopefully SR is still too small to drag big sharks, otherwise that guy would be in real life danger.

silverman

newbie

Activity: 59

Merit: 0

Quote from: chetrasho on June 21, 2011, 07:45:05 AM

I'm not mad at MtGox for getting hacked. They're a huge target and in some ways a hack was inevitable. They've handled the hack as well as possible with the shutdown, audit and rollback.

However, I have a BIG PROBLEM with MtGox contacting the CIA or FBI or whoever. It's bad enough that I have to worry about whoever getting my information from the leaked database. Now I have to worry about the Feds looking through my account and coming for my bitcoins? Hell no...

This isn't the first time that MtGx has considered running to the Feds:
http://www.forexyard.com/en/news/Bitcoin-exchanges-offer-anti-money-laundering-aid-2011-06-15T220113Z

If you think that the Feds are friends of BTC or that their involvement is going to help the BTC community in any way, then you're sorely mistaken.

MagicalTux, don't be a stupid snitch. Improve your security and learn your lesson, otherwise I'll be joining the tradehill exodus....

MagicalTux, first you gave away the keys to the store. Then you brought in "the authorities", who will be using every bit of information they can gather against this Bitcoin community. And you are less than forthcoming about what actually happened. You might want to consider what would happen if you were to make these little mistakes in Chicago of the '20s, or maybe in Central America today.

I lost nothing, and certainly do not call for violence. I do hope that you will lose every Bitcoin you ever gained, hand over the Mt.Gox project to someone who is competent, understand what a fuckup you are, and live a long and happy life.

speeder

hero member

Activity: 994

Merit: 501

PredX - AI-Powered Prediction Market

Quote from: ?? on ??

Can't believe the people that say that it's good because now mt.gox will step up their security..

The creator of Mt.Gox a.k.a. magicaltux is a fucking moron, even if they improve the security of the site that's not going to change and he will just find something else to fuck up. We need a proper exchange, setup up by seasoned developers that know what the fuck they are doing, not some scummy pre-pubescent boy that's just using his magic the gathering trading card site script to run the exchange.

To explain this to people that have little or no programming/scripting experience. It is very very EASY to make a site...just like paypal, just like ebay, just like your banks website...very fucking easy. What is hard is making it the correct way with proper secure code. Mt.gox is made by people that lack the experience required for a site dealing with millions of $$$, no matter how much he "fixes the security flaws" nothing is going to change that.

If you disagree with me then I invite you to this thread ~2 months after mt.gox is opened back up when its either hacked or some system fails again. Just don't say I didn't warn you.

The author of the quoted post a.k.a. lardycake is a fucking moron, even if he improve his writing, he has no knowledge of the facts, such as that mtgox was created by Jed (not MagicalTux), and that MagicalTux already explained that he is writing a entirely new site that is decent and not a stupid magic the gathering trading script. And no matter how much we attempt to inform the moron, he will keep being ignorant, nothing is going to change that.

BCEmporium

legendary

Activity: 1218

Merit: 1000

Quote from: marcus_of_augustus on June 22, 2011, 07:43:02 AM

Any ideas on who the "financial auditor" was ...?

seems suspicious that it came days after MtGov's very public announcement that they would be "co-operating with the authorities" ... would be too ironic if some gubmint drone showed up and logged in with the infected computer that screwed MtGov over ...

Would be somewhat funny if it happened to be some scammer taken the "M'Tux watched too many movies" chance to present himself as a FBI/CIA/DEA Agent requesting access to database.

marcus_of_augustus

legendary

Activity: 3920

Merit: 2349

Eadem mutata resurgo

Any ideas on who the "financial auditor" was ...?

seems suspicious that it came days after MtGov's very public announcement that they would be "co-operating with the authorities" ... would be too ironic if some gubmint drone showed up and logged in with the infected computer that screwed MtGov over ...

The_Duke

sr. member

Activity: 252

Merit: 250

Lead Core BitKitty Developer

Quote from: caveden on June 22, 2011, 02:59:38 AM

My 2 cents:

People are being too hard on MagicalTux. Sure, there were problems. But let's remember he got the exchange from a guy who developed it alone in his spare time, and since then he's been very busy trying to answer all e-mails while getting rid of DDoS attacks. He didn't have too much time to fix the problems, everything happened really fast.

You mean he didn't TAKE the time to fix the problems. If the site wasn't secure enough (which it obviously wasn't) then worst case he should have shut it down for a while to get it fixed. Which, ironically, is actually what happened now, isn't it? Only now it caused a lot more trouble for people than when he had done it properly in the first place.
But of course, shutting the site down for a while would have cost him money. Which doesn't work well on a greedy person.

caveden

legendary

Activity: 1106

Merit: 1004

My 2 cents:

People are being too hard on MagicalTux. Sure, there were problems. But let's remember he got the exchange from a guy who developed it alone in his spare time, and since then he's been very busy trying to answer all e-mails while getting rid of DDoS attacks. He didn't have too much time to fix the problems, everything happened really fast.

On the other hand, I also have a hard time believing this story of "one account with 500KBTC in it". I can't believe such an amount would be left in a MtGox account with weak password. The most reasonable possibility I see to that is the owner of the account passed away months ago, when these 500K weren't worth that much, and never told his relatives/heirs about the account. Sounds unlikely.

Epinnoia

full member

Activity: 209

Merit: 100

Quote from: Klestin on June 21, 2011, 02:14:13 PM

Quote from: Epinnoia on June 21, 2011, 02:01:32 PM

Then again, what if the auditor was from a government agency? It might not be so easy to tell a government agency what tables they can and cannot look at...

That is a main purpose for table views, which allow the user to see some data (columns) in a table, while others are not viewable. Email and password hash would seem to be excellent candidates for exclusion to an auditor.

You can set up SQL to only grant access to specific tables based on their username/password combination. You can also further restrict access by IP address -- which, as I understand, was in place.

So, for example, you could have complete access for Bob, and only show the user# and email addresses to Bill. And you can set it up so that Bob can only log in from his own IP address, while Bill can log in from any IP address.

So if the auditor was only supposed to be auditing for evidence of gaming/fraud, then the auditor account access should have only been permitted to read those tables specific to what they were looking for.

Either the story as given to us so far is false, or the admin of the SQL database gave too much access/permission to the auditor's SQL account. If too much access was given, then that MIGHT rise to the level of negligence, or even gross negligence.

Klestin

hero member

Activity: 493

Merit: 500

Quote from: Epinnoia on June 21, 2011, 02:01:32 PM

Then again, what if the auditor was from a government agency? It might not be so easy to tell a government agency what tables they can and cannot look at...

That is a main purpose for table views, which allow the user to see some data (columns) in a table, while others are not viewable. Email and password hash would seem to be excellent candidates for exclusion to an auditor.

Epinnoia

full member

Activity: 209

Merit: 100

Quote from: BCEmporium on June 21, 2011, 10:02:24 AM

Well this extend I understand what went on. One time I asked for a db structure to implement a module for a hospital, instead of the structure they sent me a DVD with the whole db contents (means medical records of practically everybody in that town).
Is that "practical" export button and its default options...

When asked in the interview a couple days ago "Why did the auditor need access to the LIVE database", the response from MtGox was that they were auditing to make sure MtGox wasn't manipulating the quoted prices for sells and buys. In other words, gaming their own clients. That would be fraud. So, by MtGox's own admission, the auditor was auditing for evidence or non-evidence of fraud.

So it wasn't a DVD. It was live access to a database. It would appear that the access included tables which the auditor didn't necessarily need. And that MIGHT be (gross?) negligence...

Then again, what if the auditor was from a government agency? It might not be so easy to tell a government agency what tables they can and cannot look at...

ottodv

newbie

Activity: 59

Merit: 0

Magical Tux has always been most helpful to me, and I know I am not the only person with that experience.

Tux is doing the right thing in this crisis.

Klestin

hero member

Activity: 493

Merit: 500

If an auditor had to have remote SQL access, why not at least create a view to the users table which excluded email, and password hash?

Rassah

legendary

Activity: 1680

Merit: 1035

Also supporting MtGox, and, honestly, I'm REALLY glad this happened now, instead of inevitably happening later, only risking a few people's play money, instead of a bunch of international companies' few million of trade money tied to hundreds of thousands of customers. Hopefully this will make MtGox a much more stable and secure platform to do business with.

wumpus

hero member

Activity: 812

Merit: 1022

No Maps for These Territories

Me too, it was always fun trading there, at least they have normal withdraw/deposit options, and I'm sure he'll take security so serious now that it will be the most secure exchange in the world

imperi

full member

Activity: 196

Merit: 101

I plan on continuing to use Mt. Gox to make trades. Much better than Trade Hill a.k.a. GoDaddy hill.

Mark Oates

full member

Activity: 168

Merit: 100

I also support Mt. Gox.

Topic: To Magical Tux - page 2. (Read 10467 times)