[LINK] BitCoin DDoS and/or Wallet-Hack

Michael Skeggs mike@bystander.net mskeggs at gmail.com
Fri Apr 5 16:23:42 AEDT 2013 

Hi Kim,
I'm reasonably pro-bitcoins, and hold no grudge against MTGox, but I think
you're being as bit naive if you think a web site that got its start
trading toy cards is going to have much clue on security.
Sure, they would have a better grasp of security than off-line equivalents
(in this case, the local comic book store), but they have moved into a
space that is the equivalent of the ASX or NYMEX, and while it is
reasonable to criticise those organisations security when they fail, I
don't think it follows that the ebay for trading cards has betted security
than the ASX "because they started online".
The issued capital of bitcoins is approx $1.6b, and that itself has
quadrupled 4 fold in a month. The issued capital of USD currency is about
1000 times as large (four thousand times, a month ago) so legacy financial
exchanges have several orders of magnitude more incentive to be secure, by
your own reasoning.
As I said, the bitcoin coinage looks pretty rock solid, and I have no doubt
it will be an ongoing thing, but the supporting infrastructure is flimsy
and amateur.
Regards,
Michael Skeggs



On 5 April 2013 16:05, Kim Holburn <kim at holburn.net> wrote:

>
> On 2013/Apr/04, at 1:00 PM, Michael Skeggs mike at bystander.net wrote:
>
> > All I needed to know about how seriously to treat this anon
> banking/trading
> > attempt I found out when I learned MT Gox is an acronym for Magic the
> > Gathering online eXchange - a place where people used to swap fantasy
> > themed game cards.
>
> That's it?  That's your only reason?
>
> > This is not the banking-level security you are looking for.
>
> I'm not sure banks are always that good on online security.  The basic
> thing is that a company (potentially) losing money is an awfully good
> motivation for good security.  A group that started online is more likely
> to have a clue in this regard.
>
> > The bitcoin reference implementation itself, however, has proven pretty
> > bullet proof. But it has illustrated there are a bunch of things needed
> to
> > make an online currency beside the coinage.
>
> Yes but without the coinage none of the other things are going to evolve,
> are they?
>
> > Regards,
> > Michael Skeggs
> >
> >
> > On 4 April 2013 12:53, Roger Clarke <Roger.Clarke at xamax.com.au> wrote:
> >
> >> Bitcoin value in rollercoaster ride after DDoS attack
> >> Juha Saarinen
> >> itNews
> >> Apr 4, 2013 9:46 AM (3 hours ago)
> >>
> >>
> http://www.itnews.com.au/News/338624,bitcoin-value-in-rollercoaster-ride-after-ddos-attack.aspx
> >>
> >> Wallet service raided.
> >>
> >> Digital cryptographic currency Bitcoin suffered a huge drop in value
> >> today, allegedly due to a denial of service attack against the
> >> largest Bitcoin trading exchange.
> >>
> >> At the largest Bitcoin exchange, Mt Gox, Bitcoin rose sharply to
> >> US$147 before dropping to US$126 in just over an hour of trading. It
> >> then recovered to over US$140 before starting to trend downwards,
> >> hitting as low as US$113. Bitcoin against the Aussie dollar is
> >> showing a similar trading pattern.
> >>
> >> Currently, Bitcoin is trading at US$123 at Mt Gox.
> >>
> >> On its support site, the Mt Gox exhange told users that there would
> >> be delays with deposits and withdrawals.
> >>
> >> "Due to a DDos attack, Dwolla deposits and withdrawals are currently
> >> not being processed and we are expecting some delays. This is
> >> expected to be resolved in 12 hours. Our apologies for the delay and
> >> inconvenience caused. Thank you for your patience while we work to
> >> resolve this."
> >>
> >> As of writing, representatives from Mt Gox said the issue has been
> >> resolved.
> >> There is speculation that the swings in value are connected to a
> >> Bitcoin deposit service, Instawallet, being hacked and suspended its
> >> operations indefinitely.
> >>
> >> Instawallet has not revealed how many Bitcoins were stolen in the
> >> raid on its database, but says it will start processing claims for
> >> users with wallets containing less than 50 BTC.
> >>
> >> Those with more deposited may not be refunded, however, as
> >> Instawallet says "claims for wallets that hold a balance greater than
> >> 50 BTC will be processed on a case by case and best efforts basis."
> >>
> >> Despite having little use in the real world, Bitcoin has experienced
> >> a massive appreciation in value in a short period of time this year,
> >> with the total monetary base now thought to be around A$1.3 billion.
> >>
> >> --
> >> Roger Clarke
> http://www.rogerclarke.com/
> >>
> >> Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
> >>                    Tel: +61 2 6288 1472, and 6288 6916
> >> mailto:Roger.Clarke at xamax.com.au
> http://www.xamax.com.au/
> >>
> >> Visiting Professor in the Faculty of Law               University of NSW
> >> Visiting Professor in Computer Science    Australian National University
> >> _______________________________________________
> >> Link mailing list
> >> Link at mailman.anu.edu.au
> >> http://mailman.anu.edu.au/mailman/listinfo/link
> >>
> > _______________________________________________
> > Link mailing list
> > Link at mailman.anu.edu.au
> > http://mailman.anu.edu.au/mailman/listinfo/link
>
> --
> Kim Holburn
> IT Network & Security Consultant
> T: +61 2 61402408  M: +61 404072753
> mailto:kim at holburn.net  aim://kimholburn
> skype://kholburn - PGP Public Key on request
>
>
>
>
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link
>

More information about the Link mailing list