Re: Mt Gox Break In Part 2

-a third party is engaging in a cyberwar against bitcoin using man in the middle attacks.

After a lengthy conversation with MagicTux, unless it does turn up that mtgox has been hacked, neither of us can figure out what happened. Its obviously not me and I didn't fall for a phishing expedition, and Im pretty sure its not on his end. His description of security on the new post-hack mtgox is pretty decent. Its not perfect, but he has gone to great lengths to prevent a repeat.

Even if they dumped the password database, the passwords are sufficiently salted and hashed that it is extremely unlikely they grabbed my password first.

I also do not think it is likely the recent DigiNotar or Globalsign break ins have produced SSL certs to attack mtgox with (which WOULD explain this) because mtgox uses EV certs and as far as I know none of the fake certs were for EV, but DigiNotar and Globalsign both DO issue EV certs. Although I am not ruling this out.

DigiNotar knew about the break in for months, and I obviously have logged in since then.

Tux has replaced the missing BTC.

i'm sure at his own expense too. you should at least say thank you.

i'm sick and tired of ppl blaming mtgox and MagTux as some sort of lying crook. if he were would he have done this? as well as bailing out Bitomat and donating many btc to charity and btc businesses?

This.

MtGox makes a shit-ton of money every day. They know if they lose people's trust this money fountain they have will dry up. Do you REALLY think they are going to cheat people?

NO. In fact, it is the exact opposite. They pay out people out of their pocket to keep our trust.

Everyone always says "follow the money". In the case of MtGox, it is their best interest to be safe, to be honest, to stay the #1 exchange, AND grow Bitcoin as well.

To think they would skim or cheat for some short term gain when the long term gain is so HUGE for them, is just stupid.