Re: [Emergency ANN] Bitcoinica site is taken offline for security investigation
Update: How the hacker hacked Bitcoinica
I don't think this should be a secret, so I would just share my version of the story.
[...]
- Patrick's email was not added to the mailing list, and he used Bitcoinica email instead.
- Rackspace should just terminate the sessions then at least the database would be safe.
- We should not use the official Bitcoin client because it's very hard to secure it without large investments and affecting instant withdrawals in large amounts.
I hope this insight can help some of you understand our situation right now.
I don't think this should be a secret, so I would just share my version of the story.
[...]
- Patrick's email was not added to the mailing list, and he used Bitcoinica email instead.
- Rackspace should just terminate the sessions then at least the database would be safe.
- We should not use the official Bitcoin client because it's very hard to secure it without large investments and affecting instant withdrawals in large amounts.
I hope this insight can help some of you understand our situation right now.
It's good that you're publishing all this.
I have a question, do you intend to publish the source code in one way or another ?
I'd love to take a look at it
(as a pro Rails developer) Your app looked really good, a pity that some much trouble comes from infrastructure/admin issues.