Don't disregard the possibility that the OP might *deserve* those kudos if the FBI arrests Mr. Karpeles, or whoever is responsible for the Great Bitcoin Heist(tm) against Mt. Gox.  Don't disregard the likelihood that anybody who had bitcoins deposited with Mt. Gox is SOL when it comes to getting them back, either, even if the FBI finds the perp.  A few lessons from this:

1) Don't treat uninsured, unregulated "banks" and "currency exchanges" as if they were risk-free.  They're not.

2) Don't treat money as yours until you have it in a safe place.  Your own keychain is a safe place, *if* you keep it encrypted and keep current backups.  A safe deposit box at your bank, or a fire-resistant strongbox at home, make it even safer.

I had about .000004 of a bitcoin left in Mt. Gox, not enough to worry about.  I left it there in 2010 or 2011, when I concluded that Mt. Gox was not being operated by standards that I trusted for my money and withdrew most of what I had.  I don't use Paypal either, for the same reason. :/

If you want to see Bitcoin become something other than a currency speculator's wet dream, I suggest that you start planning a banking and financial system that has the same basic safeguards as exist for fiat money.  That system is a LONG way from perfect or secure, but it has some degree of accountability built-in.  When bitcoin has that, and when the current currency fluctuations die down, it will be something that businesses will be willing to accept as more than an experiment, and people will then be able to use as they would dollars or euros or yen.

I don't recommend this, not if you do not want to have Bitcoin under the thumb of whichever government bails it out.

I'd definitely consider it, although with BTC running at $6.50 US right now, I hope the prices would be adjusted to reflect that. 

I'd be interested in a bottle as long as the price wasn't insane.  If I liked it, I'd be interested in semi-regular purchases.  (And might volunteer a recipe or two using it for your web site, if you'd like, as well.) :-)

It's probably a waste of time to spam the fake credentials.  Even on a Saturday, with Mikko Hypponen on the case, it'll be down soon.  Also, Spamhaus just listed the IP that hosts the site.

But if it makes you feel good....

There is a live Mt. Gox phish site at the domain ltgox dot com.  I just saw this on Twitter:

   @mikko: Bitcoin users, note that "ltgox ․ com" hosts a live Mt.Gox phishing site. Stores
               stolen logins to "/home/ddancom/". Oh, hello there @ddancom

I have a tool for investigating malware and phish sites, so I opened the URL.  It is live as of 17:46 UTC (9:46 AM on the U.S. west coast.)  Do NOT be fooled.

By the way, @mikko is Mikko Hypponen, who works for Finnish company F-Secure and is one of the top malware and security experts in the world.  @ddancom is presumably the phisher.

I've completely uninstalled Bitcoin (my wallets being packed away and safe), and installed a clean Bitcoin 0.51 under Windows 7.  I *cannot* get it to work -- the client aborts with an error every time.  (Three tries so far, uninstalling each time.)  Is anybody else having this problem?  Does anybody know how to fix it?

I got one of your emails, and so far one scam spam that matches the description you gave in your emails. Technically what you did (really did, not the scam emails) was spam.  It was unsolicited bulk email.  While there might have been a better way to deal with this than send out that big email blast, however, I'd be hard put to consider somebody who just wanted to warn people about a scam or phish a bad guy.  (And I'm a hardcore antispam activist with a LONG track record in antispam.)  Announcing the scam here would notify some people, but a lot of the Mt. Gox client base doesn't participate in this forum much.  (Some of those who did got disillusioned after loosing a bunch of bitcoins in earlier frauds and wandered off.)  It's hard to imagine how to contact them all in any other way.

My condolences.  This isn't fun, I know. :/

Not even necessarily in Russia.  The IP that was used to send the scam spams from "casascius.net" was in Russia.  I checked, and that IP is currently listed in the Spamhaus SBL.  Here's a link to the SBL listing page for the scam:

http://www.spamhaus.org/sbl/sbl.lasso?query=SBL119864

The IP appears to host an insecure PHP script (ajax.php), and that script was used to send the spam.  The spammer could have done this from anywhere; insecure scripts rarely log IPs that connect to them and never include those IPs in the headers of the email that they send. :/  The domain casascius.net is registered through a really scuzzy offshore registrar, and the ownership information for the domain is cloaked in Whois.  So I think that the scammer (whoever it is) actually does own that domain.

It is *theoretically* possible that Mike Caldwell (the real Casascius) could have done all this. If he did, he's got a genius IQ, a truly warped imagination, *and* no ethics.   People like that exist, but in my experience they are rare.  And he doesn't come across as one of them here on the board.

He did send one email to the whole Mt. Gox list.  That email warned them about the scam.  While *technically* it was unsolicited bulk email and therefore spam, I doubt that the most rabid antispammer would object to what he did.  Spamhaus did not, and they clearly must have gotten his email because email addresses on the Mt. Gox list either belonged to a Spamhaus person in the first place or were donated to them after the security breach so that they could monitor scams and phishing attacks aimed at those email addresses.

Just finished my last bit of the Edd's Ethiopian Harrar I had in stock.  Fortunately I have some more on its way, should arrive today or tomorrow.  :-)  I'm a coffee nut -- I frequently order coffee beans from some very fine roasters.  I wouldn't have bought Edd's coffee more than once for the novelty of being able to use Bitcoins to pay.  This will be my third or fourth order from him when it gets here, so you can take it for a given that I recommend his coffee.  (The customer service is quite good too.)

Most technical writers doing work for hire don't charge per word, but I would agree to a rate of US $ 0.05/word for academic or research writing, US $ 0.10/word for commercial or professional writing.  The equivalent in today's bitcoins would be approximately BTC 0.01/word.  (Bitcoins seem to be hovering at an exchange rate of $5.00 US to 1 BTC.) 

Edd's got the right idea.  And IMHO the right product.  I've ordered two batches (five types) of coffee from him now.  The Sumatra and Peruvian were excellent: I've had better only from some *very* fine coffee roasters.  The Jamaica Blue Mountain is superb; it isn't my favorite varietal, but it is my mother's and she will be getting a batch for Christmas.  The Ethiopian Harrar is within a shade of the best I've ever had and definitely the best that I can find now -- I've ordered it twice and expect I'll be ordering it regularly.

Don't have any coupons, but the coffee Edd sells is good.  I've got another batch on order already, and expect I'll be buying from him regularly.  (His Ethiopian Harrar is superb.)

NO!  Everybody should use a long (16+ character) password with mixed upper- and lower-case letters, numerals, and symbols, but SHOULD NOT generate or store that password on lastpass.com or ANY third-party password service.  Use of such a service is placing the security of your information in the hands of a third party.  That's NUTs. 

Instead, use a password vault or a simple GPG-encrypted text file on your own laptop or personal computer, backed up to a CD/DVD or a USB dongle that is kept offsite.  Encrypt that one file with a long passphrase, and do the work to memorize the passphrase.  Voila -- actual security instead of security theater.

(I'm shaking my head at nutty idea that passwords should be entrusted to a third party that you don't even know.)

For what it's worth, this is a good idea and these are good points.  I'd sort them out as follows:

FOR BANKS/EXCHANGES:

1) Send no email that contains URLs in the message body.
2) Use SSL for all Web pages that contain web forms or solicit input from users.
3) Provide no logins or access from any site other than the specified site.

FOR USERS:

1) Assume that emails that contain links or ask for information are scams and report them to security@xxx.xxx, which forwards them to the proper location.
2) Report web URLs that begin with anything other than "https" to security@xxx.com.
3) Do NOT EVER click a link in an email, or hit reply, and provide any private information to what you think is a request from your bank or financial institution.  It isn't.  It's a scam.

I also recommend that Mt. Gox, Tradehill, CampBX, Flexcoin, and any other Bitcoin bank or exchange designate a specific person responsible for security in their system, and that this person keep on top of security issues.  For example, I would hope that the people responsible for these sites are aware of a major hack/compromise in the SSL security system that was reported a couple of weeks ago -- the DigiNotar hack.  To summarize, one of the links in the security chain that ensures SSL connections are secure was hacked and extremely good forged certificates were issued for several heavily used web sites, such as Google, Yahoo, the Tor Project, and others. That allowed the hackers to intercept secure SSL communications between these sites and users. It appears that the Iranian government, not cyberthieves, was responsible -- THIS time.  But a group of cyberthieves could just as easily have issued certificates for Bank of America, CitiBank, Wells Fargo, or somewhere else where people keep money, snooped THOSE communications, and... You get the idea.

If you want the details on this hack, PM me or email me and I'll fill you in.  (It's highly technical and off-topic here.)  But Bitcoin isn't immune from this sort of thing.  Somebody at each Bitcoin bank and financial site needs to keep on top of this and be responsible for taking active security measures to fend off the bad guys.

If Yubikey works anything like RSA SecureID does, then no, they couldn't break in without the key itself.  (At least not unless the whole Yubikey infrastructure had been compromised, which as best anyone knows, it has not.)

 

HOWEVER....  You should *never* click a link in any email sent by any business to access their web site.   Unless you're technically sophisticated enough to check the source of an email (most people who don't run their own mail servers are not), you won't always be able to tell a phish from the real thing.  Instead, go to their home page from the URL you saved in your bookmarks, or type the web site URL into your browser's address box. 

You should also not discuss your financial information with somebody who calls you on the phone, even if that person claims to be from a bank, financial institution, or business you use unless you know the caller personally and can recognize their voice on the phone.  Instead, get their name, hang up, call 411 or look up the main phone number to that bank, call it, and ask for them.  When you call them, you know you're talking with somebody at the business and not some scammer who stole a database and got your private information. :/

I also got what I *think* was a legitimate warning about phishes from Mt. Gox.  Unfortunately I was sent from an IP that I couldn't connect via SPF, DKIM or rDNS to mtgox.com (the legitimate Mt. Gox domain).  If this was sent by Mt. Gox, they need to set up their outgoing email properly.  If not, then people need to be aware that some phishes do appear to be warnings about phishing sent by your bank or financial institution.  I didn't check this email carefully for a phish URL.

You have some lovely stuff on offer!  How did you come into contact with the artists?  Are you from Greenland yourself?

I'm in the United States, and collect art.  I might be interested in both small/inexpensive pieces of work that I can give as gifts for birthdays and Christmas, and also larger/more elaborate work for my own collection.  I'd prefer to avoid items made from material from polar bears or other endangered species; it's one thing for the Inuit to hunt them or defend themselves from attack, and a completely different matter for somebody to buy items made of that stuff and thereby bump up collector demand for it.  However, any material from reindeer, fox, and other non-endangered species (land animals mostly) would be fine.  I'd also prefer to avoid items intended to curse enemies, just so that I can honestly tell recipients what their gift is for and not freak them out. (Some relatives are prone to be superstitious or might have religious objections.)  But charms and other items whose original intent was not to hurt people would be fine.

You can PM me or get my email address from my web site, which is listed on my profile.

And I have just taste-tested Edd's Ethiopian Harrar.  Harrar is one of my favorite varietals.  Once upon a time I had an incomparable cup of Harrar made by an Ethiopian chef who had just opened his own restaurant where I was living.  None of the Harrar I've found since has *quite* stood up to that memory (perhaps because the breakfast he cooked me with it was wonderful) , but a couple have come close.  This comes *very* close -- a lovely, medium-dark roast fresh cup of rich, low-acid coffee that nonetheless had a slight *zing* to it.  I can't quite manage all those comparisons to oak, chocolate, fruit and flowers that coffee connoisseurs have adopted from the wine world, but take it from me that this coffee is excellent.

And so was the price.  I see that prices have gone up a bit since I ordered two weeks ago, but only enough to compensate for a somewhat weakened bitcoin.  I will hope that they come down again when the market gets stronger -- meanwhile, I will be ordering from Edd again.

Tomorrow morning I'll be trying the Sumatra, after which I'll post another review.

Are you opening a bookstore that takes bitcoin, by chance?  If you do, I'll be there so fast the virtual door will be off its hinges.

Here's some of what I like/buy:

* Economics
* Espionage thrillers (fiction, like Le Carre)
* Fantasy (fiction, especially non-standard fantasy, *not* EFP) (EFP="extruded fantasy product", meaning bad Tolkien clones, etc.)
* History (non-fiction, especially U.S., Americas, Arabian countries, Russia, sub-Saharan East Africa, China)
* Magical Realism (fiction, Latin American, in Spanish is best)
* Mystery (fiction, like Conan Doyle, Dorothy Sayers, Elizabeth Peters, not so much hard-edged stuff)
* Political thrillers (fiction, like Ken Follett, Fletcher Knebel, or the early Tom Clancy)
* Political Science (non-fiction)
* Science (non-fiction, both technical and for the lay audience)
* Science Fiction (All kinds, esp. Russian SF in Russian)

This list is suggestions only, however.  I buy and read all sorts of books if they catch my eye.