vircurex.com

1. cache:https://bitcointalk.org/index.php?topic=135919.0
2.  
3. Bitcoin Forum
4. January 11, 2013, 06:27:04 PM
5. Welcome, Guest. Please login or register.
6.  
7. Login with username, password and session length
8. News: Version 0.7.2 is now available.
9.  
10. Home Help Search Donate Login Register
11. Bitcoin Forum > Economy > Marketplace > Service Announcements > VIRCUREX !!! IMPORTANT !!!
12. Pages: 1
13. « previous topic next topic »
14. Print
15. Author Topic: VIRCUREX !!! IMPORTANT !!! (Read 9985 times)
16. Kumala
17. Sr. Member
18.  
19. Offline
20.  
21. Posts: 274
22.  
23.  
24.  
25.  
26. Ignore
27.  
28. VIRCUREX !!! IMPORTANT !!!
29. Today at 12:19:25 PM
30. #1
31. We sadly need to announce that our wallet has been compromised thus DO NOT send any further funds to any of the coin wallets, BTC, DVC, LTC, etc. We will setup a new wallet and reset all the addresses. This will most likely take the whole weekend.
32.  
33. Logged
34. Exchange: https://vircurex.com BTC, LTC,DVC Stockexchange: http://www.cryptostocks.com
35. DVC 6/49 Lottery: https://dvc-lotto.com BTC 6/49 Lottery: https://btc-lotto.com
36. Earn money browsing the Internet: http://www.profitclicking.com/?r=rwrehp4reyg
37. Advertisement: You Mined it, don't you deserve it without the Wait? FastCash4Bitcoins
38. stan.distortion
39. Hero Member
40.  
41. Offline
42.  
43. Posts: 881
44.  
45.  
46.  
47.  
48.  
49.  
50. Ignore
51.  
52. Re: VIRCUREX !!! IMPORTANT !!!
53. Today at 12:31:16 PM
54. #2
55. Ouch, good luck with it. Bitcoin central's down too, looks like someone's being a pain in the ass.
56. Logged
57. julz: "Susanne Posel's unwitting work in shepherding the dumbest of the dumb away from Bitcoin is a great benefit to the community, for which we should all be grateful."
58. John (johnthedong)
59. Global Janitor and
60. Global Moderator
61. Hero Member
62.  
63. Online
64.  
65. Posts: 3395
66.  
67.  
68.  
69.  
70.  
71.  
72. Ignore
73.  
74. Re: VIRCUREX !!! IMPORTANT !!!
75. Today at 01:06:40 PM
76. #3
77. Posted an announcement regarding this at Important Announcements subforum.
78. Logged
79. My BTC Tip Jar: 1NB1KFnFqnP3WSDZQrWV3pfmph5fWRyadz
80. My GPG key ID: B3AAEEB0 My OTC ID: johnthedong
81. Free escrow service available - tips appreciated! (PM Me)
82. Endgame
83. Full Member
84.  
85. Offline
86.  
87. Posts: 205
88.  
89.  
90.  
91.  
92.  
93.  
94. Ignore
95.  
96. Re: VIRCUREX !!! IMPORTANT !!!
97. Today at 01:25:49 PM
98. #4
99. Sorry to hear that. How bad is the loss? Will users be out of pocket, or can vircurex cover it?
100. Logged
101. Omnicoins - Buy Bitcoins, Litecoins and Namecoins in Australia | OTC Ratings
102. Kumala
103. Sr. Member
104.  
105. Offline
106.  
107. Posts: 274
108.  
109.  
110.  
111.  
112. Ignore
113.  
114. Re: VIRCUREX !!! IMPORTANT !!!
115. Today at 01:58:50 PM
116. #5
117. Further update: The system was not breached, no passwords were compromised (they are salted and multiple times hashed anyways). The attacker used a RubyOnRails vulnerability that was released yesterday (http://www.exploit-db.com/exploits/24019/) to withdraw the funds therefore.
118.  
119.  
120. Logged
121. Exchange: https://vircurex.com BTC, LTC,DVC Stockexchange: http://www.cryptostocks.com
122. DVC 6/49 Lottery: https://dvc-lotto.com BTC 6/49 Lottery: https://btc-lotto.com
123. Earn money browsing the Internet: http://www.profitclicking.com/?r=rwrehp4reyg
124. ripper234
125. Hero Member
126.  
127. Offline
128.  
129. Posts: 1140
130.  
131.  
132.  
133. Ron Gross
134.  
135.  
136.  
137.  
138. Ignore
139.  
140. Re: VIRCUREX !!! IMPORTANT !!!
141. Today at 03:06:08 PM
142. #6
143. Quote from: Kumala on Today at 01:58:50 PM
144. Further update: The system was not breached, no passwords were compromised (they are salted and multiple times hashed anyways). The attacker used a RubyOnRails vulnerability that was released yesterday (http://www.exploit-db.com/exploits/24019/) to withdraw the funds therefore.
145.  
146. Sorry for your lose.
147.  
148. Amm ... the RoR volnurability was posted to multiple large forums, including Slashdot.
149.  
150. Did the attacker see the announcement before you were able to realize it affects you and shut off your systems? How come you missed it for so long that you didn't shut your stuff off / upgrade in time?
151. Logged
152. - Blog
153. - About
154. - BTCtoX.org - translate between BTC and any other currency.
155. thebaron
156. Sr. Member
157.  
158. Offline
159.  
160. Posts: 459
161.  
162.  
163.  
164. wat
165.  
166.  
167.  
168.  
169. Ignore
170.  
171. Re: VIRCUREX !!! IMPORTANT !!!
172. Today at 03:10:11 PM
173. #7
174. Exploit released yesterday, eh? How convenient...
175. Logged
176. I run http://mail-to-jail.com. I am "thebaron-btc" on Bitcoin-OTC.
177. Kumala
178. Sr. Member
179.  
180. Offline
181.  
182. Posts: 274
183.  
184.  
185.  
186.  
187. Ignore
188.  
189. Re: VIRCUREX !!! IMPORTANT !!!
190. Today at 03:14:21 PM
191. #8
192. Before the wild speculations beginn, the service will be recovered and we pay the losses out of our own pockets.
193. Logged
194. Exchange: https://vircurex.com BTC, LTC,DVC Stockexchange: http://www.cryptostocks.com
195. DVC 6/49 Lottery: https://dvc-lotto.com BTC 6/49 Lottery: https://btc-lotto.com
196. Earn money browsing the Internet: http://www.profitclicking.com/?r=rwrehp4reyg
197. davout
198. Staff
199. Hero Member
200.  
201. Offline
202.  
203. Posts: 2493
204.  
205.  
206.  
207. 1davout
208.  
209.  
210.  
211.  
212. Ignore
213.  
214. Re: VIRCUREX !!! IMPORTANT !!!
215. Today at 03:36:07 PM
216. #9
217. Quote from: stan.distortion on Today at 12:31:16 PM
218. Ouch, good luck with it. Bitcoin central's down too, looks like someone's being a pain in the ass.
219. That's just scheduled maintenance
220. We deployed the fixes within five minutes after receiving the notification from the Rails security mailing list.
221. Logged
222. Buy and sell EUR at Bitcoin-Central.net.
223. Also check-out Instawallet and Instawire, don't need to sign-up to anything!
224. -- The problem with the French, is that they don't even have a word for entrepreneur
225. davout
226. Staff
227. Hero Member
228.  
229. Offline
230.  
231. Posts: 2493
232.  
233.  
234.  
235. 1davout
236.  
237.  
238.  
239.  
240. Ignore
241.  
242. Re: VIRCUREX !!! IMPORTANT !!!
243. Today at 03:36:52 PM
244. #10
245. Quote from: thebaron on Today at 03:10:11 PM
246. Exploit released yesterday, eh? How convenient...
247. It's the truth.
248. Logged
249. Buy and sell EUR at Bitcoin-Central.net.
250. Also check-out Instawallet and Instawire, don't need to sign-up to anything!
251. -- The problem with the French, is that they don't even have a word for entrepreneur
252. makomk
253. Hero Member
254.  
255. Online
256.  
257. Posts: 890
258.  
259.  
260.  
261.  
262. Ignore
263.  
264. Re: VIRCUREX !!! IMPORTANT !!!
265. Today at 03:40:53 PM
266. #11
267. Quote from: thebaron on Today at 03:10:11 PM
268. Exploit released yesterday, eh? How convenient...
269. Bit slow of the attacker. I was actually half-expecting someone to start hacking Bitcoin sites before any exploit was even publicly released.
270. Logged
271. Quad XC6SLX150 Board: 860 MHash/s or so.
272. SIGS ABOUT BUTTERFLY LABS ARE PAID ADS
273. Kumala
274. Sr. Member
275.  
276. Offline
277.  
278. Posts: 274
279.  
280.  
281.  
282.  
283. Ignore
284.  
285. Re: VIRCUREX !!! IMPORTANT !!!
286. Today at 05:05:41 PM
287. #12
288. Service restored: deposits, trading and withdrawals are working again
289.  
290. For the time being, some restrictions apply until we have sorted out the account details and validated data integrity.
291.  
292. Trading Deposits Withdrawals
293. BTC Active Active On hold
294. NMC Active Active On hold
295. LTC Active Active On hold
296. DVC Active Active Active
297. SC Active Active On hold
298. IXC Active Active Active
299. PPC Active Active Active
300. USD Active Active Active
301. EUR Active Active Active
302. Logged
303. Exchange: https://vircurex.com BTC, LTC,DVC Stockexchange: http://www.cryptostocks.com
304. DVC 6/49 Lottery: https://dvc-lotto.com BTC 6/49 Lottery: https://btc-lotto.com
305. Earn money browsing the Internet: http://www.profitclicking.com/?r=rwrehp4reyg
306. Atruk
307. Jr. Member
308.  
309. Online
310.  
311. Posts: 56
312.  
313.  
314.  
315.  
316.  
317.  
318. Ignore
319.  
320. Re: VIRCUREX !!! IMPORTANT !!!
321. Today at 05:21:42 PM
322. #13
323. Quote from: Kumala on Today at 05:05:41 PM
324. Service restored: deposits, trading and withdrawals are working again
325.  
326. For the time being, some restrictions apply until we have sorted out the account details and validated data integrity.
327.  
328. Trading Deposits Withdrawals
329. BTC Active Active On hold
330. NMC Active Active On hold
331. LTC Active Active On hold
332. DVC Active Active Active
333. SC Active Active On hold
334. IXC Active Active Active
335. PPC Active Active Active
336. USD Active Active Active
337. EUR Active Active Active
338.  
339.  
340. It's good to see you are recovering so quickly, especially with the severe downtime or outright collapse most exchanges seem to go through.
341. Logged
342. 1H8Ep63MQ1BPF8uoDUpz2KFhTAzYKqaUE5
343. davout
344. Staff
345. Hero Member
346.  
347. Offline
348.  
349. Posts: 2493
350.  
351.  
352.  
353. 1davout
354.  
355.  
356.  
357.  
358. Ignore
359.  
360. Re: VIRCUREX !!! IMPORTANT !!!
361. Today at 05:24:34 PM
362. #14
363. Quote from: Kumala on Today at 05:05:41 PM
364. Service restored: deposits, trading and withdrawals are working again
365.  
366. Did you switch servers ?
367. Logged
368. Buy and sell EUR at Bitcoin-Central.net.
369. Also check-out Instawallet and Instawire, don't need to sign-up to anything!
370. -- The problem with the French, is that they don't even have a word for entrepreneur
371. Kumala
372. Sr. Member
373.  
374. Offline
375.  
376. Posts: 274
377.  
378.  
379.  
380.  
381. Ignore
382.  
383. Re: VIRCUREX !!! IMPORTANT !!!
384. Today at 05:58:42 PM
385. #15
386. It's been a couple of stressful hours here.
387.  
388. No we did not switch servers, we:
389. - applied the Ruby Rails patch
390. - backed up all log files for further analysis
391. - log files show the XML code injection, we validated all triggered commands to ensure nothing other than withdrawing funds (e.g. backdoor) was done.
392.  
393. 2AM here, will need to catch some sleep, mistakes are easily made when being too tired.
394. Logged
395. Exchange: https://vircurex.com BTC, LTC,DVC Stockexchange: http://www.cryptostocks.com
396. DVC 6/49 Lottery: https://dvc-lotto.com BTC 6/49 Lottery: https://btc-lotto.com
397. Earn money browsing the Internet: http://www.profitclicking.com/?r=rwrehp4reyg