Correct me if I'm wrong but I took a long hard look at this 'security hole', and I'm pretty sure the 'unsecured information' this article is talking about is the security key itself. A security key can't digitally sign itself. If you can manage to secure the same information with two different keys (no easy feat), which ever one gets confirmed in the network first wins, and the other one is dropped. Either way, the transaction still takes place and is completely secure. The security breach was on Mt. Gox's end, because they didn't have fail-safe's in place to compensate for this 'flaw' - which is actually a rational security decision - IE > it's better to tie the transaction ID to the digital signature, than not - not doing so would create a huge potential security hole. This isn't some simple bug that needs to be patched that's been known since 2011. It's not a bug that's easy to abuse, and the bitcoin community IS working on the problem. But Mt. Gox didn't have to lose a dime if they only had the proper security measures in place, and that's why some members of the community have said that they deserved to go down. For perspective, Mt. Gox's security would have to have been worse than a bank accepting five one dollar bills as $100, because the customer claimed they were $20's after the teller had already processed the transaction.People try and scam banks all the time. Not being prepared to catch someone in such an obvious and common scam is just plain negligent and stupid.
Facebook
Twitter