Did you read the FA? It was clearly stated that
1. the transaction took place in MtGox, and
2. the rest of his bitcoins were safely encrypted in his hard disk.
Right - I read that part. But then, I read the exploit, which is the running of a .exe on his local system, and not a javascript XSS attack. It's very confusing.
Perhaps the .exe logged into his MtGox account through the browser? If so - I don't understand why he would think MtGox is culpable in any way, particularly if he was running java in the browser, clicked YES to all the warnings that said horrible things were going to happen to him, AND wasn't running two-factor auth on his account.
He went out of his way to let the hacker exploit his system. I would hope that anyone as "technically savvy" as him would have known these were all really, really bad things to do.
If there is any consolation, it's that the 34 bitcoins are likely going to be worth less than a $1000 by the end of today.
Maybe I'm missing something something, but where exactly is the exploit here? (0-day no less)
AFAIU, the user was prompted to accept an autosigned applet, and he did so. After that, the outcome was inevitable. You may hate java all you like, but it seems like the user (inadvertently) gave this program permission to steal all his money.
I'm sorry but last time I checked, Mockingbird development is all but stalled since the founders got hired by Stripe. Which is a shame, given how a great product it was.
Since you're probably gonna see them around, please ask them: why don't they just hire an employee to do actual work for Mockingbird? Thanks!
Given that not everyone from every single country has answered this survey the results can't possibly be right. And it also needs different fields and stages and 'Yes' and 'No'.
