[andyhmltn]

That is true.

1) You really shouldn't be running java applets unless you are certain you want to. I have had Java disabled for about a year and have only seen a page that required it once.

2) The domain name should've been a dead giveaway

3) Why would MtGox refund it? You got your money stolen by someone else. It's not MtGox's fault at all.

[relix]

One would expect a certain level of security measures for a site that directly influences your financial situation. Most CRUD applications require you to put in your old password when changing your new one. Apparently you can actually trade coins away from your account without typing your password on MtGox. That's just ridiculously unsecured.

[andyhmltn]

I don't think that'd solve the problem though. His password was stolen. So the hacker had the password and entering it twice would be the same barrier as entering it once.

[sneak]

No.