Do tell!

I wonder if you had adequate antivirus on your windows machine? It'd be very hard for a trojan to take control of your computer if you had adequate security software, that can detect trojan behavior. Plus Win7 has some default security built in like UAC. I think it'd take a seriously good hacker (like top 0.001% in the world), to hack a windows machine, over the internet, with firewalled router + good security software + UAC turned on.

An encrypted wallet wouldn't have helped you.  If you had Malware on the system, especially a keylogger, they'd have your key for the wallet.

I can't, it would give away where my wallet is.. which I guess is kind of stupid, because why did I post to begin with then, right?

Stupid. Sorry.

Also, assuming you did lose your wallet, allinvain, when I read your story it was like a punch in the gut. Some hacker douche is into emo gut-punchery, and I hope you track those coins until the end of time, finally get a name, and then Hulk Smash. Good luck. :-( Come to think of it, though, why don't you call the police and get them involved? Open a case at least. You are paying taxes into their paycheques, and theft of this size is more illegal than smaller amounts.

I am surprised after all this time no one (including me) has suggested he post his debug.log.

That might narrow down how the coins got sent, at least can narrow down as to whether the coins were sent from his own computer (either by "meatspace" as suggested, or a trojan that allowed complete remote control) versus the transaction being initiated from a different machine.

Though I am not certain if debug.log could contain private keys.  I would hope not.

This is an excellent opportunity for jgarzik to demonstrate how easy it is to track down these "pretty bleepin' dumb kids" who thinks Bitcoin is anonymous...

That is because you don't understand how insecure modern computers really are. "Automatic Updates" are the equivalent of a security blanket: they may even protect you from some known attacks (like a blanket can protect you from cold). However, any software shipping with automatic updates enabled is not proven correct. Automatic updates also require you to trust the software provider not to be malicious or make further mistakes.

At the time of this writing, there is no such thing as as a "totally secure" live CD. Until August 14, 2009, I thought you could be safe by using "Read-only" memory to guard against attack. Then I read about an attack against a voting machine using a harvard architecture (Code is in read-only memory). They leveraged a single stack overflow into a full compromise of the machine using return-oriented programming.

It is possible to prove software is correct; it just takes time and expense few are willing to invest yet. For example, the L4 Mirokernel has been machine checked. Long term, software development houses need to start compiling their code on proven correct hardware as well. This will involve using ROM burners programmed using toggle switches and hardwired CRC checkers. The "proven correct" source code would have to be stored on microfiche or something similar.

But sometimes, I think may I have just gotten too paranoid.

Edit: Preview doesn't work for busy threads

This story made it on Gawker! http://gawker.com/5811868/a-500000-geek-cyberheist   

 

There is something Mtgox could do to help prevent theft in future, and prevent the hacker from profiting from this theft.

In this case, and others where there is suspicious activity, there could be a trial date set on skype.  If the suspicious party does not appear for the trial, then the money in question is donated to charity.  For example the money could be split up and sent to each of the charities on this list:
https://en.bitcoin.it/wiki/Donation-accepting_organizations_and_projects

If the suspicious party does appear for the trial, then if their explanation of the transaction is good, the transaction goes through.  If the explanation is probably unbelievable, then the money in question is donated top charity in proportion to the unbelievability.  The judges for the trial could be drawn at random from developers and/or writers who have a public web site or blog.  If the amount in question is smaller than 1,000 USD, one judge would be sufficient, above that up to 10,000 USD three judges would be asked for, above that five judges would be asked for.

By removing the profit motive from theft, hackers would spend less effort to steal in the first place.  Since any money not sent to the suspicious party would be sent to charity, there would be no profit in false accusations.