|
Title: Crazy Land Rush Post by: the founder on July 29, 2011, 03:51:01 PM http://www.flexcoin.com/wp-content/uploads/2011/06/logo_flex1.png
I strongly urge you guys to get an invite now for flexcoin because when the invite system is off we're going to stop accepting new registrations for roughly a day. So the only way to get in is via invite and we're sending out all the invites in a few hours.. Meaning that you can get a generic flexcoin id "coffeeshop", "money" , "webhosting" or whatever now but in 24 hours most likely you won't be able to. This reminds me of a 1990's domain name rush... that ID is staying with people for life.. so people are looking for generic ones like mad. Title: Re: Crazy Land Rush Post by: BitMofo on July 29, 2011, 03:55:47 PM Just requested one... Haven't read much about flexcoin yet but what ensures it's security over any other escrow service?
Title: Re: Crazy Land Rush Post by: Piper67 on July 29, 2011, 04:00:13 PM http://www.flexcoin.com/wp-content/uploads/2011/06/logo_flex1.png I strongly urge you guys to get an invite now for flexcoin because when the invite system is off we're going to stop accepting new registrations for roughly a day. So the only way to get in is via invite and we're sending out all the invites in a few hours.. Meaning that you can get a generic flexcoin id "coffeeshop", "money" , "webhosting" or whatever now but in 24 hours most likely you won't be able to. This reminds me of a 1990's domain name rush... that ID is staying with people for life.. so people are looking for generic ones like mad. Could you give us as much info as possible on all your security measures? I suspect I won't be the only one asking this (and I know I am not the most qualified to). Thanks, Title: Re: Crazy Land Rush Post by: the founder on July 29, 2011, 04:05:09 PM Just requested one... Haven't read much about flexcoin yet but what ensures it's security over any other escrow service? Everything is encrypted with high grade encryption, salted.. etc etc.. Comodo "green bar" SSL, firewalled... We had it audited by a bank auditing company. It exceeds banking compliance standards. The main site is just a standard http .. the banking area (on a differing server cluster) goes to the secure system. Is it foolproof? No. Many of you guys know the only "100% secure system" is one that is physically unplugged and turned off... and like any website on earth it can be brought down by DDOS attack.... but it does exceed what many would consider "normal security" or even "high grade security". I threw the entire weight of my company, Yooter InterActive Marketing ( http://www.yooter.com ) into it... we normally do design, SEO for fortune 100 firms. It's most likely the first corporate backed bitcoin startup. Title: Re: Crazy Land Rush Post by: Piper67 on July 29, 2011, 04:06:43 PM Just requested one... Haven't read much about flexcoin yet but what ensures it's security over any other escrow service? Everything is encrypted with high grade encryption, salted.. etc etc.. Comodo "green bar" SSL, firewalled... We had it audited by a bank auditing company. It exceeds banking compliance standards. The main site is just a standard http .. the banking area (on a differing server cluster) goes to the secure system. Is it foolproof? No. Many of you guys know the only "100% secure system" is one that is physically unplugged and turned off... and like any website on earth it can be brought down by DDOS attack.... but it does exceed what many would consider "normal security" or even "high grade security". And how do you guys make your money? I read the FAQ, but haven't found anything about fees yet. Title: Re: Crazy Land Rush Post by: the founder on July 29, 2011, 04:08:15 PM The fee schedule is here:
http://www.flexcoin.com/?page_id=148 You're best bet is to navigate to the "FAQ" you'll notice a drop down there and all the info I think you need will be there. Title: Re: Crazy Land Rush Post by: enmaku on July 29, 2011, 04:08:23 PM Just requested one... Haven't read much about flexcoin yet but what ensures it's security over any other escrow service? Everything is encrypted with high grade encryption, salted.. etc etc.. Comodo "green bar" SSL, firewalled... We had it audited by a bank auditing company. It exceeds banking compliance standards. The main site is just a standard http .. the banking area (on a differing server cluster) goes to the secure system. Is it foolproof? No. Many of you guys know the only "100% secure system" is one that is physically unplugged and turned off... and like any website on earth it can be brought down by DDOS attack.... but it does exceed what many would consider "normal security" or even "high grade security". What hashing algorithm do you use? As we all learned from the Mt Gox debacle, simply hashing and salting isn't enough, you've got to hash and salt with the right algorithms. Also, an unplugged and turned off system still isn't secure against social engineering so long as someone has the ability to plug it back in and turn it back on for me. ;) Title: Re: Crazy Land Rush Post by: the founder on July 29, 2011, 04:14:07 PM oh Trust me... Mt. Gox is the whole reason we went haywire on security... I know what happened with them using decade old encryption...
Regarding "turned off" most likely you're right... perhaps I should have stated "the only safe computer is a machine running Windows ME... not because it's secure, but because no one wants to even bother" :) Title: Re: Crazy Land Rush Post by: Chick on July 29, 2011, 04:18:18 PM Just requested one... Haven't read much about flexcoin yet but what ensures it's security over any other escrow service? Everything is encrypted with high grade encryption, salted.. etc etc.. Comodo "green bar" SSL, firewalled... We had it audited by a bank auditing company. It exceeds banking compliance standards. The main site is just a standard http .. the banking area (on a differing server cluster) goes to the secure system. Is it foolproof? No. Many of you guys know the only "100% secure system" is one that is physically unplugged and turned off... and like any website on earth it can be brought down by DDOS attack.... but it does exceed what many would consider "normal security" or even "high grade security". I threw the entire weight of my company, Yooter InterActive Marketing ( http://www.yooter.com ) into it... we normally do design, SEO for fortune 100 firms. It's most likely the first corporate backed bitcoin startup. omg, a green bar! we should totally trust them because of that! lolwut? high grade encryption? for what? if you're using high grade encryption for passwords then you're doing it totally wrong. what could you possibly be encrypting other than the ssl payload? yay, banking compliance standards, sounds like pci compliance to me! i should totally trust the security simply because it has 'bank' in it! Title: Re: Crazy Land Rush Post by: nafai on July 29, 2011, 04:20:35 PM From your website:
Quote Fees: Flexcoin to Flexcoin = FREE Bitcoin to Flexcoin = FREE Flexcoin to Bitcoin = .01 BTC or 0.05% (one half of one percent), whichever is greater 0.05% is not one half of one percent. One half of one percent is 0.5%. 0.05% is one twentieth of one percent, or one half of one tenth of a percent. Which is it? Not exactly confidence-inspiring. Title: Re: Crazy Land Rush Post by: Chick on July 29, 2011, 04:23:25 PM From your website: Quote Fees: Flexcoin to Flexcoin = FREE Bitcoin to Flexcoin = FREE Flexcoin to Bitcoin = .01 BTC or 0.005% (one half of one percent), whichever is greater 0.05% is not one half of one percent. One half of one percent is 0.5%. 0.05% is one twentieth of one percent, or one half of one tenth of a percent. Which is it? Not exactly confidence-inspiring. yay Title: Re: Crazy Land Rush Post by: the founder on July 29, 2011, 04:24:19 PM it's 1/2 of 1 percent... that was a typo :)
Title: Re: Crazy Land Rush Post by: Piper67 on July 29, 2011, 04:25:23 PM it's 1/2 of 1 percent... that was a typo :) Yup, that explains it, because at 0.05% your interest payment structure was never going to fly. Title: Re: Crazy Land Rush Post by: Oldminer on July 29, 2011, 04:26:50 PM This sounds like it could be a good idea.
Can you explain more how the interest is calculated? Title: Re: Crazy Land Rush Post by: the founder on July 29, 2011, 04:28:32 PM I fixed it on the page.. thanks for finding that!! :)
Fees: Flexcoin to Flexcoin = FREE Bitcoin to Flexcoin = FREE Flexcoin to Bitcoin = .01 BTC or (one half of one percent), whichever is greater and this charge is all inclusive. - NOTE: the bitcoin miner fees will be distributed from the fees we collect on outbound transfers, not added on. The fee listed above is the only fee you will pay for an outbound transfer. We will add the bitcoin miner fee from this amount. Title: Re: Crazy Land Rush Post by: the founder on July 29, 2011, 04:30:50 PM This sounds like it could be a good idea. Can you explain more how the interest is calculated? It's listed on that same page: Quote Your flexcoin fee schedule is below, however it’s worth noting that a large percentage of the “fees” collected come back to you in the form of interest paid on your account balance. 70% of the fees collected are disbursed to the account holders as interest payments, based on the following formula… (your account balance / total balance of all flexcoin accounts) * ((all fees collected – miner fees) * 0.7) http://www.flexcoin.com/?page_id=148 Title: Re: Crazy Land Rush Post by: Jaime Frontero on July 29, 2011, 04:44:07 PM i've requested an invite as well.
this is a very interesting service. my book business needs something like this. Title: Re: Crazy Land Rush Post by: the founder on July 29, 2011, 04:50:41 PM i've requested an invite as well. this is a very interesting service. my book business needs something like this. That's why you need to register the second you get the invite... because flexcoin "books" or "bookstore" for example is currently available. Title: Re: Crazy Land Rush Post by: foggyb on July 29, 2011, 05:00:19 PM Invite requested.
Title: Re: Crazy Land Rush Post by: Jaime Frontero on July 29, 2011, 05:02:12 PM i've requested an invite as well. this is a very interesting service. my book business needs something like this. That's why you need to register the second you get the invite... because flexcoin "books" or "bookstore" for example is currently available. i put in name and email, then hit enter. it appeared to do stuff - although no confirmation was forthcoming. what's the line for that says: Quote Send *Required i couldn't type anything there, so i'm assuming it's not for anything? ??? Title: Re: Crazy Land Rush Post by: the founder on July 29, 2011, 05:05:25 PM It just means you have to put in your name and e-mail and "hit the send button" for it to work... :D
Title: Re: Crazy Land Rush Post by: foggyb on July 29, 2011, 05:05:36 PM Why isnt the home page SSL? For better security, it really should be.
Title: Re: Crazy Land Rush Post by: Zango on July 29, 2011, 05:10:01 PM This will be good, if done properly.
I've thought about the same thing. Bitcoin really needs to be facilitated. I'd really like if you wrote more about your security means. Title: Re: Crazy Land Rush Post by: Jaime Frontero on July 29, 2011, 05:11:24 PM It just means you have to put in your name and e-mail and "hit the send button" for it to work... :D ahh. my gnome desktop settings are such that the 'Send' button doesn't differentiate very well. i did it again, just to be sure... thanks for the reply. Title: Re: Crazy Land Rush Post by: Piper67 on July 29, 2011, 05:12:28 PM This will be good, if done properly. I've thought about the same thing. Bitcoin really needs to be facilitated. I'd really like if you wrote more about your security means. I agree, this could be good... I'm watching this thread closely. Title: Re: Crazy Land Rush Post by: the founder on July 29, 2011, 05:13:38 PM Why isnt the home page SSL? For better security, it really should be. The bank isn't even on the same server cluster as the main website ... I do hope that does answer your question. Remember This was built by Yooter InterActive, we've been a search optimization company for about a dozen years.. so https (GENERALLY) means harder to rank in Google, hence why we opted to leave the main page .. in fact the main website .. out of the secure area. The banking area is 100% in the secure area, which you will see the second you get the invite.. (for the record it's not even on the same domain). Title: Re: Crazy Land Rush Post by: phillipsjk on July 29, 2011, 05:22:23 PM If the main page is not secured via HTTPs, an attacker simply can replace it with a page pointing to their own "Secure" site. My ISP has even installed equipment that will allow them to do that automatically:
Quote from: Uniserve Terms of Service Advertising-UNISERVE shall have the right, without notice, to insert advertising data into the Internet browser used by a UNSERVE customer, and transferred to a UNISERVE customer over UNISERVE’s network, so long as this does not involve UNISERVE transmitting any personal information of the customer to whom such data is sent in contravention of the UNISERVE Privacy Commitment; - Section 27e (https://www.uniserve.com/about/terms-of-service/). Notice they support HTTPS.Title: Re: Crazy Land Rush Post by: the founder on July 29, 2011, 05:25:55 PM If the main page is not secured via HTTPs, an attacker simply can replace it with a page pointing to their own "Secure" site. My ISP has even installed equipment that will allow them to do that automatically: Quote from: Uniserve Terms of Service Advertising-UNISERVE shall have the right, without notice, to insert advertising data into the Internet browser used by a UNSERVE customer, and transferred to a UNISERVE customer over UNISERVE’s network, so long as this does not involve UNISERVE transmitting any personal information of the customer to whom such data is sent in contravention of the UNISERVE Privacy Commitment; - Section 27e (https://www.uniserve.com/about/terms-of-service/). Notice they support HTTPS.That's why the bank isn't located on that domain. Remember the bank is actually on a differing domain ... Title: Re: Crazy Land Rush Post by: indio007 on July 29, 2011, 05:49:21 PM How does one go about getting an invite????
Title: Re: Crazy Land Rush Post by: the founder on July 29, 2011, 05:49:56 PM This will be good, if done properly. I've thought about the same thing. Bitcoin really needs to be facilitated. I'd really like if you wrote more about your security means. My problem is that if I completely list in entirely every security measure then it's sort of exposing everything... eventually no matter how secure something is it could be broken. Let's say for example you know there is 100 tons of gold in a vault. But since you have the blueprints you know you need a jackhammer, where the power lines are, that the security has a backup cell phone (so bring a cell phone jammer) etc etc... You also found out that inside the vault there is a steel holding cage that's rigged to explode... so you detonate it from outside before you move in knowing the gold would be safe regardless. If that information wasn't public you may have guessed the jackhammer, where the power lines are and the cell phone jammer.. but you didn't expect the rigged steel cage... So trust me I completely understand what you want, I just am unsure if I can actually provide a full breakdown . Title: Re: Crazy Land Rush Post by: the founder on July 29, 2011, 05:52:55 PM How does one go about getting an invite???? http://www.flexcoin.com/?page_id=51 Title: Re: Crazy Land Rush Post by: phillipsjk on July 29, 2011, 05:55:12 PM That's why the bank isn't located on that domain. Remember the bank is actually on a differing domain ... Any attacker would set up their look-alike on a different domain as well. Have you seen the Upside-Down-Ternet (http://www.ex-parrot.com/pete/upside-down-ternet.html) page? Intercepting HTTP is trivial. In some cases intercepting HTTPS (http://it.slashdot.org/story/11/06/20/1934231/SSLTLS-Vulnerability-Widely-Unpatched) is trivial as well. Title: Re: Crazy Land Rush Post by: the founder on July 29, 2011, 06:08:15 PM That's why the bank isn't located on that domain. Remember the bank is actually on a differing domain ... Any attacker would set up their look-alike on a different domain as well. Have you seen the Upside-Down-Ternet (http://www.ex-parrot.com/pete/upside-down-ternet.html) page? Intercepting HTTP is trivial. In some cases intercepting HTTPS (http://it.slashdot.org/story/11/06/20/1934231/SSLTLS-Vulnerability-Widely-Unpatched) is trivial as well. yea but you don't even need to do that... I could go setup ... paypal.com.EXAMPLE.Com and just make the shitty scum site look like paypal and send out tons of unsolicited e-mail to people and some idiots will bite.. it's called phishing. Title: Re: Crazy Land Rush Post by: idev on July 29, 2011, 07:08:38 PM How long does it take to get an invite,
as i have signed up a few days ago ? Title: Re: Crazy Land Rush Post by: spruce on July 29, 2011, 07:12:19 PM How long does it take to get an invite, as i have signed up a few days ago ? See below. Note time of post. Real soon now. :) . . . we're sending out all the invites in a few hours.. Title: Re: Crazy Land Rush Post by: the founder on July 29, 2011, 08:38:26 PM If you requested an invite, feel free to login!
Main Site: http://www.flexcoin.com Banking site : https://bank.flexcoin.com you MUST use the same e-mail address that you requested an invite from. We decided against sending out thousands of e-mails. Title: Re: Crazy Land Rush Post by: thefussydutchman on July 29, 2011, 09:13:18 PM How do you get an invite?
Title: Re: Crazy Land Rush Post by: idev on July 29, 2011, 09:24:22 PM How do you get an invite? You can just register here = > https://bank.flexcoin.com, as i just did. Title: Re: Crazy Land Rush Post by: Syke on July 29, 2011, 09:33:27 PM How does one go about getting an invite???? http://www.flexcoin.com/?page_id=51Title: Re: Crazy Land Rush Post by: spruce on July 29, 2011, 09:44:47 PM How does one go about getting an invite???? http://www.flexcoin.com/?page_id=51See first post. You'll have to wait a day now: I strongly urge you guys to get an invite now for flexcoin because when the invite system is off we're going to stop accepting new registrations for roughly a day. Title: Re: Crazy Land Rush Post by: Syke on July 29, 2011, 09:49:05 PM How does one go about getting an invite???? http://www.flexcoin.com/?page_id=51See first post. You'll have to wait a day now: I strongly urge you guys to get an invite now for flexcoin because when the invite system is off we're going to stop accepting new registrations for roughly a day. Title: Re: Crazy Land Rush Post by: the founder on July 29, 2011, 10:29:58 PM LOL you're right.. I literally deleted the page as compared to editing it saying invites are over.. I took your advice however and did republish the page with a note saying the invite process is over.
Title: Re: Crazy Land Rush Post by: gizmo256 on July 29, 2011, 10:40:12 PM shouldn't the Bitcoin system stay decentralized ? ???
Title: Re: Crazy Land Rush Post by: spruce on July 29, 2011, 10:43:29 PM shouldn't the Bitcoin system stay decentralized ? ??? There could be dozens of sites doing similar services. And should be. But someone has to be first. Title: Re: Crazy Land Rush Post by: hamburger on July 29, 2011, 11:24:43 PM Now why the **** do I need an invite to register and why the **** can't you make the registration page only available to people with invites! Title: Re: Crazy Land Rush Post by: riush on July 29, 2011, 11:36:10 PM Seriously, when asked
Could you give us as much info as possible on all your security measures? andWe had it audited by a bank auditing company. It exceeds banking compliance standards. you can't do better thanEverything is encrypted with high grade encryption, salted.. etc etc.. Comodo "green bar" SSL, firewalled... andoh Trust me... ???Title: Re: Crazy Land Rush Post by: cepler on July 29, 2011, 11:41:44 PM Seriously, when asked Could you give us as much info as possible on all your security measures? andWe had it audited by a bank auditing company. It exceeds banking compliance standards. you can't do better thanEverything is encrypted with high grade encryption, salted.. etc etc.. Comodo "green bar" SSL, firewalled... andoh Trust me... ???+42 BTW: PCI Compliance is a complete crock of dog poop. There is no standard testing procedure and the tests performed are often outdated and crazy picky about some things while compeltely ignoring other important things. It's all a sham to make money and worse than TSA's security theater at the airport. Website disappears with a 404 error because they deleted the page?? Not confidence inspiring. Title: Re: Crazy Land Rush Post by: Syke on July 29, 2011, 11:47:34 PM Everything is encrypted with high grade encryption, salted.. etc etc.. Comodo "green bar" SSL, firewalled... We had it audited by a bank auditing company. It exceeds banking compliance standards. The main site is just a standard http .. the banking area (on a differing server cluster) goes to the secure system. and then I found this from the signup page... Quote password must be 6-12 characters Are you kidding me? You are limiting passwords to 12 characters? And you consider this sufficient security? Sounds to me like you're storing the passwords in plaintext.Title: Re: Crazy Land Rush Post by: the founder on July 29, 2011, 11:59:48 PM Are you kidding me? You are limiting passwords to 12 characters? And you consider this sufficient security? Sounds to me like you're storing the passwords in plaintext. No, it's encrypted.. and B: we were thinking that people might one day want to use it for their mobile phones... so I have no idea what kind of phone you use.. but I'd rather not type in a 30 character password. Look, I know many of you got goxed .. hence why you're asking the questions you are.. and RIGHTFULLY so... but storing crap in clear text? That one takes the cake... but I am sure I can out do you. See actually we have a billboard on I-95 and we display the passwords in real time outside of Philadelphia. Title: Re: Crazy Land Rush Post by: FlyingFlapjack on July 30, 2011, 12:03:09 AM I notice you are claiming to be a bank. Are you really, legally a bank? I don't see anything on your site to indicate that you are... I'd like to see a page of legal speak which at least seems to indicate you know what you're doing and won't be shut down by the government for claiming to be a bank when you are not legally a bank. At this point, you look like some guys who don't have a clue about the legal environment of banking and just decided to 'open a bank' as a business. If that is not the case, you really should have some more information available to indicate that. Title: Re: Crazy Land Rush Post by: cepler on July 30, 2011, 12:09:15 AM 12 character limitation on passwords?!!? I think my library has better password abilities... Do you have any form of one time password abilities for 2 factor authentication?
I use password management, most of my passwords are 30-60+ characters of random crap. And as for how I manage that on my phone, I have my encrypted password database on there so it's just a passphrase away from being entered. Title: Re: Crazy Land Rush Post by: the founder on July 30, 2011, 12:18:51 AM I notice you are claiming to be a bank. Are you really, legally a bank? I don't see anything on your site to indicate that you are... I'd like to see a page of legal speak which at least seems to indicate you know what you're doing and won't be shut down by the government for claiming to be a bank when you are not legally a bank. At this point, you look like some guys who don't have a clue about the legal environment of banking and just decided to 'open a bank' as a business. If that is not the case, you really should have some more information available to indicate that. yep we're the first bitcoin bank... now I am not sure where to find the legal documents in Washington surrounding a bitcoin bank. Honestly if you can find that let me know. Title: Re: Crazy Land Rush Post by: the founder on July 30, 2011, 12:22:13 AM you can't do better than Seriously? What do you want a map of the schematics? Yes it's encrypted, yes it's SSL ... what else seriously do you want to know? Want me to start listing ports closed on the firewall? Title: Re: Crazy Land Rush Post by: Phinnaeus Gage on July 30, 2011, 12:23:51 AM Are you kidding me? You are limiting passwords to 12 characters? And you consider this sufficient security? Sounds to me like you're storing the passwords in plaintext. No, it's encrypted.. and B: we were thinking that people might one day want to use it for their mobile phones... so I have no idea what kind of phone you use.. but I'd rather not type in a 30 character password. Look, I know many of you got goxed .. hence why you're asking the questions you are.. and RIGHTFULLY so... but storing crap in clear text? That one takes the cake... but I am sure I can out do you. See actually we have a billboard on I-95 and we display the passwords in real time outside of Philadelphia. That's an excellent idea. You took a page right out of LifeLock's marketing book. http://www.computerworld.com/common/images/site/news/2010/05/lifelock_ceoad_338.jpg Title: Re: Crazy Land Rush Post by: randomguy7 on July 30, 2011, 12:24:24 AM Do the accounts get locked after a few invalid login attempts (to fix the weak password issue)?
Title: Major Security Design Flaw in flexcoin Post by: Syke on July 30, 2011, 12:25:04 AM Are you kidding me? You are limiting passwords to 12 characters? And you consider this sufficient security? Sounds to me like you're storing the passwords in plaintext. No, it's encrypted.. and B: we were thinking that people might one day want to use it for their mobile phones... so I have no idea what kind of phone you use.. but I'd rather not type in a 30 character password.Title: Re: Major Security Design Flaw in flexcoin Post by: the founder on July 30, 2011, 12:26:33 AM Are you kidding me? You are limiting passwords to 12 characters? And you consider this sufficient security? Sounds to me like you're storing the passwords in plaintext. No, it's encrypted.. and B: we were thinking that people might one day want to use it for their mobile phones... so I have no idea what kind of phone you use.. but I'd rather not type in a 30 character password.ok Syke.. I'll increase it before it goes public live (not just invite) that would be Monday. Title: Re: Crazy Land Rush Post by: the founder on July 30, 2011, 12:27:34 AM That's an excellent idea. You took a page right out of LifeLock's marketing book. http://www.computerworld.com/common/images/site/news/2010/05/lifelock_ceoad_338.jpg HA!!! google his social security number... You'll see Tribbleagency.com #1 . .. I love being good at SEO as it's my blog. He's been a victim of identity theft at least a dozen times since running that campaign! Title: Re: Crazy Land Rush Post by: fabianhjr on July 30, 2011, 12:28:37 AM Just requested one... Haven't read much about flexcoin yet but what ensures it's security over any other escrow service? Everything is encrypted with high grade encryption, salted.. etc etc.. Comodo "green bar" SSL, firewalled... We had it audited by a bank auditing company. It exceeds banking compliance standards. The main site is just a standard http .. the banking area (on a differing server cluster) goes to the secure system. Is it foolproof? No. Many of you guys know the only "100% secure system" is one that is physically unplugged and turned off... and like any website on earth it can be brought down by DDOS attack.... but it does exceed what many would consider "normal security" or even "high grade security". I threw the entire weight of my company, Yooter InterActive Marketing ( http://www.yooter.com ) into it... we normally do design, SEO for fortune 100 firms. It's most likely the first corporate backed bitcoin startup. As a beginner in the Security Field I have to voice concern over the cap on characters I can use as a password. This is seriously flawed. Also, looks like I am not the only one. >_> Title: Re: Crazy Land Rush Post by: the founder on July 30, 2011, 12:30:19 AM As a beginner in the Security Field I have to voice concern over the cap on characters I can use as a password. This is seriously flawed. Also, looks like I am not the only one. >_> As I stated, I listened to you guys and it will be increased before Monday's open launch. Title: Re: Crazy Land Rush Post by: the founder on July 30, 2011, 12:45:56 AM Do the accounts get locked after a few invalid login attempts (to fix the weak password issue)? Actually we do have it set at a very high number for this weekend due to the invite process.. (we were thinking that people wanted to get familiar with the system, try it on their mobile device. etc etc..) On Monday we'll be increasing the password length limitation, and lowering down the number of attempts then temporary lockout to 6 tries... the problem I have with it is that I personally thumb it a dozen times on my iphone when entering in crap... but we've made this decision 2000 times... security over convenience... in this case security wins both times. Title: Re: Crazy Land Rush Post by: FlyingFlapjack on July 30, 2011, 01:00:38 AM yep we're the first bitcoin bank... now I am not sure where to find the legal documents in Washington surrounding a bitcoin bank. Honestly if you can find that let me know. Well you can be a federally chartered bank, or a state chartered bank. It costs millions in capital either way. So...you're saying you're just going to avoid handling dollars and other 'real money' to avoid all that? Do you have lawyers? I can't believe they'd tell you to just wing it. Even if bitcoin is not legally money, it is probably something like a security. I'm not a lawyer, but you don't even seem to have a legal disclaimer anywhere about you not legally being an actual bank, unless I'm missing that link. Title: Re: Crazy Land Rush Post by: the founder on July 30, 2011, 02:59:22 AM yep we're the first bitcoin bank... now I am not sure where to find the legal documents in Washington surrounding a bitcoin bank. Honestly if you can find that let me know. Well you can be a federally chartered bank, or a state chartered bank. It costs millions in capital either way. ---- But can you be a federally or state charted Bitcoin bank? Seriously Washington moves fast! ------ Do you have lawyers? ---- yep at $300/ hour two of them... ---- I'm not a lawyer, but you don't even seem to have a legal disclaimer anywhere about you not legally being an actual bank, unless I'm missing that link. ----- You're not missing the link. It's just that it's not needed. Yes our company lawyer (and we had a second opinion as well) said that the term bank can apply to the side of a road, a sharp turn, a storage facility, or a financial institution. On a second note, I used to work for a company called DomainBank.com for 10 years.. I don't recall a "charter on their front door" either.. considering you couldn't deposit USD there... nor can you at Flexcoin ... I understand your concern, but we already hashed this out months ago when we were building the bitcoin bank. But i'll put a note on the TOS regarding it to ensure that everyone feels better about it. Title: Re: Crazy Land Rush Post by: thefussydutchman on July 30, 2011, 03:56:55 AM I really don't know what all the fuss is about an invite. Your the owner but can't give me an invite? That's fine this does not seem like a real company.
Title: Re: Crazy Land Rush Post by: payb.tc on July 30, 2011, 06:43:48 AM I've seen this image soooooo many times on the web.
just type 'laptop woman' into google images as an example :) http://www.pitws.com/site_r1/images/joy_woman_laptop.jpg (actually, tineye returns 978 results for it :o :o :o) Title: Re: Crazy Land Rush Post by: kloinko1n on July 30, 2011, 06:30:54 PM I just LOVE the part where impulsepay.com says that this hype goes at a premium of 33% additional costs (as they charge 25% of the revenues, you have to raise the price by 33% to satisfy that condition).
uhmm... NOT ;D Title: Re: Crazy Land Rush Post by: phillipsjk on July 30, 2011, 06:45:09 PM Are you kidding me? You are limiting passwords to 12 characters? And you consider this sufficient security? Sounds to me like you're storing the passwords in plaintext. No, it's encrypted.. and B: we were thinking that people might one day want to use it for their mobile phones... so I have no idea what kind of phone you use.. but I'd rather not type in a 30 character password. For a cellphone, it may be easier to type a 20 character numeric password (66.4 bits of entropy if random). A 12 character password can't really have over 72 bits of entropy. Computers are getting stupidly fast these days. Anything with less than 64 bits of entropy is likely insecure. After 128 bits you are probably safe as long as the storage mechanism has no underlying weakness. Title: Re: Crazy Land Rush Post by: CubedRoot on July 30, 2011, 06:59:15 PM so, I think I missed this :)
How do we get invites? I would like to give Flexcoin a shot Title: Re: Crazy Land Rush Post by: dishwara on July 30, 2011, 07:36:44 PM I try to register & got this error.
Quote could not register new user you do not have a valid invitation try again Title: Re: Crazy Land Rush Post by: phillipsjk on July 30, 2011, 07:53:52 PM Any attacker would set up their look-alike on a different domain as well. Have you seen the Upside-Down-Ternet (http://www.ex-parrot.com/pete/upside-down-ternet.html) page? Intercepting HTTP is trivial. In some cases intercepting HTTPS (http://it.slashdot.org/story/11/06/20/1934231/SSLTLS-Vulnerability-Widely-Unpatched) is trivial as well. yea but you don't even need to do that... I could go setup ... paypal.com.EXAMPLE.Com and just make the shitty scum site look like paypal and send out tons of unsolicited e-mail to people and some idiots will bite.. it's called phishing. Many users visit websites by typing their name into a trusted search engine like Google (Which does support HTTPS). paypal.com.example.com won't come up in the first 10 results, but paypal.com will. Without HTTPS (or other authentication), it is possible for an attacker to use your real domain for their phishing site. As I have pointed out, this is not a theoretical or difficult attack. Are you OK with my ISP injecting PayPal ads when I view your landing page? PS: I know my own website does not support HTTPS or IPsec at the moment... I hope to change that eventually. IPsec should work for the gopher version too :) |
