|
when do you think it will get some licences to over pass the 1000 usd limit? thank you.
|
|
|
|
|
we will find a way to the licence.
We could just define bitcoin as virtual commodity in the law. We trade in exchanges silver, gold and other weird metal we never used in daily life, so we trade BTC.
|
|
|
|
|
That exchange don't even want to admit that fact.
You all know what I'm talking about if you're not too new.
|
|
|
|
This is what I've been expecting for a long time, and once I wished mtgox would achieve. "It's important now to go forward with legalization even if you don't agree with laws," Taaki said legitimizing exchanges would give Bitcoin the confidence needed to transcend from a niche currency embraced by libertarians and hackers to a legitimate monetary system. http://www.pcmag.com/article2/0,2817,2387279,00.asp |
|
|
|
I have a few questions.
Did you hire a Security Professional? A real one? What are his qualifications? What kind of testing, tools and monitoring has been put in place?
Have you implemetned a realistic Security Strategy, like "Defense in Depth". Is each layer of the IT infrastructure down to the database is protected with ACL's and the minimum privileges possible.
Do you require users to have good pwd, at least 16 characters long, digits, letters and special characters along with digital certificates.
do you run your operations on a real Unix system? Solaris or OpenSolaris are secure by default. They are also "special " enough that not many hackers have expertise to penetrate it and it has very good support and Security features built in.
Is your system hosted in the cloud?
Are you using a well designed and professionally managed database? Is this database being operated in the most secure manner possible? Can you prove it and show evidence of an audit?
Everything should be logged and the logs monitored for attacks.
Do you offer all users a digital certificate with your exchange being the CA.
Is your entire operation behind a commercial firewall appliance and do you use a secure DNS?
What SEIM monitoring tools are in place? You should have an SEIM monitoring solution from a reputable company. I used AlienVault to gain experience but something even better might be a commercial offering. Trustwave comes to mind that will audit your system and provide some certifications as to your compliance with all provisions of the NSA recommendations, and any other applicable authorities like the big exchanges.
I think if you put this in place and let it be known upfront what is going on then you could easily attract as much business as you could handle. With the best security in the bitcoin exchange arena you could charge more for trades and still get more customers. With as much security as mentioned here it should be no problem for a big insurance agency like Loyds or whomever to insure each account and each trade to at least 250K bitcoins at a time or better.
You are going to be the number one target if you are successful. Plan on it and plan on getting hit and have a plan to recover.
This is going to be a huge business with any luck and being the most secure will get you all the business you handle.
Have this post been answered or not? |
|
|
|
Why post your names and info, but previously buy a domain via "domains by proxy"?
Where is "TradeHill Co. Ltd" registered?
I notice your hosting with a "cloud" company in Sweden, give them a kick as you don't have enough resources and if your on "the cloud" how can that be simply throttle up.
I was wondering the same thing. I suspect they are still running the exchange out of their home basement (and the rented VPS) and don't exactly want to advertise that fact. The site says it is based in Chile, so that is likely a good place to start looking for an official registration. Hi Phillip and Folks, This " Ltd" is an inaccuracy on our site. We are a sole proprietorship registered both in the state of Oregon and in Chile. Our DBA is registered under “Tradehill” in both regions according to the laws of each territory. According to the principles stated at the beginning of this post, we will strive for accuracy - and will make right, in case of inaccuracies - any mistakes, as soon as we become aware of them. We have thus taken it from the website and clarified that we are a sole proprietorship. We will continue to inform people of our situation in accordance with the above principles. If something may compromise our security or private information, we will inform you of our reasons for keeping this information private. Regards, Adam Stradling Trust is something you can hardly find back when you lose it. You're a very young exchange, but the most promising after the mtgox disaster. Just make sure you're honest about everything, tell people the truth and the whole truth. If you base your service on VPS, tell people before they find out. If you have other information, provide it publicly before people find out. |
|
|
|
|
I don't like make this topic a spaming thing, so it's somehow like TH-R171**.
Is that mean they have got 17k account?
P.S.
1. The website is very slow.
2. I'm trying to add some BTC. I think they're product manager are not at the best level, but far more better than mtgox.
|
|
|
|
This has nothing to do with mybitcoin and everything to do with idiots.
You're mean. it's mtgox and the hacker's fault. it's not theirs. |
|
|
|
I just hope that Tradehill puts in captcha and/or many other security options that every typical bank has (phone texting), security questions, based off of IP changes, etc. Otherwise I'll likely be moving everything out pretty soon until a more secure site pops up. Tradehill has been great to me so far though! I know this is overstated- but to anyone who doesn't have a TradeHill account, you can use this link to save 10% on fees: http://www.tradehill.com/?r=TH-R12165I guess they don't yet get enough manpower and equity to realize some sophisticated safety idea, nevertheless, they are moving fast. The exchange business have very strong Networking effect, which makes the biggest one winner-takes-all . Our wrong trust over mtgox.com have made the later-comers a very difficult situation. People don't like to trade in a thinner market, if there is a market have more depth. I guess most of TH's energy were spend on the promotion job, but the security, the speed service and the coding have not get enough manpower and resources. The serious mistake have gave them a sudden opportunity that they were not fully prepared. Hope TH move on fast and sound. DO realize your responsibility to the bitcoin community. Don't give yourself any excuse to make mistakes. I hate people giving themselves excuse when they made mistakes, such as Gavin said something that "he is human and he does make mistakes……“. OMG, can you hire or invite another HUMAN being thing to double check your damn code? |
|
|
|
|
I want to ask a few questions about your company.
What's the number of the owners' equity on the Blance Sheet of your comapny, say, how much money have you founders invested?
How many fulltime stuff are there in you company?
Is there any founders are not fulltime?
Are you going to raise larger venture capital soon?
How many years have you founders know each other, have you guys teamed up before?
|
|
|
|
I think this post was long overdue. People have been reporting for over a week now that they've been getting hacked on MtGox, and then this happened. Every account, every e-mail, every (hashed) password. What's sad is that it's taken this long to post about it. Lots of people have been reporting this and it seems to fall on deaf ears. They have a whole thread about MtGox accounts that got hacked, yet no word was said to try and calm users or ease concerns.
Sorry to be so hard on you guys, don't get me wrong I love(d) the service, but you NEED to talk with users and tell them what's going on when they report getting hacked, and that needs to happen ASAP...not a week later. I hope your actions or lack thereof don't affect your business when it re-opens....cause I have/had(not sure, can't login) bitcoins with you guys and was looking forward to the value working it's way back up to 20.
HOPEFULLY people will trust you guys after this. A come back from this level of hack is hard, but I wish you guys the best.
Hopefully more great entrepreneurs will join bitcoin world, replacing those guys who providing bitcoin service with a one-man company. |
|
|
|
|
hope you will be fine after such disaster. It's a good lesson for you.
|
|
|
|
The number of coins that actually left MtGox is small and limited, so while those may be lost for good, the vast majority of the big theft are still with them, and reversing their trades will repair most of the damage. Perhapt Mt. Gox will personally compensate the remaining amount from their own wallets?
I think it's good this is happening while bitcoins is still so new and "fledgling." It's still in Beta. Anyone who didn't expect crazy stuff like this was naive, but the Bitcoin will emerge stronger. Stronger exchanges, stronger passwords, and lots of new information.
The market will heal.
very soon, there will no exchange named mtgox |
|
|
|
An exchange as strong as the bitcoin network needs to be developed... These exchanges are dealing with big sums. In typical industry such systems are at least engineered to PCI-DSS standards with the software itself passing PA-DSS audit and requirements. How many exchangers audit their systems? (appear to be none) How many exchangers have per-account controls on funds? (A few now, it seems) How many exchangers use hardware security modules to protect records? (appear to be none) How many exchangers use a red-team or pen-test specialists to look for holes? (appear to be none) This is pretty lame and these exchangers are fairly untrustworthy! (by nature of their vulnerability regardless of intent.) Those service which provided by 1-man start-up is going to be replaced by entrepreneurs. |
|
|
|
|
Jun-20 2011 04:42.
Why should everyone who profited from the crash suffer your inablitiy to secure the site?
Anyone who owns shouldn't have 500K in his Mt Gox account anyway (and make sure no one gets his/her password).
So, everyone who got cheap bitcoins today will have them reversed??? THAT is stealing!
Please give a statement to that!!!
----------------
Jun-20 2011 04:27.
I also don't see how you can rollback transactions without losses. I had a trade that executed as the market dropped, shortly after I got spooked and withdrew my BTC (less then 100 more then 10) to my wallet. That BTC is now in my wallet confirmed. How can you possibly roll that back?
------------
I don't think you're realizing what a disaster this is. You won't be able to rollback all the transactions because substantial amounts of Bitcoins have been withdrawn, and you can't just declare a price of $17.5 or reinstate people's orders to achieve that price because circumstances have changed. I would object strongly if my prior order is reinstated without giving me a chance to review the current, rather than past, conditions. What of people who both bought and sold after the hack?
|
|
|
|
|
I guess other roles of the bitcoin world are the next to take the consequences of their incompetent. Those who still provide bitcoin service with a one-man-start-up-hobby-firm will be replaced by the real entrepreneurs.
And what confuse me the most is that why a guy with a "experiment" attitude but not wholly faith in bitcoin can be the project leader.
|
|
|
|
|
it's really a big account.
|
|
|
|
Mr. Gavin still think that the security issue, such as back up and encrypt wallet.dat still not his first priority, which expressed in his recent blog. I think this is really a problem. |
|
|
|
...
It's not that easy, since the first step is "Get yourself a low cost netbook". If everyone have to purchase another netbook for the safty of bitcoin, which is only 2 years old and not that much product to buy……
I suggest Gavin's team to build encrypt and back-up solution into the next release ASAP!
Ask the guy who lost half a mil if 200$ was too much to secure his wallet. Gavin, please implement wallet encryption ASAP so that we can enjoy false sense of security while running bitcoin client on malware infested windows computers. If the file was encrypted, the hacker would have record the keyboard input to get the password. and this action is prevented by most of the anti-virus software. |
|
|
|
|
service like paypal and alipay.com
The bitcoin is very like cash, but when we do online business, we need the fund transfer very fast, I mean, done the transfer within 1 second. And paste the address every time is inconvenient, and keep the wallet.dat on the local computer just like you keep $1000,000 cash in your bedroom, which makes most of the people feel unsafe.
and for the merchants doing business with bitcoin, it's very fine to the super small one, as they only make one or two deal per day or even per week. but for those not so small merchants, like doing business tens of times per day, we need a more sophisticated payment service to overcome some problems.
If the bitcoin community have a wide accepted and really trustworthy service like paypal, the currency will be adopted by very large group.
one suggestion: go out and find some angle investment or venture capital, find some genius program and product manager you've got know in your life, and make it a serious enterprise!
|
|
|
|
|
Show Posts
