- Test version of the site was public for 2+ weeks before they went live
- Daily external security audit
- Payment Card Industry certification
! someone 'external' has access to my fucking money! ME NO LIKE! PCI DSS a standard that even my computer comply with, it is nearly impossible not to. it says nothing. okey then they have been around for 20 days. +1and they are placed in USA, which means men in black suits comes knocking on my door someday, even if i live in Europe. they are of course seeing this as good. i would rater like a 'offshore' exchange. (from an European point of view they are already offshore, but you know) i just dont like it. /opinion. (yes i still do trade on mtgox) |
|
|
|
Newcomer CampBX has an option for shorting bitcoins. Haven't tried them myself, so can't comment on whether they are any good or not. But they seem to have put some efforts into creating a secure good looking exchange platform. we dont know if they are secure... but there website is pretty! they have only been around for 4-5 days, we dont know yet. |
|
|
|
then its called pseudonymity, instead of anonymity. it requires only one link between the real you and the pseudonym, to say its you.
and that link exists, its called mtgox.
1. Send contaminated coins with long history to online btc wallet service (OBWS). 2. Create a 1-time Mt. Gox wallet by logging in the deposit page 3. Use 1-time Mt. Gox wallet as the withdrawal address on OBWS 4. You have anonymous bitcoins in your Mt. Gox balance that appear to originate from OBWS with a completely random history. Or if you want a 1-step program: 1. Mint your own, unused fresh coins by mining. No history, no way of knowing who 'created' them. the gorvernement is likely to have control over OBWS, too... how do you think banks operate today? there will be governement restrictions, sadly. |
|
|
|
Thanks for the answers!
One more question. Are the reserved addresses stored locally or online?
in wallet.dat. very locally. In that case. If you have two computers with same wallet and then make 100transations on each computer, they will have different reserved addresses, right? Will that be a problem? no. i don't think so. but the current client haves a few bug, so if something from the wallet gets transfered, the other client gets confused. but a bitcoin -rescan will fix it. |
|
|
|
You give 1MB key for OTP comm with a sub, and rather you not send them any block longer than 1MB, send him War and Peace and you start to get a pattern. sending him the pattern "War and Peace" in 1MB, does not create a pattern, in the encrypted data. giving him a 10^100 byte key, and sending him 10^100 bytes "War and Peace", also does not. it seems you simply dont understand it. LOL! Missed this post!  "Send him War and Peace" doesn't mean send him "pattern War and Peace", but broadcast War and Peace, Leo Tolstoy book: http://en.wikipedia.org/wiki/War_and_Peace Sending patterns.. I'm still laughing!!! why the hell would someone send a public available book, over a highly secure communication line? but anyway sending something with a pattern with a OTP, will not make the pattern known. |
|
|
|
if i was a script kiddie i would code a 5 line trojan, that could scan your computer, for 1btc, and gain 500btc.
Damn! You're a cute troll 5 line trojan (with 20 Mb batch of attached DLL's?) just found my wallet: [removed]@laptop:~$ ps -A | grep bitcoin
1926 ? 00:40:44 bitcoin
[removed]@laptop:~$ file /proc/1926/fd/* | grep .dat
/proc/1926/fd/11: symbolic link to `/home/[removed]/.bitcoin/addr.dat'
/proc/1926/fd/12: symbolic link to `/home/[removed]/.bitcoin/blkindex.dat'
/proc/1926/fd/13: symbolic link to `/home/[removed]/.bitcoin/database/log.0000000163'
/proc/1926/fd/14: symbolic link to `/home/[removed]/.bitcoin/wallet.dat'
it could be easily be automated in a shell script, but i did not have time for now of course you suggested client, would not have it open all the time, and it would not be a *.dat. but its really not that hard, see? |
|
|
|
There's a significant increase in security by moving the file, despite if "some software can scan your computer", as that very same software probably can do whatever it takes no matter what security you imply.
I don't know if you were looking at the code or can reverse engineer software of the latest virus for Bitcoin, this method alone would put them all out of commission... yes in the future a better skilled coder(...); but also in the future machines calculating Petahashes per second(...).
Phash/s will not do it! still takes longer time then the age of the universe to crack. a major breakthough in math, will do it. but then we will have other things to worry about(nuclear missiles flying around). if i was a script kiddie i would code a 5 line trojan, that could scan your computer, for 1btc, and gain 500btc. |
|
|
|
MT, if I could suggest just one thing, it would be to hire a full-time PR person whose only job is to monitor IRC, forums, and email.
+1 |
|
|
|
if you would be very secure, you would make a physical device with a small LCD screen, which prints out the addresses, and the amounts.
on that device the transaction will be signed. and the private key will never leave the device. this would be the only secure thing.
Hmmm, me thinking about those nfc enabled smartphones ... more like that. |
|
|
|
mmmh
interesting do you mean a thing like hcbi-banking-device?
hmm. i dont speek german, and google gave me alot of it when i did search. but it is one of crypto-tokens you are talking about? hmmm. maybe... it depends if it only gives me a small number, then hell NO! if it prints out the whole transaction, and ask me permission to sign, then YES! |
|
|
|
Depends on what the trojan does.
no, trojans often install backdoors, an attaker can/will return. Still, you believe it doesn't worth 2 lines of code because some other attacks will get through? Then we rather let go computer security all at once, as eventually some kind of attacks will pass... so what's the use? 100LOC in the client, and 5LOC in a trojan. You give 1MB key for OTP comm with a sub, and rather you not send them any block longer than 1MB, send him War and Peace and you start to get a pattern. sending him the pattern "War and Peace" in 1MB, does not create a pattern, in the encrypted data. giving him a 10^100 byte key, and sending him 10^100 bytes "War and Peace", also does not. it seems you simply dont understand it. |
|
|
|
i can make a 100% unbreakeable cipher
Wow! I'm impressed! Not even PGP or SSL can be considered "unbreakable" - rather really hard to break -, guess you would get a Nobel Prize out of that one. no nobel price to me, already invented http://en.wikipedia.org/wiki/One-time_padby you saying that, can conclude that you have no knowledge at all on the subject. and therefor you are a troll.  That's an improvement of http://en.wikipedia.org/wiki/Vigen%C3%A8re_cipherThe indecipherable cipher suffers from patterns, the pathetic attempt done by Gilbert was to create an algorithm where the key matches in size the crypt text. Resulting in a stupidity, as if you can send such key securely, you rather send the plain text the same way and spare you from some worthless work. Given a long enough key and a short enough text to Vernam's method and you would get that effect already. PS - This topic isn't about cryptography anyway... my idea just provides a "hiding the wallet" not "encrypt it". -> This means that currently is like if everybody was using their wallets in the back pocket, making life easier to pickpockets. My method would simply make anyone put the wallet wherever he wishes... making pickpockets to have to look for it - still doesn't mean you get rid of pickpockets, just their job gets harder.  if the pickpocketsers already has locked your in a prison, and searched you, you are doomed. by hiding your wallet you gain nothing, if you gets a trojan, you are doomed. im comparing a trojan with a prison. you are comparing a trojan with a pickpocketser, a trojan haves more control on your computer, then a pickpocketer haves on you, and it is therefor stupid to compare them. about the cryptography, it is not stupid it is usable: give 1mb key to a submarine, when they are at port, and keep the key yourself. you can now communicate 1mb of data between the submarine, when its 10000 miles away, 100% securely. not near 100%, but exactly 100%. |
|
|
|
What are the qualifications of the person running it? Who is running it? Where is it based? On the about me page it says the following:
It's run by a doctorate-level professor who has also been with bitcoin pretty much since the start. You can find him on the forum under the name NefariusNeferio, he's one of the moderators. fixed. |
|
|
|
Thanks! I support your initiative.
me too +1 |
|
|
|
i can make a 100% unbreakeable cipher
Wow! I'm impressed! Not even PGP or SSL can be considered "unbreakable" - rather really hard to break -, guess you would get a Nobel Prize out of that one. no nobel price to me, already invented http://en.wikipedia.org/wiki/One-time_padby you saying that, can conclude that you have no knowledge at all on the subject. and therefor you are a troll. |
|
|
|
Right. Want to buy a Fax Machine ? - I hear they're the hot new tech for forward thinkers like yourself.
what is a Fax machine? some kind of gaming system? |
|
|
|
GLBSE is not a real exchange. There is no volume. It is not regulated by any government organization. My expectation of receiving payout should my contract become profitable is pretty damn low. The site owner has a link where you can donate to him lol. That is not a professional exchange. What are the qualifications of the person running it? Who is running it? Where is it based? On the about me page it says the following:
"We Are The Market
Buy, sell, raise, lend, borrow, invest, the single market that does it all. Keep your bitcoin in one market, and instantly switch between different assets, currencies, shares, and bonds to take advantage of the largest bitcoin market.
* Issue shares to raise capital
* Pay dividends to shareholders
* Put resolutions to shareholders and get their vote
* Issue and sell bonds
* Borrow and lend to the market
* Make and recieve loan repayments
* Issue futures contracts
* Meta-trade on non listed companies (on other exchanges)
* And trade all of the above with other traders on the market
Start Trading Now!
The exchange is currently under testing, but is being used, you may use at your own risk but be warned,you could lose your shirt ;-)"
That says nothing, except that the person running it is building this as they go and have no idea what they are doing.
The fact that these are not the first questions people are asking when this site advertises, just shows how naive the bitcoin community is. Here are some more good questions:
Who holds my deposit? Who guarantees it? Are my funds used for operating expenses? (I bet they are) Are my funds held in a segregated account? In what currency? How is that account being managed to hedge against currency and bitcoin value changes?
You might not like what I am saying, but to completely write it off is ignorant. I have a LOT of experience in gambling, trading, and business. I've seen a lot of bubbles, I've seen people act CRAZY when they come into a lot of money or lose a lot in a short time. Be smart. Learn from the mistakes of others. People behave in repeating patterns, especially in crowds and markets. Have you studied the history of bubbles? Might be a good idea. If you are one of the ones that has come into a lot of money from this, be smart and diversify. Acknowledge that there is a real chance that bitcoins could go down the toilet and take some of that money and put it into a different type of investment or business. I'm sure the smart ones have already quietly done that.
OK enough good advice. I know most of you will completely write me off as an ignorant whatever you think I am. Most people have to learn the hard way, that is just how people are.
Neferio is running glbse.com . |
|
|
|
Troll, no. Many folks failed to understand the purpose of encryption and confuse it by "security" when all it does it "hide things" - therefore: provides obscurity. im not confused, you are. Everyone with coding skills can make a fake client... what's your point with that one?!
I'm talking about implement this in the open source one... yes, im not talking about including 'my code' in the client, im talking about replacing it with a fake, by a trojan. Obscurity is meant to be something just you know, or a specific recipient; cryptography is just one way to do it. But to very end, security is obscurity and the more obscurity you add to it the more security you get; may it be in method or final product. security!=obscurity , cryptography, ensures that by a certian chance that something is unbreakable. The worse part in security is to believe it's unbreakable... but that's "a wrong assumption" no matter the methods you used.
we did not say that some security is not breakable. i can make a 100% unbreakeable cipher, i can publish how it works, but you still can't break it, without my key. |
|
|
|
Wrong! Cryptography IS NOT security. Cryptography is a WAY to provide you OBSCURITY.
If you believe on security in open air, then just post your password. Better on, why use passwords? Just come, pick an username and wear it up. LOL! troll! A script kiddie normally go by AutoIt scripts and easy to implement code he can pick from the web; hooking into a running process isn't part of it.
This is also NOT the magical bullet that will kill all malicious software, is a way to make it harder to do so less people CAN do it, therefore less people DO IT. i did not say it was a magical bullet. Why make it easy to attack when all it takes is a file open dialog in the client or an argument passed to the bitcoind to make it way harder?
R U MAD? i could make a fake client, in about an hour. (no i will not, but i can) |
|
|
|
Security IS obscurity. That dogma you stated makes no sense at all. Anything that's open isn't by nature secure; it's just open.
real security, cryptography is (for now) secure in the next few million years. The value of BTC justifies for the user to search for it when he opens the client, so the wallet place isn't stored anywhere outside its owner brain. the client could well also allow hot-swap of wallets. Yes, a trojan may scan your computer... making it dead slow and probably making you try to figure what's going on. But the current way the trojan have all the way open %APPDATA%\Bitcoin\wallet.dat; easy pick virus for any script kiddie. eazy pick by script kiddie: 1. replace client, 2. wait until user open teh wallet.dat 3. send wallet.dat to script kiddie. 4. PROFIT!!! |
|
|
|
|
Show Posts
