Bitcoin Forum
May 10, 2024, 07:30:46 AM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
  Home Help Search Login Register More  
  Show Posts
Pages: [1]
1  Economy / Trading Discussion / Re: CI Bitcoin Trading Robot on: January 31, 2014, 06:59:18 AM
Quote from: Eric14 on January 31, 2014, 04:55:06 AM
Just now you are hashing?  Let me guess MD5?  No salts/peppers?
The PBKDF2 is used to hashing passwords.
2  Economy / Trading Discussion / Re: CI Bitcoin Trading Robot on: January 30, 2014, 09:58:09 AM
Quote from: Eric14 on January 29, 2014, 07:49:56 PM
Wow.  As someone who does website design SSL implementation is easy and should be a priority for this type of site.  If you don't have enough "resources" to do about 4 hours of work, then you're in trouble.

Secondly, what would an attacker steal that is valuable?  Crikey.  What world do you live in?  First off, it would crush your "business".  Secondly there are lazy users that reuse account names and passwords which could lead them to major theft on other sites, but then it appears you don't really care about their security anyway.  Based on that I have to assume your database is probably not even hashed or secured properly.

Lastly if someone steals your API keys they could sell off everything you have in your account just to drive prices down for their own amusement and possibly profit.

Certainly the user security is our priority. User passwords are hashing now. As we worte above in commercial version we will implement SSL and other security improvements.
In test version we would like to focus on trading algorithm of the robot. We asume that users understands all risks and will use their test accounts.
3  Economy / Trading Discussion / Re: CI Bitcoin Trading Robot on: January 29, 2014, 07:43:11 PM
Quote from: Nova! on January 29, 2014, 02:46:41 PM
That would make me extremely nervous.  A hosted bot with account API keys is just begging to have all of your funds stolen.  I'm not accusing you of being a dishonest person, but regardless of if you were to walk away with it, or an attacker compromised your site the fact is this could easily end very badly.
I advise everyone to avoid this at all costs.

If you want to test your bot, please post the source code and disclose the risks.
...
Umm you don't even have SSL on your site???  Even your sign up and login pages?
That worries me perhaps even more than the fact that you're hosting a bot and asking for API keys.

Thank you for reply.
We understand and share your worry about security. In future if this bot will run as a commercial project we will do more efforts to improve the security and of course will add SSL. But now during the testing we don't have enough resources.
Although currently even if the site will be attacked we don't see what an attacker would steal valuable. In the register form we ask only user name and password for your cibitcoin.com account. Btc-e API keys does not allow to steal your funds. They are only to get btc-e trade information and to place orders.
4  Economy / Trading Discussion / CI Bitcoin Trading Robot on: January 29, 2014, 01:55:15 PM
New simple BTC-e robot is available at http://cibitcoinbot.com.

You do not need to download any software. Just create an account, provide your BTC-e API keys in Settings and start trading.

The bot operates in test mode now and you can use for free.

We would be happy to get your feedback about this bot.
Pages: [1]
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!