An exchange as strong as the bitcoin network needs to be developed

[carbonc]

An exchange as strong as the bitcoin network needs to be developed.  P2P power, network trade system.
Maybe even become part of the bitcoin client.
Wonder if its possible.

[saqwe]

An exchange as strong as the bitcoin network needs to be developed.  P2P power, network trade system.
Maybe even become part of the bitcoin client.
Wonder if its possible.

hell yeah, seems like mtgodox is down now, was this a denial of service attack?

http://pastebin.com/J0HXBjWu

[Bazil]

I already suggested this, but I got poopooed, maybe people will take the idea seriously now.

[hoo2jalu]

An exchange as strong as the bitcoin network needs to be developed...

These exchanges are dealing with big sums. In typical industry such systems are at least engineered to PCI-DSS standards with the software itself passing PA-DSS audit and requirements.

How many exchangers audit their systems? (appear to be none)
How many exchangers have per-account controls on funds? (A few now, it seems)
How many exchangers use hardware security modules to protect records? (appear to be none)
How many exchangers use a red-team or pen-test specialists to look for holes? (appear to be none)

This is pretty lame and these exchangers are fairly untrustworthy! (by nature of their vulnerability regardless of intent.)

[Chick]

An exchange as strong as the bitcoin network needs to be developed...

These exchanges are dealing with big sums. In typical industry such systems are at least engineered to PCI-DSS standards with the software itself passing PA-DSS audit and requirements.

How many exchangers audit their systems? (appear to be none)
How many exchangers have per-account controls on funds? (A few now, it seems)
How many exchangers use hardware security modules to protect records? (appear to be none)
How many exchangers use a red-team or pen-test specialists to look for holes? (appear to be none)

This is pretty lame and these exchangers are fairly untrustworthy! (by nature of their vulnerability regardless of intent.)

LOL, I actually have a VPS that is PCI-DSS certified as a Level 4 merchant. Its sad to see that major Bitcoin exchanges don't have this in place.

[qikaifu]

An exchange as strong as the bitcoin network needs to be developed...

These exchanges are dealing with big sums. In typical industry such systems are at least engineered to PCI-DSS standards with the software itself passing PA-DSS audit and requirements.

How many exchangers audit their systems? (appear to be none)
How many exchangers have per-account controls on funds? (A few now, it seems)
How many exchangers use hardware security modules to protect records? (appear to be none)
How many exchangers use a red-team or pen-test specialists to look for holes? (appear to be none)

This is pretty lame and these exchangers are fairly untrustworthy! (by nature of their vulnerability regardless of intent.)

Those service which provided by 1-man start-up is going to be replaced by entrepreneurs.

[paulie_w]

for those of you who have read (and understood) the white paper:

did master Satoshi have any suggestions for this kind of a situation (failed exchanges)?

[hoo2jalu]

...
LOL. PCI-DSS is pure marketing towards consumers. Look at some of these requirements:
....
Duh.

Most of the requirements are "Duh" common sense. They also require testing, and have audit controls or compensating controls to identify issues early and mitigate them before they become a disaster. (in theory, see how Sony messed up PA-DSS compliance

Sure, I hate PCI-DSS bureaucracy as much as the next person, but the fact remains too many of these vulnerabilities arise from "Duh" stupid stuff they've overlooked. MtGox isn't even trying!

If you adhere to common technical standards and practices (PCI-DSS, OWASP, etc.) you're at least making an effort and protecting against the stupid stuff. Almost none of these exchangers are even doing that basic level of due diligence!

[morpheus]

An exchange as strong as the bitcoin network needs to be developed.  P2P power, network trade system...

I've been working on a p2p bitcoin exchange for a couple months now. I'm pretty close to an initial release.

Here's the code: https://github.com/macourtney/Dark-Exchange