srb123
Newbie
Offline
Activity: 58
Merit: 0
|
|
June 20, 2011, 02:10:07 PM |
|
Hey, Great news about getting a Security Audit. Umm, just dont give them "Read-only" access to our passwords, it doesn't end well.
|
|
|
|
elggawf
|
|
June 20, 2011, 02:19:52 PM |
|
When is it coming back up?
|
^_^
|
|
|
1.21gigawatts
Member
Offline
Activity: 98
Merit: 10
|
|
June 20, 2011, 02:22:50 PM |
|
Someone forget to turn the trading switch back on? Please update the website if there is a new reopen time Tradehill
|
|
|
|
Isepick
|
|
June 20, 2011, 02:24:08 PM |
|
Maybe they are too scared to open up before Mt.Gox
|
|
|
|
darkwon
Newbie
Offline
Activity: 57
Merit: 0
|
|
June 20, 2011, 02:24:48 PM |
|
Yea we now have 2 major exchanges closed, 1 of them for no good reason? Please post some kind of update.
|
|
|
|
1.21gigawatts
Member
Offline
Activity: 98
Merit: 10
|
|
June 20, 2011, 02:27:30 PM |
|
The longer the exchanges are closed, the more bitcoins lose credibility. Restore confidence back to the market, and reopen the exchanges.
|
|
|
|
TonyHoyle
Newbie
Offline
Activity: 59
Merit: 0
|
|
June 20, 2011, 02:29:22 PM |
|
Staying closed until security has been thoroughly reviewed == a damned good reason.
TH *will* be targeted, if it hasn't been already, and personally I'm much happier that they're not taking any risks rather than opening.
|
|
|
|
1.21gigawatts
Member
Offline
Activity: 98
Merit: 10
|
|
June 20, 2011, 02:45:24 PM |
|
We're back again, trade away!
|
|
|
|
jerfelix
|
|
June 20, 2011, 02:58:55 PM |
|
We're back again, trade away!
Shoot, I wish I had funded my TradeHill account.... I'd be buying like mad! My prediction: you're unlikely to see bargains like this ever again. Potential buyers are stuck with no money in their accounts. It'll take days to get money into TradeHill. Then again what do I know.
|
|
|
|
Kman54
Newbie
Offline
Activity: 52
Merit: 0
|
|
June 20, 2011, 03:02:24 PM |
|
oh don't worry, there will be plenty of bargains to be had over the next week. You cannot have an episode like this and then have a stable market, things will be as volatile as ever.
|
|
|
|
Jered Kenna (TradeHill) (OP)
|
|
June 20, 2011, 03:09:26 PM |
|
We're back again, trade away!
Shoot, I wish I had funded my TradeHill account.... I'd be buying like mad! My prediction: you're unlikely to see bargains like this ever again. Potential buyers are stuck with no money in their accounts. It'll take days to get money into TradeHill. Then again what do I know. You can wire it in the same day or if you have money in your Dwolla it's almost completely automated.
|
moneyandtech.com @moneyandtech @jeredkenna
|
|
|
phillipsjk
Legendary
Offline
Activity: 1008
Merit: 1001
Let the chips fall where they may.
|
|
June 20, 2011, 04:02:08 PM |
|
Why post your names and info, but previously buy a domain via "domains by proxy"? Where is "TradeHill Co. Ltd" registered?
I notice your hosting with a "cloud" company in Sweden, give them a kick as you don't have enough resources and if your on "the cloud" how can that be simply throttle up.
I was wondering the same thing. I suspect they are still running the exchange out of their home basement (and the rented VPS) and don't exactly want to advertise that fact. The site says it is based in Chile, so that is likely a good place to start looking for an official registration.
|
James' OpenPGP public key fingerprint: EB14 9E5B F80C 1F2D 3EBE 0A2F B3DE 81FF 7B9D 5160
|
|
|
ivank2139
Newbie
Offline
Activity: 27
Merit: 0
|
|
June 20, 2011, 05:12:15 PM |
|
Here is a good example of some security in the financial business. Perhaps many of you already have a Dwolla account. http://www.dwolla.org/help/dwolla-security-and-partner-overview/I have suggested they need to be in compliance with PCI-DSS and certified as such by an independent 3rd party. Any good bitcoin exchange should include similar if not better security features and insurance as those in place for Dwolla, your own online bank or any other big reputable and serious financial institution. The time is now to graduate to the big leagues.
|
|
|
|
Jered Kenna (TradeHill) (OP)
|
|
June 20, 2011, 06:20:47 PM |
|
Why post your names and info, but previously buy a domain via "domains by proxy"? Where is "TradeHill Co. Ltd" registered?
I notice your hosting with a "cloud" company in Sweden, give them a kick as you don't have enough resources and if your on "the cloud" how can that be simply throttle up.
I was wondering the same thing. I suspect they are still running the exchange out of their home basement (and the rented VPS) and don't exactly want to advertise that fact. The site says it is based in Chile, so that is likely a good place to start looking for an official registration. Hi Phillip and Folks, This " Ltd" is an inaccuracy on our site. We are a sole proprietorship registered both in the state of Oregon and in Chile. Our DBA is registered under “Tradehill” in both regions according to the laws of each territory. According to the principles stated at the beginning of this post, we will strive for accuracy - and will make right, in case of inaccuracies - any mistakes, as soon as we become aware of them. We have thus taken it from the website and clarified that we are a sole proprietorship. We will continue to inform people of our situation in accordance with the above principles. If something may compromise our security or private information, we will inform you of our reasons for keeping this information private. Regards, Adam Stradling
|
moneyandtech.com @moneyandtech @jeredkenna
|
|
|
qikaifu
Full Member
Offline
Activity: 168
Merit: 100
God creats math and math creats bitcoin.
|
|
June 20, 2011, 06:26:19 PM |
|
Why post your names and info, but previously buy a domain via "domains by proxy"? Where is "TradeHill Co. Ltd" registered?
I notice your hosting with a "cloud" company in Sweden, give them a kick as you don't have enough resources and if your on "the cloud" how can that be simply throttle up.
I was wondering the same thing. I suspect they are still running the exchange out of their home basement (and the rented VPS) and don't exactly want to advertise that fact. The site says it is based in Chile, so that is likely a good place to start looking for an official registration. Hi Phillip and Folks, This " Ltd" is an inaccuracy on our site. We are a sole proprietorship registered both in the state of Oregon and in Chile. Our DBA is registered under “Tradehill” in both regions according to the laws of each territory. According to the principles stated at the beginning of this post, we will strive for accuracy - and will make right, in case of inaccuracies - any mistakes, as soon as we become aware of them. We have thus taken it from the website and clarified that we are a sole proprietorship. We will continue to inform people of our situation in accordance with the above principles. If something may compromise our security or private information, we will inform you of our reasons for keeping this information private. Regards, Adam Stradling Trust is something you can hardly find back when you lose it. You're a very young exchange, but the most promising after the mtgox disaster. Just make sure you're honest about everything, tell people the truth and the whole truth. If you base your service on VPS, tell people before they find out. If you have other information, provide it publicly before people find out.
|
|
|
|
GeniuSxBoY
|
|
June 20, 2011, 06:29:32 PM |
|
I can't even get tradehill's website to pull up.
|
Be humble!
|
|
|
TraderTimm
Legendary
Offline
Activity: 2408
Merit: 1121
|
|
June 20, 2011, 06:30:25 PM |
|
I can't even get tradehill's website to pull up.
Works for me. Perhaps try again?
|
fortitudinem multis - catenum regit omnia
|
|
|
qikaifu
Full Member
Offline
Activity: 168
Merit: 100
God creats math and math creats bitcoin.
|
|
June 20, 2011, 06:30:38 PM |
|
I have a few questions.
Did you hire a Security Professional? A real one? What are his qualifications? What kind of testing, tools and monitoring has been put in place?
Have you implemetned a realistic Security Strategy, like "Defense in Depth". Is each layer of the IT infrastructure down to the database is protected with ACL's and the minimum privileges possible.
Do you require users to have good pwd, at least 16 characters long, digits, letters and special characters along with digital certificates.
do you run your operations on a real Unix system? Solaris or OpenSolaris are secure by default. They are also "special " enough that not many hackers have expertise to penetrate it and it has very good support and Security features built in.
Is your system hosted in the cloud?
Are you using a well designed and professionally managed database? Is this database being operated in the most secure manner possible? Can you prove it and show evidence of an audit?
Everything should be logged and the logs monitored for attacks.
Do you offer all users a digital certificate with your exchange being the CA.
Is your entire operation behind a commercial firewall appliance and do you use a secure DNS?
What SEIM monitoring tools are in place? You should have an SEIM monitoring solution from a reputable company. I used AlienVault to gain experience but something even better might be a commercial offering. Trustwave comes to mind that will audit your system and provide some certifications as to your compliance with all provisions of the NSA recommendations, and any other applicable authorities like the big exchanges.
I think if you put this in place and let it be known upfront what is going on then you could easily attract as much business as you could handle. With the best security in the bitcoin exchange arena you could charge more for trades and still get more customers. With as much security as mentioned here it should be no problem for a big insurance agency like Loyds or whomever to insure each account and each trade to at least 250K bitcoins at a time or better.
You are going to be the number one target if you are successful. Plan on it and plan on getting hit and have a plan to recover.
This is going to be a huge business with any luck and being the most secure will get you all the business you handle.
Have this post been answered or not?
|
|
|
|
GeniuSxBoY
|
|
June 20, 2011, 06:45:12 PM |
|
Works for me. Perhaps try again? Nada.
|
Be humble!
|
|
|
finack
Member
Offline
Activity: 126
Merit: 10
|
|
June 20, 2011, 06:48:36 PM |
|
You can wire it in the same day or if you have money in your Dwolla it's almost completely automated.
How long is a deposit from dwolla expected to take today? The only guidance on your site says "up to 24 hours". What's the average for something sent during business hours?
|
|
|
|
|