Bitcoin Forum
December 10, 2016, 03:01:19 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 »  All
  Print  
Author Topic: Camp BX Hacker / Compliance Security Audit  (Read 9242 times)
Keyur @ Camp BX
Sr. Member
****
Offline Offline

Activity: 300



View Profile WWW
June 25, 2011, 06:30:12 PM
 #1

Hi everyone,
      Camp BX team has been gearing up for a full security and compliance audit this weekend by securing our codebase and configuration.  The third-party independent audit will commence today so you may see some signs of stress when using http://testnet.CampBX.com/ for test-coin trading.


So what exactly are the auditors testing us for?

All of the top-10 vulnerabilities identified by OWASP project will be tested.  This OWASP awareness document is acknowledged and relied on by organizations worldwide, including the PCI, Dept of Defense, Federal Trade Commission, and countless others. Current top-10 are: https://www.owasp.org/index.php/Top_10_2010-A1
    A1: Injection
    A2: Cross-Site Scripting (XSS)
    A3: Broken Authentication and Session Management
    A4: Insecure Direct Object References
    A5: Cross-Site Request Forgery (CSRF)
    A6: Security Misconfiguration
    A7: Insecure Cryptographic Storage
    A8: Failure to Restrict URL Access
    A9: Insufficient Transport Layer Protection
    A10: Unvalidated Redirects and Forwards


Plus, hundreds of additional vulnerabilities will be tested that did not make the above top-10 list. 

We will also under go couple of D-DoS (Distributed Denial of Service) attacks from the auditor's clouds in USA and offshore.


And most importantly, we will be tested for security standards compliance with:
1) All U.S. Government requirements for remote vulnerability testing as set forth by the National Infrastructure Protection Center (NIPC).
2) The Payment Card Industry (PCI) Data Security Standard
2) Security scanning requirements of Visa USA's Cardholder Information Security Program (CISP)
3) Visa International's Account Information Security (AIS) program
4) MasterCard Internationals's Site Data Protection (SDP) program
5) American Express' CID security program
6) Discover Card Information Security and Compliance (DISC) program


We will make the findings available to you, so you can form your own informed opinion about security at Camp BX.

Stay tuned,
     Keyur



Please stay tuned to our news and announcements feeds at:
Twitter: https://twitter.com/CampBX
Facebook: https://facebook.com/CampBX
1481382079
Hero Member
*
Offline Offline

Posts: 1481382079

View Profile Personal Message (Offline)

Ignore
1481382079
Reply with quote  #2

1481382079
Report to moderator
1481382079
Hero Member
*
Offline Offline

Posts: 1481382079

View Profile Personal Message (Offline)

Ignore
1481382079
Reply with quote  #2

1481382079
Report to moderator
1481382079
Hero Member
*
Offline Offline

Posts: 1481382079

View Profile Personal Message (Offline)

Ignore
1481382079
Reply with quote  #2

1481382079
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481382079
Hero Member
*
Offline Offline

Posts: 1481382079

View Profile Personal Message (Offline)

Ignore
1481382079
Reply with quote  #2

1481382079
Report to moderator
1481382079
Hero Member
*
Offline Offline

Posts: 1481382079

View Profile Personal Message (Offline)

Ignore
1481382079
Reply with quote  #2

1481382079
Report to moderator
virtualfaqs
Hero Member
*****
Offline Offline

Activity: 700



View Profile WWW
June 25, 2011, 06:36:54 PM
 #2

 Cheesy Grin Wink Shocked Cool Kiss

All at the same time!

https://twitter.com/virtualfaqs
Looking for altcoin pump advice? Then follow me.
FlipPro
Legendary
*
Offline Offline

Activity: 1372



View Profile WWW
June 25, 2011, 06:38:41 PM
 #3

Really nice site, you can tell its made in the USA Cheesy.

Tweet For Coins http://uptweet.com
qikaifu
Full Member
***
Offline Offline

Activity: 168


God creats math and math creats bitcoin.


View Profile
June 25, 2011, 06:44:24 PM
 #4

If you provide a Postal Address information in United States, you will earn a great advantage in trustworthiness over those exchange hold in Chile and Japan.

If you see any of my suggestions useful, please donate me. http://btc.to/ec
FlipPro
Legendary
*
Offline Offline

Activity: 1372



View Profile WWW
June 25, 2011, 07:02:59 PM
 #5

If you provide a Postal Address information in United States, you will earn a great advantage in trustworthiness over those exchange hold in Chile and Japan.
If they offer full transparency I think they have a really good shot at taking over the entire market.

Tweet For Coins http://uptweet.com
joan
Jr. Member
*
Offline Offline

Activity: 56



View Profile
June 25, 2011, 07:29:01 PM
 #6

Don't forget the scale tests, you might need it Wink
qikaifu
Full Member
***
Offline Offline

Activity: 168


God creats math and math creats bitcoin.


View Profile
June 25, 2011, 07:31:43 PM
 #7

If you provide a Postal Address information in United States, you will earn a great advantage in trustworthiness over those exchange hold in Chile and Japan.
If they offer full transparency I think they have a really good shot at taking over the entire market.

I don't understand those exchanges why the hell they want to hide the real world information of themselves, such as address, an official phone number, company registering information, etc, from the public. Don't they know these information support the confidence of the people who trade on the platform?

Campbx has very positive sign to be professional, responsible and transparent. Just do it better.

If you see any of my suggestions useful, please donate me. http://btc.to/ec
TraderTimm
Legendary
*
Offline Offline

Activity: 1652



View Profile
June 25, 2011, 07:33:46 PM
 #8

If you provide a Postal Address information in United States, you will earn a great advantage in trustworthiness over those exchange hold in Chile and Japan.
If they offer full transparency I think they have a really good shot at taking over the entire market.

I don't understand those exchanges why the hell they want to hide the real world information of themselves, such as address, an official phone number, company registering information, etc, from the public. Don't they know these information support the confidence of the people who trade on the platform?

Yeah, it isn't like I didn't do a full WHOIS on them when they first posted. If only there was a way to search forum posts.... hmm....

If only.....

Then you'll find the address Smiley

fortitudinem multis - catenum regit omnia
TriumVir
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 25, 2011, 07:33:58 PM
 #9

Gotta say, I wasn't that impressed with their site. I signed up and found that their code transformed my username to all lowercase characters. Why would anyone do such a thing? 
angelo95
Member
**
Offline Offline

Activity: 84


View Profile
June 25, 2011, 07:36:28 PM
 #10

Sounds promising. Just noticed we can get your server versions from the whois. Please modify this httpd.conf for me!
qikaifu
Full Member
***
Offline Offline

Activity: 168


God creats math and math creats bitcoin.


View Profile
June 25, 2011, 07:39:07 PM
 #11

Yeah, it isn't like I didn't do a full WHOIS on them when they first posted. If only there was a way to search forum posts.... hmm....

If only.....

Then you'll find the address Smiley

[/quote]


I found it.
But I guess they could make some "contact us" on the web site, make it official and easy to find.





Usual nslookup details and such:

campbx.com

184.164.132.91

NetRange   184.164.128.0 - 184.164.159.255
CIDR   184.164.128.0/19
Name   SS5
Handle   NET-184-164-128-0-1
Parent   NET184 (NET-184-0-0-0-0)
Net Type   Direct Allocation
Origin AS   AS20454
AS32164
Organization   SECURED SERVERS LLC (SSL-65)
Registration Date   2011-05-13
Last Updated   2011-05-13

Name   SECURED SERVERS LLC
Handle   SSL-65
Street   2353 W University Bldg A
City   Tempe
State/Province   AZ
Postal Code   85281
Country   US
Registration Date   2003-12-08
Last Updated   2009-11-25

Secured Servers website: http://www.securedservers.com/index.php

securedservers.com

209.188.23.6

NetRange   209.188.23.0 - 209.188.23.31
CIDR   209.188.23.0/27
Name   CWIE
Handle   NET-209-188-23-0-1
Parent   SECUREDSERVERS (NET-209-188-0-0-1)
Net Type   Reallocated
Origin AS   
Organization   CWIE, LLC (CWIE)
Registration Date   2008-11-03
Last Updated   2008-11-03

Name   CWIE, LLC
Handle   CWIE
Street   2353 W University Bldg A
City   Tempe
State/Province   AZ
Postal Code   85281
Country   US
Registration Date   1999-09-01
Last Updated   2009-02-20

CWEI website: http://www.cavecreek.com/

If you see any of my suggestions useful, please donate me. http://btc.to/ec
Keyur @ Camp BX
Sr. Member
****
Offline Offline

Activity: 300



View Profile WWW
June 25, 2011, 09:34:13 PM
 #12


@VirtualFAQs: Thank you very much!

@qikaifu, Vegetta, and TraderTimm: Agree with you 100% about the contact details.  The office information should be finalized mid-week and will be available on livenet site prior to launch.  Keep in mind that office space requires long-term contracts, and in a city like Atlanta they constitute a huge investments for a start-up company.  That is why we have kept it as the final item on the launch checklist.

Also wanted to add that our company registration details are public records, and are available for your review at Georgia Secretary of State Brian Kemp's office.

Thank you!


Please stay tuned to our news and announcements feeds at:
Twitter: https://twitter.com/CampBX
Facebook: https://facebook.com/CampBX
Keyur @ Camp BX
Sr. Member
****
Offline Offline

Activity: 300



View Profile WWW
June 25, 2011, 09:37:18 PM
 #13

Gotta say, I wasn't that impressed with their site. I signed up and found that their code transformed my username to all lowercase characters. Why would anyone do such a thing? 

TV,
       Bitcoin community's success depends on reaching out to more casual users who may not be as well-versed with technology as you are.  That is why it was a conscious decision that contributes towards the user-friendliness of our platform.

Thank you,
      Keyur


       

Please stay tuned to our news and announcements feeds at:
Twitter: https://twitter.com/CampBX
Facebook: https://facebook.com/CampBX
Keyur @ Camp BX
Sr. Member
****
Offline Offline

Activity: 300



View Profile WWW
June 25, 2011, 09:38:01 PM
 #14

Don't forget the scale tests, you might need it Wink

Thanks - we surely hope so!  I think DDoS is a good simulation of this ;-)


Please stay tuned to our news and announcements feeds at:
Twitter: https://twitter.com/CampBX
Facebook: https://facebook.com/CampBX
Serge
Legendary
*
Offline Offline

Activity: 1050


View Profile
June 25, 2011, 09:49:00 PM
 #15

Keyur, got any insight on deposit/withdrawal methods that you guys are planning to integrate?
Another question, will you be getting any sort of exchange or MSB licencing?  (I have no idea whichever is applicable in the case of Bitcoin exchange)


elggawf
Sr. Member
****
Offline Offline

Activity: 308



View Profile
June 25, 2011, 10:03:12 PM
 #16

Keyur, got any insight on deposit/withdrawal methods that you guys are planning to integrate?
Another question, will you be getting any sort of exchange or MSB licencing?  (I have no idea whichever is applicable in the case of Bitcoin exchange)

They said in another thread that MSB is pending, IIRC. Their "legal counsel" has told them none of the exchange stuff applies, I gather because at this point BTC isn't a recognized "currency" or "commodity".

Bar a few growing pains, I'm really liking what I see here so far. I still haven't gotten around to getting my password to work, but they seem responsive to critique and if they can hit the ground running with trust and avoid shady half-answers (a few of Keyur's earlier responses in the first thread didn't inspire much confidence, for the most part he seems to be rectifying that though).

^_^
Keyur @ Camp BX
Sr. Member
****
Offline Offline

Activity: 300



View Profile WWW
June 26, 2011, 05:56:16 PM
 #17

Keyur, got any insight on deposit/withdrawal methods that you guys are planning to integrate?
Another question, will you be getting any sort of exchange or MSB licencing?  (I have no idea whichever is applicable in the case of Bitcoin exchange)


Serge,
      Only method available at launch will be Dwolla.  We will work with the user community after that to prioritize which method they would like to see next.

Thank you,
    Keyur


Please stay tuned to our news and announcements feeds at:
Twitter: https://twitter.com/CampBX
Facebook: https://facebook.com/CampBX
relative
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 26, 2011, 06:02:13 PM
 #18

If you provide a Postal Address information in United States, you will earn a great advantage in trustworthiness over those exchange hold in Chile and Japan.
If they offer full transparency I think they have a really good shot at taking over the entire market.

I don't understand those exchanges why the hell they want to hide the real world information of themselves, such as address, an official phone number, company registering information, etc, from the public. Don't they know these information support the confidence of the people who trade on the platform?


this info is available for MtGox (its CEO) but this board deletes threads which mention it.
dont ask me why.
Keyur @ Camp BX
Sr. Member
****
Offline Offline

Activity: 300



View Profile WWW
June 26, 2011, 06:02:37 PM
 #19


Bar a few growing pains, I'm really liking what I see here so far. I still haven't gotten around to getting my password to work, but they seem responsive to critique and if they can hit the ground running with trust and avoid shady half-answers (a few of Keyur's earlier responses in the first thread didn't inspire much confidence, for the most part he seems to be rectifying that though).

Elggawf,
      I apologize if some of the answers came across as shady - that was never the intention.

Keep in mind that answers to seemingly simple questions come after long discussions with lawyers, scanning through policy fine print, and back and forth communications with government agencies like Department of Banking and Finance.  These answers represent a competitive advantage for a business.  I have to straddle a fine line between sharing and open-sourcing the business to competition.

Thank you,
      Keyur

PS: You may have to reset the password once since we made couple of tweaks to the password validation policy after your registration.  



Please stay tuned to our news and announcements feeds at:
Twitter: https://twitter.com/CampBX
Facebook: https://facebook.com/CampBX
Keyur @ Camp BX
Sr. Member
****
Offline Offline

Activity: 300



View Profile WWW
June 26, 2011, 06:04:47 PM
 #20

Sounds promising. Just noticed we can get your server versions from the whois. Please modify this httpd.conf for me!

Angelo,
    We have already modified this few days ago!  You can check the HTTP headers. 

The updated information may take a while to propagate to whois records.


Thank you for trying us out!
      Keyur


Please stay tuned to our news and announcements feeds at:
Twitter: https://twitter.com/CampBX
Facebook: https://facebook.com/CampBX
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!