Keyur @ Camp BX (OP)
|
|
June 25, 2011, 06:30:12 PM |
|
Hi everyone, Camp BX team has been gearing up for a full security and compliance audit this weekend by securing our codebase and configuration. The third-party independent audit will commence today so you may see some signs of stress when using http://testnet.CampBX.com/ for test-coin trading. So what exactly are the auditors testing us for? All of the top-10 vulnerabilities identified by OWASP project will be tested. This OWASP awareness document is acknowledged and relied on by organizations worldwide, including the PCI, Dept of Defense, Federal Trade Commission, and countless others. Current top-10 are: https://www.owasp.org/index.php/Top_10_2010-A1 A1: Injection A2: Cross-Site Scripting (XSS) A3: Broken Authentication and Session Management A4: Insecure Direct Object References A5: Cross-Site Request Forgery (CSRF) A6: Security Misconfiguration A7: Insecure Cryptographic Storage A8: Failure to Restrict URL Access A9: Insufficient Transport Layer Protection A10: Unvalidated Redirects and Forwards Plus, hundreds of additional vulnerabilities will be tested that did not make the above top-10 list. We will also under go couple of D-DoS (Distributed Denial of Service) attacks from the auditor's clouds in USA and offshore. And most importantly, we will be tested for security standards compliance with: 1) All U.S. Government requirements for remote vulnerability testing as set forth by the National Infrastructure Protection Center (NIPC). 2) The Payment Card Industry (PCI) Data Security Standard 2) Security scanning requirements of Visa USA's Cardholder Information Security Program (CISP) 3) Visa International's Account Information Security (AIS) program 4) MasterCard Internationals's Site Data Protection (SDP) program 5) American Express' CID security program 6) Discover Card Information Security and Compliance (DISC) program We will make the findings available to you, so you can form your own informed opinion about security at Camp BX. Stay tuned, Keyur
|
|
|
|
|
|
|
|
Even if you use Bitcoin through Tor, the way transactions are handled by the network makes anonymity difficult to achieve. Do not expect your transactions to be anonymous unless you really know what you're doing.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
FlipPro
Legendary
Offline
Activity: 1764
Merit: 1015
|
|
June 25, 2011, 06:38:41 PM |
|
Really nice site, you can tell its made in the USA .
|
|
|
|
qikaifu
Full Member
Offline
Activity: 168
Merit: 100
God creats math and math creats bitcoin.
|
|
June 25, 2011, 06:44:24 PM |
|
If you provide a Postal Address information in United States, you will earn a great advantage in trustworthiness over those exchange hold in Chile and Japan.
|
|
|
|
FlipPro
Legendary
Offline
Activity: 1764
Merit: 1015
|
|
June 25, 2011, 07:02:59 PM |
|
If you provide a Postal Address information in United States, you will earn a great advantage in trustworthiness over those exchange hold in Chile and Japan.
If they offer full transparency I think they have a really good shot at taking over the entire market.
|
|
|
|
joan
Jr. Member
Offline
Activity: 56
Merit: 1
|
|
June 25, 2011, 07:29:01 PM |
|
Don't forget the scale tests, you might need it
|
|
|
|
qikaifu
Full Member
Offline
Activity: 168
Merit: 100
God creats math and math creats bitcoin.
|
|
June 25, 2011, 07:31:43 PM |
|
If you provide a Postal Address information in United States, you will earn a great advantage in trustworthiness over those exchange hold in Chile and Japan.
If they offer full transparency I think they have a really good shot at taking over the entire market. I don't understand those exchanges why the hell they want to hide the real world information of themselves, such as address, an official phone number, company registering information, etc, from the public. Don't they know these information support the confidence of the people who trade on the platform? Campbx has very positive sign to be professional, responsible and transparent. Just do it better.
|
|
|
|
TraderTimm
Legendary
Offline
Activity: 2408
Merit: 1121
|
|
June 25, 2011, 07:33:46 PM |
|
If you provide a Postal Address information in United States, you will earn a great advantage in trustworthiness over those exchange hold in Chile and Japan.
If they offer full transparency I think they have a really good shot at taking over the entire market. I don't understand those exchanges why the hell they want to hide the real world information of themselves, such as address, an official phone number, company registering information, etc, from the public. Don't they know these information support the confidence of the people who trade on the platform? Yeah, it isn't like I didn't do a full WHOIS on them when they first posted. If only there was a way to search forum posts.... hmm.... If only..... Then you'll find the address
|
fortitudinem multis - catenum regit omnia
|
|
|
TriumVir
Newbie
Offline
Activity: 56
Merit: 0
|
|
June 25, 2011, 07:33:58 PM |
|
Gotta say, I wasn't that impressed with their site. I signed up and found that their code transformed my username to all lowercase characters. Why would anyone do such a thing?
|
|
|
|
angelo95
Member
Offline
Activity: 84
Merit: 10
|
|
June 25, 2011, 07:36:28 PM |
|
Sounds promising. Just noticed we can get your server versions from the whois. Please modify this httpd.conf for me!
|
|
|
|
qikaifu
Full Member
Offline
Activity: 168
Merit: 100
God creats math and math creats bitcoin.
|
|
June 25, 2011, 07:39:07 PM |
|
Yeah, it isn't like I didn't do a full WHOIS on them when they first posted. If only there was a way to search forum posts.... hmm.... If only..... Then you'll find the address [/quote] I found it. But I guess they could make some "contact us" on the web site, make it official and easy to find. Usual nslookup details and such: campbx.com 184.164.132.91 NetRange 184.164.128.0 - 184.164.159.255 CIDR 184.164.128.0/19 Name SS5 Handle NET-184-164-128-0-1 Parent NET184 (NET-184-0-0-0-0) Net Type Direct Allocation Origin AS AS20454 AS32164 Organization SECURED SERVERS LLC (SSL-65) Registration Date 2011-05-13 Last Updated 2011-05-13 Name SECURED SERVERS LLC Handle SSL-65 Street 2353 W University Bldg A City Tempe State/Province AZ Postal Code 85281 Country US Registration Date 2003-12-08 Last Updated 2009-11-25 Secured Servers website: http://www.securedservers.com/index.phpsecuredservers.com 209.188.23.6 NetRange 209.188.23.0 - 209.188.23.31 CIDR 209.188.23.0/27 Name CWIE Handle NET-209-188-23-0-1 Parent SECUREDSERVERS (NET-209-188-0-0-1) Net Type Reallocated Origin AS Organization CWIE, LLC (CWIE) Registration Date 2008-11-03 Last Updated 2008-11-03 Name CWIE, LLC Handle CWIE Street 2353 W University Bldg A City Tempe State/Province AZ Postal Code 85281 Country US Registration Date 1999-09-01 Last Updated 2009-02-20 CWEI website: http://www.cavecreek.com/
|
|
|
|
Keyur @ Camp BX (OP)
|
|
June 25, 2011, 09:34:13 PM |
|
@VirtualFAQs: Thank you very much!
@qikaifu, Vegetta, and TraderTimm: Agree with you 100% about the contact details. The office information should be finalized mid-week and will be available on livenet site prior to launch. Keep in mind that office space requires long-term contracts, and in a city like Atlanta they constitute a huge investments for a start-up company. That is why we have kept it as the final item on the launch checklist.
Also wanted to add that our company registration details are public records, and are available for your review at Georgia Secretary of State Brian Kemp's office.
Thank you!
|
|
|
|
Keyur @ Camp BX (OP)
|
|
June 25, 2011, 09:37:18 PM |
|
Gotta say, I wasn't that impressed with their site. I signed up and found that their code transformed my username to all lowercase characters. Why would anyone do such a thing?
TV, Bitcoin community's success depends on reaching out to more casual users who may not be as well-versed with technology as you are. That is why it was a conscious decision that contributes towards the user-friendliness of our platform. Thank you, Keyur
|
|
|
|
Keyur @ Camp BX (OP)
|
|
June 25, 2011, 09:38:01 PM |
|
Don't forget the scale tests, you might need it Thanks - we surely hope so! I think DDoS is a good simulation of this ;-)
|
|
|
|
Serge
Legendary
Offline
Activity: 1050
Merit: 1000
|
|
June 25, 2011, 09:49:00 PM |
|
Keyur, got any insight on deposit/withdrawal methods that you guys are planning to integrate? Another question, will you be getting any sort of exchange or MSB licencing? (I have no idea whichever is applicable in the case of Bitcoin exchange)
|
|
|
|
elggawf
|
|
June 25, 2011, 10:03:12 PM |
|
Keyur, got any insight on deposit/withdrawal methods that you guys are planning to integrate? Another question, will you be getting any sort of exchange or MSB licencing? (I have no idea whichever is applicable in the case of Bitcoin exchange) They said in another thread that MSB is pending, IIRC. Their "legal counsel" has told them none of the exchange stuff applies, I gather because at this point BTC isn't a recognized "currency" or "commodity". Bar a few growing pains, I'm really liking what I see here so far. I still haven't gotten around to getting my password to work, but they seem responsive to critique and if they can hit the ground running with trust and avoid shady half-answers (a few of Keyur's earlier responses in the first thread didn't inspire much confidence, for the most part he seems to be rectifying that though).
|
^_^
|
|
|
Keyur @ Camp BX (OP)
|
|
June 26, 2011, 05:56:16 PM |
|
Keyur, got any insight on deposit/withdrawal methods that you guys are planning to integrate? Another question, will you be getting any sort of exchange or MSB licencing? (I have no idea whichever is applicable in the case of Bitcoin exchange)
Serge, Only method available at launch will be Dwolla. We will work with the user community after that to prioritize which method they would like to see next. Thank you, Keyur
|
|
|
|
relative
Newbie
Offline
Activity: 56
Merit: 0
|
|
June 26, 2011, 06:02:13 PM |
|
If you provide a Postal Address information in United States, you will earn a great advantage in trustworthiness over those exchange hold in Chile and Japan.
If they offer full transparency I think they have a really good shot at taking over the entire market. I don't understand those exchanges why the hell they want to hide the real world information of themselves, such as address, an official phone number, company registering information, etc, from the public. Don't they know these information support the confidence of the people who trade on the platform? this info is available for MtGox (its CEO) but this board deletes threads which mention it. dont ask me why.
|
|
|
|
Keyur @ Camp BX (OP)
|
|
June 26, 2011, 06:02:37 PM |
|
Bar a few growing pains, I'm really liking what I see here so far. I still haven't gotten around to getting my password to work, but they seem responsive to critique and if they can hit the ground running with trust and avoid shady half-answers (a few of Keyur's earlier responses in the first thread didn't inspire much confidence, for the most part he seems to be rectifying that though).
Elggawf, I apologize if some of the answers came across as shady - that was never the intention. Keep in mind that answers to seemingly simple questions come after long discussions with lawyers, scanning through policy fine print, and back and forth communications with government agencies like Department of Banking and Finance. These answers represent a competitive advantage for a business. I have to straddle a fine line between sharing and open-sourcing the business to competition. Thank you, Keyur PS: You may have to reset the password once since we made couple of tweaks to the password validation policy after your registration.
|
|
|
|
Keyur @ Camp BX (OP)
|
|
June 26, 2011, 06:04:47 PM |
|
Sounds promising. Just noticed we can get your server versions from the whois. Please modify this httpd.conf for me!
Angelo, We have already modified this few days ago! You can check the HTTP headers. The updated information may take a while to propagate to whois records. Thank you for trying us out! Keyur
|
|
|
|
|