Bitcoin Forum
October 31, 2024, 08:06:15 PM *
News: Bitcoin Pumpkin Carving Contest
 
   Home   Help Search Login Register More  
Warning: One or more bitcointalk.org users have reported that they strongly believe that the creator of this topic is a scammer. (Login to see the detailed trust ratings.) While the bitcointalk.org administration does not verify such claims, you should proceed with extreme caution.
Pages: « 1 [2] 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 ... 62 »
  Print  
Author Topic: Inputs.io | Instant Payments, Offchain API, Secure Wallet, 235k+ BTC transferred  (Read 158144 times)
1base58
Newbie
*
Offline Offline

Activity: 18
Merit: 0



View Profile WWW
July 03, 2013, 04:28:42 AM
 #21

ASICMINER shares are tied to addresses. Exchanges hold the shares themselves, they are passthroughs.

We use Google's 2FA security model - you can disable 2FA without entering the code in case you lost your phone - this requires you to have a signed in session. Sessions are both IP and user agent locked.

Our site is secure against XSS attacks, as well as CSRF attacks.

Thanks for your feedback! One of the directions we may be going into is a multicurrency wallet with a built in exchange. However, we also want to focus on the core for now.

I can accept 2FA being disabled without requiring the code. It is more concerning that the 2FA secret is shown on the account details page. I believe the best practice adopted by Google / Dropbox is to not reveal the secret once enabled, and to use a new secret if 2FA was disabled then reenabled.

Hey, thanks for answering my questions, and I certainly hope you support LTC in the future. You only have to read this thread to see how the lack of a secure & trusted online wallet for LTC is an opportunity for scammers and hurts the cryptocurrency community.
btc4ever
Sr. Member
****
Offline Offline

Activity: 321
Merit: 250


View Profile
July 03, 2013, 04:46:27 AM
 #22

I am glad to see this service announcement.

Coincidentally, I just started a thread about using payment processors that support btc-to-email in order to implement a massive bitcoin moneybomb sending BTC to either:
  a) friends/family to promote awareness/adoption, and expand the btc economy.
  b) a single charity, to promote public image.

Perhaps inputs.io can help us pull this off.

https://bitcointalk.org/index.php?topic=248870.new#new


Psst!!  Wanna make bitcoin unstoppable? Why the Only Real Way to Buy Bitcoins Is on the Streets. Avoid banks and centralized exchanges.   Buy/Sell coins locally.  Meet other bitcoiners and develop your network.   Try localbitcoins.com or find or start a buttonwood / satoshi square in your area.  Pass it on!
🏰 TradeFortress 🏰 (OP)
Bitcoin Veteran
VIP
Legendary
*
Offline Offline

Activity: 1316
Merit: 1043

👻


View Profile
July 03, 2013, 05:07:07 AM
 #23

I can accept 2FA being disabled without requiring the code. It is more concerning that the 2FA secret is shown on the account details page. I believe the best practice adopted by Google / Dropbox is to not reveal the secret once enabled, and to use a new secret if 2FA was disabled then reenabled.

Hey, thanks for answering my questions, and I certainly hope you support LTC in the future. You only have to read this thread to see how the lack of a secure & trusted online wallet for LTC is an opportunity for scammers and hurts the cryptocurrency community.

2FA code is now hidden entirely after it has been enabled, and a new secret is generated every time it is disabled.

UI on smaller screens also fixed. You'll need to do a hard refresh.

Thank you! Smiley
Inputs.io
Newbie
*
Offline Offline

Activity: 5
Merit: 0



View Profile
July 03, 2013, 09:44:46 AM
 #24

Hi!

This is Inputs' forum account (along with Inputs.io Support).
🏰 TradeFortress 🏰 (OP)
Bitcoin Veteran
VIP
Legendary
*
Offline Offline

Activity: 1316
Merit: 1043

👻


View Profile
July 03, 2013, 09:47:23 AM
 #25

Hi!

This is Inputs' forum account (along with Inputs.io Support).
Confirmed.
1base58
Newbie
*
Offline Offline

Activity: 18
Merit: 0



View Profile WWW
July 03, 2013, 10:09:02 AM
 #26

2FA code is now hidden entirely after it has been enabled, and a new secret is generated every time it is disabled.

UI on smaller screens also fixed. You'll need to do a hard refresh.

Thank you! Smiley

That was quick Smiley It's working as expected.

I see you're making changes to the front page as well. I don't know what you had in mind for the spin effect graphic, but I can say it makes my head hurt.
🏰 TradeFortress 🏰 (OP)
Bitcoin Veteran
VIP
Legendary
*
Offline Offline

Activity: 1316
Merit: 1043

👻


View Profile
July 03, 2013, 10:20:26 AM
 #27

Tweaked it a bit and added a touch of color. Let me know what you think.

If it made your head spin, Cheesy
Herbert
Hero Member
*****
Offline Offline

Activity: 488
Merit: 500


View Profile
July 03, 2013, 11:53:30 AM
 #28

Created a wallet, sent 0.01 BTC to my deposit address. Transaction (https://blockchain.info/tx/f304d86fc093a178655844082211567139fdfbbd1e0a7da635b843ad21d8139b) has now 2 confirmations, but inputs.io wallet says it is still unconfirmed.
According to FAQ everything below 5BTC should be confirmed with one confirmation.

Whats up?
🏰 TradeFortress 🏰 (OP)
Bitcoin Veteran
VIP
Legendary
*
Offline Offline

Activity: 1316
Merit: 1043

👻


View Profile
July 03, 2013, 11:58:34 AM
 #29

Created a wallet, sent 0.01 BTC to my deposit address. Transaction (https://blockchain.info/tx/f304d86fc093a178655844082211567139fdfbbd1e0a7da635b843ad21d8139b) has now 2 confirmations, but inputs.io wallet says it is still unconfirmed.
According to FAQ everything below 5BTC should be confirmed with one confirmation.

Whats up?
Your TX has been credited.
Herbert
Hero Member
*****
Offline Offline

Activity: 488
Merit: 500


View Profile
July 03, 2013, 12:33:11 PM
 #30

Created a wallet, sent 0.01 BTC to my deposit address. Transaction (https://blockchain.info/tx/f304d86fc093a178655844082211567139fdfbbd1e0a7da635b843ad21d8139b) has now 2 confirmations, but inputs.io wallet says it is still unconfirmed.
According to FAQ everything below 5BTC should be confirmed with one confirmation.

Whats up?
Your TX has been credited.

Got it, thanks!
Turbonoodle
Newbie
*
Offline Offline

Activity: 6
Merit: 0



View Profile
July 03, 2013, 02:32:55 PM
 #31

Great site!

Some questions:

1. In the Send Bitcoins page, there is a USD calculator box. Any chance you could add a preference to change it to Euro, too? Also, where are you getting the exchange rate for that?

2. I undestand that you can withdraw from Coinlenders back to inputs.io. You also can send instantly to just-dice, but looks like you can't send back to inputs.io wallet from there. Any plans to allow instant withdrawals from just-dice to inputs.io wallet?

Herbert
Hero Member
*****
Offline Offline

Activity: 488
Merit: 500


View Profile
July 03, 2013, 02:43:30 PM
 #32

2. I undestand that you can withdraw from Coinlenders back to inputs.io. You also can send instantly to just-dice, but looks like you can't send back to inputs.io wallet from there. Any plans to allow instant withdrawals from just-dice to inputs.io wallet?
I think in some thread Dooglus mentioned that withdrawal from just-dice to inputs.io will be implemented soon.
whiskers75
Hero Member
*****
Offline Offline

Activity: 658
Merit: 502


Doesn't use these forums that often.


View Profile
July 03, 2013, 05:41:15 PM
 #33

Awesome service! Yay, no more waiting for confirms. Smiley

Elastic.pw Elastic - The Decentralized Supercomputer
ELASTIC ANNOUNCEMENT THREAD | ELASTIC SLACK | ELASTIC FORUM
Herbert
Hero Member
*****
Offline Offline

Activity: 488
Merit: 500


View Profile
July 03, 2013, 06:48:59 PM
 #34

It seems you put a lot of thought into security measures. Still it seems the callback API is somehow lacking. The only proof that the callback is actually coming from your site is the IP-Address of the sender. There are possibilities to spoof the source IP of a TCP connection, especially in a case where the attacker has access to the subnet of the receiving system (see e.g. http://www.symantec.com/connect/articles/ip-spoofing-introduction).

You should consider adding another security layer here. For example on bitcoinmonitor.net callback notifications I added a signature to the callback data which makes sure that the callback was created by the server and not someone else (see http://www.bitcoinmonitor.net/help/ -> section "security").

As the signed data does not contain a time component this is probably still prone to replay attacks of the same request with same signature and spoofed sourceIP, but at least raises the bar. And I am sure there are advanced cryptotechniques that could also close this attack vector.
🏰 TradeFortress 🏰 (OP)
Bitcoin Veteran
VIP
Legendary
*
Offline Offline

Activity: 1316
Merit: 1043

👻


View Profile
July 03, 2013, 11:52:25 PM
 #35

Hi Hebert,

Thank you for your comments. We support adding secrets to your callback URL. Example:

https://www.example.com/callback?sec=putSomethingHere

Use that as your callback URL. Use SSL so others will not know your secret.

It is not open to replay attacks as for record keeping purposes you should be recording all transactions including the TXID.
🏰 TradeFortress 🏰 (OP)
Bitcoin Veteran
VIP
Legendary
*
Offline Offline

Activity: 1316
Merit: 1043

👻


View Profile
July 04, 2013, 03:26:51 AM
 #36

Great site!

Some questions:

1. In the Send Bitcoins page, there is a USD calculator box. Any chance you could add a preference to change it to Euro, too? Also, where are you getting the exchange rate for that?

2. I undestand that you can withdraw from Coinlenders back to inputs.io. You also can send instantly to just-dice, but looks like you can't send back to inputs.io wallet from there. Any plans to allow instant withdrawals from just-dice to inputs.io wallet?
1. Done. See the latest news update Smiley

2. Yes, dooglus should support that soon.

Thank you for all the feedback and suggestions. We want to make Inputs even better Smiley (not saying we're not already the best wallet out there, heh)
dillpicklechips
Hero Member
*****
Offline Offline

Activity: 994
Merit: 507


View Profile
July 04, 2013, 03:52:23 AM
 #37

Very cool site.

A feature that I think would be popular is having a unique inputs.io address for each user. Then inputs.io users can have short little addresses for sending BTC to each other as long as they both have accounts. (Also helps publicity because a side effect will be that people will put input.io addresses in their signature)

I'd love something short like: "h8be"
Then I can say: sent payment to input.io user h8be!

Keep up the good work.
🏰 TradeFortress 🏰 (OP)
Bitcoin Veteran
VIP
Legendary
*
Offline Offline

Activity: 1316
Merit: 1043

👻


View Profile
July 04, 2013, 07:13:59 AM
 #38

Very cool site.

A feature that I think would be popular is having a unique inputs.io address for each user. Then inputs.io users can have short little addresses for sending BTC to each other as long as they both have accounts. (Also helps publicity because a side effect will be that people will put input.io addresses in their signature)

I'd love something short like: "h8be"
Then I can say: sent payment to input.io user h8be!

Keep up the good work.
Implemented usernames!

Mine is gladoscc / https://inputs.io/u/gladoscc Smiley
tinus42
Hero Member
*****
Offline Offline

Activity: 784
Merit: 501



View Profile
July 04, 2013, 11:13:19 AM
 #39

Looks great. I will consider using this for small payments (I won't use any online service to keep serious amounts of coins).

Would be nice that when sending an amount for the total of the wallet the fee is deducted automatically and you see the max. withdrawable amount so you don't have to use a calculator.

BTW is there also going to be an Android app?
dillpicklechips
Hero Member
*****
Offline Offline

Activity: 994
Merit: 507


View Profile
July 04, 2013, 02:36:43 PM
 #40

Any chance of a stats page? I'm most interested in watching off the chain transactions and shared wallet size!
Pages: « 1 [2] 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 ... 62 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!