Bitcoin Forum
June 18, 2019, 04:22:55 PM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: « 1 ... 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 [89] 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 ... 342 »
  Print  
Author Topic: [ANN] KRAKEN.COM - Exchange with USD EUR GBP JPY CAD BTC LTC XRP NMC XDG STR ETH  (Read 612035 times)
Dargo
Legendary
*
Offline Offline

Activity: 1820
Merit: 1000



View Profile
April 13, 2014, 06:04:05 PM
 #1761

We already had the patch in place before news of the bug went public.

How had you managed to find out about the bug before the news hit the front pages? From what I know even big corporations like Yahoo were not aware.

It was just coincidence. We happened to be updating our front end before the announcement and OpenSSL showed up as needing an update. Cloudflare claims to have known in advance, though it seems they weren't fully patched yet until a little while after the announcement.
1560874975
Hero Member
*
Offline Offline

Posts: 1560874975

View Profile Personal Message (Offline)

Ignore
1560874975
Reply with quote  #2

1560874975
Report to moderator
1560874975
Hero Member
*
Offline Offline

Posts: 1560874975

View Profile Personal Message (Offline)

Ignore
1560874975
Reply with quote  #2

1560874975
Report to moderator
1560874975
Hero Member
*
Offline Offline

Posts: 1560874975

View Profile Personal Message (Offline)

Ignore
1560874975
Reply with quote  #2

1560874975
Report to moderator
NEW GAME FORMAT
JACKPOT UP TO $50000+
Guess The Symbols Of a Real Ethereum Hash
PLAY NOW
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1560874975
Hero Member
*
Offline Offline

Posts: 1560874975

View Profile Personal Message (Offline)

Ignore
1560874975
Reply with quote  #2

1560874975
Report to moderator
1560874975
Hero Member
*
Offline Offline

Posts: 1560874975

View Profile Personal Message (Offline)

Ignore
1560874975
Reply with quote  #2

1560874975
Report to moderator
1560874975
Hero Member
*
Offline Offline

Posts: 1560874975

View Profile Personal Message (Offline)

Ignore
1560874975
Reply with quote  #2

1560874975
Report to moderator
Dargo
Legendary
*
Offline Offline

Activity: 1820
Merit: 1000



View Profile
April 13, 2014, 06:08:21 PM
 #1762

Hello,

i would like to share my experience with kraken so far. i do like their website, trading features and security.

however i had serious problems doing withdraws to my bank account which were delayed for 4-6 weeks.

i made a withdraw (international bank wire) to my thailand bank account on March 19th with ID: ACB4AOQ

Until today i havent received my money. i already contacted the support but they said they cant do much and the bank is investigating and it can take another 4 weeks or so.

the point is that i need my money right now, i have done nothing wrong.

on a previous withdraw to the same bank account i had a similar delay where it took 6 weeks until i got my money credited to my bank account ( ID: ACB5Z34 ).

i contacted the support and they told me that the bank is a bit behind for whatever reason and that they catched up with all bank wires and 2 days later after i contacted the support i finally got my money in my account.

so please advise what we can do because i'm a little bit stuck and i certainly dont want and cant wait another 4-6 weeks.

even though i really like kraken as an exchange with all its features and good security those delays in withdrawing money to bank account are not acceptable.


regards

cyber_hulk

Hi cyber_hulk - I'd be happy to take a look at your case, but to do so I'll need your ticket number (please send it by PM).
Dargo
Legendary
*
Offline Offline

Activity: 1820
Merit: 1000



View Profile
April 13, 2014, 06:28:58 PM
 #1763

Update on the "Heartbleed" SSL vulnerability:

We now know that is was in fact possible to obtain Cloudflare's private keys for SSL certificates via the Heartbleed vulnerability. Cloudflare issued a challenge for this and it was solved about 9 hours later. You can read the update from Cloudflare here:

http://blog.cloudflare.com/answering-the-critical-question-can-you-get-private-ssl-keys-using-heartbleed

It's still unlikely that any private keys were actually leaked. But as I said before, users should create a new password after we have new certificates issued (we'll let you know when this happens). Cloudflare is stepping up their efforts to get new certificates issued as soon as possible.
Serpens66
Legendary
*
Offline Offline

Activity: 2128
Merit: 1015



View Profile
April 14, 2014, 08:10:15 AM
 #1764

Update on the "Heartbleed" SSL vulnerability:

We now know that is was in fact possible to obtain Cloudflare's private keys for SSL certificates via the Heartbleed vulnerability. Cloudflare issued a challenge for this and it was solved about 9 hours later. You can read the update from Cloudflare here:

http://blog.cloudflare.com/answering-the-critical-question-can-you-get-private-ssl-keys-using-heartbleed

It's still unlikely that any private keys were actually leaked. But as I said before, users should create a new password after we have new certificates issued (we'll let you know when this happens). Cloudflare is stepping up their efforts to get new certificates issued as soon as possible.
"stupid" question...: is the two factor key also affected? Or is it still save with 2FA even if someone got the password?

Mit Cointracking behältst du die Übersicht über all deine Trades und Gewinne. Sogar ein Tool für die Steuer ist dabei Wink
Testen ist kostenlos und mit dem obigen Link bekommst du 10% Rabatt auf die kostenpflichtigen Pakete. Thread                                        Great Freeware Game: Clonk Rage
Für instant Handel auch am Wochenende bei bitcoin.de sollte man das Fidorkonto verwenden Smiley FAQ Ref-Link: Registrieren
Dargo
Legendary
*
Offline Offline

Activity: 1820
Merit: 1000



View Profile
April 14, 2014, 03:49:00 PM
 #1765

Update on the "Heartbleed" SSL vulnerability:

We now know that is was in fact possible to obtain Cloudflare's private keys for SSL certificates via the Heartbleed vulnerability. Cloudflare issued a challenge for this and it was solved about 9 hours later. You can read the update from Cloudflare here:

http://blog.cloudflare.com/answering-the-critical-question-can-you-get-private-ssl-keys-using-heartbleed

It's still unlikely that any private keys were actually leaked. But as I said before, users should create a new password after we have new certificates issued (we'll let you know when this happens). Cloudflare is stepping up their efforts to get new certificates issued as soon as possible.
"stupid" question...: is the two factor key also affected? Or is it still save with 2FA even if someone got the password?

Not a stupid question - you're more secure with 2FA, but Heartbleed might still pose a vulnerability. If you have 2FA and your password is leaked, then your OTP could be leaked at the same time. Since it's just a one-time password, though, the leaked OTP couldn't be used again to gain access to your account.

However, if the key used to set up your 2FA is leaked, then an attacker might be able to appropriate your 2FA. Google Authenticator TOTP uses the key + current time to generate the OTP, so if someone obtains your key it'd be pretty easy to generate OTPs. GA HOTP would be harder because it uses the key + a counter to generate the OTP, so an attacker would need to know both the key and where the counter is at. (HOTP is a bit more secure for this reason, but also harder to recover if it goes out of sync, since you'd have to sync counters rather than just doing a time sync). Yubikey is also counter-based, so it'd be similar to GA HOTP.

Your 2FA is less likely to be affected than your password, but it's probably a good idea to re-do your 2FA after our SSL certificates are reissued.
yslyung
Legendary
*
Offline Offline

Activity: 1493
Merit: 1000


Mine Mine Mine


View Profile
April 14, 2014, 04:00:51 PM
 #1766

it'll be great if different currency can be used to trade with coins. i have krw account but i can only trade in krw but i cannot trade in euros or usd. so far the most active market is euros but the krw market & vol is pretty low. i hope kraken can consider looking into this.
MusX
Full Member
***
Offline Offline

Activity: 175
Merit: 100


View Profile
April 14, 2014, 05:54:22 PM
 #1767

I guess we have all seen this anomaly.
This morning the price jumped from 375 to 444 and then back to 360 all at the same time, and there have been lots of sales orders in the book lower than 444 at this moment.
I am still not getting why this is possible. I mean, we are speaking about a 2BTC trade which made it to 444. Is that related to low volume, if yes - How?
.
.
10:20:43 buy €360.88401 0.01860586
10:20:43 sell €444.80067 2.05480805
10:20:43 buy €375.00000 3.01440826
.
.

Thanks for letting us know - we're looking into it. We won't know the reason for it until we investigate.
Here is the person who may caused this: https://bitcointalk.org/index.php?topic=551744.msg6014980#msg6014980
(exactly the same time on the screenshot)
Dargo, any update on this issue? we still don't know what happened.

Dargo
Legendary
*
Offline Offline

Activity: 1820
Merit: 1000



View Profile
April 14, 2014, 07:39:52 PM
 #1768

I guess we have all seen this anomaly.
This morning the price jumped from 375 to 444 and then back to 360 all at the same time, and there have been lots of sales orders in the book lower than 444 at this moment.
I am still not getting why this is possible. I mean, we are speaking about a 2BTC trade which made it to 444. Is that related to low volume, if yes - How?
.
.
10:20:43 buy €360.88401 0.01860586
10:20:43 sell €444.80067 2.05480805
10:20:43 buy €375.00000 3.01440826
.
.

Thanks for letting us know - we're looking into it. We won't know the reason for it until we investigate.
Here is the person who may caused this: https://bitcointalk.org/index.php?topic=551744.msg6014980#msg6014980
(exactly the same time on the screenshot)
Dargo, any update on this issue? we still don't know what happened.

Not yet. I won't be able to say what happened (and won't know myself) until we have a fully tested fix in place. So far as I know, the incident you mention above is the only example of it in the wild, so it seems to be triggered by a pretty rare set of circumstances.
MusX
Full Member
***
Offline Offline

Activity: 175
Merit: 100


View Profile
April 14, 2014, 09:15:10 PM
 #1769

thanks for update, good to know you did not forget about it.

kind of new error occurs during the last hour:
Code:
Origin SSL Handshake Error
using cURL library, even if ssl verify is turned off.
It is working ok since the last few minutes. Hope it was temporary issue, maybe something related to cloudflare ssl cert update.

Dargo
Legendary
*
Offline Offline

Activity: 1820
Merit: 1000



View Profile
April 14, 2014, 09:51:10 PM
 #1770

thanks for update, good to know you did not forget about it.

kind of new error occurs during the last hour:
Code:
Origin SSL Handshake Error
using cURL library, even if ssl verify is turned off.
It is working ok since the last few minutes. Hope it was temporary issue, maybe something related to cloudflare ssl cert update.

Thanks for the information. Let us know if it comes back.
FlyingLotus
Newbie
*
Offline Offline

Activity: 47
Merit: 0


View Profile
April 14, 2014, 11:13:24 PM
 #1771

thanks for update, good to know you did not forget about it.

kind of new error occurs during the last hour:
Code:
Origin SSL Handshake Error
using cURL library, even if ssl verify is turned off.
It is working ok since the last few minutes. Hope it was temporary issue, maybe something related to cloudflare ssl cert update.

Thanks for the information. Let us know if it comes back.

It's back..
Serpens66
Legendary
*
Offline Offline

Activity: 2128
Merit: 1015



View Profile
April 15, 2014, 08:06:36 AM
 #1772

was the price on kraken ~ one hour ago really at 310€ for a short time Huh (or maybe another bug?)

Mit Cointracking behältst du die Übersicht über all deine Trades und Gewinne. Sogar ein Tool für die Steuer ist dabei Wink
Testen ist kostenlos und mit dem obigen Link bekommst du 10% Rabatt auf die kostenpflichtigen Pakete. Thread                                        Great Freeware Game: Clonk Rage
Für instant Handel auch am Wochenende bei bitcoin.de sollte man das Fidorkonto verwenden Smiley FAQ Ref-Link: Registrieren
Dargo
Legendary
*
Offline Offline

Activity: 1820
Merit: 1000



View Profile
April 15, 2014, 01:52:32 PM
 #1773

thanks for update, good to know you did not forget about it.

kind of new error occurs during the last hour:
Code:
Origin SSL Handshake Error
using cURL library, even if ssl verify is turned off.
It is working ok since the last few minutes. Hope it was temporary issue, maybe something related to cloudflare ssl cert update.

Thanks for the information. Let us know if it comes back.

It's back..

What exactly are you doing when this error message appears?
Dargo
Legendary
*
Offline Offline

Activity: 1820
Merit: 1000



View Profile
April 15, 2014, 01:57:42 PM
 #1774

was the price on kraken ~ one hour ago really at 310€ for a short time Huh (or maybe another bug?)

Could be another instance of the issue we saw before. We'll take a close look at it.
Serpens66
Legendary
*
Offline Offline

Activity: 2128
Merit: 1015



View Profile
April 15, 2014, 02:30:06 PM
 #1775

was the price on kraken ~ one hour ago really at 310€ for a short time Huh (or maybe another bug?)

Could be another instance of the issue we saw before. We'll take a close look at it.
some users on the german forum said their orders got triggered, so I think it was not a bug

Mit Cointracking behältst du die Übersicht über all deine Trades und Gewinne. Sogar ein Tool für die Steuer ist dabei Wink
Testen ist kostenlos und mit dem obigen Link bekommst du 10% Rabatt auf die kostenpflichtigen Pakete. Thread                                        Great Freeware Game: Clonk Rage
Für instant Handel auch am Wochenende bei bitcoin.de sollte man das Fidorkonto verwenden Smiley FAQ Ref-Link: Registrieren
Dargo
Legendary
*
Offline Offline

Activity: 1820
Merit: 1000



View Profile
April 15, 2014, 03:09:23 PM
 #1776

was the price on kraken ~ one hour ago really at 310€ for a short time Huh (or maybe another bug?)

Could be another instance of the issue we saw before. We'll take a close look at it.
some users on the german forum said their orders got triggered, so I think it was not a bug

If no orders appear to have been skipped over, then it probably isn't a bug. We'll take a close look at it though.
KrakenTrader
Member
**
Offline Offline

Activity: 102
Merit: 10


View Profile
April 15, 2014, 06:32:02 PM
 #1777

was the price on kraken ~ one hour ago really at 310€ for a short time Huh (or maybe another bug?)

Could be another instance of the issue we saw before. We'll take a close look at it.
some users on the german forum said their orders got triggered, so I think it was not a bug

If no orders appear to have been skipped over, then it probably isn't a bug. We'll take a close look at it though.

For me it appears to not have been a bug, as I have been waiting in fiat at different positions near above 310€, and all those have been triggered luckily.
At the very same time there was quite a large volume on Kraken, around 150BTC or so.
The current rate at this moment was around 355€ - went down to 310 and back.
Made me fast 11% profit.



MusX
Full Member
***
Offline Offline

Activity: 175
Merit: 100


View Profile
April 15, 2014, 06:49:12 PM
 #1778

KrakenTrader, good for you Smiley
Whether this time it was bug or not, the previous case needs to be investigated and if it gets fixed, then this case would be fixed also, if it was a bug, which is unlikely. So it is better to focus on "sure" bug - the previous case.

KrakenTrader
Member
**
Offline Offline

Activity: 102
Merit: 10


View Profile
April 15, 2014, 07:10:47 PM
 #1779

KrakenTrader, good for you Smiley
Whether this time it was bug or not, the previous case needs to be investigated and if it gets fixed, then this case would be fixed also, if it was a bug, which is unlikely. So it is better to focus on "sure" bug - the previous case.


I guess you are referring to this 444€ spike http://imgur.com/a/yMy3E
which I noticed on 01.April

Let's see if Dargo can soon give an update
bahamapascal
Hero Member
*****
Offline Offline

Activity: 693
Merit: 500



View Profile
April 15, 2014, 08:37:03 PM
 #1780

Hi Drago!

I would like to make a suggestion, could you please add 2fa via email? So if one would make a withdraw, you first send a email with a verification link before the transaction is processed.
The same would be for changing password. Almost every exchange supports 2fa via email, so I guess it shouldn't be to difficult to add it.
I know you support 2fa via google, but not every one has a smart phone and is able to use this method.

Otherwise I am more then happy with kraken, but not being able to have 2fa is the only reason that I am currently not using it for day trading, which is a shame as you are otherwise my favorite exchange.

If I understand what you're asking for, I wouldn't call it 2fa via email. Strictly speaking, 2fa is supposed to be something you own rather than something you know. But if you don't have a 2fa device, then your email is going to be accessible via something known (your password). Email confirmation would in effect be like asking for a second password, and you can set up the equivalent of this on our exchange just by creating a password for login and funding. If you go to Account > Security > Two-Factor Authentication > Account login and funding (setup) > Method > Password, you can set a second password for login and funding. (I just noticed that the verbiage says for login, deposits, and withdrawals, but really it's just for login and withdrawals).

Another thing you can do to secure your account without a two-factor device, either in conjunction with the above, or as an alternative to it, is to use the global settings lock

https://www.kraken.com/help/faq#global-settings-lock

What this will do is lock your settings so that nobody can change your withdrawal settings (among other things). If an attacker gained access to your account, they could only withdraw to your existing withdrawal accounts (and if you set a password for this, only if they have the password). They could request a settings unlock, but then they'd have to wait for the specified number of days for the unlock to take place. Meanwhile, you'd receive a notification by email that an unlock was requested, and you'd have time to stop the thief before they do any damage.

Be careful with the settings lock though, because if you don't set a master key first

https://www.kraken.com/help/faq#master-key

then even you won't be able to unlock the settings until the specified number of days pass (no, customer support agents won't unlock for you - you just have to wait). If you create the master key first, the master key will allow you to unlock immediately. I'd recommend either not using the master key and setting the unlock to just a day or two (long enough to give you time to react if get you get an email about an unwarranted unlock request, but not so long that you can't stand to wait if you need to unlock), or creating a master key and setting the unlock for a longer period of time. If you go the master key route, this password should be kept in a safe place and *separate* from your other Kraken passwords.

Hope that helps to understand the security options we have for folks without 2fa devices. You can still lock down your account pretty darn well without them. Personally I'd prefer the options above over a simple verification link by email, but we'll consider what we might be able to do with email as well.

Thanks for this information, I have tested it and am quite satisfied. Just as a improvement I would suggest making it more clearer were one has to enter the second password. I tried for hours before I found out that my second password has to be entered in the "one-time only" password section/field.
Pages: « 1 ... 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 [89] 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 ... 342 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!