Bitcoin Forum
December 13, 2024, 11:54:38 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: MCXNOW is NOT the most secure exchange  (Read 691 times)
FrigidWinter (OP)
Newbie
*
Offline Offline

Activity: 53
Merit: 0


View Profile
September 16, 2013, 08:17:50 AM
 #1

A simple database run from another site gained access to accounts.

But oh what could be done to prevent this?!?!?!

Only something any other respectable exchanges has already implemented......

Email verification for withdrawls
TheRealSolid
Member
**
Offline Offline

Activity: 94
Merit: 10


Operator of mcxNOW | Programmer of MicroCash


View Profile WWW
September 16, 2013, 08:22:53 AM
 #2

2FA is already there, I don't support emails as a second verification method but I do provide google auth. So the fact is mcxNOW does have 2 auth setup, some users don't use it. Not much can be done about this unfortunately.

As of the v2 update I have removed all user emails from the site and stopped requiring them to be entered on sign up. The reason is due to privacy, I feel with coming laws these "paper transactions" of activity at a crypto exchange may be used against people. I advise everyone who uses emails at exchanges to turn off email notifications and use a more secure 2nd auth device like Google Auth or yubikey, etc.

https://mcxnow.com - Fast and secure coin exchange.
Primecoin / Litecoin / Mincoin / Worldcoin / CopperLark
iGotSpots
Legendary
*
Offline Offline

Activity: 2548
Merit: 1054


CPU Web Mining 🕸️ on webmining.io


View Profile WWW
September 16, 2013, 08:24:12 AM
 #3

A simple database run from another site gained access to accounts.

But oh what could be done to prevent this?!?!?!

Only something any other respectable exchanges has already implemented......

Email verification for withdrawls

People using the same name/password for every site is not RS's fault

FrigidWinter (OP)
Newbie
*
Offline Offline

Activity: 53
Merit: 0


View Profile
September 16, 2013, 08:25:22 AM
 #4

I understand all of this. But i feel the securty it provides is something "the most secure exchange" should have. Rant over on my part
iGotSpots
Legendary
*
Offline Offline

Activity: 2548
Merit: 1054


CPU Web Mining 🕸️ on webmining.io


View Profile WWW
September 16, 2013, 08:29:20 AM
 #5

I understand all of this. But i feel the securty it provides is something "the most secure exchange" should have. Rant over on my part

Can't protect stupid

FrigidWinter (OP)
Newbie
*
Offline Offline

Activity: 53
Merit: 0


View Profile
September 16, 2013, 08:33:57 AM
 #6

I understand all of this. But i feel the securty it provides is something "the most secure exchange" should have. Rant over on my part

Can't protect stupid

But you can to a degree.

If they didnt have users emails they would have been able to do nothing even if they did only if the user used the same password at 3 places would they be affected.

Its still users fault as if you have any money on exchanges you should do your part to protect it.

But too be the most secure you have to protect against stupidity to a certain degree.

MCXNOW might not be "hackable" but less info is required than most sites to hijack users accounts
iGotSpots
Legendary
*
Offline Offline

Activity: 2548
Merit: 1054


CPU Web Mining 🕸️ on webmining.io


View Profile WWW
September 16, 2013, 08:41:21 AM
 #7

I understand all of this. But i feel the securty it provides is something "the most secure exchange" should have. Rant over on my part

Can't protect stupid

But you can to a degree.

If they didnt have users emails they would have been able to do nothing even if they did only if the user used the same password at 3 places would they be affected.

Its still users fault as if you have any money on exchanges you should do your part to protect it.

But too be the most secure you have to protect against stupidity to a certain degree.

MCXNOW might not be "hackable" but less info is required than most sites to hijack users accounts

You are correct in all of that. But why start a thread talking shit when you understand it wasn't his issue?

FrigidWinter (OP)
Newbie
*
Offline Offline

Activity: 53
Merit: 0


View Profile
September 16, 2013, 08:47:06 AM
 #8

I understand all of this. But i feel the securty it provides is something "the most secure exchange" should have. Rant over on my part

Can't protect stupid

But you can to a degree.

If they didnt have users emails they would have been able to do nothing even if they did only if the user used the same password at 3 places would they be affected.

Its still users fault as if you have any money on exchanges you should do your part to protect it.

But too be the most secure you have to protect against stupidity to a certain degree.

MCXNOW might not be "hackable" but less info is required than most sites to hijack users accounts

You are correct in all of that. But why start a thread talking shit when you understand it wasn't his issue?

Like i have stated multiple time. Its advertised as "the most secure" But yet it doesnt take the little extra step to protect its just above brain dead users that others exchanges do

Anyone worried about privacy knows how to use tor and create a Virtually untraceable email
SuperTramp
Legendary
*
Offline Offline

Activity: 1073
Merit: 1000



View Profile WWW
September 16, 2013, 08:48:32 AM
 #9

A simple database run from another site gained access to accounts.

But oh what could be done to prevent this?!?!?!

Only something any other respectable exchanges has already implemented......

Email verification for withdrawls


Last time I used Mt.Gox they did NOT have email verification for withdrawals.

MincoinForum, Home Of The World's Fastest & Rarest Cryptocurrency. https://www.mincoinforum.com
Only 10million Mincoin To Be Created. Find out more at https://www.mincoin.us
smoothie
Legendary
*
Offline Offline

Activity: 2492
Merit: 1491


LEALANA Bitcoin Grim Reaper


View Profile
September 16, 2013, 09:19:27 AM
 #10

A simple feature that forces users of his site to use a relatively long and random password generated on his server's end would fix that user pass problem he is dealing with now (or so he claims).

███████████████████████████████████████

            ,╓p@@███████@╗╖,           
        ,p████████████████████N,       
      d█████████████████████████b     
    d██████████████████████████████æ   
  ,████²█████████████████████████████, 
 ,█████  ╙████████████████████╨  █████y
 ██████    `████████████████`    ██████
║██████       Ñ███████████`      ███████
███████         ╩██████Ñ         ███████
███████    ▐▄     ²██╩     a▌    ███████
╢██████    ▐▓█▄          ▄█▓▌    ███████
 ██████    ▐▓▓▓▓▌,     ▄█▓▓▓▌    ██████─
           ▐▓▓▓▓▓▓█,,▄▓▓▓▓▓▓▌          
           ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▌          
    ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓─  
     ²▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓╩    
        ▀▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀       
           ²▀▀▓▓▓▓▓▓▓▓▓▓▓▓▀▀`          
                   ²²²                 
███████████████████████████████████████

. ★☆ WWW.LEALANA.COM        My PGP fingerprint is A764D833.                  History of Monero development Visualization ★☆ .
LEALANA BITCOIN GRIM REAPER SILVER COINS.
 
smoothie
Legendary
*
Offline Offline

Activity: 2492
Merit: 1491


LEALANA Bitcoin Grim Reaper


View Profile
September 16, 2013, 09:20:58 AM
 #11

A simple database run from another site gained access to accounts.

But oh what could be done to prevent this?!?!?!

Only something any other respectable exchanges has already implemented......

Email verification for withdrawls


Last time I used Mt.Gox they did NOT have email verification for withdrawals.

This discussion of security doesnt stop at GOX.

███████████████████████████████████████

            ,╓p@@███████@╗╖,           
        ,p████████████████████N,       
      d█████████████████████████b     
    d██████████████████████████████æ   
  ,████²█████████████████████████████, 
 ,█████  ╙████████████████████╨  █████y
 ██████    `████████████████`    ██████
║██████       Ñ███████████`      ███████
███████         ╩██████Ñ         ███████
███████    ▐▄     ²██╩     a▌    ███████
╢██████    ▐▓█▄          ▄█▓▌    ███████
 ██████    ▐▓▓▓▓▌,     ▄█▓▓▓▌    ██████─
           ▐▓▓▓▓▓▓█,,▄▓▓▓▓▓▓▌          
           ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▌          
    ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓─  
     ²▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓╩    
        ▀▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀       
           ²▀▀▓▓▓▓▓▓▓▓▓▓▓▓▀▀`          
                   ²²²                 
███████████████████████████████████████

. ★☆ WWW.LEALANA.COM        My PGP fingerprint is A764D833.                  History of Monero development Visualization ★☆ .
LEALANA BITCOIN GRIM REAPER SILVER COINS.
 
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!