bitcoinisfurture
|
|
November 24, 2013, 08:56:16 AM |
|
iBITCOINTRADE - By when the site will be up and running? Another thing why dont you display In-Progress or Site under construction on Website so that all know the rates displaying their are just on test and easy of you as well.
|
|
|
|
bitcoinisfurture
|
|
December 04, 2013, 03:06:17 PM |
|
How's the progress going on Devansh?
|
|
|
|
ajax3592
Full Member
Offline
Activity: 210
Merit: 100
Crypto News & Tutorials - Coinramble.com
|
|
December 07, 2013, 05:25:39 AM |
|
I am finally ready to roll out the exchange within 10 days.
So when is the website going to start trading?
|
|
|
|
BitCoinDream
Legendary
Offline
Activity: 2394
Merit: 1216
The revolution will be digital
|
|
December 09, 2013, 11:35:11 PM |
|
Hi devansh. First of all congratulations for your project. Its a really interesting one. I was just checking your site and I have 2 questions...
1. How do u handle NEFT ? Manually check your/company's account and approve or taking some other automated method ? If u r using any automated method I would like to know what it is and how secure it is ?
2. I am interested in a buy offer on your site and as I can see u r going to charge from December 12, 2013. So am I allowed to perform that transaction beforehand ?
|
|
|
|
Subal_Damudar
Member
Offline
Activity: 90
Merit: 13
|
|
December 11, 2013, 08:34:12 PM |
|
Hi New hopeful bitcoiner here.. I was wondering if you people take in cash with no bank trails ? like some local meet up trade ? I want to buy my first coins as anonymously as possible...
|
|
|
|
BitCoinDream
Legendary
Offline
Activity: 2394
Merit: 1216
The revolution will be digital
|
|
December 12, 2013, 01:40:51 PM |
|
Hi New hopeful bitcoiner here.. I was wondering if you people take in cash with no bank trails ? like some local meet up trade ? I want to buy my first coins as anonymously as possible... Yes we will accept cash for small order(less than Rs. 1 lakh) but you will have to deposit it in our bank acc.No local meet ups. NOTE: We are currently in testing phase and are not functional.Does acceptance of direct cash comply with Indian AML policy ?
|
|
|
|
sa1
Newbie
Offline
Activity: 3
Merit: 0
|
|
December 15, 2013, 02:28:34 AM Last edit: December 15, 2013, 03:43:13 AM by sa1 |
|
The site is currently open to only Indian citizens and yes, we will require PAN.We have taken certain measures to protect user details and will keep on improving them. Even if the site is hacked, neither any monetary loss can occur nor PAN details will be compromised. Security Features(some still to be implemented before the launch)
1.sha1 encryption for passwords 2.encryption for what ever data is transfered 3.ssl keeps data over network secured 4.cookies for maintaining session which is also secured by encryption plus ssl
About Us
Plain hashing is highly insecure for passwords. sha1 is not encryption. The passwords are just begging to be stolen. You have to spend a lot of time learning about security best practices, and you should pause release until then. Please use bcrypt, pbkdf2 or scrypt.
|
|
|
|
subvolatil
|
|
December 15, 2013, 03:37:39 AM |
|
The site is currently open to only Indian citizens and yes, we will require PAN.We have taken certain measures to protect user details and will keep on improving them. Even if the site is hacked, neither any monetary loss can occur nor PAN details will be compromised. Security Features(some still to be implemented before the launch)
1.sha1 encryption for passwords 2.encryption for what ever data is transfered 3.ssl keeps data over network secured 4.cookies for maintaining session which is also secured by encryption plus ssl
About Us
Plain hashing is highly insecure for passwords. sha1 is not encryption. The passwords are just begging to be stolen. You have to spend a lot of time learning about security best practices, and you should pause release until then. Please use bcrypt, pkdf2 or scrypt. +1 Agreed
|
|
|
|
dc0ded
Newbie
Offline
Activity: 41
Merit: 0
|
|
December 16, 2013, 10:57:43 AM |
|
The site is currently open to only Indian citizens and yes, we will require PAN.We have taken certain measures to protect user details and will keep on improving them. Even if the site is hacked, neither any monetary loss can occur nor PAN details will be compromised. Security Features(some still to be implemented before the launch)
1.sha1 encryption for passwords 2.encryption for what ever data is transfered 3.ssl keeps data over network secured 4.cookies for maintaining session which is also secured by encryption plus ssl
About Us
Plain hashing is highly insecure for passwords. sha1 is not encryption. The passwords are just begging to be stolen. You have to spend a lot of time learning about security best practices, and you should pause release until then. Please use bcrypt, pbkdf2 or scrypt. Excellent point. Thumbs up for you! Ignoring the security of your customers, is not a wise thing to do...
|
|
|
|
Benson Samuel
Legendary
Offline
Activity: 1890
Merit: 1000
Landscaping Bitcoin for India!
|
|
December 21, 2013, 01:49:27 PM |
|
Iv had the code checked by security experts. They could not find any loop hole !!
Nice, hope to see you'll launch soon.
|
|
|
|
sa1
Newbie
Offline
Activity: 3
Merit: 0
|
|
December 23, 2013, 08:54:02 AM |
|
Iv had the code checked by security experts. They could not find any loop hole !!
This seems rather vague and uninformative, and people would be right to be very very careful. I would however give you the benefit of doubt for now, till you provide more information. Since the features you claimed such as ssl etc seems to be still missing from your beta site, I am not sure what all measures security experts tested.
|
|
|
|
subvolatil
|
|
December 23, 2013, 09:18:55 PM |
|
Just had the SSL certi approved..will install it 2day or latest by 2morow. On being told that the passwords would easily be stolen by hackers I had contacted a web security providing company. They have seen the code and "could not find any loop holes".
I dont think he is concerned with the loop holes on the website at the moment. Security of a website can be compromised even with a simple 0 day. or even a sql injection attack . the problem here is that you dont have a contingency plan regarding security breach, what if your password file gets stolen, you have only hashed you password with a SHA1 hash, which can be broken using a rainbow table easily. SHA1 and MD5 is not recommended any more. you can use scrypt hash, or if you dont want to atleast Salt your hashes. Remember an unsalted hash is like passwords without cloths. By the way what type of pentest did the company you talked about do?
|
|
|
|
Benson Samuel
Legendary
Offline
Activity: 1890
Merit: 1000
Landscaping Bitcoin for India!
|
|
December 24, 2013, 05:17:26 AM |
|
Just had the SSL certi approved..will install it 2day or latest by 2morow. On being told that the passwords would easily be stolen by hackers I had contacted a web security providing company. They have seen the code and "could not find any loop holes".
I dont think he is concerned with the loop holes on the website at the moment. Security of a website can be compromised even with a simple 0 day. or even a sql injection attack . the problem here is that you dont have a contingency plan regarding security breach, what if your password file gets stolen, you have only hashed you password with a SHA1 hash, which can be broken using a rainbow table easily. SHA1 and MD5 is not recommended any more. you can use scrypt hash, or if you dont want to atleast Salt your hashes. Remember an unsalted hash is like passwords without cloths. By the way what type of pentest did the company you talked about do? There is always more than 1 way to learn
|
|
|
|
bitcoinisfurture
|
|
December 26, 2013, 03:47:18 PM |
|
So are you still working with the site or have stopped for the while before RBI comes with the proper guidelines.
|
|
|
|
newIndia
Legendary
Offline
Activity: 2226
Merit: 1052
|
|
December 27, 2013, 03:23:24 PM |
|
work is still on
Still On ? Good Luck
|
|
|
|
bitcoinisfurture
|
|
February 02, 2014, 08:57:25 AM |
|
No update? What is the status is it still in progress or worked stopped due to regulations?
|
|
|
|
devansh1991 (OP)
|
|
February 02, 2014, 02:29:03 PM |
|
Never stopped working on the website. A visit to the website should provide a pretty clear picture regarding the status. I won't say anything till I have everything in place.
|
|
|
|
devansh1991 (OP)
|
|
February 06, 2014, 04:08:39 PM |
|
pls check if the How It Works page is still displaying a crossed out https or not
|
|
|
|
devansh1991 (OP)
|
|
March 01, 2014, 12:18:31 PM |
|
I have all the pieces in place now. All set to launch tomorrow i.e Sunday, 2nd March
|
|
|
|
BitCoinDream
Legendary
Offline
Activity: 2394
Merit: 1216
The revolution will be digital
|
|
March 02, 2014, 03:53:43 PM |
|
I have all the pieces in place now. All set to launch tomorrow i.e Sunday, 2nd March
Why did u remove all your previous comments from this thread ?
|
|
|
|
|