Bitcoin Forum
December 17, 2017, 01:08:40 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: 1 2 3 4 [All]
  Print  
Author Topic: Crazy Land Rush  (Read 6389 times)
the founder
Sr. Member
****
Offline Offline

Activity: 448


Bitcoin


View Profile WWW
July 29, 2011, 03:51:01 PM
 #1



I strongly urge you guys to get an invite now for flexcoin because when the invite system is off we're going to stop accepting new registrations for roughly a day.   So the only way to get in is via invite and we're sending out all the invites in a few hours..

Meaning that you can get a generic flexcoin id "coffeeshop", "money" , "webhosting" or whatever now but in 24 hours most likely you won't be able to.

This reminds me of a 1990's domain name rush...   that ID is staying with people for life.. so people are looking for generic ones like mad.  

Bitcoin RSS App / Bitcoin Android App / Bitcoin Webapp http://www.ounce.me  Say thank you here:  1HByHZQ44LUCxxpnqtXDuJVmrSdrGK6Q2f
1513472920
Hero Member
*
Offline Offline

Posts: 1513472920

View Profile Personal Message (Offline)

Ignore
1513472920
Reply with quote  #2

1513472920
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513472920
Hero Member
*
Offline Offline

Posts: 1513472920

View Profile Personal Message (Offline)

Ignore
1513472920
Reply with quote  #2

1513472920
Report to moderator
1513472920
Hero Member
*
Offline Offline

Posts: 1513472920

View Profile Personal Message (Offline)

Ignore
1513472920
Reply with quote  #2

1513472920
Report to moderator
1513472920
Hero Member
*
Offline Offline

Posts: 1513472920

View Profile Personal Message (Offline)

Ignore
1513472920
Reply with quote  #2

1513472920
Report to moderator
BitMofo
Member
**
Offline Offline

Activity: 112


View Profile
July 29, 2011, 03:55:47 PM
 #2

Just requested one... Haven't read much about flexcoin yet but what ensures it's security over any other escrow service?

1HNffyHktcD2iB6WJhPxKbALJdg4dwerTG
Piper67
Legendary
*
Offline Offline

Activity: 1106


AffBits.com Affiliate Network


View Profile WWW
July 29, 2011, 04:00:13 PM
 #3



I strongly urge you guys to get an invite now for flexcoin because when the invite system is off we're going to stop accepting new registrations for roughly a day.   So the only way to get in is via invite and we're sending out all the invites in a few hours..

Meaning that you can get a generic flexcoin id "coffeeshop", "money" , "webhosting" or whatever now but in 24 hours most likely you won't be able to.

This reminds me of a 1990's domain name rush...   that ID is staying with people for life.. so people are looking for generic ones like mad.  


Could you give us as much info as possible on all your security measures? I suspect I won't be the only one asking this (and I know I am not the most qualified to).

Thanks,

the founder
Sr. Member
****
Offline Offline

Activity: 448


Bitcoin


View Profile WWW
July 29, 2011, 04:05:09 PM
 #4

Just requested one... Haven't read much about flexcoin yet but what ensures it's security over any other escrow service?

Everything is encrypted with high grade encryption, salted.. etc etc..  Comodo "green bar" SSL, firewalled...  We had it audited by a bank auditing company.  It exceeds banking compliance standards. The main site is just a standard http .. the banking area (on a differing server cluster) goes to the secure system.

Is it foolproof?  No.

Many of you guys know the only "100% secure  system" is one that is physically unplugged and turned off...   and like any website on earth it can be brought down by DDOS attack....   but it does exceed what many would consider "normal security" or even "high grade security".  

I threw the entire weight of my company,  Yooter InterActive Marketing ( http://www.yooter.com )  into it... we normally do design, SEO for fortune 100 firms.    It's most likely the first corporate backed bitcoin startup.


Bitcoin RSS App / Bitcoin Android App / Bitcoin Webapp http://www.ounce.me  Say thank you here:  1HByHZQ44LUCxxpnqtXDuJVmrSdrGK6Q2f
Piper67
Legendary
*
Offline Offline

Activity: 1106


AffBits.com Affiliate Network


View Profile WWW
July 29, 2011, 04:06:43 PM
 #5

Just requested one... Haven't read much about flexcoin yet but what ensures it's security over any other escrow service?

Everything is encrypted with high grade encryption, salted.. etc etc..  Comodo "green bar" SSL, firewalled...  We had it audited by a bank auditing company.  It exceeds banking compliance standards. The main site is just a standard http .. the banking area (on a differing server cluster) goes to the secure system.

Is it foolproof?  No.

Many of you guys know the only "100% secure  system" is one that is physically unplugged and turned off...   and like any website on earth it can be brought down by DDOS attack....   but it does exceed what many would consider "normal security" or even "high grade security".  



And how do you guys make your money? I read the FAQ, but haven't found anything about fees yet.

the founder
Sr. Member
****
Offline Offline

Activity: 448


Bitcoin


View Profile WWW
July 29, 2011, 04:08:15 PM
 #6

The fee schedule is here:

http://www.flexcoin.com/?page_id=148

You're best bet is to navigate to the "FAQ"  you'll notice a drop down there and all the info I think you need will be there.


Bitcoin RSS App / Bitcoin Android App / Bitcoin Webapp http://www.ounce.me  Say thank you here:  1HByHZQ44LUCxxpnqtXDuJVmrSdrGK6Q2f
enmaku
Hero Member
*****
Offline Offline

Activity: 742


View Profile
July 29, 2011, 04:08:23 PM
 #7

Just requested one... Haven't read much about flexcoin yet but what ensures it's security over any other escrow service?

Everything is encrypted with high grade encryption, salted.. etc etc..  Comodo "green bar" SSL, firewalled...  We had it audited by a bank auditing company.  It exceeds banking compliance standards. The main site is just a standard http .. the banking area (on a differing server cluster) goes to the secure system.

Is it foolproof?  No.

Many of you guys know the only "100% secure  system" is one that is physically unplugged and turned off...   and like any website on earth it can be brought down by DDOS attack....   but it does exceed what many would consider "normal security" or even "high grade security".  



What hashing algorithm do you use? As we all learned from the Mt Gox debacle, simply hashing and salting isn't enough, you've got to hash and salt with the right algorithms.

Also, an unplugged and turned off system still isn't secure against social engineering so long as someone has the ability to plug it back in and turn it back on for me.  Wink
the founder
Sr. Member
****
Offline Offline

Activity: 448


Bitcoin


View Profile WWW
July 29, 2011, 04:14:07 PM
 #8

oh Trust me...  Mt. Gox is the whole reason we went haywire on security...  I know what happened with them using decade old encryption...  

Regarding "turned off"  most likely you're right...  perhaps I should have stated "the only safe computer is a machine running Windows ME...  not because it's secure, but because no one wants to even bother"  Smiley


Bitcoin RSS App / Bitcoin Android App / Bitcoin Webapp http://www.ounce.me  Say thank you here:  1HByHZQ44LUCxxpnqtXDuJVmrSdrGK6Q2f
Chick
Member
**
Offline Offline

Activity: 70


View Profile
July 29, 2011, 04:18:18 PM
 #9

Just requested one... Haven't read much about flexcoin yet but what ensures it's security over any other escrow service?

Everything is encrypted with high grade encryption, salted.. etc etc..  Comodo "green bar" SSL, firewalled...  We had it audited by a bank auditing company.  It exceeds banking compliance standards. The main site is just a standard http .. the banking area (on a differing server cluster) goes to the secure system.

Is it foolproof?  No.

Many of you guys know the only "100% secure  system" is one that is physically unplugged and turned off...   and like any website on earth it can be brought down by DDOS attack....   but it does exceed what many would consider "normal security" or even "high grade security".  

I threw the entire weight of my company,  Yooter InterActive Marketing ( http://www.yooter.com )  into it... we normally do design, SEO for fortune 100 firms.    It's most likely the first corporate backed bitcoin startup.



omg, a green bar! we should totally trust them because of that!

lolwut? high grade encryption? for what? if you're using high grade encryption for passwords then you're doing it totally wrong. what could you possibly be encrypting other than the ssl payload?

yay, banking compliance standards, sounds like pci compliance to me! i should totally trust the security simply because it has 'bank' in it!

nafai
Member
**
Offline Offline

Activity: 112



View Profile
July 29, 2011, 04:20:35 PM
 #10

From your website:

Quote
Fees:
Flexcoin to Flexcoin = FREE
Bitcoin to Flexcoin = FREE
Flexcoin to Bitcoin = .01 BTC or 0.05% (one half of one percent), whichever is greater

0.05% is not one half of one percent.

One half of one percent is 0.5%.  0.05% is one twentieth of one percent, or one half of one tenth of a percent.

Which is it?  Not exactly confidence-inspiring.

1HQiS9PLHPcoQMgN8ZdcGwhoMHWh2Hp37p
Chick
Member
**
Offline Offline

Activity: 70


View Profile
July 29, 2011, 04:23:25 PM
 #11

From your website:

Quote
Fees:
Flexcoin to Flexcoin = FREE
Bitcoin to Flexcoin = FREE
Flexcoin to Bitcoin = .01 BTC or 0.005% (one half of one percent), whichever is greater

0.05% is not one half of one percent.

One half of one percent is 0.5%.  0.05% is one twentieth of one percent, or one half of one tenth of a percent.

Which is it?  Not exactly confidence-inspiring.

yay

the founder
Sr. Member
****
Offline Offline

Activity: 448


Bitcoin


View Profile WWW
July 29, 2011, 04:24:19 PM
 #12

it's 1/2 of 1 percent... that was a typo Smiley


Bitcoin RSS App / Bitcoin Android App / Bitcoin Webapp http://www.ounce.me  Say thank you here:  1HByHZQ44LUCxxpnqtXDuJVmrSdrGK6Q2f
Piper67
Legendary
*
Offline Offline

Activity: 1106


AffBits.com Affiliate Network


View Profile WWW
July 29, 2011, 04:25:23 PM
 #13

it's 1/2 of 1 percent... that was a typo Smiley



Yup, that explains it, because at 0.05% your interest payment structure was never going to fly.

Oldminer
Legendary
*
Offline Offline

Activity: 1022



View Profile
July 29, 2011, 04:26:50 PM
 #14

This sounds like it could be a good idea.

Can you explain more how the interest is calculated?

If you like my post please feel free to give me some positive rep https://bitcointalk.org/index.php?action=trust;u=18639
Tip me BTC: 1FBmoYijXVizfYk25CpiN8Eds9J6YiRDaX
the founder
Sr. Member
****
Offline Offline

Activity: 448


Bitcoin


View Profile WWW
July 29, 2011, 04:28:32 PM
 #15

I fixed it on the page.. thanks for finding that!!  Smiley

Fees:
Flexcoin to Flexcoin = FREE
Bitcoin to Flexcoin = FREE
Flexcoin to Bitcoin = .01 BTC or  (one half of one percent), whichever is greater and this charge is all inclusive.

- NOTE: the bitcoin miner fees will be distributed from the fees we collect on outbound transfers, not added on.  The fee listed above is the only fee you will pay for an outbound transfer.  We will add the bitcoin miner fee from this amount.

Bitcoin RSS App / Bitcoin Android App / Bitcoin Webapp http://www.ounce.me  Say thank you here:  1HByHZQ44LUCxxpnqtXDuJVmrSdrGK6Q2f
the founder
Sr. Member
****
Offline Offline

Activity: 448


Bitcoin


View Profile WWW
July 29, 2011, 04:30:50 PM
 #16

This sounds like it could be a good idea.

Can you explain more how the interest is calculated?


It's listed on that same page:
Quote
Your flexcoin fee schedule is below, however it’s worth noting that a large percentage of the “fees” collected come back to you in the form of interest paid on your account balance.

70% of the fees collected are disbursed to the account holders as interest payments, based on the following formula…

(your account balance / total balance of all flexcoin accounts) * ((all fees collected – miner fees) * 0.7)

http://www.flexcoin.com/?page_id=148

Bitcoin RSS App / Bitcoin Android App / Bitcoin Webapp http://www.ounce.me  Say thank you here:  1HByHZQ44LUCxxpnqtXDuJVmrSdrGK6Q2f
Jaime Frontero
Full Member
***
Offline Offline

Activity: 126


View Profile
July 29, 2011, 04:44:07 PM
 #17

i've requested an invite as well.

this is a very interesting service.  my book business needs something like this.
the founder
Sr. Member
****
Offline Offline

Activity: 448


Bitcoin


View Profile WWW
July 29, 2011, 04:50:41 PM
 #18

i've requested an invite as well.

this is a very interesting service.  my book business needs something like this.

That's why you need to register the second you get the invite... because flexcoin "books" or "bookstore" for example is currently available.

Bitcoin RSS App / Bitcoin Android App / Bitcoin Webapp http://www.ounce.me  Say thank you here:  1HByHZQ44LUCxxpnqtXDuJVmrSdrGK6Q2f
foggyb
Legendary
*
Offline Offline

Activity: 1344


View Profile
July 29, 2011, 05:00:19 PM
 #19

Invite requested.
Jaime Frontero
Full Member
***
Offline Offline

Activity: 126


View Profile
July 29, 2011, 05:02:12 PM
 #20

i've requested an invite as well.

this is a very interesting service.  my book business needs something like this.

That's why you need to register the second you get the invite... because flexcoin "books" or "bookstore" for example is currently available.

i put in name and email, then hit enter.  it appeared to do stuff - although no confirmation was forthcoming.

what's the line for that says:

Quote
Send *Required

i couldn't type anything there, so i'm assuming it's not for anything?  Huh
the founder
Sr. Member
****
Offline Offline

Activity: 448


Bitcoin


View Profile WWW
July 29, 2011, 05:05:25 PM
 #21

It just means you have to put in your name and e-mail and "hit the send button" for it to work...  Cheesy 


Bitcoin RSS App / Bitcoin Android App / Bitcoin Webapp http://www.ounce.me  Say thank you here:  1HByHZQ44LUCxxpnqtXDuJVmrSdrGK6Q2f
foggyb
Legendary
*
Offline Offline

Activity: 1344


View Profile
July 29, 2011, 05:05:36 PM
 #22

Why isnt the home page SSL? For better security, it really should be.

Zango
Newbie
*
Offline Offline

Activity: 10


View Profile
July 29, 2011, 05:10:01 PM
 #23

This will be good, if done properly.
I've thought about the same thing. Bitcoin really needs to be facilitated. I'd really like if you wrote more about your security means.
Jaime Frontero
Full Member
***
Offline Offline

Activity: 126


View Profile
July 29, 2011, 05:11:24 PM
 #24

It just means you have to put in your name and e-mail and "hit the send button" for it to work...  Cheesy 



ahh.  my gnome desktop settings are such that the 'Send' button doesn't differentiate very well.  i did it again, just to be sure...

thanks for the reply.
Piper67
Legendary
*
Offline Offline

Activity: 1106


AffBits.com Affiliate Network


View Profile WWW
July 29, 2011, 05:12:28 PM
 #25

This will be good, if done properly.
I've thought about the same thing. Bitcoin really needs to be facilitated. I'd really like if you wrote more about your security means.

I agree, this could be good... I'm watching this thread closely.

the founder
Sr. Member
****
Offline Offline

Activity: 448


Bitcoin


View Profile WWW
July 29, 2011, 05:13:38 PM
 #26

Why isnt the home page SSL? For better security, it really should be.



The bank isn't even on the same server cluster as the main website ...   I do hope that does answer your question.   Remember This was built by Yooter InterActive,  we've been a search optimization company for about a dozen years.. so https (GENERALLY) means harder to rank in Google,  hence why we opted to leave the main page .. in fact the main website .. out of the secure area.   The banking area is 100% in the secure area,  which you will see the second you get the invite..  (for the record it's not even on the same domain).




Bitcoin RSS App / Bitcoin Android App / Bitcoin Webapp http://www.ounce.me  Say thank you here:  1HByHZQ44LUCxxpnqtXDuJVmrSdrGK6Q2f
phillipsjk
Legendary
*
Offline Offline

Activity: 1008

Let the chips fall where they may.


View Profile WWW
July 29, 2011, 05:22:23 PM
 #27

If the main page is not secured via HTTPs, an attacker simply can replace it with a page pointing to their own "Secure" site. My ISP has even installed equipment that will allow them to do that automatically:
Quote from: Uniserve Terms of Service
Advertising-UNISERVE shall have the right, without notice, to insert advertising data into the Internet browser used by a UNSERVE customer, and transferred to a UNISERVE customer over UNISERVE’s network, so long as this does not involve UNISERVE transmitting any personal information of the customer to whom such data is sent in contravention of the UNISERVE Privacy Commitment;
- Section 27e. Notice they support HTTPS.

James' OpenPGP public key fingerprint: EB14 9E5B F80C 1F2D 3EBE  0A2F B3DE 81FF 7B9D 5160
the founder
Sr. Member
****
Offline Offline

Activity: 448


Bitcoin


View Profile WWW
July 29, 2011, 05:25:55 PM
 #28

If the main page is not secured via HTTPs, an attacker simply can replace it with a page pointing to their own "Secure" site. My ISP has even installed equipment that will allow them to do that automatically:
Quote from: Uniserve Terms of Service
Advertising-UNISERVE shall have the right, without notice, to insert advertising data into the Internet browser used by a UNSERVE customer, and transferred to a UNISERVE customer over UNISERVE’s network, so long as this does not involve UNISERVE transmitting any personal information of the customer to whom such data is sent in contravention of the UNISERVE Privacy Commitment;
- Section 27e. Notice they support HTTPS.

That's why the bank isn't located on that domain.  Remember the bank is actually on a differing domain ... 


Bitcoin RSS App / Bitcoin Android App / Bitcoin Webapp http://www.ounce.me  Say thank you here:  1HByHZQ44LUCxxpnqtXDuJVmrSdrGK6Q2f
indio007
Full Member
***
Offline Offline

Activity: 224


View Profile
July 29, 2011, 05:49:21 PM
 #29

How does one go about getting an invite?Huh
the founder
Sr. Member
****
Offline Offline

Activity: 448


Bitcoin


View Profile WWW
July 29, 2011, 05:49:56 PM
 #30

This will be good, if done properly.
I've thought about the same thing. Bitcoin really needs to be facilitated. I'd really like if you wrote more about your security means.

My problem is that if I completely list in entirely every security measure then it's sort of exposing everything...  eventually no matter how secure something is it could be broken.

Let's say for example you know there is 100 tons of gold in a vault.

But since you have the blueprints you know you need a jackhammer,  where the power lines are,  that the security has a backup cell phone (so bring a cell phone jammer)  etc etc...  You also found out that inside the vault there is a steel holding cage that's rigged to explode... so you detonate it from outside before you move in knowing the gold would be safe regardless.

If that information wasn't public you may have guessed the jackhammer, where the power lines are and the cell phone jammer.. but you didn't expect the rigged steel cage...  

So trust me I completely understand what you want,  I just am unsure if I can actually provide a full breakdown .


Bitcoin RSS App / Bitcoin Android App / Bitcoin Webapp http://www.ounce.me  Say thank you here:  1HByHZQ44LUCxxpnqtXDuJVmrSdrGK6Q2f
the founder
Sr. Member
****
Offline Offline

Activity: 448


Bitcoin


View Profile WWW
July 29, 2011, 05:52:55 PM
 #31

How does one go about getting an invite?Huh

http://www.flexcoin.com/?page_id=51


Bitcoin RSS App / Bitcoin Android App / Bitcoin Webapp http://www.ounce.me  Say thank you here:  1HByHZQ44LUCxxpnqtXDuJVmrSdrGK6Q2f
phillipsjk
Legendary
*
Offline Offline

Activity: 1008

Let the chips fall where they may.


View Profile WWW
July 29, 2011, 05:55:12 PM
 #32


That's why the bank isn't located on that domain.  Remember the bank is actually on a differing domain ...  


Any attacker would set up their look-alike on a different domain as well. Have you seen the Upside-Down-Ternet page?

Intercepting HTTP is trivial. In some cases intercepting HTTPS is trivial as well.

James' OpenPGP public key fingerprint: EB14 9E5B F80C 1F2D 3EBE  0A2F B3DE 81FF 7B9D 5160
the founder
Sr. Member
****
Offline Offline

Activity: 448


Bitcoin


View Profile WWW
July 29, 2011, 06:08:15 PM
 #33


That's why the bank isn't located on that domain.  Remember the bank is actually on a differing domain ...  


Any attacker would set up their look-alike on a different domain as well. Have you seen the Upside-Down-Ternet page?

Intercepting HTTP is trivial. In some cases intercepting HTTPS is trivial as well.


yea but you don't even need to do that...   I could go setup ...  paypal.com.EXAMPLE.Com and just make the shitty scum site look like paypal and send out tons of unsolicited e-mail to people and some idiots will bite.. it's called phishing.


Bitcoin RSS App / Bitcoin Android App / Bitcoin Webapp http://www.ounce.me  Say thank you here:  1HByHZQ44LUCxxpnqtXDuJVmrSdrGK6Q2f
idev
Hero Member
*****
Offline Offline

Activity: 928


View Profile
July 29, 2011, 07:08:38 PM
 #34

How long does it take to get an invite,
as i have signed up a few days ago ?
spruce
Full Member
***
Offline Offline

Activity: 140


View Profile
July 29, 2011, 07:12:19 PM
 #35

How long does it take to get an invite,
as i have signed up a few days ago ?

See below. Note time of post. Real soon now. Smiley

. . . we're sending out all the invites in a few hours..

the founder
Sr. Member
****
Offline Offline

Activity: 448


Bitcoin


View Profile WWW
July 29, 2011, 08:38:26 PM
 #36

If you requested an invite,  feel free to login!   

Main Site:  http://www.flexcoin.com
Banking site : https://bank.flexcoin.com

you MUST use the same e-mail address that you requested an invite from.   We decided against sending out thousands of e-mails.


Bitcoin RSS App / Bitcoin Android App / Bitcoin Webapp http://www.ounce.me  Say thank you here:  1HByHZQ44LUCxxpnqtXDuJVmrSdrGK6Q2f
thefussydutchman
Full Member
***
Offline Offline

Activity: 142


BTC- Its not a bubble.


View Profile
July 29, 2011, 09:13:18 PM
 #37

How do you get an invite?
idev
Hero Member
*****
Offline Offline

Activity: 928


View Profile
July 29, 2011, 09:24:22 PM
 #38

How do you get an invite?

You can just register here = > https://bank.flexcoin.com,
as i just did.
Syke
Legendary
*
Offline Offline

Activity: 2464


View Profile
July 29, 2011, 09:33:27 PM
 #39

404. No more invites?

Buy & Hold
spruce
Full Member
***
Offline Offline

Activity: 140


View Profile
July 29, 2011, 09:44:47 PM
 #40


See first post. You'll have to wait a day now:

I strongly urge you guys to get an invite now for flexcoin because when the invite system is off we're going to stop accepting new registrations for roughly a day.
Syke
Legendary
*
Offline Offline

Activity: 2464


View Profile
July 29, 2011, 09:49:05 PM
 #41


See first post. You'll have to wait a day now:

I strongly urge you guys to get an invite now for flexcoin because when the invite system is off we're going to stop accepting new registrations for roughly a day.
Don't you think something other than a 404 page would make sense?

Buy & Hold
the founder
Sr. Member
****
Offline Offline

Activity: 448


Bitcoin


View Profile WWW
July 29, 2011, 10:29:58 PM
 #42

LOL you're right..  I literally deleted the page as compared to editing it saying invites are over..   I took your advice however and did republish the page with a note saying the invite process is over.


Bitcoin RSS App / Bitcoin Android App / Bitcoin Webapp http://www.ounce.me  Say thank you here:  1HByHZQ44LUCxxpnqtXDuJVmrSdrGK6Q2f
gizmo256
Newbie
*
Offline Offline

Activity: 17


View Profile
July 29, 2011, 10:40:12 PM
 #43

shouldn't the Bitcoin system stay decentralized ?   Huh
spruce
Full Member
***
Offline Offline

Activity: 140


View Profile
July 29, 2011, 10:43:29 PM
 #44

shouldn't the Bitcoin system stay decentralized ?   Huh

There could be dozens of sites doing similar services. And should be. But someone has to be first.
hamburger
Full Member
***
Offline Offline

Activity: 146



View Profile
July 29, 2011, 11:24:43 PM
 #45


Now why the **** do I need an invite to register and why the **** can't you make the registration page only available to people with invites!
riush
Member
**
Offline Offline

Activity: 73


View Profile
July 29, 2011, 11:36:10 PM
 #46

Seriously, when asked
Could you give us as much info as possible on all your security measures?
and
We had it audited by a bank auditing company.  It exceeds banking compliance standards.
you can't do better than
Everything is encrypted with high grade encryption, salted.. etc etc..  Comodo "green bar" SSL, firewalled...
and
oh Trust me...
Huh

1MKKiJhUJgqKyfCLeo7bB1bvELNEM8wUbz
cepler
Jr. Member
*
Offline Offline

Activity: 47


View Profile
July 29, 2011, 11:41:44 PM
 #47

Seriously, when asked
Could you give us as much info as possible on all your security measures?
and
We had it audited by a bank auditing company.  It exceeds banking compliance standards.
you can't do better than
Everything is encrypted with high grade encryption, salted.. etc etc..  Comodo "green bar" SSL, firewalled...
and
oh Trust me...
Huh

+42

BTW: PCI Compliance is a complete crock of dog poop.  There is no standard testing procedure and the tests performed are often outdated and crazy picky about some things while compeltely ignoring other important things.  It's all a sham to make money and worse than TSA's security theater at the airport.  Website disappears with a 404 error because they deleted the page??  Not confidence inspiring.
Syke
Legendary
*
Offline Offline

Activity: 2464


View Profile
July 29, 2011, 11:47:34 PM
 #48

Everything is encrypted with high grade encryption, salted.. etc etc..  Comodo "green bar" SSL, firewalled...  We had it audited by a bank auditing company.  It exceeds banking compliance standards. The main site is just a standard http .. the banking area (on a differing server cluster) goes to the secure system.

and then I found this from the signup page...

Quote
password must be 6-12 characters
Are you kidding me? You are limiting passwords to 12 characters? And you consider this sufficient security? Sounds to me like you're storing the passwords in plaintext.

Buy & Hold
the founder
Sr. Member
****
Offline Offline

Activity: 448


Bitcoin


View Profile WWW
July 29, 2011, 11:59:48 PM
 #49

Are you kidding me? You are limiting passwords to 12 characters? And you consider this sufficient security? Sounds to me like you're storing the passwords in plaintext.

No, it's encrypted.. and B:  we were thinking that people might one day want to use it for their mobile phones...  so I have no idea what kind of phone you use.. but I'd rather not type in a 30 character password.

Look,  I know many of you got goxed .. hence why you're asking the questions you are.. and RIGHTFULLY so...  but storing crap in clear text?  That one takes the cake... but I am sure I can out do you.   

See actually we have a billboard on I-95 and we display the passwords in real time outside of Philadelphia.   



 


Bitcoin RSS App / Bitcoin Android App / Bitcoin Webapp http://www.ounce.me  Say thank you here:  1HByHZQ44LUCxxpnqtXDuJVmrSdrGK6Q2f
FlyingFlapjack
Newbie
*
Offline Offline

Activity: 29


View Profile
July 30, 2011, 12:03:09 AM
 #50


I notice you are claiming to be a bank. Are you really, legally a bank? I don't see anything on your site to indicate that you are...

I'd like to see a page of legal speak which at least seems to indicate you know what you're doing and won't be shut down by the government for claiming to be a bank when you are not legally a bank.

At this point, you look like some guys who don't have a clue about the legal environment of banking and just decided to 'open a bank' as a business. If that is not the case, you really should have some more information available to indicate that.
 

17nWLT7Dtgwy4umNLvLnxgqMVGBSYgJzP7
Give him tips! A beggar is a man too.
cepler
Jr. Member
*
Offline Offline

Activity: 47


View Profile
July 30, 2011, 12:09:15 AM
 #51

12 character limitation on passwords?!!?  I think my library has better password abilities...  Do you have any form of one time password abilities for 2 factor authentication?

I use password management, most of my passwords are 30-60+ characters of random crap.  And as for how I manage that on my phone, I have my encrypted password database on there so it's just a passphrase away from being entered.
the founder
Sr. Member
****
Offline Offline

Activity: 448


Bitcoin


View Profile WWW
July 30, 2011, 12:18:51 AM
 #52


I notice you are claiming to be a bank. Are you really, legally a bank? I don't see anything on your site to indicate that you are...

I'd like to see a page of legal speak which at least seems to indicate you know what you're doing and won't be shut down by the government for claiming to be a bank when you are not legally a bank.

At this point, you look like some guys who don't have a clue about the legal environment of banking and just decided to 'open a bank' as a business. If that is not the case, you really should have some more information available to indicate that.
 

yep we're the first bitcoin bank...  now I am not sure where to find the legal documents in Washington surrounding a bitcoin bank.   Honestly if you can find that let me know.   

Bitcoin RSS App / Bitcoin Android App / Bitcoin Webapp http://www.ounce.me  Say thank you here:  1HByHZQ44LUCxxpnqtXDuJVmrSdrGK6Q2f
the founder
Sr. Member
****
Offline Offline

Activity: 448


Bitcoin


View Profile WWW
July 30, 2011, 12:22:13 AM
 #53

you can't do better than

Seriously?   What do you want a map of the schematics?     

Yes it's encrypted,  yes it's SSL ...  what else seriously do you want to know?   Want me to start listing ports closed on the firewall?   

Bitcoin RSS App / Bitcoin Android App / Bitcoin Webapp http://www.ounce.me  Say thank you here:  1HByHZQ44LUCxxpnqtXDuJVmrSdrGK6Q2f
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1358


Bitcoin: An Idea Worth Spending


View Profile
July 30, 2011, 12:23:51 AM
 #54

Are you kidding me? You are limiting passwords to 12 characters? And you consider this sufficient security? Sounds to me like you're storing the passwords in plaintext.

No, it's encrypted.. and B:  we were thinking that people might one day want to use it for their mobile phones...  so I have no idea what kind of phone you use.. but I'd rather not type in a 30 character password.

Look,  I know many of you got goxed .. hence why you're asking the questions you are.. and RIGHTFULLY so...  but storing crap in clear text?  That one takes the cake... but I am sure I can out do you.    

See actually we have a billboard on I-95 and we display the passwords in real time outside of Philadelphia.    



That's an excellent idea. You took a page right out of LifeLock's marketing book.

randomguy7
Hero Member
*****
Offline Offline

Activity: 528


View Profile
July 30, 2011, 12:24:24 AM
 #55

Do the accounts get locked after a few invalid login attempts (to fix the weak password issue)?
Syke
Legendary
*
Offline Offline

Activity: 2464


View Profile
July 30, 2011, 12:25:04 AM
 #56

Are you kidding me? You are limiting passwords to 12 characters? And you consider this sufficient security? Sounds to me like you're storing the passwords in plaintext.
No, it's encrypted.. and B:  we were thinking that people might one day want to use it for their mobile phones...  so I have no idea what kind of phone you use.. but I'd rather not type in a 30 character password.
Really? Because you don't want to type in a long password on your state-of-the-art Motorola RAZR, you are putting every customer's account at risk. Keep your own password at 'abcdef', but don't prevent the rest of us from entering real passwords.

Buy & Hold
the founder
Sr. Member
****
Offline Offline

Activity: 448


Bitcoin


View Profile WWW
July 30, 2011, 12:26:33 AM
 #57

Are you kidding me? You are limiting passwords to 12 characters? And you consider this sufficient security? Sounds to me like you're storing the passwords in plaintext.
No, it's encrypted.. and B:  we were thinking that people might one day want to use it for their mobile phones...  so I have no idea what kind of phone you use.. but I'd rather not type in a 30 character password.
Really? Because you don't want to type in a long password on your state-of-the-art Motorola RAZR, you are putting every customer's account at risk. Keep your own password at 'abcdef', but don't prevent the rest of us from entering real passwords.

ok Syke..  I'll increase it before it goes public live (not just invite)  that would be Monday.




Bitcoin RSS App / Bitcoin Android App / Bitcoin Webapp http://www.ounce.me  Say thank you here:  1HByHZQ44LUCxxpnqtXDuJVmrSdrGK6Q2f
the founder
Sr. Member
****
Offline Offline

Activity: 448


Bitcoin


View Profile WWW
July 30, 2011, 12:27:34 AM
 #58

That's an excellent idea. You took a page right out of LifeLock's marketing book.



HA!!!  google his social security number...   You'll see Tribbleagency.com #1 . ..     I love being good at SEO as it's my blog.   He's been a victim of identity theft at least a dozen times since running that campaign!






Bitcoin RSS App / Bitcoin Android App / Bitcoin Webapp http://www.ounce.me  Say thank you here:  1HByHZQ44LUCxxpnqtXDuJVmrSdrGK6Q2f
fabianhjr
Sr. Member
****
Offline Offline

Activity: 322


Do The Evolution


View Profile
July 30, 2011, 12:28:37 AM
 #59

Just requested one... Haven't read much about flexcoin yet but what ensures it's security over any other escrow service?

Everything is encrypted with high grade encryption, salted.. etc etc..  Comodo "green bar" SSL, firewalled...  We had it audited by a bank auditing company.  It exceeds banking compliance standards. The main site is just a standard http .. the banking area (on a differing server cluster) goes to the secure system.

Is it foolproof?  No.

Many of you guys know the only "100% secure  system" is one that is physically unplugged and turned off...   and like any website on earth it can be brought down by DDOS attack....   but it does exceed what many would consider "normal security" or even "high grade security".  

I threw the entire weight of my company,  Yooter InterActive Marketing ( http://www.yooter.com )  into it... we normally do design, SEO for fortune 100 firms.    It's most likely the first corporate backed bitcoin startup.

As a beginner in the Security Field I have to voice concern over the cap on characters I can use as a password. This is seriously flawed.

Also, looks like I am not the only one. >_>

the founder
Sr. Member
****
Offline Offline

Activity: 448


Bitcoin


View Profile WWW
July 30, 2011, 12:30:19 AM
 #60


As a beginner in the Security Field I have to voice concern over the cap on characters I can use as a password. This is seriously flawed.

Also, looks like I am not the only one. >_>

As I stated,  I listened to you guys and it will be increased before Monday's open launch.


Bitcoin RSS App / Bitcoin Android App / Bitcoin Webapp http://www.ounce.me  Say thank you here:  1HByHZQ44LUCxxpnqtXDuJVmrSdrGK6Q2f
the founder
Sr. Member
****
Offline Offline

Activity: 448


Bitcoin


View Profile WWW
July 30, 2011, 12:45:56 AM
 #61

Do the accounts get locked after a few invalid login attempts (to fix the weak password issue)?

Actually we do have it set at a very high number for this weekend due to the invite process..  (we were thinking that people wanted to get familiar with the system,  try it on their mobile device. etc etc..)

On Monday we'll be increasing the password length limitation,  and lowering down the number of attempts then temporary lockout to 6 tries...  the problem I have with it is that I personally thumb it a dozen times on my iphone when entering in crap... but we've made this decision 2000 times... security over convenience...  in this case security wins both times.


Bitcoin RSS App / Bitcoin Android App / Bitcoin Webapp http://www.ounce.me  Say thank you here:  1HByHZQ44LUCxxpnqtXDuJVmrSdrGK6Q2f
FlyingFlapjack
Newbie
*
Offline Offline

Activity: 29


View Profile
July 30, 2011, 01:00:38 AM
 #62

yep we're the first bitcoin bank...  now I am not sure where to find the legal documents in Washington surrounding a bitcoin bank.   Honestly if you can find that let me know.   

Well you can be a federally chartered bank, or a state chartered bank. It costs millions in capital either way.

So...you're saying you're just going to avoid handling dollars and other 'real money' to avoid all that?  Do you have lawyers? I can't believe they'd tell you to just wing it. Even if bitcoin is not legally money, it is probably something like a security.

I'm not a lawyer, but you don't even seem to have a legal disclaimer anywhere about you not legally being an actual bank, unless I'm missing that link.

17nWLT7Dtgwy4umNLvLnxgqMVGBSYgJzP7
Give him tips! A beggar is a man too.
the founder
Sr. Member
****
Offline Offline

Activity: 448


Bitcoin


View Profile WWW
July 30, 2011, 02:59:22 AM
 #63

yep we're the first bitcoin bank...  now I am not sure where to find the legal documents in Washington surrounding a bitcoin bank.   Honestly if you can find that let me know.  

Well you can be a federally chartered bank, or a state chartered bank. It costs millions in capital either way.

----

But can you be a federally or state charted Bitcoin bank?   Seriously Washington moves fast!

------

Do you have lawyers?
----
yep at $300/ hour two of them...  
----

I'm not a lawyer, but you don't even seem to have a legal disclaimer anywhere about you not legally being an actual bank, unless I'm missing that link.


-----
You're not missing the link.   It's just that it's not needed.  Yes our company lawyer (and we had a second opinion as well) said that the term bank can apply to the side of a road,  a sharp turn,  a storage facility,  or a financial institution.  

On a second note, I used to work for a company called DomainBank.com for 10 years..  I don't recall a "charter on their front door"  either.. considering you couldn't deposit USD there...  nor can you at Flexcoin ...

I understand your concern,  but we already hashed this out months ago when we were building the bitcoin bank.    But i'll put a note on the TOS regarding it to ensure that everyone feels better about it.



Bitcoin RSS App / Bitcoin Android App / Bitcoin Webapp http://www.ounce.me  Say thank you here:  1HByHZQ44LUCxxpnqtXDuJVmrSdrGK6Q2f
thefussydutchman
Full Member
***
Offline Offline

Activity: 142


BTC- Its not a bubble.


View Profile
July 30, 2011, 03:56:55 AM
 #64

I really don't know what all the fuss is about an invite.  Your the owner but can't give me an invite?  That's fine this does not seem like a real company.
payb.tc
Hero Member
*****
Offline Offline

Activity: 812



View Profile
July 30, 2011, 06:43:48 AM
 #65

I've seen this image soooooo many times on the web.

just type 'laptop woman' into google images as an example Smiley



(actually, tineye returns 978 results for it  Shocked Shocked Shocked)

kloinko1n
Full Member
***
Offline Offline

Activity: 177


View Profile
July 30, 2011, 06:30:54 PM
 #66

I just LOVE the part where impulsepay.com says that this hype goes at a premium of 33% additional costs (as they charge 25% of the revenues, you have to raise the price by 33% to satisfy that condition).

uhmm... NOT  Grin
phillipsjk
Legendary
*
Offline Offline

Activity: 1008

Let the chips fall where they may.


View Profile WWW
July 30, 2011, 06:45:09 PM
 #67

Are you kidding me? You are limiting passwords to 12 characters? And you consider this sufficient security? Sounds to me like you're storing the passwords in plaintext.

No, it's encrypted.. and B:  we were thinking that people might one day want to use it for their mobile phones...  so I have no idea what kind of phone you use.. but I'd rather not type in a 30 character password.


For a cellphone, it may be easier to type a 20 character numeric password (66.4 bits of entropy if random). A 12 character password can't really have over 72 bits of entropy. Computers are getting stupidly fast these days. Anything with less than 64 bits of entropy is likely insecure. After 128 bits you are probably safe as long as the storage mechanism has no underlying weakness.

James' OpenPGP public key fingerprint: EB14 9E5B F80C 1F2D 3EBE  0A2F B3DE 81FF 7B9D 5160
CubedRoot
Sr. Member
****
Offline Offline

Activity: 295


View Profile
July 30, 2011, 06:59:15 PM
 #68

so, I think I missed this Smiley
How do we get invites?  I would like to give Flexcoin a shot
dishwara
Legendary
*
Offline Offline

Activity: 1582



View Profile
July 30, 2011, 07:36:44 PM
 #69

I try to register & got this error.
Quote
could not register new user
you do not have a valid invitation
try again

Open Altcoin Github
Limxtec Telegram












Bitsend BSD
Founder/ Technical /Markting Support
The first Masternodecoin with Segwit

www.bitcore.cc












Bitcore BTX
Founder/ Technical /Markting Support
The first hybrid fork from BTC

www.bitsend.info












Diamond DMD
Technical Support
The Jewel of Crypto

www.bitsend.info












Bitcloud BTDX
Technical Support
Masternodecoin 12.2

https://bit-cloud.info/













████
 ████
  ████
   ████
    ████
     ████
      ████
       ████
        ████
       ████
      ████
     ████
    ████
   ████
  ████
 ████
████

████
 ████
  ████
   ████
    ████
     ████
      ████
       ████
        ████
       ████
      ████
     ████
    ████
   ████
  ████
 ████
████
phillipsjk
Legendary
*
Offline Offline

Activity: 1008

Let the chips fall where they may.


View Profile WWW
July 30, 2011, 07:53:52 PM
 #70

Any attacker would set up their look-alike on a different domain as well. Have you seen the Upside-Down-Ternet page?

Intercepting HTTP is trivial. In some cases intercepting HTTPS is trivial as well.


yea but you don't even need to do that...   I could go setup ...  paypal.com.EXAMPLE.Com and just make the shitty scum site look like paypal and send out tons of unsolicited e-mail to people and some idiots will bite.. it's called phishing.


Many users visit websites by typing their name into a trusted search engine like Google (Which does support HTTPS). paypal.com.example.com won't come up in the first 10 results, but paypal.com will. Without HTTPS (or other authentication), it is possible for an attacker to use your real domain for their phishing site.

As I have pointed out, this is not a theoretical or difficult attack. Are you OK with my ISP injecting PayPal ads when I view your landing page?

PS: I know my own website does not support HTTPS or IPsec at the moment... I hope to change that eventually. IPsec should work for the gopher version too Smiley

James' OpenPGP public key fingerprint: EB14 9E5B F80C 1F2D 3EBE  0A2F B3DE 81FF 7B9D 5160
Pages: 1 2 3 4 [All]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!