Crazy Land Rush

[Syke]

How does one go about getting an invite?

http://www.flexcoin.com/?page_id=51

404. No more invites?

See first post. You'll have to wait a day now:

I strongly urge you guys to get an invite now for flexcoin because when the invite system is off we're going to stop accepting new registrations for roughly a day.

Don't you think something other than a 404 page would make sense?

[the founder]

LOL you're right..  I literally deleted the page as compared to editing it saying invites are over..   I took your advice however and did republish the page with a note saying the invite process is over.

[gizmo256]

shouldn't the Bitcoin system stay decentralized ?   

[spruce]

shouldn't the Bitcoin system stay decentralized ?   

There could be dozens of sites doing similar services. And should be. But someone has to be first.

[hamburger]

Now why the **** do I need an invite to register and why the **** can't you make the registration page only available to people with invites!

[riush]

Seriously, when asked

Could you give us as much info as possible on all your security measures?

and

We had it audited by a bank auditing company.  It exceeds banking compliance standards.

you can't do better than

Everything is encrypted with high grade encryption, salted.. etc etc..  Comodo "green bar" SSL, firewalled...

and

oh Trust me...

[cepler]

Seriously, when asked

Could you give us as much info as possible on all your security measures?

and

We had it audited by a bank auditing company.  It exceeds banking compliance standards.

you can't do better than

Everything is encrypted with high grade encryption, salted.. etc etc..  Comodo "green bar" SSL, firewalled...

and

oh Trust me...

+42

BTW: PCI Compliance is a complete crock of dog poop.  There is no standard testing procedure and the tests performed are often outdated and crazy picky about some things while compeltely ignoring other important things.  It's all a sham to make money and worse than TSA's security theater at the airport.  Website disappears with a 404 error because they deleted the page??  Not confidence inspiring.

[Syke]

Everything is encrypted with high grade encryption, salted.. etc etc..  Comodo "green bar" SSL, firewalled...  We had it audited by a bank auditing company.  It exceeds banking compliance standards. The main site is just a standard http .. the banking area (on a differing server cluster) goes to the secure system.

and then I found this from the signup page...

password must be 6-12 characters

Are you kidding me? You are limiting passwords to 12 characters? And you consider this sufficient security? Sounds to me like you're storing the passwords in plaintext.

[the founder]

Are you kidding me? You are limiting passwords to 12 characters? And you consider this sufficient security? Sounds to me like you're storing the passwords in plaintext.

No, it's encrypted.. and B:  we were thinking that people might one day want to use it for their mobile phones...  so I have no idea what kind of phone you use.. but I'd rather not type in a 30 character password.

Look,  I know many of you got goxed .. hence why you're asking the questions you are.. and RIGHTFULLY so...  but storing crap in clear text?  That one takes the cake... but I am sure I can out do you.   

See actually we have a billboard on I-95 and we display the passwords in real time outside of Philadelphia.   



 

[FlyingFlapjack]

I notice you are claiming to be a bank. Are you really, legally a bank? I don't see anything on your site to indicate that you are...

I'd like to see a page of legal speak which at least seems to indicate you know what you're doing and won't be shut down by the government for claiming to be a bank when you are not legally a bank.

At this point, you look like some guys who don't have a clue about the legal environment of banking and just decided to 'open a bank' as a business. If that is not the case, you really should have some more information available to indicate that.
 

[cepler]

12 character limitation on passwords?!!?  I think my library has better password abilities...  Do you have any form of one time password abilities for 2 factor authentication?

I use password management, most of my passwords are 30-60+ characters of random crap.  And as for how I manage that on my phone, I have my encrypted password database on there so it's just a passphrase away from being entered.

[the founder]

I notice you are claiming to be a bank. Are you really, legally a bank? I don't see anything on your site to indicate that you are...

I'd like to see a page of legal speak which at least seems to indicate you know what you're doing and won't be shut down by the government for claiming to be a bank when you are not legally a bank.

At this point, you look like some guys who don't have a clue about the legal environment of banking and just decided to 'open a bank' as a business. If that is not the case, you really should have some more information available to indicate that.
 

yep we're the first bitcoin bank...  now I am not sure where to find the legal documents in Washington surrounding a bitcoin bank.   Honestly if you can find that let me know.   

[the founder]

you can't do better than

Seriously?   What do you want a map of the schematics?     

Yes it's encrypted,  yes it's SSL ...  what else seriously do you want to know?   Want me to start listing ports closed on the firewall?   

[Phinnaeus Gage]

Are you kidding me? You are limiting passwords to 12 characters? And you consider this sufficient security? Sounds to me like you're storing the passwords in plaintext.

No, it's encrypted.. and B:  we were thinking that people might one day want to use it for their mobile phones...  so I have no idea what kind of phone you use.. but I'd rather not type in a 30 character password.

Look,  I know many of you got goxed .. hence why you're asking the questions you are.. and RIGHTFULLY so...  but storing crap in clear text?  That one takes the cake... but I am sure I can out do you.    

See actually we have a billboard on I-95 and we display the passwords in real time outside of Philadelphia.    

That's an excellent idea. You took a page right out of LifeLock's marketing book.

[randomguy7]

Do the accounts get locked after a few invalid login attempts (to fix the weak password issue)?

[Syke]

Are you kidding me? You are limiting passwords to 12 characters? And you consider this sufficient security? Sounds to me like you're storing the passwords in plaintext.

No, it's encrypted.. and B:  we were thinking that people might one day want to use it for their mobile phones...  so I have no idea what kind of phone you use.. but I'd rather not type in a 30 character password.

Really? Because you don't want to type in a long password on your state-of-the-art Motorola RAZR, you are putting every customer's account at risk. Keep your own password at 'abcdef', but don't prevent the rest of us from entering real passwords.

[the founder]

Are you kidding me? You are limiting passwords to 12 characters? And you consider this sufficient security? Sounds to me like you're storing the passwords in plaintext.

No, it's encrypted.. and B:  we were thinking that people might one day want to use it for their mobile phones...  so I have no idea what kind of phone you use.. but I'd rather not type in a 30 character password.

Really? Because you don't want to type in a long password on your state-of-the-art Motorola RAZR, you are putting every customer's account at risk. Keep your own password at 'abcdef', but don't prevent the rest of us from entering real passwords.

ok Syke..  I'll increase it before it goes public live (not just invite)  that would be Monday.

[the founder]

That's an excellent idea. You took a page right out of LifeLock's marketing book.

HA!!!  google his social security number...   You'll see Tribbleagency.com #1 . ..     I love being good at SEO as it's my blog.   He's been a victim of identity theft at least a dozen times since running that campaign!

[fabianhjr]

Just requested one... Haven't read much about flexcoin yet but what ensures it's security over any other escrow service?

Everything is encrypted with high grade encryption, salted.. etc etc..  Comodo "green bar" SSL, firewalled...  We had it audited by a bank auditing company.  It exceeds banking compliance standards. The main site is just a standard http .. the banking area (on a differing server cluster) goes to the secure system.

Is it foolproof?  No.

Many of you guys know the only "100% secure  system" is one that is physically unplugged and turned off...   and like any website on earth it can be brought down by DDOS attack....   but it does exceed what many would consider "normal security" or even "high grade security".  

I threw the entire weight of my company,  Yooter InterActive Marketing ( http://www.yooter.com )  into it... we normally do design, SEO for fortune 100 firms.    It's most likely the first corporate backed bitcoin startup.

As a beginner in the Security Field I have to voice concern over the cap on characters I can use as a password. This is seriously flawed.

Also, looks like I am not the only one. >_>

[the founder]

As a beginner in the Security Field I have to voice concern over the cap on characters I can use as a password. This is seriously flawed.

Also, looks like I am not the only one. >_>

As I stated,  I listened to you guys and it will be increased before Monday's open launch.