Bitcoin Forum
December 04, 2016, 04:10:49 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: Security at Camp BX  (Read 2941 times)
Keyur @ Camp BX
Sr. Member
****
Offline Offline

Activity: 300



View Profile WWW
October 06, 2011, 06:40:27 PM
 #1

Hi everyone,
      We received multiple requests for information around Camp BX security measures in the wake of Bitcoin7 incident.  So here is a high-level summary of precautions and processes in place at Camp BX: please feel free to ask questions and we will be happy to share additional information.

Physical Security:
- Professional, secure data center in Arizona
- Triple telecom backbone connectivity for redundancy
- Caterpillar diesel generators in case of power brown-out / black-out
- Restricted physical access to servers

Information security:
- Well defined chain of command for wallet and database ownership
- Nightly security scans by McAfee Secure
- Scheduled D-DoS attacks
- White-hat penetration tests
- 72-hour SLA commitment to address new vulnerabilities

Financial security:
- No fractional reserve: We hold 100% of user funds in reserve at all times
- All banking done on-shore in the USA
- We do not do business with companies that don't have a registered office in USA.  (Paxum, Liberty Reserve)

Thank you,
       Keyur


Please stay tuned to our news and announcements feeds at:
Twitter: https://twitter.com/CampBX
Facebook: https://facebook.com/CampBX
1480824649
Hero Member
*
Offline Offline

Posts: 1480824649

View Profile Personal Message (Offline)

Ignore
1480824649
Reply with quote  #2

1480824649
Report to moderator
1480824649
Hero Member
*
Offline Offline

Posts: 1480824649

View Profile Personal Message (Offline)

Ignore
1480824649
Reply with quote  #2

1480824649
Report to moderator
1480824649
Hero Member
*
Offline Offline

Posts: 1480824649

View Profile Personal Message (Offline)

Ignore
1480824649
Reply with quote  #2

1480824649
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480824649
Hero Member
*
Offline Offline

Posts: 1480824649

View Profile Personal Message (Offline)

Ignore
1480824649
Reply with quote  #2

1480824649
Report to moderator
1480824649
Hero Member
*
Offline Offline

Posts: 1480824649

View Profile Personal Message (Offline)

Ignore
1480824649
Reply with quote  #2

1480824649
Report to moderator
Yankee (BitInstant)
Legendary
*
Offline Offline

Activity: 1078


Charlie 'Van Bitcoin' Shrem


View Profile WWW
October 06, 2011, 06:48:48 PM
 #2

- We do not do business with companies that don't have a registered office in USA.  (Paxum, Liberty Reserve)

Paxum does not have an office in the USA. They are based in South America with an office in Canada. There customer service is based in Mexico and they use a Belize and Canadian bank  Cheesy

Bitcoin pioneer. An apostle of Satoshi Nakamoto. A crusader for a new, better, tech-driven society. A dreamer.

More about me: http://CharlieShrem.com
Keyur @ Camp BX
Sr. Member
****
Offline Offline

Activity: 300



View Profile WWW
October 06, 2011, 06:52:57 PM
 #3

- We do not do business with companies that don't have a registered office in USA.  (Paxum, Liberty Reserve)

Paxum does not have an office in the USA. They are based in South America with an office in Canada. There customer service is based in Mexico and they use a Belize and Canadian bank  Cheesy

Correct - that is why we do not support Paxum!  Sorry the original post was not clear: should have said "No Paxum".


Please stay tuned to our news and announcements feeds at:
Twitter: https://twitter.com/CampBX
Facebook: https://facebook.com/CampBX
Yankee (BitInstant)
Legendary
*
Offline Offline

Activity: 1078


Charlie 'Van Bitcoin' Shrem


View Profile WWW
October 06, 2011, 07:01:42 PM
 #4

- We do not do business with companies that don't have a registered office in USA.  (Paxum, Liberty Reserve)

Paxum does not have an office in the USA. They are based in South America with an office in Canada. There customer service is based in Mexico and they use a Belize and Canadian bank  Cheesy

Correct - that is why we do not support Paxum!  Sorry the original post was not clear: should have said "No Paxum".


Cool.

Once your volume is pumped up, we can talk about Bitinstant Integration. We can offer your customer instant deposits, withdrawals, and inter-exchange transfers between 5 payment methods and 4 other exchanges besides you. You take no risk and everything done on our end.

Good luck.

Bitcoin pioneer. An apostle of Satoshi Nakamoto. A crusader for a new, better, tech-driven society. A dreamer.

More about me: http://CharlieShrem.com
BitcoinPorn
Hero Member
*****
Offline Offline

Activity: 560


Posts: 69


View Profile WWW
October 06, 2011, 08:52:46 PM
 #5

Good timing with this post, I forget about Camp BX sometimes, but maybe because the users are happy, and happy customers are not noisy and don't pollute the forums Wink

nmat
Hero Member
*****
Offline Offline

Activity: 602


View Profile
October 06, 2011, 11:58:22 PM
 #6

There haven't been much news from Camp BX lately... Are SEPA transfers still on the roadmap?
the founder
Sr. Member
****
Offline Offline

Activity: 448


Bitcoin


View Profile WWW
October 07, 2011, 02:38:38 PM
 #7

out of the exchanges,   I would put my bet on CampBX being the most secure...

Based in the US with trigger happy lawyers it most likely would mean they had to spend more time on Security than anything else.



Bitcoin RSS App / Bitcoin Android App / Bitcoin Webapp http://www.ounce.me  Say thank you here:  1HByHZQ44LUCxxpnqtXDuJVmrSdrGK6Q2f
oOoOo
Full Member
***
Offline Offline

Activity: 238


View Profile
October 07, 2011, 03:56:10 PM
 #8

How do you protect yourself from a possible government seizure?
What do you do if a court randomly decides to freeze your funds because of "money laundering laws" overnight?
All your eggs are in one basket (USA), are you prepared for a possible social collapse in the coming years?
How do you handle Dollar devaluation?

Can you please answer the above^ questions?

Greets,
oOo
.
BitcoinPorn
Hero Member
*****
Offline Offline

Activity: 560


Posts: 69


View Profile WWW
October 07, 2011, 06:33:59 PM
 #9

All your eggs are in one basket (USA), are you prepared for a possible social collapse in the coming years?

Loaded questions are so fair.

Horkabork
Full Member
***
Offline Offline

Activity: 140



View Profile
October 07, 2011, 07:40:43 PM
 #10

Keyur, can you tell us about how you store your wallets and such? By that, I mean that in any given day you probably only need 10% liquidity. So a good practice would be to have your active, server-accessible wallets separate from wallets containing the remainder of reserves. That major wallet should be elsewhere, such as on a computer not on your network and this computer is only turned on for 5 minutes a day in order to refill the active wallets. Also, it should be in a cage with several rabid monkeys who can only be tamed by a secret routine, such as reading them a bedtime story and giving out sedative-laden fruits. And this cage should be in a van that moves around a city 24/7. This is like that Burn Notice episode where a package was kept perpetually moving by a series of motorcycle couriers.

The computer in question should be backed up by a flash drive the size of a pill, which you repeatedly eat every few days in order to keep it in your body. The timing is perfect, I've found, to allow the backup to be only occasionally accessible depending on your regularity. If you need it in an emergency, then just eat a lot of prune juice or, in a really major emergency, find a Winogradsky column and drink it.

Then, if your site does get hacked, everyone's risk is minimized. See, I don't think many people take solace in prevention measures at exchanges any more. The more important question involves what hackers or rogue employees could obtain if given access. Please name one of the monkeys after me.

Me: 15gbWvpLPfbLJZBsL2u5gkBdL3BUXDbTuF
A goat: http://i52.tinypic.com/34pj4v6.jpg
Keyur @ Camp BX
Sr. Member
****
Offline Offline

Activity: 300



View Profile WWW
October 07, 2011, 08:07:37 PM
 #11

There haven't been much news from Camp BX lately... Are SEPA transfers still on the roadmap?

Nmat,
        We were hoping to launch in Europe late September, and also have a multi-currency back-end ready to go!  Unfortunately running into some red-tape in Europe.  We are hoping to get required permissions and redundant bank accounts in place by Q1 2012 to ensure uninterrupted service for our customers.

Thank you,
       Keyur

Please stay tuned to our news and announcements feeds at:
Twitter: https://twitter.com/CampBX
Facebook: https://facebook.com/CampBX
c_k
Donator
Sr. Member
*
Offline Offline

Activity: 242



View Profile
October 07, 2011, 08:10:56 PM
 #12

Do you have New Zealand on your roadmap?

Keyur @ Camp BX
Sr. Member
****
Offline Offline

Activity: 300



View Profile WWW
October 07, 2011, 08:18:40 PM
 #13

Keyur, can you tell us about how you store your wallets and such? By that, I mean that in any given day you probably only need 10% liquidity. So a good practice would be to have your active, server-accessible wallets separate from wallets containing the remainder of reserves. That major wallet should be elsewhere, such as on a computer not on your network and this computer is only turned on for 5 minutes a day in order to refill the active wallets. Also, it should be in a cage with several rabid monkeys who can only be tamed by a secret routine, such as reading them a bedtime story and giving out sedative-laden fruits. And this cage should be in a van that moves around a city 24/7. This is like that Burn Notice episode where a package was kept perpetually moving by a series of motorcycle couriers.

The computer in question should be backed up by a flash drive the size of a pill, which you repeatedly eat every few days in order to keep it in your body. The timing is perfect, I've found, to allow the backup to be only occasionally accessible depending on your regularity. If you need it in an emergency, then just eat a lot of prune juice or, in a really major emergency, find a Winogradsky column and drink it.

Then, if your site does get hacked, everyone's risk is minimized. See, I don't think many people take solace in prevention measures at exchanges any more. The more important question involves what hackers or rogue employees could obtain if given access. Please name one of the monkeys after me.


As far as I know, this is the exact procedure they use to protect Coca Cola's secret formula ;-)

We understand your concern though about an inside job though.  That is why we follow the best practices deployed in most of corporations: split component ownership, and chain-of-command for each component.  This makes it easy to pinpoint rogue elements.

- Keyur

Please stay tuned to our news and announcements feeds at:
Twitter: https://twitter.com/CampBX
Facebook: https://facebook.com/CampBX
Steve
Hero Member
*****
Offline Offline

Activity: 868



View Profile WWW
October 07, 2011, 08:19:23 PM
 #14

Keyur, can you tell us about how you store your wallets and such? By that, I mean that in any given day you probably only need 10% liquidity. So a good practice would be to have your active, server-accessible wallets separate from wallets containing the remainder of reserves. That major wallet should be elsewhere, such as on a computer not on your network and this computer is only turned on for 5 minutes a day in order to refill the active wallets. Also, it should be in a cage with several rabid monkeys who can only be tamed by a secret routine, such as reading them a bedtime story and giving out sedative-laden fruits. And this cage should be in a van that moves around a city 24/7. This is like that Burn Notice episode where a package was kept perpetually moving by a series of motorcycle couriers.

The computer in question should be backed up by a flash drive the size of a pill, which you repeatedly eat every few days in order to keep it in your body. The timing is perfect, I've found, to allow the backup to be only occasionally accessible depending on your regularity. If you need it in an emergency, then just eat a lot of prune juice or, in a really major emergency, find a Winogradsky column and drink it.

Then, if your site does get hacked, everyone's risk is minimized. See, I don't think many people take solace in prevention measures at exchanges any more. The more important question involves what hackers or rogue employees could obtain if given access. Please name one of the monkeys after me.
LOL!  I need to keep a page somewhere with links to classic posts from this forum...this would go right at the top.

(gasteve on IRC) Does your website accept cash? https://bitpay.com
kokjo
Legendary
*
Offline Offline

Activity: 1050

You are WRONG!


View Profile
October 07, 2011, 08:21:10 PM
 #15

sorry you guys, but i don't trust you...

its a nice and shiney website you got, but i don't trust you.

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
Keyur @ Camp BX
Sr. Member
****
Offline Offline

Activity: 300



View Profile WWW
October 07, 2011, 08:23:02 PM
 #16

How do you protect yourself from a possible government seizure?
What do you do if a court randomly decides to freeze your funds because of "money laundering laws" overnight?
All your eggs are in one basket (USA), are you prepared for a possible social collapse in the coming years?
How do you handle Dollar devaluation?

Can you please answer the above^ questions?

Greets,
oOo
.

oOo,

Social collapse and dollar devaluation questions are beyond any single company's capability to answer.  However, we are confident that our compliance policies and lawyers should be able to address (1) and (2) very well.

- Keyur

Please stay tuned to our news and announcements feeds at:
Twitter: https://twitter.com/CampBX
Facebook: https://facebook.com/CampBX
Keyur @ Camp BX
Sr. Member
****
Offline Offline

Activity: 300



View Profile WWW
October 07, 2011, 08:26:13 PM
 #17

Do you have New Zealand on your roadmap?

c_k,
       Not yet!

- Keyur

Please stay tuned to our news and announcements feeds at:
Twitter: https://twitter.com/CampBX
Facebook: https://facebook.com/CampBX
Keyur @ Camp BX
Sr. Member
****
Offline Offline

Activity: 300



View Profile WWW
October 07, 2011, 08:36:20 PM
 #18

sorry you guys, but i don't trust you...

its a nice and shiney website you got, but i don't trust you.

Kokjo,
       Respect your opinion, and hope we can change it someday!

- Keyur



Please stay tuned to our news and announcements feeds at:
Twitter: https://twitter.com/CampBX
Facebook: https://facebook.com/CampBX
kokjo
Legendary
*
Offline Offline

Activity: 1050

You are WRONG!


View Profile
October 07, 2011, 08:43:53 PM
 #19

sorry you guys, but i don't trust you...

its a nice and shiney website you got, but i don't trust you.

Kokjo,
       Respect your opinion, and hope we can change it someday!

- Keyur



move to europe or japan. and maybe i will trust you.

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
nmat
Hero Member
*****
Offline Offline

Activity: 602


View Profile
October 07, 2011, 10:17:19 PM
 #20

There haven't been much news from Camp BX lately... Are SEPA transfers still on the roadmap?

Nmat,
        We were hoping to launch in Europe late September, and also have a multi-currency back-end ready to go!  Unfortunately running into some red-tape in Europe.  We are hoping to get required permissions and redundant bank accounts in place by Q1 2012 to ensure uninterrupted service for our customers.

Thank you,
       Keyur

That's too bad  Undecided Well, at least I hope that when it launches it will be reliable. MtGox/TradeHill have been on and off with SEPA transfers for the last months.

New feature suggestion: allow users to import private keys (like MtGox does). It would be cool if you could make this sort of ubiquitous so that users don't need to worry about the correct format.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!