Security at Camp BX

[Keyur @ Camp BX]

Hi everyone,
      We received multiple requests for information around Camp BX security measures in the wake of Bitcoin7 incident.  So here is a high-level summary of precautions and processes in place at Camp BX: please feel free to ask questions and we will be happy to share additional information.

Physical Security:
- Professional, secure data center in Arizona
- Triple telecom backbone connectivity for redundancy
- Caterpillar diesel generators in case of power brown-out / black-out
- Restricted physical access to servers

Information security:
- Well defined chain of command for wallet and database ownership
- Nightly security scans by McAfee Secure
- Scheduled D-DoS attacks
- White-hat penetration tests
- 72-hour SLA commitment to address new vulnerabilities

Financial security:
- No fractional reserve: We hold 100% of user funds in reserve at all times
- All banking done on-shore in the USA
- We do not do business with companies that don't have a registered office in USA.  (Paxum, Liberty Reserve)

Thank you,
       Keyur

[Yankee (BitInstant)]

- We do not do business with companies that don't have a registered office in USA.  (Paxum, Liberty Reserve)

Paxum does not have an office in the USA. They are based in South America with an office in Canada. There customer service is based in Mexico and they use a Belize and Canadian bank 

[Keyur @ Camp BX]

- We do not do business with companies that don't have a registered office in USA.  (Paxum, Liberty Reserve)

Paxum does not have an office in the USA. They are based in South America with an office in Canada. There customer service is based in Mexico and they use a Belize and Canadian bank 

Correct - that is why we do not support Paxum!  Sorry the original post was not clear: should have said "No Paxum".

[Yankee (BitInstant)]

- We do not do business with companies that don't have a registered office in USA.  (Paxum, Liberty Reserve)

Paxum does not have an office in the USA. They are based in South America with an office in Canada. There customer service is based in Mexico and they use a Belize and Canadian bank 

Correct - that is why we do not support Paxum!  Sorry the original post was not clear: should have said "No Paxum".

Cool.

Once your volume is pumped up, we can talk about Bitinstant Integration. We can offer your customer instant deposits, withdrawals, and inter-exchange transfers between 5 payment methods and 4 other exchanges besides you. You take no risk and everything done on our end.

Good luck.

[BitcoinPorn]

Good timing with this post, I forget about Camp BX sometimes, but maybe because the users are happy, and happy customers are not noisy and don't pollute the forums

[nmat]

There haven't been much news from Camp BX lately... Are SEPA transfers still on the roadmap?

[the founder]

out of the exchanges,   I would put my bet on CampBX being the most secure...

Based in the US with trigger happy lawyers it most likely would mean they had to spend more time on Security than anything else.

[oOoOo]

How do you protect yourself from a possible government seizure?
What do you do if a court randomly decides to freeze your funds because of "money laundering laws" overnight?
All your eggs are in one basket (USA), are you prepared for a possible social collapse in the coming years?
How do you handle Dollar devaluation?

Can you please answer the above^ questions?

Greets,
oOo
.

[BitcoinPorn]

All your eggs are in one basket (USA), are you prepared for a possible social collapse in the coming years?

Loaded questions are so fair.

[Horkabork]

Keyur, can you tell us about how you store your wallets and such? By that, I mean that in any given day you probably only need 10% liquidity. So a good practice would be to have your active, server-accessible wallets separate from wallets containing the remainder of reserves. That major wallet should be elsewhere, such as on a computer not on your network and this computer is only turned on for 5 minutes a day in order to refill the active wallets. Also, it should be in a cage with several rabid monkeys who can only be tamed by a secret routine, such as reading them a bedtime story and giving out sedative-laden fruits. And this cage should be in a van that moves around a city 24/7. This is like that Burn Notice episode where a package was kept perpetually moving by a series of motorcycle couriers.

The computer in question should be backed up by a flash drive the size of a pill, which you repeatedly eat every few days in order to keep it in your body. The timing is perfect, I've found, to allow the backup to be only occasionally accessible depending on your regularity. If you need it in an emergency, then just eat a lot of prune juice or, in a really major emergency, find a Winogradsky column and drink it.

Then, if your site does get hacked, everyone's risk is minimized. See, I don't think many people take solace in prevention measures at exchanges any more. The more important question involves what hackers or rogue employees could obtain if given access. Please name one of the monkeys after me.

[Keyur @ Camp BX]

There haven't been much news from Camp BX lately... Are SEPA transfers still on the roadmap?

Nmat,
        We were hoping to launch in Europe late September, and also have a multi-currency back-end ready to go!  Unfortunately running into some red-tape in Europe.  We are hoping to get required permissions and redundant bank accounts in place by Q1 2012 to ensure uninterrupted service for our customers.

Thank you,
       Keyur

[c_k]

Do you have New Zealand on your roadmap?

[Keyur @ Camp BX]

Keyur, can you tell us about how you store your wallets and such? By that, I mean that in any given day you probably only need 10% liquidity. So a good practice would be to have your active, server-accessible wallets separate from wallets containing the remainder of reserves. That major wallet should be elsewhere, such as on a computer not on your network and this computer is only turned on for 5 minutes a day in order to refill the active wallets. Also, it should be in a cage with several rabid monkeys who can only be tamed by a secret routine, such as reading them a bedtime story and giving out sedative-laden fruits. And this cage should be in a van that moves around a city 24/7. This is like that Burn Notice episode where a package was kept perpetually moving by a series of motorcycle couriers.

The computer in question should be backed up by a flash drive the size of a pill, which you repeatedly eat every few days in order to keep it in your body. The timing is perfect, I've found, to allow the backup to be only occasionally accessible depending on your regularity. If you need it in an emergency, then just eat a lot of prune juice or, in a really major emergency, find a Winogradsky column and drink it.

Then, if your site does get hacked, everyone's risk is minimized. See, I don't think many people take solace in prevention measures at exchanges any more. The more important question involves what hackers or rogue employees could obtain if given access. Please name one of the monkeys after me.

As far as I know, this is the exact procedure they use to protect Coca Cola's secret formula ;-)

We understand your concern though about an inside job though.  That is why we follow the best practices deployed in most of corporations: split component ownership, and chain-of-command for each component.  This makes it easy to pinpoint rogue elements.

- Keyur

[Steve]

Keyur, can you tell us about how you store your wallets and such? By that, I mean that in any given day you probably only need 10% liquidity. So a good practice would be to have your active, server-accessible wallets separate from wallets containing the remainder of reserves. That major wallet should be elsewhere, such as on a computer not on your network and this computer is only turned on for 5 minutes a day in order to refill the active wallets. Also, it should be in a cage with several rabid monkeys who can only be tamed by a secret routine, such as reading them a bedtime story and giving out sedative-laden fruits. And this cage should be in a van that moves around a city 24/7. This is like that Burn Notice episode where a package was kept perpetually moving by a series of motorcycle couriers.

The computer in question should be backed up by a flash drive the size of a pill, which you repeatedly eat every few days in order to keep it in your body. The timing is perfect, I've found, to allow the backup to be only occasionally accessible depending on your regularity. If you need it in an emergency, then just eat a lot of prune juice or, in a really major emergency, find a Winogradsky column and drink it.

Then, if your site does get hacked, everyone's risk is minimized. See, I don't think many people take solace in prevention measures at exchanges any more. The more important question involves what hackers or rogue employees could obtain if given access. Please name one of the monkeys after me.

LOL!  I need to keep a page somewhere with links to classic posts from this forum...this would go right at the top.

[kokjo]

sorry you guys, but i don't trust you...

its a nice and shiney website you got, but i don't trust you.

[Keyur @ Camp BX]

How do you protect yourself from a possible government seizure?
What do you do if a court randomly decides to freeze your funds because of "money laundering laws" overnight?
All your eggs are in one basket (USA), are you prepared for a possible social collapse in the coming years?
How do you handle Dollar devaluation?

Can you please answer the above^ questions?

Greets,
oOo
.

oOo,

Social collapse and dollar devaluation questions are beyond any single company's capability to answer.  However, we are confident that our compliance policies and lawyers should be able to address (1) and (2) very well.

- Keyur

[Keyur @ Camp BX]

Do you have New Zealand on your roadmap?

c_k,
       Not yet!

- Keyur

[Keyur @ Camp BX]

sorry you guys, but i don't trust you...

its a nice and shiney website you got, but i don't trust you.

Kokjo,
       Respect your opinion, and hope we can change it someday!

- Keyur

[kokjo]

sorry you guys, but i don't trust you...

its a nice and shiney website you got, but i don't trust you.

Kokjo,
       Respect your opinion, and hope we can change it someday!

- Keyur

move to europe or japan. and maybe i will trust you.

[nmat]

There haven't been much news from Camp BX lately... Are SEPA transfers still on the roadmap?

Nmat,
        We were hoping to launch in Europe late September, and also have a multi-currency back-end ready to go!  Unfortunately running into some red-tape in Europe.  We are hoping to get required permissions and redundant bank accounts in place by Q1 2012 to ensure uninterrupted service for our customers.

Thank you,
       Keyur

That's too bad  Well, at least I hope that when it launches it will be reliable. MtGox/TradeHill have been on and off with SEPA transfers for the last months.

New feature suggestion: allow users to import private keys (like MtGox does). It would be cool if you could make this sort of ubiquitous so that users don't need to worry about the correct format.