|
Keyur @ Camp BX (OP)
|
 |
October 06, 2011, 06:40:27 PM |
|
Hi everyone,
We received multiple requests for information around Camp BX security measures in the wake of Bitcoin7 incident. So here is a high-level summary of precautions and processes in place at Camp BX: please feel free to ask questions and we will be happy to share additional information.
Physical Security:
- Professional, secure data center in Arizona
- Triple telecom backbone connectivity for redundancy
- Caterpillar diesel generators in case of power brown-out / black-out
- Restricted physical access to servers
Information security:
- Well defined chain of command for wallet and database ownership
- Nightly security scans by McAfee Secure
- Scheduled D-DoS attacks
- White-hat penetration tests
- 72-hour SLA commitment to address new vulnerabilities
Financial security:
- No fractional reserve: We hold 100% of user funds in reserve at all times
- All banking done on-shore in the USA
- We do not do business with companies that don't have a registered office in USA. (Paxum, Liberty Reserve)
Thank you,
Keyur
|
|
|
|
|
|
|
|
|
|
|
The forum was founded in 2009 by Satoshi and Sirius. It replaced a
SourceForge forum.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
Yankee (BitInstant)
Legendary
 Offline
Activity: 1078
Merit: 1000
Charlie 'Van Bitcoin' Shrem
|
 |
October 06, 2011, 06:48:48 PM |
|
- We do not do business with companies that don't have a registered office in USA. (Paxum, Liberty Reserve)
Paxum does not have an office in the USA. They are based in South America with an office in Canada. There customer service is based in Mexico and they use a Belize and Canadian bank  |
Bitcoin pioneer. An apostle of Satoshi Nakamoto. A crusader for a new, better, tech-driven society. A dreamer. More about me: http://CharlieShrem.com |
|
|
|
Keyur @ Camp BX (OP)
|
|
October 06, 2011, 06:52:57 PM |
|
- We do not do business with companies that don't have a registered office in USA. (Paxum, Liberty Reserve)
Paxum does not have an office in the USA. They are based in South America with an office in Canada. There customer service is based in Mexico and they use a Belize and Canadian bank Correct - that is why we do not support Paxum! Sorry the original post was not clear: should have said "No Paxum". |
|
|
|
Yankee (BitInstant)
Legendary
Offline
Activity: 1078
Merit: 1000
Charlie 'Van Bitcoin' Shrem
|
|
October 06, 2011, 07:01:42 PM |
|
- We do not do business with companies that don't have a registered office in USA. (Paxum, Liberty Reserve)
Paxum does not have an office in the USA. They are based in South America with an office in Canada. There customer service is based in Mexico and they use a Belize and Canadian bank Correct - that is why we do not support Paxum! Sorry the original post was not clear: should have said "No Paxum". Cool. Once your volume is pumped up, we can talk about Bitinstant Integration. We can offer your customer instant deposits, withdrawals, and inter-exchange transfers between 5 payment methods and 4 other exchanges besides you. You take no risk and everything done on our end. Good luck. |
Bitcoin pioneer. An apostle of Satoshi Nakamoto. A crusader for a new, better, tech-driven society. A dreamer. More about me: http://CharlieShrem.com |
|
|
|
BitcoinPorn
|
|
October 06, 2011, 08:52:46 PM |
|
Good timing with this post, I forget about Camp BX sometimes, but maybe because the users are happy, and happy customers are not noisy and don't pollute the forums  |
|
|
|
|
nmat
|
|
October 06, 2011, 11:58:22 PM |
|
There haven't been much news from Camp BX lately... Are SEPA transfers still on the roadmap?
|
|
|
|
|
|
the founder
|
|
October 07, 2011, 02:38:38 PM |
|
out of the exchanges, I would put my bet on CampBX being the most secure...
Based in the US with trigger happy lawyers it most likely would mean they had to spend more time on Security than anything else.
|
Bitcoin RSS App / Bitcoin Android App / Bitcoin Webapp http://www.ounce.me Say thank you here: 1HByHZQ44LUCxxpnqtXDuJVmrSdrGK6Q2f |
|
|
|
oOoOo
|
|
October 07, 2011, 03:56:10 PM |
|
How do you protect yourself from a possible government seizure?
What do you do if a court randomly decides to freeze your funds because of "money laundering laws" overnight?
All your eggs are in one basket (USA), are you prepared for a possible social collapse in the coming years?
How do you handle Dollar devaluation?
Can you please answer the above^ questions?
Greets,
oOo
.
|
|
|
|
|
|
BitcoinPorn
|
|
October 07, 2011, 06:33:59 PM |
|
All your eggs are in one basket (USA), are you prepared for a possible social collapse in the coming years?
Loaded questions are so fair. |
|
|
|
|
Horkabork
|
|
October 07, 2011, 07:40:43 PM |
|
Keyur, can you tell us about how you store your wallets and such? By that, I mean that in any given day you probably only need 10% liquidity. So a good practice would be to have your active, server-accessible wallets separate from wallets containing the remainder of reserves. That major wallet should be elsewhere, such as on a computer not on your network and this computer is only turned on for 5 minutes a day in order to refill the active wallets. Also, it should be in a cage with several rabid monkeys who can only be tamed by a secret routine, such as reading them a bedtime story and giving out sedative-laden fruits. And this cage should be in a van that moves around a city 24/7. This is like that Burn Notice episode where a package was kept perpetually moving by a series of motorcycle couriers.
The computer in question should be backed up by a flash drive the size of a pill, which you repeatedly eat every few days in order to keep it in your body. The timing is perfect, I've found, to allow the backup to be only occasionally accessible depending on your regularity. If you need it in an emergency, then just eat a lot of prune juice or, in a really major emergency, find a Winogradsky column and drink it.
Then, if your site does get hacked, everyone's risk is minimized. See, I don't think many people take solace in prevention measures at exchanges any more. The more important question involves what hackers or rogue employees could obtain if given access. Please name one of the monkeys after me.
|
|
|
|
|
Keyur @ Camp BX (OP)
|
|
October 07, 2011, 08:07:37 PM |
|
There haven't been much news from Camp BX lately... Are SEPA transfers still on the roadmap?
Nmat, We were hoping to launch in Europe late September, and also have a multi-currency back-end ready to go! Unfortunately running into some red-tape in Europe. We are hoping to get required permissions and redundant bank accounts in place by Q1 2012 to ensure uninterrupted service for our customers. Thank you, Keyur |
|
|
|
c_k
Donator
Full Member
Offline
Activity: 242
Merit: 100
|
|
October 07, 2011, 08:10:56 PM |
|
Do you have New Zealand on your roadmap?
|
|
|
|
|
Keyur @ Camp BX (OP)
|
|
October 07, 2011, 08:18:40 PM |
|
Keyur, can you tell us about how you store your wallets and such? By that, I mean that in any given day you probably only need 10% liquidity. So a good practice would be to have your active, server-accessible wallets separate from wallets containing the remainder of reserves. That major wallet should be elsewhere, such as on a computer not on your network and this computer is only turned on for 5 minutes a day in order to refill the active wallets. Also, it should be in a cage with several rabid monkeys who can only be tamed by a secret routine, such as reading them a bedtime story and giving out sedative-laden fruits. And this cage should be in a van that moves around a city 24/7. This is like that Burn Notice episode where a package was kept perpetually moving by a series of motorcycle couriers.
The computer in question should be backed up by a flash drive the size of a pill, which you repeatedly eat every few days in order to keep it in your body. The timing is perfect, I've found, to allow the backup to be only occasionally accessible depending on your regularity. If you need it in an emergency, then just eat a lot of prune juice or, in a really major emergency, find a Winogradsky column and drink it.
Then, if your site does get hacked, everyone's risk is minimized. See, I don't think many people take solace in prevention measures at exchanges any more. The more important question involves what hackers or rogue employees could obtain if given access. Please name one of the monkeys after me.
As far as I know, this is the exact procedure they use to protect Coca Cola's secret formula ;-) We understand your concern though about an inside job though. That is why we follow the best practices deployed in most of corporations: split component ownership, and chain-of-command for each component. This makes it easy to pinpoint rogue elements. - Keyur |
|
|
|
|
Steve
|
|
October 07, 2011, 08:19:23 PM |
|
Keyur, can you tell us about how you store your wallets and such? By that, I mean that in any given day you probably only need 10% liquidity. So a good practice would be to have your active, server-accessible wallets separate from wallets containing the remainder of reserves. That major wallet should be elsewhere, such as on a computer not on your network and this computer is only turned on for 5 minutes a day in order to refill the active wallets. Also, it should be in a cage with several rabid monkeys who can only be tamed by a secret routine, such as reading them a bedtime story and giving out sedative-laden fruits. And this cage should be in a van that moves around a city 24/7. This is like that Burn Notice episode where a package was kept perpetually moving by a series of motorcycle couriers.
The computer in question should be backed up by a flash drive the size of a pill, which you repeatedly eat every few days in order to keep it in your body. The timing is perfect, I've found, to allow the backup to be only occasionally accessible depending on your regularity. If you need it in an emergency, then just eat a lot of prune juice or, in a really major emergency, find a Winogradsky column and drink it.
Then, if your site does get hacked, everyone's risk is minimized. See, I don't think many people take solace in prevention measures at exchanges any more. The more important question involves what hackers or rogue employees could obtain if given access. Please name one of the monkeys after me.
LOL! I need to keep a page somewhere with links to classic posts from this forum...this would go right at the top. |
|
|
|
kokjo
Legendary
Offline
Activity: 1050
Merit: 1000
You are WRONG!
|
|
October 07, 2011, 08:21:10 PM |
|
sorry you guys, but i don't trust you...
its a nice and shiney website you got, but i don't trust you.
|
"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
|
|
|
|
Keyur @ Camp BX (OP)
|
|
October 07, 2011, 08:23:02 PM |
|
How do you protect yourself from a possible government seizure?
What do you do if a court randomly decides to freeze your funds because of "money laundering laws" overnight?
All your eggs are in one basket (USA), are you prepared for a possible social collapse in the coming years?
How do you handle Dollar devaluation?
Can you please answer the above^ questions?
Greets,
oOo
.
oOo, Social collapse and dollar devaluation questions are beyond any single company's capability to answer. However, we are confident that our compliance policies and lawyers should be able to address (1) and (2) very well. - Keyur |
|
|
|
|
Keyur @ Camp BX (OP)
|
|
October 07, 2011, 08:26:13 PM |
|
Do you have New Zealand on your roadmap?
c_k, Not yet! - Keyur |
|
|
|
|
Keyur @ Camp BX (OP)
|
|
October 07, 2011, 08:36:20 PM |
|
sorry you guys, but i don't trust you...
its a nice and shiney website you got, but i don't trust you.
Kokjo, Respect your opinion, and hope we can change it someday! - Keyur |
|
|
|
kokjo
Legendary
Offline
Activity: 1050
Merit: 1000
You are WRONG!
|
|
October 07, 2011, 08:43:53 PM |
|
sorry you guys, but i don't trust you...
its a nice and shiney website you got, but i don't trust you.
Kokjo, Respect your opinion, and hope we can change it someday! - Keyur move to europe or japan. and maybe i will trust you. |
"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
|
|
|
|
nmat
|
|
October 07, 2011, 10:17:19 PM |
|
There haven't been much news from Camp BX lately... Are SEPA transfers still on the roadmap?
Nmat, We were hoping to launch in Europe late September, and also have a multi-currency back-end ready to go! Unfortunately running into some red-tape in Europe. We are hoping to get required permissions and redundant bank accounts in place by Q1 2012 to ensure uninterrupted service for our customers. Thank you, Keyur That's too bad  Well, at least I hope that when it launches it will be reliable. MtGox/TradeHill have been on and off with SEPA transfers for the last months. New feature suggestion: allow users to import private keys ( like MtGox does). It would be cool if you could make this sort of ubiquitous so that users don't need to worry about the correct format. |
|
|
|
|
|
