Bitcoin Forum
November 21, 2018, 12:51:35 AM *
News: Latest Bitcoin Core release: 0.17.0 [Torrent].
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: CampBX a scam or just incompetent?  (Read 2641 times)
misterbigg
Legendary
*
Offline Offline

Activity: 1064
Merit: 1001



View Profile
August 03, 2012, 02:49:49 PM
 #1

For a company that tries to position itself as a "Trusted Bitcoin Platform", I find these facts disturbing:

- Anyone can reset anyone else's password by knowing their user name

- The "change password" form only has one field for "New Password" instead of two, allowing for user error.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1542761495
Hero Member
*
Offline Offline

Posts: 1542761495

View Profile Personal Message (Offline)

Ignore
1542761495
Reply with quote  #2

1542761495
Report to moderator
kiba
Legendary
*
Offline Offline

Activity: 980
Merit: 1007


View Profile
August 03, 2012, 02:54:36 PM
 #2

You shouldn't call it a scam based on merely bad security practice.

BadBear
v2.0
Legendary
*
Offline Offline

Activity: 1652
Merit: 1005



View Profile WWW
August 03, 2012, 02:55:26 PM
 #3

That doesn't make it a scam...

1Kz25jm6pjNTaz8bFezEYUeBYfEtpjuKRG | PGP: B5797C4F

Tired of annoying signature ads? Ad block for signatures
URSAY
Legendary
*
Offline Offline

Activity: 1932
Merit: 1000



View Profile
August 03, 2012, 02:57:08 PM
 #4

EVERYONE IS A SCAM.   Undecided

 Cry
John (John K.)
Global Troll-buster and
Legendary
*
Offline Offline

Activity: 1260
Merit: 1083


Will read PM's. Have more time lately


View Profile
August 03, 2012, 02:58:09 PM
 #5

For a company that tries to position itself as a "Trusted Bitcoin Platform", I find these facts disturbing:

- Anyone can reset anyone else's password by knowing their user name

- The "change password" form only has one field for "New Password" instead of two, allowing for user error.


Uh, I think rewording 'scam' to sloppy would be better in this case.

My BTC Tip Jar: 1Pgvfy19uwtYe5o9dg3zZsAjgCPt3XZqz9 , GPG ID: B3AAEEB0 ,OTC ID: johnthedong
Escrow service is available on a case by case basis! (PM Me to verify I'm the escrow!)

Stephen Gornick
Legendary
*
Offline Offline

Activity: 2506
Merit: 1001


View Profile
August 03, 2012, 05:50:35 PM
 #6

For a company that tries to position itself as a "Trusted Bitcoin Platform", I find these facts disturbing:

- Anyone can reset anyone else's password by knowing their user name

- The "change password" form only has one field for "New Password" instead of two, allowing for user error.


They have two-factor authentication (using SMS text messaging).

Unichange.me

            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █


finkleshnorts
Sr. Member
****
Offline Offline

Activity: 336
Merit: 250



View Profile
August 03, 2012, 05:52:50 PM
 #7

For a company that tries to position itself as a "Trusted Bitcoin Platform", I find these facts disturbing:

- Anyone can reset anyone else's password by knowing their user name

- The "change password" form only has one field for "New Password" instead of two, allowing for user error.


Uh, I think rewording 'scam' to sloppy would be better in this case.

CampBX is a sloppy?
John (John K.)
Global Troll-buster and
Legendary
*
Offline Offline

Activity: 1260
Merit: 1083


Will read PM's. Have more time lately


View Profile
August 04, 2012, 02:09:40 AM
 #8

For a company that tries to position itself as a "Trusted Bitcoin Platform", I find these facts disturbing:

- Anyone can reset anyone else's password by knowing their user name

- The "change password" form only has one field for "New Password" instead of two, allowing for user error.


Uh, I think rewording 'scam' to sloppy would be better in this case.

CampBX is a sloppy?

Oops, forgot about the a. Make it rewording 'a scam' to 'sloppy' instead.  Wink

My BTC Tip Jar: 1Pgvfy19uwtYe5o9dg3zZsAjgCPt3XZqz9 , GPG ID: B3AAEEB0 ,OTC ID: johnthedong
Escrow service is available on a case by case basis! (PM Me to verify I'm the escrow!)

Littleshop
Legendary
*
Offline Offline

Activity: 1316
Merit: 1000



View Profile WWW
August 06, 2012, 02:42:37 AM
 #9

For a company that tries to position itself as a "Trusted Bitcoin Platform", I find these facts disturbing:

- Anyone can reset anyone else's password by knowing their user name

- The "change password" form only has one field for "New Password" instead of two, allowing for user error.


They have two-factor authentication (using SMS text messaging).


I asked for this, they said it is not available currently though soon it should be.  Does anyone have this working?

Stephen Gornick
Legendary
*
Offline Offline

Activity: 2506
Merit: 1001


View Profile
August 06, 2012, 10:35:01 PM
 #10

I asked for this, they said it is not available currently though soon it should be.  Does anyone have this working?

Are you outside the U.S.?

Unichange.me

            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █


URSAY
Legendary
*
Offline Offline

Activity: 1932
Merit: 1000



View Profile
August 06, 2012, 10:49:33 PM
 #11

I've used Camp BX a few times.  It was quick and easy.  Thanks Camp BX!   Smiley
smoothie
Legendary
*
Offline Offline

Activity: 2100
Merit: 1005


LEALANA Monero Physical Silver Coins


View Profile
August 07, 2012, 02:56:36 AM
 #12

For a company that tries to position itself as a "Trusted Bitcoin Platform", I find these facts disturbing:

- Anyone can reset anyone else's password by knowing their user name

- The "change password" form only has one field for "New Password" instead of two, allowing for user error.


Really? So not only do you have to keep your password super secret you have to keep your username super extra mega secret?

Wow...just .... wow...

These guys were on "the bitcoin show" ....

No wonder...

 Cheesy

███████████████████████████████████████

            ,╓p@@███████@╗╖,           
        ,p████████████████████N,       
      d█████████████████████████b     
    d██████████████████████████████æ   
  ,████²█████████████████████████████, 
 ,█████  ╙████████████████████╨  █████y
 ██████    `████████████████`    ██████
║██████       Ñ███████████`      ███████
███████         ╩██████Ñ         ███████
███████    ▐▄     ²██╩     a▌    ███████
╢██████    ▐▓█▄          ▄█▓▌    ███████
 ██████    ▐▓▓▓▓▌,     ▄█▓▓▓▌    ██████─
           ▐▓▓▓▓▓▓█,,▄▓▓▓▓▓▓▌          
           ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▌          
    ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓─  
     ²▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓╩    
        ▀▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀       
           ²▀▀▓▓▓▓▓▓▓▓▓▓▓▓▀▀`          
                   ²²²                 
███████████████████████████████████████

. ★☆ WWW.LEALANA.COM        My PGP fingerprint is A764D833.        SMOOTHIE'S HEALTH AND FITNESS JOURNAL          History of Monero development Visualization ★☆ .
LEALANA  PHYSICAL MONERO COINS 999 FINE SILVER.
 
Keyur @ Camp BX
Sr. Member
****
Offline Offline

Activity: 300
Merit: 250



View Profile WWW
August 07, 2012, 07:23:15 PM
 #13

For a company that tries to position itself as a "Trusted Bitcoin Platform", I find these facts disturbing:

- Anyone can reset anyone else's password by knowing their user name

- The "change password" form only has one field for "New Password" instead of two, allowing for user error.


Hi Bigg,

I would like to clarify that this was never a security risk as the password goes to the original registered email address, and not displayed on screen.  Worst case scenario is that someone with too much time on their hands can annoy you with repeat password resets.

Point noted though - we are reworking the PW reset code to be annoyance-proof and will deploy the update shortly.

- Keyur

Please stay tuned to our news and announcements feeds at:
Twitter: https://twitter.com/CampBX
Facebook: https://facebook.com/CampBX
misterbigg
Legendary
*
Offline Offline

Activity: 1064
Merit: 1001



View Profile
August 19, 2012, 12:16:21 AM
 #14

I would like to clarify that this was never a security risk as the password goes to the original registered email address, and not displayed on screen.

The fact is that a programmer implemented the password reset incorrectly. Whoever was writing the code should have known better - this points to a management problem. It's a rookie mistake.

If a visible rookie mistake like this is possible at CampBX, who knows what other invisible mistakes were made?

URSAY
Legendary
*
Offline Offline

Activity: 1932
Merit: 1000



View Profile
August 22, 2012, 02:19:59 PM
 #15

I've been waiting for 48 hours on a support response of any kind.  How long do they usually take?
URSAY
Legendary
*
Offline Offline

Activity: 1932
Merit: 1000



View Profile
August 22, 2012, 06:23:52 PM
 #16

Just heard back from Camp BX.  Issue resolved.  Another win for Camp BX.  Thanks!   Wink
mikeh53
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile
January 30, 2014, 08:52:27 AM
 #17

Dont know waht would you guys call this as.. 'Scam' or 'Just Incompetent' or 'Something Else'

CampBX scam mail going around again


Here's the text

    "Hello,

    We are making a maintenance on our servers due to a technical problem for the next 24 hours. So, as you can see CampBX.com is already offline, you will have to logging in on the following link:

    http://www.campbx.com.co/

    It is recommended that you activate your double authenticator before logging in. We are sorry for the inconvenience and doing our best to resolve this problem.

    If you have any questions, please contact us at https://CampBX.com/contact.php or refer to the FAQ page at https://CampBX.com/faq.php for >more information.

    Thank you, CampBX Team"

Obvious scam is obvious.

http://newsbitcoin.com/?p=34696

http://www.bitcoinregime.com/2014/01/24/campbx-scam-mail-going-around-again/
em23black
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile
March 10, 2014, 02:21:17 AM
 #18

CampBX is an Indian Scam, not an American Site
http://www.bitcoinfeed.net/news/campbx-is-an-indian-scam-not-an-american-site
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!