Bitcoin Forum
December 03, 2016, 10:08:50 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 [43] 44 45 46 47 48 49 50 »
  Print  
Author Topic: ICBIT Derivatives Market (USD/BTC futures trading) - LIVE  (Read 88462 times)
boomerlu
Jr. Member
*
Offline Offline

Activity: 50


View Profile
June 07, 2013, 12:44:16 PM
 #841

Fireball, I've been asking for a while, can you roll out a Dec contract (BUZ3) soon?
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
boomerlu
Jr. Member
*
Offline Offline

Activity: 50


View Profile
June 07, 2013, 01:02:30 PM
 #842

I'm not a fan of having memberships. I don't think there's any real benefit. The problem is not that the exchange needs additional capital to cover counterparty risk. The problem is that the exchange is not properly mitigating the counterparty risk. This hasn't been an issue for the past month because the market has been fairly stable. However, as soon as bitcoins move again (in either direction) this will become an issue again.   
I agree that memberships are not the solution to THIS problem.

But what about the next one? Can you foresee all possible future problems? Do you think admin can? Do you think he will pick the right solution every time (the fairest with the least loopholes), when he can't lose any money (besides future value)? Do you think it's better for him to aggregate our opinions himself, or do you think it's better that we have a voting mechanism? Whose interests do you think admin will have in mind if he is making emergency decisions?

Do you remember wanting some type of repayment as a matter of "principle"? Why was that?

That is the real crux of having membership, not a specific clearing problem. People aren't careful when there's nothing on the line, or when there's no possibility of downside (only reduced upside), it's psychology. Just check out play-money poker tables.
Fireball
Hero Member
*****
Offline Offline

Activity: 673


View Profile WWW
June 09, 2013, 12:08:50 AM
 #843

Good news everyone!
We just launched Bitcoin difficulty futures, DIFF-9.13
It's going to be an interesting financial instrument, happy trading! Questions are welcome, of course.

Margin trading platform OrderBook.net (ICBIT): https://orderbook.net
Follow us in Twitter: https://twitter.com/orderbooknet
picobit
Hero Member
*****
Offline Offline

Activity: 547


Decor in numeris


View Profile
June 09, 2013, 06:01:48 PM
 #844

Good news everyone!
We just launched Bitcoin difficulty futures, DIFF-9.13
It's going to be an interesting financial instrument, happy trading! Questions are welcome, of course.
OK, so that is a new one, and not seen in other markets.  Grin

But is it a financial instrument, or just betting??
molecular
Donator
Legendary
*
Offline Offline

Activity: 2128



View Profile
June 09, 2013, 10:14:55 PM
 #845

Good news everyone!
We just launched Bitcoin difficulty futures, DIFF-9.13
It's going to be an interesting financial instrument, happy trading! Questions are welcome, of course.
OK, so that is a new one, and not seen in other markets.  Grin

But is it a financial instrument, or just betting??


There have been difficulty futures on mpex and bitfunder since at least early this year.

of course I welcome this move.

PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
Fireball
Hero Member
*****
Offline Offline

Activity: 673


View Profile WWW
June 09, 2013, 11:14:39 PM
 #846

Good news everyone!
We just launched Bitcoin difficulty futures, DIFF-9.13
It's going to be an interesting financial instrument, happy trading! Questions are welcome, of course.
OK, so that is a new one, and not seen in other markets.  Grin

But is it a financial instrument, or just betting??


There have been difficulty futures on mpex and bitfunder since at least early this year.

of course I welcome this move.

Could you link to the bitfunder spec/trading page regarding the difficulty futures? I can't find it.

Margin trading platform OrderBook.net (ICBIT): https://orderbook.net
Follow us in Twitter: https://twitter.com/orderbooknet
newminer7950
Full Member
***
Offline Offline

Activity: 130


View Profile
June 10, 2013, 06:03:09 AM
 #847

Hi!
I recieve  error "UNABLE_TO_VERIFY_LEAF_SIGNATURE" when try to connect to your server.
This error raised only on my Ubuntu computer, but dont raise on windows (on the same javascript program in node.js). What may be a reason of this error (nearly 4 month ago I dont recieve this error on my linux computer, but then it was stop working)
Thank

Donations: 1BKA3FsvrZzznSJueXbx3qokHYqmwe9QQC
picobit
Hero Member
*****
Offline Offline

Activity: 547


Decor in numeris


View Profile
June 10, 2013, 03:15:19 PM
 #848

Could you link to the bitfunder spec/trading page regarding the difficulty futures? I can't find it.
Search for iDiff, that is part of the name.  They settle significantly sooner than September, so it is not a useful indication of what the price at icbit should be Smiley
Fireball
Hero Member
*****
Offline Offline

Activity: 673


View Profile WWW
June 14, 2013, 08:26:04 PM
 #849

A june BTC/USD futures contract (BUM3) was just settled. Open interest was 6007 contracts (or multiplying by two, 12014 total open positions). Settlement price is $101.99 (MtGox VWAP).
And, total trading volume for this contract is an amazing $1'046'060. Futures market is getting volume, finally!

Also, S&P500 futures was settled today at 1626.75 (spot price of S&P500 index reported in the moment of settlement). It's total trading volume is quite low, only 677 contracts were traded so far, however it's an important financial instrument, and has a lot of potential in it. It is replaced by the September futures, ESU3.

Margin trading platform OrderBook.net (ICBIT): https://orderbook.net
Follow us in Twitter: https://twitter.com/orderbooknet
Stephen Gornick
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 18, 2013, 12:44:35 AM
 #850

Now, along with minor visual improvements, this page is going to require a one time password to be entered for any withdrawal operation, if you have tied Google Authenticator to your account.

I notice that simply doing a password reset through e-mail can successfully bypass two-factor authentication (2FA) protection as I can withdraw funds without 2FA after resetting the password.

Shouldn't the 2FA code be required to request a password reset (when 2FA is enabled)?

boomerlu
Jr. Member
*
Offline Offline

Activity: 50


View Profile
June 18, 2013, 01:30:28 PM
 #851

I get the feeling this exchange needs more marketing.
Fireball
Hero Member
*****
Offline Offline

Activity: 673


View Profile WWW
June 18, 2013, 04:25:46 PM
 #852

I get the feeling this exchange needs more marketing.

That's so true! ;-)

Margin trading platform OrderBook.net (ICBIT): https://orderbook.net
Follow us in Twitter: https://twitter.com/orderbooknet
qxzn
Hero Member
*****
Offline Offline

Activity: 602



View Profile
June 20, 2013, 02:59:29 AM
 #853

I have to log in with the "reset password" email link every time. I reset my password, log out, then I can't log in again.

I have done this many times, I'm sure I'm not messing up the password.
Fireball
Hero Member
*****
Offline Offline

Activity: 673


View Profile WWW
June 20, 2013, 08:33:37 AM
 #854

I have to log in with the "reset password" email link every time. I reset my password, log out, then I can't log in again.

I have done this many times, I'm sure I'm not messing up the password.

Do you have Google Auth enabled for your account?

Margin trading platform OrderBook.net (ICBIT): https://orderbook.net
Follow us in Twitter: https://twitter.com/orderbooknet
picobit
Hero Member
*****
Offline Offline

Activity: 547


Decor in numeris


View Profile
June 21, 2013, 10:40:26 AM
 #855

I notice that simply doing a password reset through e-mail can successfully bypass two-factor authentication (2FA) protection as I can withdraw funds without 2FA after resetting the password.

Shouldn't the 2FA code be required to request a password reset (when 2FA is enabled)?
This is serious.  That means that 2FA protection for withdrawal is nonexistent.  I hope this bug get fixed soon, password reset should not reset 2FA, forgetting the password and loosing access to your phone are two different problems.

Fireball
Hero Member
*****
Offline Offline

Activity: 673


View Profile WWW
June 21, 2013, 12:45:07 PM
 #856

I notice that simply doing a password reset through e-mail can successfully bypass two-factor authentication (2FA) protection as I can withdraw funds without 2FA after resetting the password.

Shouldn't the 2FA code be required to request a password reset (when 2FA is enabled)?
This is serious.  That means that 2FA protection for withdrawal is nonexistent.  I hope this bug get fixed soon, password reset should not reset 2FA, forgetting the password and loosing access to your phone are two different problems.

No, it's not.

I performed testing, and could not reproduce this vulnerability. Password reset does not touch the 2FA settings.

Stephen, could you check and let me know exact steps to reproduce? Maybe I missed something. Thank you!

Margin trading platform OrderBook.net (ICBIT): https://orderbook.net
Follow us in Twitter: https://twitter.com/orderbooknet
Stephen Gornick
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 21, 2013, 03:06:33 PM
 #857

I performed testing, and could not reproduce this vulnerability. Password reset does not touch the 2FA settings.

Stephen, could you check and let me know exact steps to reproduce? Maybe I missed something. Thank you!

Just to clarify, what I'm asserting is that if my e-mail account is compromised an attacker can reset my password and withdraw my funds.

Steps:

From a browser instance after clearing cache, cookies, etc:

Step 1: Confirm 2FA is active (Attempt to login to account in which 2FA is activated, using just username and password).  Response: "Your code isn't valid."
Step 2: Click "Request new password" button.
Step 3: Login using single use login sent via e-mail
Step 4: Once authenticated, click GA_Login tab [Edit: and click "Create code" button.]
"Google Authenticator is enabled for your account. If you want to create a new key - please click on the button below. The old key will be dropped."
Step 5: Add TOTP secret to Google Authenticator, mark "I have successfully scanned the current code" checkbox, and click "Code scanned" button.
Step 6: Withdraw funds using new TOTP secret from Google Authenticator

qxzn
Hero Member
*****
Offline Offline

Activity: 602



View Profile
June 21, 2013, 07:49:55 PM
 #858

I have to log in with the "reset password" email link every time. I reset my password, log out, then I can't log in again.

I have done this many times, I'm sure I'm not messing up the password.

Do you have Google Auth enabled for your account?

No.
Fireball
Hero Member
*****
Offline Offline

Activity: 673


View Profile WWW
June 22, 2013, 10:59:09 PM
 #859

I performed testing, and could not reproduce this vulnerability. Password reset does not touch the 2FA settings.

Stephen, could you check and let me know exact steps to reproduce? Maybe I missed something. Thank you!

Just to clarify, what I'm asserting is that if my e-mail account is compromised an attacker can reset my password and withdraw my funds.

Steps:

From a browser instance after clearing cache, cookies, etc:

Step 1: Confirm 2FA is active (Attempt to login to account in which 2FA is activated, using just username and password).  Response: "Your code isn't valid."
Step 2: Click "Request new password" button.
Step 3: Login using single use login sent via e-mail
Step 4: Once authenticated, click GA_Login tab [Edit: and click "Create code" button.]
"Google Authenticator is enabled for your account. If you want to create a new key - please click on the button below. The old key will be dropped."
Step 5: Add TOTP secret to Google Authenticator, mark "I have successfully scanned the current code" checkbox, and click "Code scanned" button.
Step 6: Withdraw funds using new TOTP secret from Google Authenticator


Thanks a lot. We are in the process of fixing this by updating and improving the GA login code. I will publish results here ASAP.

Margin trading platform OrderBook.net (ICBIT): https://orderbook.net
Follow us in Twitter: https://twitter.com/orderbooknet
picobit
Hero Member
*****
Offline Offline

Activity: 547


Decor in numeris


View Profile
June 24, 2013, 06:21:02 AM
 #860

I performed testing, and could not reproduce this vulnerability. Password reset does not touch the 2FA settings.

Stephen, could you check and let me know exact steps to reproduce? Maybe I missed something. Thank you!

Just to clarify, what I'm asserting is that if my e-mail account is compromised an attacker can reset my password and withdraw my funds.

Steps:

From a browser instance after clearing cache, cookies, etc:

Step 1: Confirm 2FA is active (Attempt to login to account in which 2FA is activated, using just username and password).  Response: "Your code isn't valid."
Step 2: Click "Request new password" button.
Step 3: Login using single use login sent via e-mail
Step 4: Once authenticated, click GA_Login tab [Edit: and click "Create code" button.]
"Google Authenticator is enabled for your account. If you want to create a new key - please click on the button below. The old key will be dropped."
Step 5: Add TOTP secret to Google Authenticator, mark "I have successfully scanned the current code" checkbox, and click "Code scanned" button.
Step 6: Withdraw funds using new TOTP secret from Google Authenticator


Of course the really difficult thing is to stop vulnerabilities like this, and still have a recovery path in case somebody loose their GA secret.  I just to my horror realized that on an iPhone the GA secrets are backed up in a way that they can only be restored on the same device.  Secure, but troublesome if I loose the device.

Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 [43] 44 45 46 47 48 49 50 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!