Bitcoin Forum
November 17, 2018, 01:16:35 AM *
News: Latest Bitcoin Core release: 0.17.0 [Torrent].
 
   Home   Help Search Login Register More  
Poll
Question: Where would you prefer the VRC/VRM exchange pair be?
Bittrex
Poloniex
Both
Other

Pages: « 1 ... 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 [284] 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 ... 963 »
  Print  
Author Topic: [ANN][VRC] VeriCoin Proof of Stake-Time Currency | New Roadmap Released  (Read 1351063 times)
BlackShibe1
Sr. Member
****
Offline Offline

Activity: 260
Merit: 250


View Profile
June 30, 2014, 12:57:43 PM
 #5661

What's up
The hype is not over?
Why the price go up?
Verisend yes Veribit yes but what's coming now?

Lisk.
    Develop Decentralized Applications & Sidechains in JavaScript with Lisk!
    Website | Blog | BTT Thread | Chat - Be part of the decentralized application movement!
1542417395
Hero Member
*
Offline Offline

Posts: 1542417395

View Profile Personal Message (Offline)

Ignore
1542417395
Reply with quote  #2

1542417395
Report to moderator
1542417395
Hero Member
*
Offline Offline

Posts: 1542417395

View Profile Personal Message (Offline)

Ignore
1542417395
Reply with quote  #2

1542417395
Report to moderator
1542417395
Hero Member
*
Offline Offline

Posts: 1542417395

View Profile Personal Message (Offline)

Ignore
1542417395
Reply with quote  #2

1542417395
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1542417395
Hero Member
*
Offline Offline

Posts: 1542417395

View Profile Personal Message (Offline)

Ignore
1542417395
Reply with quote  #2

1542417395
Report to moderator
pnosker
Sr. Member
****
Offline Offline

Activity: 504
Merit: 250


View Profile
June 30, 2014, 12:58:49 PM
 #5662

Your centralized services on vericoin.info are woefully insecure.

The debian 6 server running the site has not been hardened, you can login as root over ssh. There are many many more problems but I don't want to divulge too much as it could hurt a lot of people. The developer can send me a message if they want to talk about this in private.

Yea... ok. VeriBit/VeriSend are hosted on a Windows server.

Support the VeriFund Endowment.
VRC: VFEndownxxnHea9mv59kZx8c7TysGbndYx
yourstruly
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250


thrasher.


View Profile WWW
June 30, 2014, 01:02:26 PM
 #5663

Your centralized services on vericoin.info are woefully insecure.

The debian 6 server running the site has not been hardened, you can login as root over ssh. There are many many more problems but I don't want to divulge too much as it could hurt a lot of people. The developer can send me a message if they want to talk about this in private.

Yea... ok. VeriBit/VeriSend are hosted on a Windows server.

They are not hosted on a windows server, that is not what I said. They are clearly hosted on debian running a legacy version of apache. I would be even more worried if they were actually on a windows server.

Edit: I'm not trying to spread FUD here, this is a very serious concern with how much money is being pumped into this economy. I'm worried about the alt-currency community more than the price of any individual coin. You can see that from my post history.

Excoin - Innovative Cryptocurrency Exchange - https://exco.in
pnosker
Sr. Member
****
Offline Offline

Activity: 504
Merit: 250


View Profile
June 30, 2014, 01:07:35 PM
 #5664

Your centralized services on vericoin.info are woefully insecure.

The debian 6 server running the site has not been hardened, you can login as root over ssh. There are many many more problems but I don't want to divulge too much as it could hurt a lot of people. The developer can send me a message if they want to talk about this in private.

Yea... ok. VeriBit/VeriSend are hosted on a Windows server.

They are not hosted on a windows server, that is not what I said. They are clearly hosted on debian running a legacy version of apache. I would be even more worried if they were actually on a windows server.

The "centralized services" aka VeriSend and VeriBit are hosted on verisend.vericoin.info. Do you mean vericoin.info? Those are on a webserver from DreamHost... if those have some sort of issue-- please PM me and let me know what could be wrong. I've never used DreamHost before a week ago and don't even see any SSH access available.

Support the VeriFund Endowment.
VRC: VFEndownxxnHea9mv59kZx8c7TysGbndYx
patronis
Sr. Member
****
Offline Offline

Activity: 420
Merit: 250


View Profile
June 30, 2014, 01:08:00 PM
 #5665

i liked the steady increase in price in the morning , now its going up too fast i think someone is making the hype on mintpal to dump.
battbot
Hero Member
*****
Offline Offline

Activity: 630
Merit: 500



View Profile
June 30, 2014, 01:11:51 PM
 #5666

Your centralized services on vericoin.info are woefully insecure.

The debian 6 server running the site has not been hardened, you can login as root over ssh. There are many many more problems but I don't want to divulge too much as it could hurt a lot of people. The developer can send me a message if they want to talk about this in private.

Yea... ok. VeriBit/VeriSend are hosted on a Windows server.

They are not hosted on a windows server, that is not what I said. They are clearly hosted on debian running a legacy version of apache. I would be even more worried if they were actually on a windows server.

Edit: I'm not trying to spread FUD here, this is a very serious concern with how much money is being pumped into this economy. I'm worried about the alt-currency community more than the price of any individual coin. You can see that from my post history.

This is part of the reason I don't understand quite understand the hype around veribit.  People are saying it makes things so much easier, but does it really?  And at what cost?  The cost of security?  As far as I understand, all veribit does is exchange VRC for BTC, like any other altcoin can already do on any exchange.  Except, with veribit, we are trusting VRC's dev team to handle security on their centralized servers.  I am not saying VRC dev's are untrustworthy at all, but I do question whether they are qualified to keep these services secure.  As for me, I would far more trust services like Mintpal to securely hold and exchange my altcoins for BTC to then use and make purchases.

XCurrency www.xc-official.com #xcofficial
XChat: XFCe4ue7yCeSvn22gisLXdfd9HhdVfr5uJ / 28VjdNMZMyF6UiHRqkSCi63UikfcdHXj8nRzhkb9GmHip
blizeH
Full Member
***
Offline Offline

Activity: 136
Merit: 100


View Profile
June 30, 2014, 01:12:26 PM
 #5667

Not sure about that, this coin has so much more potential than many coins with far bigger market caps, plus it's in very active development. Plenty of room for growth yet.

Youghoor
Sr. Member
****
Offline Offline

Activity: 504
Merit: 250



View Profile
June 30, 2014, 01:14:28 PM
 #5668

Not sure about that, this coin has so much more potential than many coins with far bigger market caps, plus it's in very active development. Plenty of room for growth yet.

this coin is the future coin with lot of potential and it can left behind many alt coins if the community will support as it is supporting now.

                ▄▄▓▓█▓▓█▀▀▀▀█▓▓██▓▄▄
             ▄▓█▓▀                ▀▓█▓█
          ▄▓█▓      ▄▄▄▓▓▓▓▓▓▄▄▄      ▀█▓▄
        ▄▓██    ▄▓▓██████████████▓▓▄    ██▓▄
       ▓██    ▓▓████████▓▀▀██████████▓    ██▓
      ▓█░   █▓█████▓▀ ▓██  ▓██ ▀▓▓█████▓    ▓▓
     ▓█    ▓█████▀  ▄▓▓██████▓▓▓▄  ▓████▓    ██
    ▓██   █████▓ ▄▓▓  ▄██░▐███▄ ▀▓▓ ░▓███▓   ██▓
    ██    █████ █▓  ▓████░▐████▓█ █▓ ░█████   ██
    ██   ▐████ ▐█  ▓█████░▐██████░ █▌ █████   ██░
    ██   ▐████ ▐██ ▓█████░▐█████▓ █▓ ░█████   ██░
    ██    ████▓ █▓█ ▀▓▓██░▐██▓▓  █▓  ▓████    ██
    ▐█▓  ░████▓▄  ▀▓▓▄▄██░▐███▄▓▓  █▓████░   ██▌
     ▐██    ▓████▓▄▄  ▀██░▐███  ▄▓▓████▓░   ██▓
      ▐█▓    █▓██████▓▓██████▓▓████████    ▐█▓
       ▐█▓▄    ▀▓██████████████████▓▀    ▄▓██
         ▐█▓▄     ▀▀▓▓████████▓▓▀▀     ▄▓██
            ▓██▄                    ▄█▓▓▀
              ▀▓█▓▓▄▄          ▄▄▓▓█▓▀
                   ▀▀▓▓██████▓▓▀▀
██
██
██
██
██
██
██
.Together we can change
❍ ❍ ❍ ❍ ❍ the internet ❍ ❍ ❍ ❍ ❍
██
██
██
██
██
██
██
  Social Media
▄███████████████████▄
██████████████████████▌
██████████████████████▌
████████████     █▀███▌
███   █████        ▐██▌
███               ▐███▌
███               ████▌
████             █████▌
█████▄▄         ██████▌
████         ▄████████▌
██████████████████████▌
██████████████████████▌
▄▓█████████████████████▓▓▄
▓██████████████████████████▌
███████████████████▓▓▀  ▓██▌
██████████████▓▀▀       ▓██▌
████████▓▀▀      ▄█    ▐███▌
███▓▀        ▄▄▓▀      ▓███▌
███▓▄▄▄   ▄▓█▓         ████▌
████████▓ ▓▌          ▓████▌
█████████▓    ▄       █████▌
██████████▌ ▄▓██▓▄   ▐█████▌
███████████████████▓▓██████▌
▐██████████████████████████
  ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
                  ,▄▄▄▄▄▄▄
               ▄████▀▀▀▀████▄
             ▄███`  ,▄▄,   ▀██▄
            ▐██▀  ▄███████   ██▌
          ,▄███   ████████▌  ▐██▄,
      ,▄███████▄  █▄▄██▄▄█  ▄███████▄▄
     ██████████████████████████████████,
    ▐████▌   ██████████████████   ▐█████
     ▀████▄▄████████▀  "████████▄▄████▀
       `▀████████████▄▄████████████▀▀
            '▀▀▀▀▀█████████▀▀▀▀
         ▄▄                      ▄▄
        ███          ▄▄⌐         ███
       ███           ██▌          ▀██
      ███            ██▌           ▀██
                     ██▌
pnosker
Sr. Member
****
Offline Offline

Activity: 504
Merit: 250


View Profile
June 30, 2014, 01:15:35 PM
 #5669

Your centralized services on vericoin.info are woefully insecure.

The debian 6 server running the site has not been hardened, you can login as root over ssh. There are many many more problems but I don't want to divulge too much as it could hurt a lot of people. The developer can send me a message if they want to talk about this in private.

Yea... ok. VeriBit/VeriSend are hosted on a Windows server.

They are not hosted on a windows server, that is not what I said. They are clearly hosted on debian running a legacy version of apache. I would be even more worried if they were actually on a windows server.

Edit: I'm not trying to spread FUD here, this is a very serious concern with how much money is being pumped into this economy. I'm worried about the alt-currency community more than the price of any individual coin. You can see that from my post history.

This is part of the reason I don't understand quite understand the hype around veribit.  People are saying it makes things so much easier, but does it really?  And at what cost?  The cost of security?  As far as I understand, all veribit does is exchange VRC for BTC, like any other altcoin can already do on any exchange.  Except, with veribit, we are trusting VRC's dev team to handle security on their centralized servers.  I am not saying VRC dev's are untrustworthy at all, but I do question whether they are qualified to keep these services secure.  As for me, I would far more trust services like Mintpal to securely hold and exchange my altcoins for BTC to then use and make purchases.

The VeriBit servers don't "hold" your coins for more than 5 minutes. After they receive them and get 4 confirms, they send you your BTC. So the user will never lose. If we have a security flaw (which we are getting audited right now), our pot of BTC could be lost. But I don't think that's a concern since the developer running the server works for the cloud computing division of one of the top software companies in the world... and knows his security.

Support the VeriFund Endowment.
VRC: VFEndownxxnHea9mv59kZx8c7TysGbndYx
yourstruly
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250


thrasher.


View Profile WWW
June 30, 2014, 01:17:37 PM
 #5670

Your centralized services on vericoin.info are woefully insecure.

The debian 6 server running the site has not been hardened, you can login as root over ssh. There are many many more problems but I don't want to divulge too much as it could hurt a lot of people. The developer can send me a message if they want to talk about this in private.

Yea... ok. VeriBit/VeriSend are hosted on a Windows server.

They are not hosted on a windows server, that is not what I said. They are clearly hosted on debian running a legacy version of apache. I would be even more worried if they were actually on a windows server.

Edit: I'm not trying to spread FUD here, this is a very serious concern with how much money is being pumped into this economy. I'm worried about the alt-currency community more than the price of any individual coin. You can see that from my post history.

This is part of the reason I don't understand quite understand the hype around veribit.  People are saying it makes things so much easier, but does it really?  And at what cost?  The cost of security?  As far as I understand, all veribit does is exchange VRC for BTC, like any other altcoin can already do on any exchange.  Except, with veribit, we are trusting VRC's dev team to handle security on their centralized servers.  I am not saying VRC dev's are untrustworthy at all, but I do question whether they are qualified to keep these services secure.  As for me, I would far more trust services like Mintpal to securely hold and exchange my altcoins for BTC to then use and make purchases.

Veribit provides a centralized exchange based on an average of current exchange rates, if this is not well protected it could be a central point of failure. Looking at the sercurity of the server veribit is running on, I would personally not trust it and I honestly don't believe it adds any technological advancements.

Excoin - Innovative Cryptocurrency Exchange - https://exco.in
Reavon
Sr. Member
****
Offline Offline

Activity: 371
Merit: 250


View Profile
June 30, 2014, 01:18:06 PM
 #5671

i am sure after the north american bitcoin conference things will become even more huge.

I think of new developer. More infrastructure, improved service, new dimensions of PR unique for an altcoin and much more.

This is going to be excieting
cryptodevil
Legendary
*
Offline Offline

Activity: 1610
Merit: 1082


Thread-puller extraordinaire


View Profile
June 30, 2014, 01:19:36 PM
 #5672

This is part of the reason I don't understand quite understand the hype around veribit.  People are saying it makes things so much easier, but does it really?  

If you don't understand why VeriBit is adding extraordinary value to this coin then that might explain why Cinni is going nowhere. People value convenience. It is an extremely drawn-out and pain-in-ass process to have to transfer coins from your wallet, to an exchange, get a price you want at the time you need it to get BTC and then send those BTC somewhere else.

Instead, you get to keep your BTC in VRC, earning interest while they sleep and, on the occasion you might want to make a small BTC purchase, you can do it in a couple of clicks with no faffing about.

Yes, I know, larger transactions would be better served doing it yourself on an exchange, but people don't spend money in large transactions all the time, they tend to do so in the way that most people spend money, in lots of little transactions, the kind that are perfect for VeriBit.

The wilful nature of the "I don't get why VeriShit is so great!" is starting to wear thin. It is perfectly clear why it is extremely useful a function to have and it is one that is no more centralised than having to send your coins to an Exchange. We all know what can happen to exchanges, so the less money held there, the better.


WARNING!!! Check your forum URLs carefully and avoid links to phishing sites like 'thebitcointalk' 'bitcointalk.to' and 'BitcointaLLk'
patronis
Sr. Member
****
Offline Offline

Activity: 420
Merit: 250


View Profile
June 30, 2014, 01:19:55 PM
 #5673

Quote
The VeriBit servers don't "hold" your coins for more than 5 minutes. After they receive them and get 4 confirms, they send you your BTC. So the user will never lose. If we have a security flaw (which we are getting audited right now), our pot of BTC could be lost. But I don't think that's a concern since the developer running the server works for the cloud computing division of one of the top software companies in the world... and knows his security.

So once i buy something with VRC , you guys convert to BTC and make the payment? correct? and then what do you do with all does VRC you exchange them to BTC? if so how do you do it? with minpal? crypsy? bittrex?
HoodRich
Newbie
*
Offline Offline

Activity: 40
Merit: 0


View Profile
June 30, 2014, 01:20:37 PM
 #5674

What's up
The hype is not over?
Why the price go up?
Verisend yes Veribit yes but what's coming now?


Hype? What's happening with VRC has not happened ever in Crypto...

If so, reply to this post and name the coin(s).

1. Veribit
2. Verisend
3. Buying BTC via VRC with USD (Soon with a Credit Card) - no more waiting on Coinbase for a week
4. Veribank
5. Awesome, respectable Dev team
6. PR Firm

What coins are you following? We are all ears...
yourstruly
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250


thrasher.


View Profile WWW
June 30, 2014, 01:20:44 PM
 #5675

Your centralized services on vericoin.info are woefully insecure.

The debian 6 server running the site has not been hardened, you can login as root over ssh. There are many many more problems but I don't want to divulge too much as it could hurt a lot of people. The developer can send me a message if they want to talk about this in private.

Yea... ok. VeriBit/VeriSend are hosted on a Windows server.

They are not hosted on a windows server, that is not what I said. They are clearly hosted on debian running a legacy version of apache. I would be even more worried if they were actually on a windows server.

Edit: I'm not trying to spread FUD here, this is a very serious concern with how much money is being pumped into this economy. I'm worried about the alt-currency community more than the price of any individual coin. You can see that from my post history.

This is part of the reason I don't understand quite understand the hype around veribit.  People are saying it makes things so much easier, but does it really?  And at what cost?  The cost of security?  As far as I understand, all veribit does is exchange VRC for BTC, like any other altcoin can already do on any exchange.  Except, with veribit, we are trusting VRC's dev team to handle security on their centralized servers.  I am not saying VRC dev's are untrustworthy at all, but I do question whether they are qualified to keep these services secure.  As for me, I would far more trust services like Mintpal to securely hold and exchange my altcoins for BTC to then use and make purchases.

The VeriBit servers don't "hold" your coins for more than 5 minutes. After they receive them and get 4 confirms, they send you your BTC. So the user will never lose. If we have a security flaw (which we are getting audited right now), our pot of BTC could be lost. But I don't think that's a concern since the developer running the server works for the cloud computing division of one of the top software companies in the world... and knows his security.

Saying he works somewhere and saying he knows his security when this is obviously untrue makes me even more skeptical.

There is no reason root login should be enabled on the server, there is no reason password authentication should even be enabled. You should be logging in through keys. I shouldn't have to say this to someone who "knows their security".

Excoin - Innovative Cryptocurrency Exchange - https://exco.in
keshuker
Sr. Member
****
Offline Offline

Activity: 395
Merit: 250

aka. dibdab


View Profile
June 30, 2014, 01:22:13 PM
 #5676

Your centralized services on vericoin.info are woefully insecure.

The debian 6 server running the site has not been hardened, you can login as root over ssh. There are many many more problems but I don't want to divulge too much as it could hurt a lot of people. The developer can send me a message if they want to talk about this in private.

Yea... ok. VeriBit/VeriSend are hosted on a Windows server.

They are not hosted on a windows server, that is not what I said. They are clearly hosted on debian running a legacy version of apache. I would be even more worried if they were actually on a windows server.

Edit: I'm not trying to spread FUD here, this is a very serious concern with how much money is being pumped into this economy. I'm worried about the alt-currency community more than the price of any individual coin. You can see that from my post history.

This is part of the reason I don't understand quite understand the hype around veribit.  People are saying it makes things so much easier, but does it really?  And at what cost?  The cost of security?  As far as I understand, all veribit does is exchange VRC for BTC, like any other altcoin can already do on any exchange.  Except, with veribit, we are trusting VRC's dev team to handle security on their centralized servers.  I am not saying VRC dev's are untrustworthy at all, but I do question whether they are qualified to keep these services secure.  As for me, I would far more trust services like Mintpal to securely hold and exchange my altcoins for BTC to then use and make purchases.

Veribit provides a centralized exchange based on an average of current exchange rates, if this is not well protected it could be a central point of failure. Looking at the sercurity of the server veribit is running on, I would personally not trust it and I honestly don't believe it adds any technological advancements.

Refreshing with some common sense in this thread
pnosker
Sr. Member
****
Offline Offline

Activity: 504
Merit: 250


View Profile
June 30, 2014, 01:23:33 PM
 #5677

Your centralized services on vericoin.info are woefully insecure.

The debian 6 server running the site has not been hardened, you can login as root over ssh. There are many many more problems but I don't want to divulge too much as it could hurt a lot of people. The developer can send me a message if they want to talk about this in private.

Yea... ok. VeriBit/VeriSend are hosted on a Windows server.

They are not hosted on a windows server, that is not what I said. They are clearly hosted on debian running a legacy version of apache. I would be even more worried if they were actually on a windows server.

Edit: I'm not trying to spread FUD here, this is a very serious concern with how much money is being pumped into this economy. I'm worried about the alt-currency community more than the price of any individual coin. You can see that from my post history.

This is part of the reason I don't understand quite understand the hype around veribit.  People are saying it makes things so much easier, but does it really?  And at what cost?  The cost of security?  As far as I understand, all veribit does is exchange VRC for BTC, like any other altcoin can already do on any exchange.  Except, with veribit, we are trusting VRC's dev team to handle security on their centralized servers.  I am not saying VRC dev's are untrustworthy at all, but I do question whether they are qualified to keep these services secure.  As for me, I would far more trust services like Mintpal to securely hold and exchange my altcoins for BTC to then use and make purchases.

The VeriBit servers don't "hold" your coins for more than 5 minutes. After they receive them and get 4 confirms, they send you your BTC. So the user will never lose. If we have a security flaw (which we are getting audited right now), our pot of BTC could be lost. But I don't think that's a concern since the developer running the server works for the cloud computing division of one of the top software companies in the world... and knows his security.

Saying he works somewhere and saying he knows his security when this is obviously untrue makes me even more skeptical.

There is no reason root login should be enabled on the server, there is no reason password authentication should even be enabled. You should be logging in through keys. I shouldn't have to say this to someone who "knows their security".

Look, I don't know what to tell you. If you're actually concerned you would have PMed me. I don't have shell access to the Dreamhost server that the website is on. What I can tell you, is that the server that hosts all of the apps isn't a *nix server with root access, it's a Windows server hosted by Azure. I would be very skeptical if DreamHost left root access open on their server.

Support the VeriFund Endowment.
VRC: VFEndownxxnHea9mv59kZx8c7TysGbndYx
alwa1
Full Member
***
Offline Offline

Activity: 182
Merit: 100


View Profile
June 30, 2014, 01:24:01 PM
 #5678

Anonymity... anonymity ... anonymity . You know this is still a mirage right, not only for Verycoin, even for Dark, There is some higher level of privacy than bitcoin ofcourse. Even the anonimity Tor network is like french cheese, not for me ofcourse and not for most of you. The value of Vericoin isnt based on anonymity, comunity wanted it thats why it was implemented and it will be improved in time. About all the hype(advertising), I dont see nothing bad, Coca-Cola is where it is because of it, people see it/try it and then they decided is it bad or good. I see capable devolepers wich are working hard and have good ideas, for me this is the importnat thing, you invest in devolepers and what they can do. Even bitcoin is considered as a risky investmest, wont talk about alternative crypto. And guys never risk more than you can afford to lose : )
HoodRich
Newbie
*
Offline Offline

Activity: 40
Merit: 0


View Profile
June 30, 2014, 01:24:55 PM
 #5679

This is part of the reason I don't understand quite understand the hype around veribit.  People are saying it makes things so much easier, but does it really?  

If you don't understand why VeriBit is adding extraordinary value to this coin then that might explain why Cinni is going nowhere. People value convenience. It is an extremely drawn-out and pain-in-ass process to have to transfer coins from your wallet, to an exchange, get a price you want at the time you need it to get BTC and then send those BTC somewhere else.

Instead, you get to keep your BTC in VRC, earning interest while they sleep and, on the occasion you might want to make a small BTC purchase, you can do it in a couple of clicks with no faffing about.

Yes, I know, larger transactions would be better served doing it yourself on an exchange, but people don't spend money in large transactions all the time, they tend to do so in the way that most people spend money, in lots of little transactions, the kind that are perfect for VeriBit.

The wilful nature of the "I don't get why VeriShit is so great!" is starting to wear thin. It is perfectly clear why it is extremely useful a function to have and it is one that is no more centralised than having to send your coins to an Exchange. We all know what can happen to exchanges, so the less money held there, the better.



It like someone walking into Subway saying "Why is Subway so Great? I can make my own sandwich"  Grin ... or Starbucks or McDonalds...

Do you grow your own corn and wheat too and make your own cereal, chips, butter, etc...? or do you go to the grocery store?

Do tell...  Grin
yourstruly
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250


thrasher.


View Profile WWW
June 30, 2014, 01:26:07 PM
 #5680

Your centralized services on vericoin.info are woefully insecure.

The debian 6 server running the site has not been hardened, you can login as root over ssh. There are many many more problems but I don't want to divulge too much as it could hurt a lot of people. The developer can send me a message if they want to talk about this in private.

Yea... ok. VeriBit/VeriSend are hosted on a Windows server.

They are not hosted on a windows server, that is not what I said. They are clearly hosted on debian running a legacy version of apache. I would be even more worried if they were actually on a windows server.

Edit: I'm not trying to spread FUD here, this is a very serious concern with how much money is being pumped into this economy. I'm worried about the alt-currency community more than the price of any individual coin. You can see that from my post history.

This is part of the reason I don't understand quite understand the hype around veribit.  People are saying it makes things so much easier, but does it really?  And at what cost?  The cost of security?  As far as I understand, all veribit does is exchange VRC for BTC, like any other altcoin can already do on any exchange.  Except, with veribit, we are trusting VRC's dev team to handle security on their centralized servers.  I am not saying VRC dev's are untrustworthy at all, but I do question whether they are qualified to keep these services secure.  As for me, I would far more trust services like Mintpal to securely hold and exchange my altcoins for BTC to then use and make purchases.

The VeriBit servers don't "hold" your coins for more than 5 minutes. After they receive them and get 4 confirms, they send you your BTC. So the user will never lose. If we have a security flaw (which we are getting audited right now), our pot of BTC could be lost. But I don't think that's a concern since the developer running the server works for the cloud computing division of one of the top software companies in the world... and knows his security.

Saying he works somewhere and saying he knows his security when this is obviously untrue makes me even more skeptical.

There is no reason root login should be enabled on the server, there is no reason password authentication should even be enabled. You should be logging in through keys. I shouldn't have to say this to someone who "knows their security".

Look, I don't know what to tell you. If you're actually concerned you would have PMed me. I don't have shell access to the Dreamhost server that the website is on. What I can tell you, is that the server that hosts all of the apps isn't a *nix server with root access, it's a Windows server hosted by Azure. I would be very skeptical if DreamHost left root access open on their server.

Why is it running on windows? Windows is known to have a lot of security risks, is not open source and not usually a go to choice for someone who "knows their security".

Excoin - Innovative Cryptocurrency Exchange - https://exco.in
Pages: « 1 ... 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 [284] 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 ... 963 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!