yourstruly
|
|
June 30, 2014, 01:20:44 PM |
|
Your centralized services on vericoin.info are woefully insecure.
The debian 6 server running the site has not been hardened, you can login as root over ssh. There are many many more problems but I don't want to divulge too much as it could hurt a lot of people. The developer can send me a message if they want to talk about this in private.
Yea... ok. VeriBit/VeriSend are hosted on a Windows server. They are not hosted on a windows server, that is not what I said. They are clearly hosted on debian running a legacy version of apache. I would be even more worried if they were actually on a windows server. Edit: I'm not trying to spread FUD here, this is a very serious concern with how much money is being pumped into this economy. I'm worried about the alt-currency community more than the price of any individual coin. You can see that from my post history. This is part of the reason I don't understand quite understand the hype around veribit. People are saying it makes things so much easier, but does it really? And at what cost? The cost of security? As far as I understand, all veribit does is exchange VRC for BTC, like any other altcoin can already do on any exchange. Except, with veribit, we are trusting VRC's dev team to handle security on their centralized servers. I am not saying VRC dev's are untrustworthy at all, but I do question whether they are qualified to keep these services secure. As for me, I would far more trust services like Mintpal to securely hold and exchange my altcoins for BTC to then use and make purchases. The VeriBit servers don't "hold" your coins for more than 5 minutes. After they receive them and get 4 confirms, they send you your BTC. So the user will never lose. If we have a security flaw (which we are getting audited right now), our pot of BTC could be lost. But I don't think that's a concern since the developer running the server works for the cloud computing division of one of the top software companies in the world... and knows his security. Saying he works somewhere and saying he knows his security when this is obviously untrue makes me even more skeptical. There is no reason root login should be enabled on the server, there is no reason password authentication should even be enabled. You should be logging in through keys. I shouldn't have to say this to someone who "knows their security".
|
|
|
|
keshuker
Sr. Member
Offline
Activity: 395
Merit: 250
aka. dibdab
|
|
June 30, 2014, 01:22:13 PM |
|
Your centralized services on vericoin.info are woefully insecure.
The debian 6 server running the site has not been hardened, you can login as root over ssh. There are many many more problems but I don't want to divulge too much as it could hurt a lot of people. The developer can send me a message if they want to talk about this in private.
Yea... ok. VeriBit/VeriSend are hosted on a Windows server. They are not hosted on a windows server, that is not what I said. They are clearly hosted on debian running a legacy version of apache. I would be even more worried if they were actually on a windows server. Edit: I'm not trying to spread FUD here, this is a very serious concern with how much money is being pumped into this economy. I'm worried about the alt-currency community more than the price of any individual coin. You can see that from my post history. This is part of the reason I don't understand quite understand the hype around veribit. People are saying it makes things so much easier, but does it really? And at what cost? The cost of security? As far as I understand, all veribit does is exchange VRC for BTC, like any other altcoin can already do on any exchange. Except, with veribit, we are trusting VRC's dev team to handle security on their centralized servers. I am not saying VRC dev's are untrustworthy at all, but I do question whether they are qualified to keep these services secure. As for me, I would far more trust services like Mintpal to securely hold and exchange my altcoins for BTC to then use and make purchases. Veribit provides a centralized exchange based on an average of current exchange rates, if this is not well protected it could be a central point of failure. Looking at the sercurity of the server veribit is running on, I would personally not trust it and I honestly don't believe it adds any technological advancements. Refreshing with some common sense in this thread
|
|
|
|
pnosker
|
|
June 30, 2014, 01:23:33 PM |
|
Your centralized services on vericoin.info are woefully insecure.
The debian 6 server running the site has not been hardened, you can login as root over ssh. There are many many more problems but I don't want to divulge too much as it could hurt a lot of people. The developer can send me a message if they want to talk about this in private.
Yea... ok. VeriBit/VeriSend are hosted on a Windows server. They are not hosted on a windows server, that is not what I said. They are clearly hosted on debian running a legacy version of apache. I would be even more worried if they were actually on a windows server. Edit: I'm not trying to spread FUD here, this is a very serious concern with how much money is being pumped into this economy. I'm worried about the alt-currency community more than the price of any individual coin. You can see that from my post history. This is part of the reason I don't understand quite understand the hype around veribit. People are saying it makes things so much easier, but does it really? And at what cost? The cost of security? As far as I understand, all veribit does is exchange VRC for BTC, like any other altcoin can already do on any exchange. Except, with veribit, we are trusting VRC's dev team to handle security on their centralized servers. I am not saying VRC dev's are untrustworthy at all, but I do question whether they are qualified to keep these services secure. As for me, I would far more trust services like Mintpal to securely hold and exchange my altcoins for BTC to then use and make purchases. The VeriBit servers don't "hold" your coins for more than 5 minutes. After they receive them and get 4 confirms, they send you your BTC. So the user will never lose. If we have a security flaw (which we are getting audited right now), our pot of BTC could be lost. But I don't think that's a concern since the developer running the server works for the cloud computing division of one of the top software companies in the world... and knows his security. Saying he works somewhere and saying he knows his security when this is obviously untrue makes me even more skeptical. There is no reason root login should be enabled on the server, there is no reason password authentication should even be enabled. You should be logging in through keys. I shouldn't have to say this to someone who "knows their security". Look, I don't know what to tell you. If you're actually concerned you would have PMed me. I don't have shell access to the Dreamhost server that the website is on. What I can tell you, is that the server that hosts all of the apps isn't a *nix server with root access, it's a Windows server hosted by Azure. I would be very skeptical if DreamHost left root access open on their server.
|
Support the VeriFund Endowment. VRC: VFEndownxxnHea9mv59kZx8c7TysGbndYx
|
|
|
alwa1
|
|
June 30, 2014, 01:24:01 PM |
|
Anonymity... anonymity ... anonymity . You know this is still a mirage right, not only for Verycoin, even for Dark, There is some higher level of privacy than bitcoin ofcourse. Even the anonimity Tor network is like french cheese, not for me ofcourse and not for most of you. The value of Vericoin isnt based on anonymity, comunity wanted it thats why it was implemented and it will be improved in time. About all the hype(advertising), I dont see nothing bad, Coca-Cola is where it is because of it, people see it/try it and then they decided is it bad or good. I see capable devolepers wich are working hard and have good ideas, for me this is the importnat thing, you invest in devolepers and what they can do. Even bitcoin is considered as a risky investmest, wont talk about alternative crypto. And guys never risk more than you can afford to lose : )
|
|
|
|
HoodRich
Newbie
Offline
Activity: 40
Merit: 0
|
|
June 30, 2014, 01:24:55 PM |
|
This is part of the reason I don't understand quite understand the hype around veribit. People are saying it makes things so much easier, but does it really? If you don't understand why VeriBit is adding extraordinary value to this coin then that might explain why Cinni is going nowhere. People value convenience. It is an extremely drawn-out and pain-in-ass process to have to transfer coins from your wallet, to an exchange, get a price you want at the time you need it to get BTC and then send those BTC somewhere else. Instead, you get to keep your BTC in VRC, earning interest while they sleep and, on the occasion you might want to make a small BTC purchase, you can do it in a couple of clicks with no faffing about. Yes, I know, larger transactions would be better served doing it yourself on an exchange, but people don't spend money in large transactions all the time, they tend to do so in the way that most people spend money, in lots of little transactions, the kind that are perfect for VeriBit. The wilful nature of the "I don't get why VeriShit is so great!" is starting to wear thin. It is perfectly clear why it is extremely useful a function to have and it is one that is no more centralised than having to send your coins to an Exchange. We all know what can happen to exchanges, so the less money held there, the better. It like someone walking into Subway saying "Why is Subway so Great? I can make my own sandwich" ... or Starbucks or McDonalds... Do you grow your own corn and wheat too and make your own cereal, chips, butter, etc...? or do you go to the grocery store? Do tell...
|
|
|
|
yourstruly
|
|
June 30, 2014, 01:26:07 PM |
|
Your centralized services on vericoin.info are woefully insecure.
The debian 6 server running the site has not been hardened, you can login as root over ssh. There are many many more problems but I don't want to divulge too much as it could hurt a lot of people. The developer can send me a message if they want to talk about this in private.
Yea... ok. VeriBit/VeriSend are hosted on a Windows server. They are not hosted on a windows server, that is not what I said. They are clearly hosted on debian running a legacy version of apache. I would be even more worried if they were actually on a windows server. Edit: I'm not trying to spread FUD here, this is a very serious concern with how much money is being pumped into this economy. I'm worried about the alt-currency community more than the price of any individual coin. You can see that from my post history. This is part of the reason I don't understand quite understand the hype around veribit. People are saying it makes things so much easier, but does it really? And at what cost? The cost of security? As far as I understand, all veribit does is exchange VRC for BTC, like any other altcoin can already do on any exchange. Except, with veribit, we are trusting VRC's dev team to handle security on their centralized servers. I am not saying VRC dev's are untrustworthy at all, but I do question whether they are qualified to keep these services secure. As for me, I would far more trust services like Mintpal to securely hold and exchange my altcoins for BTC to then use and make purchases. The VeriBit servers don't "hold" your coins for more than 5 minutes. After they receive them and get 4 confirms, they send you your BTC. So the user will never lose. If we have a security flaw (which we are getting audited right now), our pot of BTC could be lost. But I don't think that's a concern since the developer running the server works for the cloud computing division of one of the top software companies in the world... and knows his security. Saying he works somewhere and saying he knows his security when this is obviously untrue makes me even more skeptical. There is no reason root login should be enabled on the server, there is no reason password authentication should even be enabled. You should be logging in through keys. I shouldn't have to say this to someone who "knows their security". Look, I don't know what to tell you. If you're actually concerned you would have PMed me. I don't have shell access to the Dreamhost server that the website is on. What I can tell you, is that the server that hosts all of the apps isn't a *nix server with root access, it's a Windows server hosted by Azure. I would be very skeptical if DreamHost left root access open on their server. Why is it running on windows? Windows is known to have a lot of security risks, is not open source and not usually a go to choice for someone who "knows their security".
|
|
|
|
yourstruly
|
|
June 30, 2014, 01:26:46 PM |
|
This is part of the reason I don't understand quite understand the hype around veribit. People are saying it makes things so much easier, but does it really? If you don't understand why VeriBit is adding extraordinary value to this coin then that might explain why Cinni is going nowhere. People value convenience. It is an extremely drawn-out and pain-in-ass process to have to transfer coins from your wallet, to an exchange, get a price you want at the time you need it to get BTC and then send those BTC somewhere else. Instead, you get to keep your BTC in VRC, earning interest while they sleep and, on the occasion you might want to make a small BTC purchase, you can do it in a couple of clicks with no faffing about. Yes, I know, larger transactions would be better served doing it yourself on an exchange, but people don't spend money in large transactions all the time, they tend to do so in the way that most people spend money, in lots of little transactions, the kind that are perfect for VeriBit. The wilful nature of the "I don't get why VeriShit is so great!" is starting to wear thin. It is perfectly clear why it is extremely useful a function to have and it is one that is no more centralised than having to send your coins to an Exchange. We all know what can happen to exchanges, so the less money held there, the better. It like someone walking into Subway saying "Why is Subway so Great? I can make my own sandwich" ... or Starbucks or McDonalds... Do you grow your own corn and wheat too and make your own cereal, chips, butter, etc...? or do you go to the grocery store? Do tell... These are not analogous at all.
|
|
|
|
gpools
|
|
June 30, 2014, 01:27:07 PM |
|
Your centralized services on vericoin.info are woefully insecure.
The debian 6 server running the site has not been hardened, you can login as root over ssh. There are many many more problems but I don't want to divulge too much as it could hurt a lot of people. The developer can send me a message if they want to talk about this in private.
Yea... ok. VeriBit/VeriSend are hosted on a Windows server. They are not hosted on a windows server, that is not what I said. They are clearly hosted on debian running a legacy version of apache. I would be even more worried if they were actually on a windows server. The "centralized services" aka VeriSend and VeriBit are hosted on verisend.vericoin.info. Do you mean vericoin.info? Those are on a webserver from DreamHost... if those have some sort of issue-- please PM me and let me know what could be wrong. I've never used DreamHost before a week ago and don't even see any SSH access available. high security
|
|
|
|
T.Stuart
|
|
June 30, 2014, 01:28:04 PM |
|
...centralized exchange...
Bitstamp, Kraken, Bitfinex, etc. etc. etc.
|
|
|
|
BlackShibe1
|
|
June 30, 2014, 01:28:30 PM |
|
What's up The hype is not over? Why the price go up? Verisend yes Veribit yes but what's coming now?
Hype? What's happening with VRC has not happened ever in Crypto... If so, reply to this post and name the coin(s). 1. Veribit 2. Verisend 3. Buying BTC via VRC with USD (Soon with a Credit Card) - no more waiting on Coinbase for a week 4. Veribank 5. Awesome, respectable Dev team 6. PR Firm What coins are you following? We are all ears... VRC on coinbase? What is Veribank? I heard some rumors with Microsoft
|
Lisk | . Develop Decentralized Applications & Sidechains in JavaScript with Lisk! Website | Blog | BTT Thread | Chat - Be part of the decentralized application movement! |
|
|
|
yourstruly
|
|
June 30, 2014, 01:31:14 PM |
|
I stand corrected, veribit and verisend are ran from a Windows server which is even more troublesome running Microsoft-IIS/8.0.
|
|
|
|
yourstruly
|
|
June 30, 2014, 01:32:06 PM |
|
...centralized exchange...
Bitstamp, Kraken, Bitfinex, etc. etc. etc. These ones were not thrown together by a person/team trying to also create a cryptocurrency, these are highly polished exchanges with a lot of investment in security and infrastructure. They are also not run on windows servers.
|
|
|
|
cryptodevil
Legendary
Offline
Activity: 2240
Merit: 1254
Thread-puller extraordinaire
|
|
June 30, 2014, 01:32:17 PM |
|
These are not analogous at all. Ok, how about this for comparable analogy for what VeriBit represents to crypto: McDonalds drive-thru service. Only, in this case, it's a drive-thru service where you get to keep your money, not in your analogue wallet, but in a digital interest-earning savings account and pay out only that which is needed for your purchase.
|
WARNING!!! Check your forum URLs carefully and avoid links to phishing sites like 'thebitcointalk' 'bitcointalk.to' and 'BitcointaLLk'
|
|
|
yourstruly
|
|
June 30, 2014, 01:33:06 PM |
|
These are not analogous at all. Ok, how about this for comparable analogy for what VeriBit represents to crypto: McDonalds drive-thru service. Only, in this case, it's a drive-thru service where you get to keep your money, not in your analogue wallet, but in a digital interest-earning savings account and pay only that is needed for your purchase. Its analogous to McDonalds in the sense that the pictures on the outside don't represent what is actually being fed to the people on the inside.
|
|
|
|
leckey
|
|
June 30, 2014, 01:33:19 PM |
|
I stand corrected, veribit and verisend are ran from a Windows server which is even more troublesome running Microsoft-IIS/8.0.
Could probably be explained by the fact that one of the devs is a programmer at Microsoft......
|
|
|
|
ringsting
Newbie
Offline
Activity: 24
Merit: 0
|
|
June 30, 2014, 01:33:46 PM |
|
Your centralized services on vericoin.info are woefully insecure.
The debian 6 server running the site has not been hardened, you can login as root over ssh. There are many many more problems but I don't want to divulge too much as it could hurt a lot of people. The developer can send me a message if they want to talk about this in private.
Yea... ok. VeriBit/VeriSend are hosted on a Windows server. They are not hosted on a windows server, that is not what I said. They are clearly hosted on debian running a legacy version of apache. I would be even more worried if they were actually on a windows server. Edit: I'm not trying to spread FUD here, this is a very serious concern with how much money is being pumped into this economy. I'm worried about the alt-currency community more than the price of any individual coin. You can see that from my post history. This is part of the reason I don't understand quite understand the hype around veribit. People are saying it makes things so much easier, but does it really? And at what cost? The cost of security? As far as I understand, all veribit does is exchange VRC for BTC, like any other altcoin can already do on any exchange. Except, with veribit, we are trusting VRC's dev team to handle security on their centralized servers. I am not saying VRC dev's are untrustworthy at all, but I do question whether they are qualified to keep these services secure. As for me, I would far more trust services like Mintpal to securely hold and exchange my altcoins for BTC to then use and make purchases. The VeriBit servers don't "hold" your coins for more than 5 minutes. After they receive them and get 4 confirms, they send you your BTC. So the user will never lose. If we have a security flaw (which we are getting audited right now), our pot of BTC could be lost. But I don't think that's a concern since the developer running the server works for the cloud computing division of one of the top software companies in the world... and knows his security. Saying he works somewhere and saying he knows his security when this is obviously untrue makes me even more skeptical. There is no reason root login should be enabled on the server, there is no reason password authentication should even be enabled. You should be logging in through keys. I shouldn't have to say this to someone who "knows their security". Dude, you are embarrassing yourself. It's obvious that you have a little bit of knowledge but not much. You're saying the website is hosted on a nix box that isn't secure. He is saying the apps aren't hosted on that box, even if the Linux box isn't secure the services aren't even hosted on that machine.
|
|
|
|
yourstruly
|
|
June 30, 2014, 01:34:28 PM |
|
I stand corrected, veribit and verisend are ran from a Windows server which is even more troublesome running Microsoft-IIS/8.0.
Could probably be explained by the fact that one of the devs is a programmer at Microsoft...... Are you saying this like that is a good thing? Because most programmers who know anything would be embarrassed to admit that.
|
|
|
|
pratico
Newbie
Offline
Activity: 28
Merit: 0
|
|
June 30, 2014, 01:34:34 PM |
|
What's up The hype is not over? Why the price go up? Verisend yes Veribit yes but what's coming now?
Hype? What's happening with VRC has not happened ever in Crypto... If so, reply to this post and name the coin(s). 1. Veribit 2. Verisend 3. Buying BTC via VRC with USD (Soon with a Credit Card) - no more waiting on Coinbase for a week 4. Veribank 5. Awesome, respectable Dev team 6. PR Firm What coins are you following? We are all ears... 1. All veribit does is exchange VRC for BTC, with a 1 btc cap. ANY altcoin can currently be exchanged for BTC on ANY exchange, with NO cap. Also, it is centralized and we are trusting vrc dev team to handle security... this is extremely sketchy. 2. Verisend is centralized and trusted (as opposed to decentralized and trustless). Anyone using verisend can have no hope to remain anonymous. 3. Buying VRC with a credit card - this option will be provided by a 3rd party vendor that is NOT, I repeat, NOT VRC exclusive. They will offer the same service for other altcoins.
|
|
|
|
P0PFrag
Newbie
Offline
Activity: 13
Merit: 0
|
|
June 30, 2014, 01:34:40 PM |
|
Windows servers are exceptionally secure. Linux has its perks but your average Joe will only run a Linux server for the 1 key point of free. I manage enterprise windows servers for a living. You set proper measures and your just as secure if not more secure then any linux box. The ONLY thing a Linux server has over windows is stability over longevity of up time.
|
|
|
|
cryptodevil
Legendary
Offline
Activity: 2240
Merit: 1254
Thread-puller extraordinaire
|
|
June 30, 2014, 01:35:31 PM |
|
Its analogous to McDonalds in the sense that the pictures on the outside don't represent what is actually being fed to the people on the inside. . . . . .and there was the exact point your mask slipped. Now you're just clearly FUDing.
|
WARNING!!! Check your forum URLs carefully and avoid links to phishing sites like 'thebitcointalk' 'bitcointalk.to' and 'BitcointaLLk'
|
|
|
|