Thanks a lot Nefario!
Regarding the security... im feeling still a bit insecure about the safety of the platform. I mean there once was a big platform mtgox that seemed to be very professional but still there was a way to hack it.
So can you say some words about how good you or your coder are regarding making a website safe against being hacked? Or if someone that knows how to secure it tested it against vulnerabilities?
This almost sounds like a threat.
If you have any information on any vulnerabilities in the GLBSE system them please let me know and I'll address them immediately.
GLBSE has been running in it's variations for nearly a year and 1/2, we've had a few bumps along the way where unique bugs (that could be exploited) were found (and patched immediately).
I'm not a "security expert", I have no qualification or official training. I have only show the current GLBSE code to 2 other people, neither of which were security experts.
What I am though is nothing short of paranoid, and have lost quite a lot of my hairline ensuring that GLBSE is as secure as I can make it.
We don't suffer from some of the more run of the mill security vulnerabilities such as SQL injections, CSRF and XSS. We don't run our site on a VPS (although we do use VPS's to serve content). Passwords are bcrypt stored, although we could probably do with adding a few more rounds than what is currently there *mental note*.
I'm the only person who has access to the server (bar the staff at the datacenter), I only use SSH keys and not passwords. We keep less than 1500BTC in our hot wallet, our main server is behind cloudflare CDN.
The database itself is backed up every couple of hours to an encrypted file storage utility.
A large part of the horrible performance of GLBSE over the last couple of months is not just that the number of users (and bots) have grown dramatically, but also that the architecture of the system as it was didn't allow for safe parallel computing (i.e. running it on more than one machine). It's created a major bottleneck that is only now about to be bypassed, all for the sake of security.
I'm not going to go out there and trump about how awesome our security is as that's only going to tempt fate, we'll just sit here, quietly doing our job.
As a user (of any bitcoin service, not just GLBSE) I would say to keep as little of your bitcoin in the site as you need to, keep the rest offline. Never re-use a password. GLBSE accounts do get compromised and it is always as a result of password re-use.