CampBX a scam or just incompetent?

[misterbigg]

For a company that tries to position itself as a "Trusted Bitcoin Platform", I find these facts disturbing:

- Anyone can reset anyone else's password by knowing their user name

- The "change password" form only has one field for "New Password" instead of two, allowing for user error.

[kiba]

You shouldn't call it a scam based on merely bad security practice.

[BadBear]

That doesn't make it a scam...

[URSAY]

EVERYONE IS A SCAM.   

 

[John (John K.)]

For a company that tries to position itself as a "Trusted Bitcoin Platform", I find these facts disturbing:

- Anyone can reset anyone else's password by knowing their user name

- The "change password" form only has one field for "New Password" instead of two, allowing for user error.

Uh, I think rewording 'scam' to sloppy would be better in this case.

[Stephen Gornick]

For a company that tries to position itself as a "Trusted Bitcoin Platform", I find these facts disturbing:

- Anyone can reset anyone else's password by knowing their user name

- The "change password" form only has one field for "New Password" instead of two, allowing for user error.

They have two-factor authentication (using SMS text messaging).

[finkleshnorts]

For a company that tries to position itself as a "Trusted Bitcoin Platform", I find these facts disturbing:

- Anyone can reset anyone else's password by knowing their user name

- The "change password" form only has one field for "New Password" instead of two, allowing for user error.

Uh, I think rewording 'scam' to sloppy would be better in this case.

CampBX is a sloppy?

[John (John K.)]

For a company that tries to position itself as a "Trusted Bitcoin Platform", I find these facts disturbing:

- Anyone can reset anyone else's password by knowing their user name

- The "change password" form only has one field for "New Password" instead of two, allowing for user error.

Uh, I think rewording 'scam' to sloppy would be better in this case.

CampBX is a sloppy?

Oops, forgot about the a. Make it rewording 'a scam' to 'sloppy' instead. 

[Littleshop]

For a company that tries to position itself as a "Trusted Bitcoin Platform", I find these facts disturbing:

- Anyone can reset anyone else's password by knowing their user name

- The "change password" form only has one field for "New Password" instead of two, allowing for user error.

They have two-factor authentication (using SMS text messaging).

I asked for this, they said it is not available currently though soon it should be.  Does anyone have this working?

[Stephen Gornick]

I asked for this, they said it is not available currently though soon it should be.  Does anyone have this working?

Are you outside the U.S.?

[URSAY]

I've used Camp BX a few times.  It was quick and easy.  Thanks Camp BX!   

[smoothie]

For a company that tries to position itself as a "Trusted Bitcoin Platform", I find these facts disturbing:

- Anyone can reset anyone else's password by knowing their user name

- The "change password" form only has one field for "New Password" instead of two, allowing for user error.

Really? So not only do you have to keep your password super secret you have to keep your username super extra mega secret?

Wow...just .... wow...

These guys were on "the bitcoin show" ....

No wonder...

 

[Keyur @ Camp BX]

For a company that tries to position itself as a "Trusted Bitcoin Platform", I find these facts disturbing:

- Anyone can reset anyone else's password by knowing their user name

- The "change password" form only has one field for "New Password" instead of two, allowing for user error.

Hi Bigg,

I would like to clarify that this was never a security risk as the password goes to the original registered email address, and not displayed on screen.  Worst case scenario is that someone with too much time on their hands can annoy you with repeat password resets.

Point noted though - we are reworking the PW reset code to be annoyance-proof and will deploy the update shortly.

- Keyur

[misterbigg]

I would like to clarify that this was never a security risk as the password goes to the original registered email address, and not displayed on screen.

The fact is that a programmer implemented the password reset incorrectly. Whoever was writing the code should have known better - this points to a management problem. It's a rookie mistake.

If a visible rookie mistake like this is possible at CampBX, who knows what other invisible mistakes were made?

[URSAY]

I've been waiting for 48 hours on a support response of any kind.  How long do they usually take?

[URSAY]

Just heard back from Camp BX.  Issue resolved.  Another win for Camp BX.  Thanks!   

[mikeh53]

Dont know waht would you guys call this as.. 'Scam' or 'Just Incompetent' or 'Something Else'

CampBX scam mail going around again


Here's the text

    "Hello,

    We are making a maintenance on our servers due to a technical problem for the next 24 hours. So, as you can see CampBX.com is already offline, you will have to logging in on the following link:

    http://www.campbx.com.co/

    It is recommended that you activate your double authenticator before logging in. We are sorry for the inconvenience and doing our best to resolve this problem.

    If you have any questions, please contact us at https://CampBX.com/contact.php or refer to the FAQ page at https://CampBX.com/faq.php for >more information.

    Thank you, CampBX Team"

Obvious scam is obvious.

http://newsbitcoin.com/?p=34696

http://www.bitcoinregime.com/2014/01/24/campbx-scam-mail-going-around-again/

[em23black]

CampBX is an Indian Scam, not an American Site
http://www.bitcoinfeed.net/news/campbx-is-an-indian-scam-not-an-american-site