Author

Topic: An exchange as strong as the bitcoin network needs to be developed (Read 1341 times)

full member
Activity: 164
Merit: 100
An exchange as strong as the bitcoin network needs to be developed.  P2P power, network trade system...

I've been working on a p2p bitcoin exchange for a couple months now. I'm pretty close to an initial release.

Here's the code: https://github.com/macourtney/Dark-Exchange
member
Activity: 70
Merit: 10
...
LOL. PCI-DSS is pure marketing towards consumers. Look at some of these requirements:
....
Duh.

Most of the requirements are "Duh" common sense. They also require testing, and have audit controls or compensating controls to identify issues early and mitigate them before they become a disaster. (in theory, see how Sony messed up PA-DSS compliance Smiley

Sure, I hate PCI-DSS bureaucracy as much as the next person, but the fact remains too many of these vulnerabilities arise from "Duh" stupid stuff they've overlooked. MtGox isn't even trying!

If you adhere to common technical standards and practices (PCI-DSS, OWASP, etc.) you're at least making an effort and protecting against the stupid stuff. Almost none of these exchangers are even doing that basic level of due diligence!
sr. member
Activity: 420
Merit: 250
for those of you who have read (and understood) the white paper:

did master Satoshi have any suggestions for this kind of a situation (failed exchanges)?
full member
Activity: 168
Merit: 100
God creats math and math creats bitcoin.
An exchange as strong as the bitcoin network needs to be developed...

These exchanges are dealing with big sums. In typical industry such systems are at least engineered to PCI-DSS standards with the software itself passing PA-DSS audit and requirements.

How many exchangers audit their systems? (appear to be none)
How many exchangers have per-account controls on funds? (A few now, it seems)
How many exchangers use hardware security modules to protect records? (appear to be none)
How many exchangers use a red-team or pen-test specialists to look for holes? (appear to be none)

This is pretty lame and these exchangers are fairly untrustworthy! (by nature of their vulnerability regardless of intent.)

Those service which provided by 1-man start-up is going to be replaced by entrepreneurs.
member
Activity: 70
Merit: 10
An exchange as strong as the bitcoin network needs to be developed...

These exchanges are dealing with big sums. In typical industry such systems are at least engineered to PCI-DSS standards with the software itself passing PA-DSS audit and requirements.

How many exchangers audit their systems? (appear to be none)
How many exchangers have per-account controls on funds? (A few now, it seems)
How many exchangers use hardware security modules to protect records? (appear to be none)
How many exchangers use a red-team or pen-test specialists to look for holes? (appear to be none)

This is pretty lame and these exchangers are fairly untrustworthy! (by nature of their vulnerability regardless of intent.)

LOL, I actually have a VPS that is PCI-DSS certified as a Level 4 merchant. Its sad to see that major Bitcoin exchanges don't have this in place. Sad
member
Activity: 70
Merit: 10
An exchange as strong as the bitcoin network needs to be developed...

These exchanges are dealing with big sums. In typical industry such systems are at least engineered to PCI-DSS standards with the software itself passing PA-DSS audit and requirements.

How many exchangers audit their systems? (appear to be none)
How many exchangers have per-account controls on funds? (A few now, it seems)
How many exchangers use hardware security modules to protect records? (appear to be none)
How many exchangers use a red-team or pen-test specialists to look for holes? (appear to be none)

This is pretty lame and these exchangers are fairly untrustworthy! (by nature of their vulnerability regardless of intent.)
full member
Activity: 126
Merit: 100
I already suggested this, but I got poopooed, maybe people will take the idea seriously now.
sr. member
Activity: 700
Merit: 250
An exchange as strong as the bitcoin network needs to be developed.  P2P power, network trade system.
Maybe even become part of the bitcoin client.
Wonder if its possible.



hell yeah, seems like mtgodox is down now, was this a denial of service attack?

http://pastebin.com/J0HXBjWu
member
Activity: 126
Merit: 60
An exchange as strong as the bitcoin network needs to be developed.  P2P power, network trade system.
Maybe even become part of the bitcoin client.
Wonder if its possible.

Jump to: