Author

Topic: [ANN] Free Exchange Listing @ Altilly Exchange (September) (Read 178 times)

jr. member
Activity: 64
Merit: 3

Quote
This is the most foolish response from a business owner that i ever heard, at least he should appreciate your concern.


Taken out of context, sure.    But after dealing with this guy making one false claim after another..   I saw no reason to lose any more sleep over it.

Had there been any valid claims, then of course I would have stayed up all night to fix.

- Mike
jr. member
Activity: 64
Merit: 3
Unsure why this guy keeps posting FUD.

Here are his "3 claims"... 

#1 .. "you store passwords in plain text"

Answer:   No.  We do not store passwords unencrypted.   That would be stupid.    We send a temporary system generated password to the user on signup (and store that encrypted).    The user will need to change the temporary password when logging in for the first time.   (This helps us to validate that users who login can get our emails)

# 2 .. "you allow bitcoin deposits before they get 1 confirm"

Answer:   No.  Our minimum confirms for BTC is 3 confirmations.   No idea where he got this idea from, he provided no further details.  Most of the other coins we list require more than 3 confirms.


# 3 .. "hackers can know you are using PHP"

Answer:   This isn't a security issue.    Most websites these days are either PHP or NodeJS.    Just knowing the main programming language doesn't really give hackers much of an edge.


In any case, thanks for the attention!  Smiley

- Mike
sr. member
Activity: 1175
Merit: 275
Quote
email WITH MY PASSWORD INSIDE IN PLAIN TEXT!
I am not really sure how this can be a security threat, because www.altilly.com and other exchanges have other security checks like ip, 2Factor Authentication etc.

Above all,

Quote
ok, well, i'm going back to bed.  got a phone call waking me up about this.    you can leave messages here
This is the most foolish response from a business owner that i ever heard, at least he should appreciate your concern.
jr. member
Activity: 244
Merit: 1
WARNING THIS EXCHANGE HAS A SERIOUS SECURITY ISSUE

I registered to this site and got an email WITH MY PASSWORD INSIDE IN PLAIN TEXT!

This is a SERIOUS security issue, as it shows that

1) This exchange is storing passwords in plain text somewhere on their database.
2) They don't realise how terrible the practice of emailing users their passwords is

Be very careful and request that the developers confirm their password security practices. We do not want another compromised exchange that leaks users' passwords to the world.

When I contacted the developers on the issue, they basically snobbed me off and didn't listen, his final message to me was:

Code:
ok, well, i'm going back to bed.  got a phone call waking me up about this.    you can leave messages here


This is after I pointed out three vulnerabilities with the exchange within 10 minutes of looking


If you plan on using this exchange, please proceed with EXTREME caution. Too many people are being compromised these days
copper member
Activity: 167
Merit: 12
Hodler Enterprises
✦ Special Offer until the end of September ✦

QAE-1 Token: FREE of Charge
ERC-20 Token: FREE of Charge
Any other token: 0.10 BTC
Coin: 0.15 BTC

Apply for listing: http://altilly.com/page/addasset

*Note: You will need to be the developer of any asset submitted. Developer name included  (KYC required for devs)

Requirements for listing your asset on the Altilly Exchange:

- KYC Verified account at Altilly.
- Only a core team member of the project can apply for listing.
- Website dedicated to the asset.
- Block explorer for the asset.
- Solid product with real use-case (or planned use-case per white paper).
- At least 1 social group with user activity. (ie. discord, telegram, slack etc.)
- Announcement thread. (ie. bitcointalk, medium etc.)
- The project is no longer ICO phase.
- Tokenomics: Proof that at least 60% of the circulating supply has been distributed.





Jump to: