[BitcoinMax.com] Closed - page 93. | Bitcointalksearch.org

ErebusBat

hero member

Activity: 560

Merit: 500

I am the one who knocks

Quote from: dooglus on July 13, 2012, 12:41:04 PM

Quote from: ErebusBat on July 13, 2012, 12:20:36 PM

I actually am perfectly happy with having to PM for a withdrawal. This means that a hacker would have to compromise BOTH my bitcoinmax account AND my forum account to steal funds.

I don't know how withdrawals work, but wouldn't the attacker be able to get your funds without access to your bitcoinmax account?

First PM saying "please change my withdrawal address", then PM again a few days later saying "please send 100 BTC".

They'd have to guess how much you had in your account I guess, and going over might tip payb.tc off that something fishy was going on.

Is there something in place to prevent this attack?

This is a very good point.

Personally I would prefer that *any* withdrawal requests would be GPG signed; however it isn't reasonable to assume that payb.tc accomodate the 14,001 different ways people want this handled.

Putting myself in his shoes I am not sure how I would want to handle that where it would provide good security vs easy management. Remember guys he is only getting %0.1 which is not alot.

DutchBrat

hero member

Activity: 868

Merit: 1000

I'm not going to withdraw anytime soon

Either I end up with all coins or pirate defaults: game over!

The way it has to be Grin

Otoh

donator

Activity: 3108

Merit: 1166

Someone else that I lent to recently I asked them to never change my withdrawal address without first checking with me via either email or Skype, I must get around to setting this up with Bitcoin Max too, I don't save a copy of the PM with my contact info on it either.

fatigue

full member

Activity: 196

Merit: 100

Bitcoin is a food group.

Quote from: dooglus on July 13, 2012, 12:41:04 PM

First PM saying "please change my withdrawal address", then PM again a few days later saying "please send 100 BTC".

They'd have to guess how much you had in your account I guess, and going over might tip payb.tc off that something fishy was going on.

That is unless they just asked to withdraw 'all'

dooglus

legendary

Activity: 2940

Merit: 1333

Quote from: ErebusBat on July 13, 2012, 12:20:36 PM

I actually am perfectly happy with having to PM for a withdrawal. This means that a hacker would have to compromise BOTH my bitcoinmax account AND my forum account to steal funds.

I don't know how withdrawals work, but wouldn't the attacker be able to get your funds without access to your bitcoinmax account?

First PM saying "please change my withdrawal address", then PM again a few days later saying "please send 100 BTC".

They'd have to guess how much you had in your account I guess, and going over might tip payb.tc off that something fishy was going on.

Is there something in place to prevent this attack?

ErebusBat

hero member

Activity: 560

Merit: 500

I am the one who knocks

Quote from: dlasher on July 13, 2012, 12:05:23 PM

imho, with the addition of SSL, it's perfect as it stands.. I hope his security is better than bitcoinica..

My only "wishlist" would be a form of some sort to request a withdrawl, save the email.

I actually am perfectly happy with having to PM for a withdrawal. This means that a hacker would have to compromise BOTH my bitcoinmax account AND my forum account to steal funds.

Just my 2 cents.

dlasher

sr. member

Activity: 467

Merit: 250

imho, with the addition of SSL, it's perfect as it stands.. I hope his security is better than bitcoinica..

My only "wishlist" would be a form of some sort to request a withdrawl, save the email.

payb.tc

hero member

Activity: 812

Merit: 1000

Quote from: NothinG on July 13, 2012, 04:17:21 AM

Quote from: Dice on July 13, 2012, 03:38:24 AM

Hey payb.tc,

Ever thought coding up a new section allowing users to create Pass Through's from BitcoinMax. It will be a double pass through lol. I might help you out with all the processing time it takes to manage accounts? Or is this not possible?

If it isn't an issue then thats cool.

He still hasn't setup the automation for new accounts, let alone automatic withdraws. So, I think even if this where "wanted to be done," he'd still need to code everything else in place to make sure it stays secure.

sorry not a priority, dice. (i'm not even sure what benefit it would bring - you mean for those people who can't afford 5 btc ? ).

if i thought managing many accounts was a real problem, i wouldn't have dropped the minimum from 10 to 5 btc.

NothinG

hero member

Activity: 560

Merit: 500

Quote from: Dice on July 13, 2012, 03:38:24 AM

Hey payb.tc,

Ever thought coding up a new section allowing users to create Pass Through's from BitcoinMax. It will be a double pass through lol. I might help you out with all the processing time it takes to manage accounts? Or is this not possible?

If it isn't an issue then thats cool.

He still hasn't setup the automation for new accounts, let alone automatic withdraws. So, I think even if this where "wanted to be done," he'd still need to code everything else in place to make sure it stays secure.

Dice

member

Activity: 69

Merit: 10

Hey payb.tc,

Ever thought coding up a new section allowing users to create Pass Through's from BitcoinMax. It will be a double pass through lol. I might help you out with all the processing time it takes to manage accounts? Or is this not possible?

If it isn't an issue then thats cool.

fluxlite

newbie

Activity: 33

Merit: 0

Quote from: Michail1 on July 12, 2012, 10:18:06 AM

Quote from: payb.tc on July 11, 2012, 10:38:03 PM

okay i guess i should probably point it out to everyone else for the sake of security Cheesy

SSL has been installed and the link is now https://bitcoinmax.com

Issue I think should be resolved.

HTTP also works. This should be a forced redirect to HTTPS.

This.

And thanks for implementing this - for the sake of what it costs it was well worth it.

Michail1

legendary

Activity: 1499

Merit: 1164

Quote from: payb.tc on July 11, 2012, 10:38:03 PM

okay i guess i should probably point it out to everyone else for the sake of security Cheesy

SSL has been installed and the link is now https://bitcoinmax.com

Issue I think should be resolved.

HTTP also works. This should be a forced redirect to HTTPS.

Murdaversa

member

Activity: 77

Merit: 10

Quote from: payb.tc on July 12, 2012, 12:44:16 AM

Quote from: Murdaversa on July 12, 2012, 12:40:00 AM

Quote from: payb.tc on July 11, 2012, 10:38:03 PM

Quote from: NothinG on July 11, 2012, 09:59:38 PM

Quote from: payb.tc on July 11, 2012, 08:59:25 PM

OP has been updated... see if you can spot the difference Cheesy

I have to admit, it took me longer that it should to figure it out.

okay i guess i should probably point it out to everyone else for the sake of security Cheesy

SSL has been installed and the link is now https://bitcoinmax.com

what i saw was you dropped the minimum deposit to 5btc, i guess i didnt look hard enough

oh that's old news... like at least 3 days ago Cheesy

ok, the SSL is definitely better news!
i would also like to thank you for making my experience with bitcoinmax.com easy and trouble free! i might be moving more btc here very soon... (murdaversa thinks about giving up on traditional banks.. Grin

)

payb.tc

hero member

Activity: 812

Merit: 1000