Author

Topic: [BTC-TC] Virtual Community Exchange [CLOSED] - page 117. (Read 316534 times)

legendary
Activity: 1106
Merit: 1006
Lead Blockchain Developer
Trading has been halted until I can figure out with certainty there are no implications with the blockchain fork.  Impact should be minimal, we're on a customized version of 0.7.2.

Sorry about the inconvenience, but better safe than sorry.

hero member
Activity: 868
Merit: 1000
Hi Burnside,

How long does the manual withdrawal take on average? Does it depend on moving Btc to a hot wallet?

Thanks

Depends on time of day and what the balance is in the hot wallet.  I try to process them a minimum of twice a day, even on the weekends, and it does occasionally get hung up if there's not enough in the hot wallet and I have to spin up the cold wallet.

Cheers.


And you just processed Smiley

Thanks !!!
legendary
Activity: 1106
Merit: 1006
Lead Blockchain Developer
Hi Burnside,

How long does the manual withdrawal take on average? Does it depend on moving Btc to a hot wallet?

Thanks

Depends on time of day and what the balance is in the hot wallet.  I try to process them a minimum of twice a day, even on the weekends, and it does occasionally get hung up if there's not enough in the hot wallet and I have to spin up the cold wallet.

Cheers.
hero member
Activity: 868
Merit: 1000
Hi Burnside,

How long does the manual withdrawal take on average? Does it depend on moving Btc to a hot wallet?

Thanks
legendary
Activity: 1106
Merit: 1006
Lead Blockchain Developer
The status for incoming deposits is still not working.
I think it is because I have multiple addresses. Used to work fine a few weeks ago when I had only one address.

Something happened when I increased the keypoolsize on our bitcoind.  A listtransactions no longer displays in chronological order.  I used to "listtransactions [account] 50" and now that brings up transactions weeks old on my account and another account I was looking at.  This has broken the deposit display, and the creation of the deposit entries in the db.  I'm trying to figure out if there's any way to fix it.  Will keep you posted.

Cheers.
hero member
Activity: 968
Merit: 515
The status for incoming deposits is still not working.
I think it is because I have multiple addresses. Used to work fine a few weeks ago when I had only one address.
legendary
Activity: 1106
Merit: 1006
Lead Blockchain Developer
Could you push through my withdrawal on ltcglobal?

Also, is it possible to get the manual limit raised and/or removed?  I do a lot of day trading, and I need better liquidity.

I have a way to flag users to allow a 2x higher withdrawal limit.  Please PM me your username (and which exchange) if you would like this turned on for your account.

Cheers.
hero member
Activity: 518
Merit: 500
Could you push through my withdrawal on ltcglobal?

Also, is it possible to get the manual limit raised and/or removed?  I do a lot of day trading, and I need better liquidity.
legendary
Activity: 1106
Merit: 1006
Lead Blockchain Developer
Details regarding the dead mans switch and what to do if anything happens to me are now in the FAQ when logged in.

Bottom line, life will go on without me.  Wink



legendary
Activity: 1106
Merit: 1006
Lead Blockchain Developer
So if the Google Authenticator should only show 1 time why does it show again if I change the settings?  Or is that a different key then the original time is showed in case I wanted to reset it to a new one?

It does show when changing the settings as well, but changing the settings requires the same PIN.  Both those PIN requirements need to be swapped out for gAuth requirements.  Will try to get that patched today.

Cheers.
hero member
Activity: 763
Merit: 500
So if the Google Authenticator should only show 1 time why does it show again if I change the settings?  Or is that a different key then the original time is showed in case I wanted to reset it to a new one?
member
Activity: 84
Merit: 10
Weighted companion cube
Just a heads up looks like Mpex was hacked as it's redirecting too.

http://www.whitehouse.gov/

Hope you are secure.

Gee, if only there was some kind of bitcoin-like, proof-of-work based DNS that was impervious to these kind of redirect shenanigans.

Oh wait, .bit and namecoin are well known technologies, but too many sheeple ignored them and not it's almost too late.

 Undecided

/THEY DIDN'T LISTEN!!!!1
Mircea Popescu redirected it to the whitehouse.gov for lols.
legendary
Activity: 2156
Merit: 1072
Crypto is the separation of Power and State.
Just a heads up looks like Mpex was hacked as it's redirecting too.

http://www.whitehouse.gov/

Hope you are secure.

Gee, if only there was some kind of bitcoin-like, proof-of-work based DNS that was impervious to these kind of redirect shenanigans.

Oh wait, .bit and namecoin are well known technologies, but too many sheeple ignored them and not it's almost too late.

 Undecided

/THEY DIDN'T LISTEN!!!!1
legendary
Activity: 1106
Merit: 1006
Lead Blockchain Developer
Just a heads up looks like Mpex was hacked as it's redirecting too.

http://www.whitehouse.gov/

Hope you are secure.

This is a good opportunity for a little education I suspect.

If our DNS is compromised, which is entirely possible, we do not operate it:  (The registrar does.)

    - A potential hacker could put up a clone of our login page and collect your logins and passwords.
    - Then the hacker could set his own /etc/hosts file and log into the real site with those logins and passwords.
    - Then the hacker trades all your stuff off for pennies on the dollar and withdraws all the coins and walks away.

The only protection from this is to use 2-Factor authentication.  If you don't already have a Yubikey or a mobile phone with Google Authenticator, NOW is the time to set it up.  Do not put it off.  Do it now.

OK I have gone ahead and setup Google Authenticator on my google account, and on your site.  I know that I could print off some one time use codes for my google account in case I ever lose my phone, don't have it on me etc...

Will these same codes work on your site?  What do I do if my phone gets stolen?

Best bet is to write down the key it displays with your barcode, or print the barcode so you can re-scan it again.

If your phone is stolen, you would re-scan the barcode or enter the key on your new phone, log into the site, and setup a new code.  (just to be on the safe side.)



If anyone can just scan the barcode how does this help if your site is hacked?  They could see the QR code and install google auth on their own phone.

"print the barcode so you can re-scan it again"  Smiley

The account page won't re-display it unless you have the PIN, and as I am just now realizing, that PIN dialog should be asking for the gAuth code if gAuth is turned on...  Will put that on the todo.

Cheers.


 
hero member
Activity: 763
Merit: 500
Just a heads up looks like Mpex was hacked as it's redirecting too.

http://www.whitehouse.gov/

Hope you are secure.

This is a good opportunity for a little education I suspect.

If our DNS is compromised, which is entirely possible, we do not operate it:  (The registrar does.)

    - A potential hacker could put up a clone of our login page and collect your logins and passwords.
    - Then the hacker could set his own /etc/hosts file and log into the real site with those logins and passwords.
    - Then the hacker trades all your stuff off for pennies on the dollar and withdraws all the coins and walks away.

The only protection from this is to use 2-Factor authentication.  If you don't already have a Yubikey or a mobile phone with Google Authenticator, NOW is the time to set it up.  Do not put it off.  Do it now.

OK I have gone ahead and setup Google Authenticator on my google account, and on your site.  I know that I could print off some one time use codes for my google account in case I ever lose my phone, don't have it on me etc...

Will these same codes work on your site?  What do I do if my phone gets stolen?

Best bet is to write down the key it displays with your barcode, or print the barcode so you can re-scan it again.

If your phone is stolen, you would re-scan the barcode or enter the key on your new phone, log into the site, and setup a new code.  (just to be on the safe side.)



If anyone can just scan the barcode how does this help if your site is hacked?  They could see the QR code and install google auth on their own phone.
legendary
Activity: 1106
Merit: 1006
Lead Blockchain Developer
Just a heads up looks like Mpex was hacked as it's redirecting too.

http://www.whitehouse.gov/

Hope you are secure.

This is a good opportunity for a little education I suspect.

If our DNS is compromised, which is entirely possible, we do not operate it:  (The registrar does.)

    - A potential hacker could put up a clone of our login page and collect your logins and passwords.
    - Then the hacker could set his own /etc/hosts file and log into the real site with those logins and passwords.
    - Then the hacker trades all your stuff off for pennies on the dollar and withdraws all the coins and walks away.

The only protection from this is to use 2-Factor authentication.  If you don't already have a Yubikey or a mobile phone with Google Authenticator, NOW is the time to set it up.  Do not put it off.  Do it now.

Actually no, 2-factor authentication is not a protection against someone getting your DNS or getting root or anything like that. It's protection against most forms of keyloggers, and that's about it. Just sayin'

Actually, yes, it is protection against any form of man in the middle attack.  Both use a time-based nonce with protection against replay.  (no key can be used twice within it's valid time window... try it, I spent a lot of time on it.)

No, it is not protection if BTC-TC is rooted.  That comes in the form of backups, firewalls, layers of servers (backend/frontend), and hot/cold wallets.

Cheers.
legendary
Activity: 1106
Merit: 1006
Lead Blockchain Developer
Just a heads up looks like Mpex was hacked as it's redirecting too.

http://www.whitehouse.gov/

Hope you are secure.

This is a good opportunity for a little education I suspect.

If our DNS is compromised, which is entirely possible, we do not operate it:  (The registrar does.)

    - A potential hacker could put up a clone of our login page and collect your logins and passwords.
    - Then the hacker could set his own /etc/hosts file and log into the real site with those logins and passwords.
    - Then the hacker trades all your stuff off for pennies on the dollar and withdraws all the coins and walks away.

The only protection from this is to use 2-Factor authentication.  If you don't already have a Yubikey or a mobile phone with Google Authenticator, NOW is the time to set it up.  Do not put it off.  Do it now.

OK I have gone ahead and setup Google Authenticator on my google account, and on your site.  I know that I could print off some one time use codes for my google account in case I ever lose my phone, don't have it on me etc...

Will these same codes work on your site?  What do I do if my phone gets stolen?

Best bet is to write down the key it displays with your barcode, or print the barcode so you can re-scan it again.

If your phone is stolen, you would re-scan the barcode or enter the key on your new phone, log into the site, and setup a new code.  (just to be on the safe side.)

vip
Activity: 812
Merit: 1000
13
Just a heads up looks like Mpex was hacked as it's redirecting too.

http://www.whitehouse.gov/

Hope you are secure.

This is a good opportunity for a little education I suspect.

If our DNS is compromised, which is entirely possible, we do not operate it:  (The registrar does.)

    - A potential hacker could put up a clone of our login page and collect your logins and passwords.
    - Then the hacker could set his own /etc/hosts file and log into the real site with those logins and passwords.
    - Then the hacker trades all your stuff off for pennies on the dollar and withdraws all the coins and walks away.

The only protection from this is to use 2-Factor authentication.  If you don't already have a Yubikey or a mobile phone with Google Authenticator, NOW is the time to set it up.  Do not put it off.  Do it now.

Actually no, 2-factor authentication is not a protection against someone getting your DNS or getting root or anything like that. It's protection against most forms of keyloggers, and that's about it. Just sayin'
hero member
Activity: 763
Merit: 500
Just a heads up looks like Mpex was hacked as it's redirecting too.

http://www.whitehouse.gov/

Hope you are secure.

This is a good opportunity for a little education I suspect.

If our DNS is compromised, which is entirely possible, we do not operate it:  (The registrar does.)

    - A potential hacker could put up a clone of our login page and collect your logins and passwords.
    - Then the hacker could set his own /etc/hosts file and log into the real site with those logins and passwords.
    - Then the hacker trades all your stuff off for pennies on the dollar and withdraws all the coins and walks away.

The only protection from this is to use 2-Factor authentication.  If you don't already have a Yubikey or a mobile phone with Google Authenticator, NOW is the time to set it up.  Do not put it off.  Do it now.

OK I have gone ahead and setup Google Authenticator on my google account, and on your site.  I know that I could print off some one time use codes for my google account in case I ever lose my phone, don't have it on me etc...

Will these same codes work on your site?  What do I do if my phone gets stolen?
legendary
Activity: 1106
Merit: 1006
Lead Blockchain Developer
Just a heads up looks like Mpex was hacked as it's redirecting too.

http://www.whitehouse.gov/

Hope you are secure.

This is a good opportunity for a little education I suspect.

If our DNS is compromised, which is entirely possible, we do not operate it:  (The registrar does.)

    - A potential hacker could put up a clone of our login page and collect your logins and passwords.
    - Then the hacker could set his own /etc/hosts file and log into the real site with those logins and passwords.
    - Then the hacker trades all your stuff off for pennies on the dollar and withdraws all the coins and walks away.

The only protection from this is to use 2-Factor authentication.  If you don't already have a Yubikey or a mobile phone with Google Authenticator, NOW is the time to set it up.  Do not put it off.  Do it now.
Jump to: