Camp BX Hacker / Compliance Security Audit - page 2.

CurbsideProphet

hero member

Activity: 672

Merit: 500

Quote from: ErgoOne on June 26, 2011, 03:13:52 PM

I'm seriously impressed, assuming that the data we get proves that the audit took place and was of the nature described. This is how web sites that are used to access and handle other people's money *should* be tested -- for Bitcoin or anybody else!

Could somebody post the URL to this site, now? I didn't see it, and I want to go look. Wink

http://testnet.campbx.com/

Keyur @ Camp BX

sr. member

Activity: 299

Merit: 250

Quote from: dennis_sweden on June 26, 2011, 02:42:33 PM

Quote

Elggawf,

I apologize if some of the answers came across as shady - that was never the intention.

Keep in mind that answers to seemingly simple questions come after long discussions with lawyers, scanning through policy fine print, and back and forth communications with government agencies like Department of Banking and Finance. These answers represent a competitive advantage for a business. I have to straddle a fine line between sharing and open-sourcing the business to competition.

Quote

The foundation of our operations is an active and prominent compliance program, and we are committed to maintaining full compliance with all pertinent rules and regulations for the trading platform.

Spirit of our program is to do the right thing, not just the legal thing. Attempts to bypass account maximum limits will result in a refund of all funds and a ban for the violating account/s. We have hard-coded additional rules in our trading engine to thwart illegitimate usage of the platform and money laundering.

Please help us strengthen our compliance program, and immediately report any suspicious trading acitivity you notice on our platform to the helpdesk.

I'm sorry, but this "Legal compliance" statement does not contain any substance. Under what name is Camp BX registered in the State of Georgia? Camp BX is, as far as I can see, not registered. Likewise under which name are deposits insured with the FDIC. The "Camp BX user agreement" does contain more substance as it states that "This Agreement shall be governed by and construed in accordance with the laws applicable in the State of Georgia."

If Camp BX has a business model that acts in accordance with the law it can be envisaged that Bitcoin will grow as more businesses will accept Bitcoins.

Dennis,
We have updated the company name in the footer - Camp BX is our product name. You can verify the registration now!

Thank you,
Keyur

ErgoOne

full member

Activity: 126

Merit: 100

I'm seriously impressed, assuming that the data we get proves that the audit took place and was of the nature described. This is how web sites that are used to access and handle other people's money *should* be tested -- for Bitcoin or anybody else!

Could somebody post the URL to this site, now? I didn't see it, and I want to go look. Wink

dennis_sweden

jr. member

Activity: 42

Merit: 1

Quote

Elggawf,

I apologize if some of the answers came across as shady - that was never the intention.

Keep in mind that answers to seemingly simple questions come after long discussions with lawyers, scanning through policy fine print, and back and forth communications with government agencies like Department of Banking and Finance. These answers represent a competitive advantage for a business. I have to straddle a fine line between sharing and open-sourcing the business to competition.

Quote

The foundation of our operations is an active and prominent compliance program, and we are committed to maintaining full compliance with all pertinent rules and regulations for the trading platform.

Spirit of our program is to do the right thing, not just the legal thing. Attempts to bypass account maximum limits will result in a refund of all funds and a ban for the violating account/s. We have hard-coded additional rules in our trading engine to thwart illegitimate usage of the platform and money laundering.

Please help us strengthen our compliance program, and immediately report any suspicious trading acitivity you notice on our platform to the helpdesk.

I'm sorry, but this "Legal compliance" statement does not contain any substance. Under what name is Camp BX registered in the State of Georgia? Camp BX is, as far as I can see, not registered. Likewise under which name are deposits insured with the FDIC. The "Camp BX user agreement" does contain more substance as it states that "This Agreement shall be governed by and construed in accordance with the laws applicable in the State of Georgia."

If Camp BX has a business model that acts in accordance with the law it can be envisaged that Bitcoin will grow as more businesses will accept Bitcoins.

Keyur @ Camp BX

sr. member

Activity: 299

Merit: 250

Quote from: jerfelix on June 26, 2011, 02:06:39 PM

Quote from: TriumVir on June 25, 2011, 02:33:58 PM

Gotta say, I wasn't that impressed with their site. I signed up and found that their code transformed my username to all lowercase characters. Why would anyone do such a thing?

I tested the website, and was only mildly impressed. I didn't think the user interface was all that great (and just hated the color scheme).

On the other hand, though, Keyur has been unbelievably receptive and responsive to feedback. And they seem to be putting security, reputation, and trustworthiness at the top of their agenda, with just a few feature advantages.

I would LOVE to see another successful exchange, so I'm keeping an open mind on this one, and wishing them the best of luck!

Thank you for trying us out JF. We have few more exciting features in pipeline that we will roll-out over next six months.

We will also get the API rolled out after launch so you don't have to deal with the UI!

Thank you,
Keyur

Keyur @ Camp BX

sr. member

Activity: 299

Merit: 250

Quote from: befuddled on June 26, 2011, 02:23:40 PM

Keyur-

Quote

We do not allow naked shorts

Quote

To clarify, we DO NOT borrow from user accounts and only the user can move the coins out of his/her wallet. There is a dedicated "house account" funded by us for shorts.

Quote

Hope this makes sense

Yes. Thanks much.

Befuddled,
You had some excellent questions, so we have also updated the FAQ section to reflect these clarifications.

Thank you!
Keyur

befuddled

member

Activity: 73

Merit: 10

Keyur-

Quote

We do not allow naked shorts

Quote

To clarify, we DO NOT borrow from user accounts and only the user can move the coins out of his/her wallet. There is a dedicated "house account" funded by us for shorts.

Quote

Hope this makes sense

Yes. Thanks much.

Keyur @ Camp BX

sr. member

Activity: 299

Merit: 250

Quote from: befuddled on June 26, 2011, 01:57:58 PM

Short selling? Color me suspicious. Are you going to allow naked short sales?

Bitcoin is so tiny and thinly traded (by FX or any other standards) big-money interest hostile to Bitcoin can come in effectively drop the price to zero. Easily. All they have to do is capitalize a stand-alone entity with, say, $1B US. Then continuously take an gradually ever-growing short position. Bitcoin will never be worth much. If, over time, their short position goes underwater to an extent that exceeds their capital, they can either add more, or declare BR. If the Fed were behind it, they can just print to the extent necessary so they never have to cover.

If naked short sales are not allowed, then anybody selling short would have to "borrow" them from someone else first, and I guess that someone would be the accounts of those who hold balances at campbx. I recommend nobody hold your bitcoin balances in campbx, unless campbx has an option to disallow their borrowing for short selling.

Please disabuse me of these notions if I am in error. I don't see anything good for Bitcoin coming from allowing short sales.

Befuddled,
We do not allow naked shorts - you have to put 52% coins towards the trade. Also the trade maximum size is capped. So $1B government money will not do any good here.

To clarify, we DO NOT borrow from user accounts and only the user can move the coins out of his/her wallet. There is a dedicated "house account" funded by us for shorts. This account is risk-managed based on liquidity available in the market to limit our risk exposure.

Hope this makes sense,
Keyur

jerfelix

sr. member

Activity: 266

Merit: 250

Quote from: TriumVir on June 25, 2011, 02:33:58 PM

Gotta say, I wasn't that impressed with their site. I signed up and found that their code transformed my username to all lowercase characters. Why would anyone do such a thing?

I tested the website, and was only mildly impressed. I didn't think the user interface was all that great (and just hated the color scheme).

On the other hand, though, Keyur has been unbelievably receptive and responsive to feedback. And they seem to be putting security, reputation, and trustworthiness at the top of their agenda, with just a few feature advantages.

I would LOVE to see another successful exchange, so I'm keeping an open mind on this one, and wishing them the best of luck!

TonyHoyle

newbie

Activity: 59

Merit: 0

Excellent... It's good to see sites coming onstream that do decent security audits.

More payment options would be great... the only reason I still consider mtgox is it's the only one that can do direct transfers to/from euros without imposing stupid fees.

befuddled

member

Activity: 73

Merit: 10

Short selling? Color me suspicious. Are you going to allow naked short sales?

Bitcoin is so tiny and thinly traded (by FX or any other standards) big-money interest hostile to Bitcoin can come in effectively drop the price to zero. Easily. All they have to do is capitalize a stand-alone entity with, say, $1B US. Then continuously take an gradually ever-growing short position. Bitcoin will never be worth much. If, over time, their short position goes underwater to an extent that exceeds their capital, they can either add more, or declare BR. If the Fed were behind it, they can just print to the extent necessary so they never have to cover.

If naked short sales are not allowed, then anybody selling short would have to "borrow" them from someone else first, and I guess that someone would be the accounts of those who hold balances at campbx. I recommend nobody hold your bitcoin balances in campbx, unless campbx has an option to disallow their borrowing for short selling.

Please disabuse me of these notions if I am in error. I don't see anything good for Bitcoin coming from allowing short sales.

FreeMoney

legendary

Activity: 1246

Merit: 1016

Strength in numbers

Quote from: Jack of Diamonds on June 26, 2011, 01:09:10 PM

3. Do you have an automated system for instant withdrawals and deposits of bitcoins from/into the system via unique, 24 hour disposable wallets like Mt. Gox?

I prefer a dedicated, but cycle-able, deposit address like bitcoin-central does. This lets me deposit without going to the site, or let someone pay to it for me. Minor thing though.

I'm really impressed, very classy.

Oldminer

legendary

Activity: 1022

Merit: 1001

Will you be offering bank transfers to and from Australian bank accounts?

Keyur @ Camp BX

sr. member

Activity: 299

Merit: 250

Quote from: Jack of Diamonds on June 26, 2011, 01:09:10 PM

Very impressive, professional site. A few questions:

1. As mentioned above, will you add physical information about the exchange's whereabouts? Mt. Gox is known to operate from Cerulean Tower in Tokyo, but they do not list any address or phone number in public.

2. When (or, if at all) will you accept wire transfers as deposit and withdrawal method ($USD, Swiss franc, EUR, JPY)?

3. Do you have an automated system for instant withdrawals and deposits of bitcoins from/into the system via unique, 24 hour disposable wallets like Mt. Gox?

Thank you JD!

1) Wednesday

2) Launch time is pressure time, so we intend to keep things streamlined at launch and not scatter the team's energy. We will explore allowing other modes of payment (including wire transfers) after launch.

3) That was the first feature we implemented! You can try it out for yourself if you have some testnet coins lying around at http://testnet.campbx.com
Keep in mind that coins need 5 confirmations from the network to show up in the wallet, which can take a while on testnet due to limited mining activity. It should be much faster on livenet.

Hope this helps,
Keyur

Jack of Diamonds

sr. member

Activity: 252

Merit: 251

Very impressive, professional site. A few questions:

1. As mentioned above, will you add physical information about the exchange's whereabouts? Mt. Gox is known to operate from Cerulean Tower in Tokyo, but they do not list any address or phone number in public.

2. When (or, if at all) will you accept wire transfers as deposit and withdrawal method ($USD, Swiss franc, EUR, JPY)?

3. Do you have an automated system for instant withdrawals and deposits of bitcoins from/into the system via unique, 24 hour disposable wallets like Mt. Gox?

Serge

legendary

Activity: 1050

Merit: 1000

Quote from: Keyur @ Camp BX on June 26, 2011, 12:56:16 PM

Quote from: Serge on June 25, 2011, 04:49:00 PM

Keyur, got any insight on deposit/withdrawal methods that you guys are planning to integrate?
Another question, will you be getting any sort of exchange or MSB licencing? (I have no idea whichever is applicable in the case of Bitcoin exchange)

Serge,
Only method available at launch will be Dwolla. We will work with the user community after that to prioritize which method they would like to see next.

Thank you,
Keyur

Thanks. Looking forward to your launch as I'm sure many others do too =)

Keyur @ Camp BX

sr. member

Activity: 299

Merit: 250

Quote from: angelo95 on June 25, 2011, 02:36:28 PM

Sounds promising. Just noticed we can get your server versions from the whois. Please modify this httpd.conf for me!

Angelo,
We have already modified this few days ago! You can check the HTTP headers.

The updated information may take a while to propagate to whois records.

Thank you for trying us out!
Keyur

Keyur @ Camp BX

sr. member

Activity: 299

Merit: 250

Quote from: elggawf on June 25, 2011, 05:03:12 PM

Bar a few growing pains, I'm really liking what I see here so far. I still haven't gotten around to getting my password to work, but they seem responsive to critique and if they can hit the ground running with trust and avoid shady half-answers (a few of Keyur's earlier responses in the first thread didn't inspire much confidence, for the most part he seems to be rectifying that though).

Elggawf,
I apologize if some of the answers came across as shady - that was never the intention.

Keep in mind that answers to seemingly simple questions come after long discussions with lawyers, scanning through policy fine print, and back and forth communications with government agencies like Department of Banking and Finance. These answers represent a competitive advantage for a business. I have to straddle a fine line between sharing and open-sourcing the business to competition.

Thank you,
Keyur

PS: You may have to reset the password once since we made couple of tweaks to the password validation policy after your registration.

relative

newbie

Activity: 56

Merit: 0

Quote from: qikaifu on June 25, 2011, 02:31:43 PM

Quote from: FlipPro on June 25, 2011, 02:02:59 PM

Quote from: qikaifu on June 25, 2011, 01:44:24 PM

If you provide a Postal Address information in United States, you will earn a great advantage in trustworthiness over those exchange hold in Chile and Japan.

If they offer full transparency I think they have a really good shot at taking over the entire market.

I don't understand those exchanges why the hell they want to hide the real world information of themselves, such as address, an official phone number, company registering information, etc, from the public. Don't they know these information support the confidence of the people who trade on the platform?

this info is available for MtGox (its CEO) but this board deletes threads which mention it.
dont ask me why.

Keyur @ Camp BX

sr. member

Activity: 299

Merit: 250

Quote from: Serge on June 25, 2011, 04:49:00 PM

Keyur, got any insight on deposit/withdrawal methods that you guys are planning to integrate?
Another question, will you be getting any sort of exchange or MSB licencing? (I have no idea whichever is applicable in the case of Bitcoin exchange)

Serge,
Only method available at launch will be Dwolla. We will work with the user community after that to prioritize which method they would like to see next.

Thank you,
Keyur

Topic: Camp BX Hacker / Compliance Security Audit - page 2. (Read 9907 times)