Topic: Camp BX Hacker / Compliance Security Audit - page 3. (Read 9907 times)

They said in another thread that MSB is pending, IIRC. Their "legal counsel" has told them none of the exchange stuff applies, I gather because at this point BTC isn't a recognized "currency" or "commodity".

Bar a few growing pains, I'm really liking what I see here so far. I still haven't gotten around to getting my password to work, but they seem responsive to critique and if they can hit the ground running with trust and avoid shady half-answers (a few of Keyur's earlier responses in the first thread didn't inspire much confidence, for the most part he seems to be rectifying that though).

Keyur, got any insight on deposit/withdrawal methods that you guys are planning to integrate?
Another question, will you be getting any sort of exchange or MSB licencing?  (I have no idea whichever is applicable in the case of Bitcoin exchange)

Thanks - we surely hope so!  I think DDoS is a good simulation of this ;-)

TV,
       Bitcoin community's success depends on reaching out to more casual users who may not be as well-versed with technology as you are.  That is why it was a conscious decision that contributes towards the user-friendliness of our platform.

Thank you,
      Keyur


       

@VirtualFAQs: Thank you very much!

@qikaifu, Vegetta, and TraderTimm: Agree with you 100% about the contact details.  The office information should be finalized mid-week and will be available on livenet site prior to launch.  Keep in mind that office space requires long-term contracts, and in a city like Atlanta they constitute a huge investments for a start-up company.  That is why we have kept it as the final item on the launch checklist.

Also wanted to add that our company registration details are public records, and are available for your review at Georgia Secretary of State Brian Kemp's office.

Thank you!

Yeah, it isn't like I didn't do a full WHOIS on them when they first posted. If only there was a way to search forum posts.... hmm....

If only.....

Then you'll find the address

[/quote]


I found it.
But I guess they could make some "contact us" on the web site, make it official and easy to find.





Usual nslookup details and such:

campbx.com

184.164.132.91

NetRange   184.164.128.0 - 184.164.159.255
CIDR   184.164.128.0/19
Name   SS5
Handle   NET-184-164-128-0-1
Parent   NET184 (NET-184-0-0-0-0)
Net Type   Direct Allocation
Origin AS   AS20454
AS32164
Organization   SECURED SERVERS LLC (SSL-65)
Registration Date   2011-05-13
Last Updated   2011-05-13

Name   SECURED SERVERS LLC
Handle   SSL-65
Street   2353 W University Bldg A
City   Tempe
State/Province   AZ
Postal Code   85281
Country   US
Registration Date   2003-12-08
Last Updated   2009-11-25

Secured Servers website: http://www.securedservers.com/index.php

securedservers.com

209.188.23.6

NetRange   209.188.23.0 - 209.188.23.31
CIDR   209.188.23.0/27
Name   CWIE
Handle   NET-209-188-23-0-1
Parent   SECUREDSERVERS (NET-209-188-0-0-1)
Net Type   Reallocated
Origin AS   
Organization   CWIE, LLC (CWIE)
Registration Date   2008-11-03
Last Updated   2008-11-03

Name   CWIE, LLC
Handle   CWIE
Street   2353 W University Bldg A
City   Tempe
State/Province   AZ
Postal Code   85281
Country   US
Registration Date   1999-09-01
Last Updated   2009-02-20

CWEI website: http://www.cavecreek.com/

Sounds promising. Just noticed we can get your server versions from the whois. Please modify this httpd.conf for me!

Gotta say, I wasn't that impressed with their site. I signed up and found that their code transformed my username to all lowercase characters. Why would anyone do such a thing? 

Yeah, it isn't like I didn't do a full WHOIS on them when they first posted. If only there was a way to search forum posts.... hmm....

If only.....

Then you'll find the address

I don't understand those exchanges why the hell they want to hide the real world information of themselves, such as address, an official phone number, company registering information, etc, from the public. Don't they know these information support the confidence of the people who trade on the platform?

Campbx has very positive sign to be professional, responsible and transparent. Just do it better.

Don't forget the scale tests, you might need it

If they offer full transparency I think they have a really good shot at taking over the entire market.

If you provide a Postal Address information in United States, you will earn a great advantage in trustworthiness over those exchange hold in Chile and Japan.

Really nice site, you can tell its made in the USA .

 

All at the same time!

Hi everyone,
      Camp BX team has been gearing up for a full security and compliance audit this weekend by securing our codebase and configuration.  The third-party independent audit will commence today so you may see some signs of stress when using http://testnet.CampBX.com/ for test-coin trading.


So what exactly are the auditors testing us for?

All of the top-10 vulnerabilities identified by OWASP project will be tested.  This OWASP awareness document is acknowledged and relied on by organizations worldwide, including the PCI, Dept of Defense, Federal Trade Commission, and countless others. Current top-10 are: https://www.owasp.org/index.php/Top_10_2010-A1
    A1: Injection
    A2: Cross-Site Scripting (XSS)
    A3: Broken Authentication and Session Management
    A4: Insecure Direct Object References
    A5: Cross-Site Request Forgery (CSRF)
    A6: Security Misconfiguration
    A7: Insecure Cryptographic Storage
    A8: Failure to Restrict URL Access
    A9: Insufficient Transport Layer Protection
    A10: Unvalidated Redirects and Forwards


Plus, hundreds of additional vulnerabilities will be tested that did not make the above top-10 list. 

We will also under go couple of D-DoS (Distributed Denial of Service) attacks from the auditor's clouds in USA and offshore.


And most importantly, we will be tested for security standards compliance with:
1) All U.S. Government requirements for remote vulnerability testing as set forth by the National Infrastructure Protection Center (NIPC).
2) The Payment Card Industry (PCI) Data Security Standard
2) Security scanning requirements of Visa USA's Cardholder Information Security Program (CISP)
3) Visa International's Account Information Security (AIS) program
4) MasterCard Internationals's Site Data Protection (SDP) program
5) American Express' CID security program
6) Discover Card Information Security and Compliance (DISC) program


We will make the findings available to you, so you can form your own informed opinion about security at Camp BX.

Stay tuned,
     Keyur