Topic: Camp BX Hacker / Security Audit: Results - page 3. (Read 15921 times)
@Serge and Ananas,
Accepting payments from outside USA requires a lot of compliance paperwork and lawyer-time for a company, so we will work to integrate Europe payment options after our USA launch.
Please PM me with your favorite payment options, and we will work with you to offer those options in Camp BX.
Thank you,
Keyur
the day after the birthday of the United States.
Cool~
Cool~
Thank you everyone! We are always going to treat security as our top priority, and McAfee Secure is just one facet of our approach. We have used multiple tools to scan for vulnerabilities, and peer-code-review sessions are already in progress.
Someone quoted LulzSec exploits in this thread, so I wanted to point out that all of LulzSec exploits were directly from the OWASP top-10 list, and thus were preventable if there had been proper security processes in place.
http://www.pcworld.com/article/231303/lulzsec_anonymous_hacks_were_avoidable_report_says.html
We are happy to report that Camp BX is on track for July 5th launch. We will share more details shortly.
Thank you again,
Keyur
wish you great success.
What is notable is that CBX is going through a security audit in a public manner. This says more about thier mind set and approach than can be said of any other btc exchange.
Looks more like opportunists feeding off the Mt Gox hack. Again, this is not question about if the site can be hacked, but rather when it gets hacked, what can they do for you?
I seriously doubt anyone will be impressed by that, it's more like a seal of certainty that lulzsec will breeze through the security measures in five minutes.
Lulsec has called it quits. If you know so much about security, where is your security firm located and whats it name? How about the security software you have released or do you just use publicly available software for you hijinks? Oh, have you a peer reviewed security paper you would like to show us ?
What is notable is that CBX is going through a security audit in a public manner. This says more about thier mind set and approach than can be said of any other btc exchange.
From campbx.com...
"Tested according to U.S. Government requirements"
I seriously doubt anyone will be impressed by that, it's more like a seal of certainty that lulzsec will breeze through the security measures in five minutes.
Fancy logos and certifications aside, any site can be hacked, what is more important is how hack attempts are dealt with from the user point of view (are losses covered?).
BTW:
Site running PHP/MySQL - Pass
"Tested according to U.S. Government requirements"
I seriously doubt anyone will be impressed by that, it's more like a seal of certainty that lulzsec will breeze through the security measures in five minutes.
Fancy logos and certifications aside, any site can be hacked, what is more important is how hack attempts are dealt with from the user point of view (are losses covered?).
BTW:
Site running PHP/MySQL - Pass
GOX are you watching? Learning?
Now that you have completed your audit successfully, congratulations btw, does CBX have a tentative launch date?
Go to campbx.com and see the countdown timer for yourself.
Keyur,
Now that you have completed your audit successfully, congratulations btw, does CBX have a tentative launch date?
I find myself very anxious to try out your service live.
Awesome work, keep it up!
Now that you have completed your audit successfully, congratulations btw, does CBX have a tentative launch date?
I find myself very anxious to try out your service live.
Awesome work, keep it up!
We were tested for >1,000 known vulnerabilities specific to our platform and services by McAfee Secure (formerly McAfee Hacker-Safe), who are ranked #1 in security industry for threat detection. This is the same auditing service used by well-known brands like Costco, Petco, and Roush Racing for their e-commerce websites.
Congratulations, you fell for the same ploy as Costco, Petco & friends - you're paying for a useless logo.
Correct me if I'm wrong, but iirc. McAfee only performs an automated remote scan - nothing you couldn't do yourself with Nessus or some other equivalent.
Get a proper audit done - a white/grey box pentest and a source audit. They didn't do that, did they?
I think I'm looking forward to this exchange. The mt gox "delay" is getting annoying. And I've always wanted the ability to put in a fill-or-kill order.
I'd like to see call options.
That's awesome. May I suggest something else as well?
Put up some security bug bounties in BTC (Or maybe just offer no fees a while as the bounty?)
They wouldn't have to be massive. As places like google and mozilla have found, they'll never be able to beat what a person could get for selling an exploit package, so the rewards are kind of just token.
Put up some security bug bounties in BTC (Or maybe just offer no fees a while as the bounty?)
They wouldn't have to be massive. As places like google and mozilla have found, they'll never be able to beat what a person could get for selling an exploit package, so the rewards are kind of just token.
Very professional approach
Hopefully you will be able to do international bitcoin trading
What are your fees going to be like for the service?
Hopefully you will be able to do international bitcoin trading
What are your fees going to be like for the service?
good for you
Congratz. I think its apparent who the new king of the mountain is going to be. Keyur, CampBX will restore faith and confidence for many people. Best of luck to CBX.
I think I'm looking forward to this exchange. The mt gox "delay" is getting annoying. And I've always wanted the ability to put in a fill-or-kill order.
Sounds good, too bad this will be an US exchange only.
The benefit of this effort on the part of Camp BX is that it highlights just how non-transparent and less sophisticated Magical Tux and Co. are in both PR and security implementation. I have more faith in Camp BX from this posting alone than anything MT. Gox has done. You'd think they'd do something similar. But I guess that as long as people patronize them and don't force their hand, they don't have to bother - the zealots will come to their defense no matter what people point out.
These BX folks clearly understand how to market themselves, if nothing else. I'm impressed, though I'd think the BTC community could use you as a direct exchange as opposed to a brokerage.
These BX folks clearly understand how to market themselves, if nothing else. I'm impressed, though I'd think the BTC community could use you as a direct exchange as opposed to a brokerage.
Jump to: