You will need some SERIOUS pentesting, if it was vuln to xss...
Of course. The only thing that's been online so far is a development pre-beta. Can't wait to see this baby in full swing soon.
Topic: First impressions-Kronos.io (Read 2184 times)
hero member
Activity: 588
Merit: 500
Hero VIP ultra official trusted super staff puppet
Of course. The only thing that's been online so far is a development pre-beta. Can't wait to see this baby in full swing soon.
You will need some SERIOUS pentesting, if it was vuln to xss...
hero member
Activity: 588
Merit: 500
Hero VIP ultra official trusted super staff puppet
So what is the ETA for the general use?
I don't know but this is the email I got from them.
Quote
Hello Everyone!
We'd like to thank you all for all of the bug reports you generated for us.
For the next couple weeks, we're closing our private beta. Any accounts created during our private beta will be closed as well. Your balances were kept and we'll be creating a withdrawal page shortly so you can withdraw your funds.
Next, we're moving into phase two of our launch plan, which is a security hardening phase. We'll be going incognito for the rest of our development timeline so we can move to dedicated hardware, initiate penetration testing, and complete our comprehensive security audit.
We'll keep you updated, and be ready to launch to the public very soon!
We'd like to thank you all for all of the bug reports you generated for us.
For the next couple weeks, we're closing our private beta. Any accounts created during our private beta will be closed as well. Your balances were kept and we'll be creating a withdrawal page shortly so you can withdraw your funds.
Next, we're moving into phase two of our launch plan, which is a security hardening phase. We'll be going incognito for the rest of our development timeline so we can move to dedicated hardware, initiate penetration testing, and complete our comprehensive security audit.
We'll keep you updated, and be ready to launch to the public very soon!
Yep. We're hardening up and getting ready for a proper release. The response to Kronos has been overwhelming. I think people really want it, and it is proving to be an awesome replacement to Bitcoinica thanks to ZipConf.
So what is the ETA for the general use?
I don't know but this is the email I got from them.
Quote
Hello Everyone!
We'd like to thank you all for all of the bug reports you generated for us.
For the next couple weeks, we're closing our private beta. Any accounts created during our private beta will be closed as well. Your balances were kept and we'll be creating a withdrawal page shortly so you can withdraw your funds.
Next, we're moving into phase two of our launch plan, which is a security hardening phase. We'll be going incognito for the rest of our development timeline so we can move to dedicated hardware, initiate penetration testing, and complete our comprehensive security audit.
We'll keep you updated, and be ready to launch to the public very soon!
We'd like to thank you all for all of the bug reports you generated for us.
For the next couple weeks, we're closing our private beta. Any accounts created during our private beta will be closed as well. Your balances were kept and we'll be creating a withdrawal page shortly so you can withdraw your funds.
Next, we're moving into phase two of our launch plan, which is a security hardening phase. We'll be going incognito for the rest of our development timeline so we can move to dedicated hardware, initiate penetration testing, and complete our comprehensive security audit.
We'll keep you updated, and be ready to launch to the public very soon!
So what is the ETA for the general use?
No idea why you would be seeing that. It's got a perfectly good issuer chain: kronos.io -> PositiveSSL CA 2 (COMODO CA Limited) -> CA Root. Are we both looking at the same certificate (SHA1: 0aa96a3a3ab2accaceb3d77847174b1427de6a37; MD5: 22c32d8cbe8eb27cf8f9e65e457deb48)?
Works for me. Same cert. 
And the security certificate is bunk. With Firefox:
Code:
kronos.io uses an invalid security certificate.
The certificate is not trusted because no issuer chain was provided.
No idea why you would be seeing that. It's got a perfectly good issuer chain: kronos.io -> PositiveSSL CA 2 (COMODO CA Limited) -> CA Root. Are we both looking at the same certificate (SHA1: 0aa96a3a3ab2accaceb3d77847174b1427de6a37; MD5: 22c32d8cbe8eb27cf8f9e65e457deb48)?
And the security certificate is bunk. With Firefox:
That's actually a pretty common problem that doesn't denote a flaw, the certificate is probably valid. Code:
kronos.io uses an invalid security certificate.
The certificate is not trusted because no issuer chain was provided.
It's mostly just Firefox being picky.
wow, what a bad code it has.
And the security certificate is bunk. With Firefox:
Code:
kronos.io uses an invalid security certificate.
The certificate is not trusted because no issuer chain was provided.
Oh, sorry about that, not sure how I missed it.
By going to refresh it I get this message and will not let me login.
Looks like an amateur XSS exploit. Don't do what it says. Actually, don't use the site at all until you get confirmation that it's been fixed.
...
EDIT: As it turns out, my suspicions were correct. One of the developers misunderstood the pre-beta situation and one of our invited testers was trying to test the security of the very insecure test server instead of just practicing to use the trading tools. Ignore the "warning" as I'm sure it was meant tongue-in-cheek. We'll reset the test server and correct the issue. If ever (now or in the future) you experience any difficulties using the trading platform or during testing you happen to have funds suddenly vanish during a reset, just email [email protected] and we'llget things resolved for you. Cheers!
EDIT: As it turns out, my suspicions were correct. One of the developers misunderstood the pre-beta situation and one of our invited testers was trying to test the security of the very insecure test server instead of just practicing to use the trading tools. Ignore the "warning" as I'm sure it was meant tongue-in-cheek. We'll reset the test server and correct the issue. If ever (now or in the future) you experience any difficulties using the trading platform or during testing you happen to have funds suddenly vanish during a reset, just email [email protected] and we'llget things resolved for you. Cheers!
By going to refresh it I get this message and will not let me login.
Looks like an amateur XSS exploit. Don't do what it says. Actually, don't use the site at all until you get confirmation that it's been fixed.
I know that this in testing.
In the OP I said clearly that I opened because it seems that the performance was way too poor to allow in anyone, even pre-beta, although it is obviously the opinion of an inexperienced
Then I started to like your platform, the new look is also very attractive and have continued doing tests without problems.
I signed up as soon as I learn of the existence of kronos.io and so I think I arrived an invitation when opened, no one has passed. the May 23 I receive a welcome mail:
"
Your account is successfully created, however you must activate it
You can do so by clicking the link below:
Activate Now
....
"
EDIT:
Already answered, thanks;). I hope my account will be unlocked soon, as I would like to continue testing the platform
regards
In the OP I said clearly that I opened because it seems that the performance was way too poor to allow in anyone, even pre-beta, although it is obviously the opinion of an inexperienced
Then I started to like your platform, the new look is also very attractive and have continued doing tests without problems.
I signed up as soon as I learn of the existence of kronos.io and
"
Your account is successfully created, however you must activate it
You can do so by clicking the link below:
Activate Now
....
"
EDIT:
Already answered, thanks;). I hope my account will be unlocked soon, as I would like to continue testing the platform
regards
hero member
Activity: 588
Merit: 500
Hero VIP ultra official trusted super staff puppet
I sincerely hope this is either a joke, a trol or a misunderstanding but as I've been away on business for almost a week I haven't been keeping track of Kronos as much as I woukd have liked to.
I hate to say this but OP was never authorized to have an invite code and it seems someone thought it was in their best interest to pass them out like candy without giving any disclaimer as to the pre-beta nature of the accounts that would be signed up.
I assure you that your funds are not lost and I think one of the backend developers misunderstood the situation. I'll try to track down the specific issue. Until then, OP please stop using the account as the entire system is pre-beta and it is obvious you do not understand that having started this thread in the first place.
To everyone else, do your job right and stop leaking invited codes to people who don't know what 'pre-beta' and 'testing' mean
EDIT: As it turns out, my suspicions were correct. One of the developers misunderstood the pre-beta situation and one of our invited testers was trying to test the security of the very insecure test server instead of just practicing to use the trading tools. Ignore the "warning" as I'm sure it was meant tongue-in-cheek. We'll reset the test server and correct the issue. If ever (now or in the future) you experience any difficulties using the trading platform or during testing you happen to have funds suddenly vanish during a reset, just email [email protected] and we'llget things resolved for you. Cheers!
I hate to say this but OP was never authorized to have an invite code and it seems someone thought it was in their best interest to pass them out like candy without giving any disclaimer as to the pre-beta nature of the accounts that would be signed up.
I assure you that your funds are not lost and I think one of the backend developers misunderstood the situation. I'll try to track down the specific issue. Until then, OP please stop using the account as the entire system is pre-beta and it is obvious you do not understand that having started this thread in the first place.
To everyone else, do your job right and stop leaking invited codes to people who don't know what 'pre-beta' and 'testing' mean
EDIT: As it turns out, my suspicions were correct. One of the developers misunderstood the pre-beta situation and one of our invited testers was trying to test the security of the very insecure test server instead of just practicing to use the trading tools. Ignore the "warning" as I'm sure it was meant tongue-in-cheek. We'll reset the test server and correct the issue. If ever (now or in the future) you experience any difficulties using the trading platform or during testing you happen to have funds suddenly vanish during a reset, just email [email protected] and we'llget things resolved for you. Cheers!
I've already sent an email asking for this...
That's sounds pretty serious man. Better do what he says!
WTF? 
This is a failure, an error, a scam or a hack?
This this is the status of my account, I remind you that I deposited 2BTC, what is missing is due to failure of the platform.
By going to refresh it I get this message and will not let me login.
This is a failure, an error, a scam or a hack?
This this is the status of my account, I remind you that I deposited 2BTC, what is missing is due to failure of the platform.
By going to refresh it I get this message and will not let me login.
Are you planning to allow margin trading of alt coins?
I can't stress enough the need for testing with bots that do random things. I didn't check if you have an API but this is the #1 reason to write one from the beginning.
Jump to: