PicoStocks, bitcoin stock exchange - page 2.

iCEBREAKER

legendary

Activity: 2156

Merit: 1072

Crypto is the separation of Power and State.

Quote from: kaerf on November 30, 2013, 03:25:09 PM

Quote from: iCEBREAKER on November 30, 2013, 05:23:55 AM

Any project of this size should have security audits done by professionals who can be fired/sued for negligence.

Security professionals do not take on that liability. There is no such thing as 100% security and contracts are drawn up to reflect that. That said, it is proper due diligence for a decent sized company to hire external security people to assess a company's code, network, policies and procedures.

Security firms can most certainly be (and often are) sued for malpractice/negligence/incompetence.

Because of this liability, they pay a lot of money to insurance companies for coverage.

The lack of 2FA and offline (actually cold) cold wallets are their two most glaring fuck-ups.

russ

newbie

Activity: 59

Merit: 0

Any updates?

kaerf

hero member

Activity: 631

Merit: 500

Quote from: iCEBREAKER on November 30, 2013, 05:23:55 AM

Any project of this size should have security audits done by professionals who can be fired/sued for negligence.

Security professionals do not take on that liability. There is no such thing as 100% security and contracts are drawn up to reflect that. That said, it is proper due diligence for a decent sized company to hire external security people to assess a company's code, network, policies and procedures.

greaterninja

hero member

Activity: 924

Merit: 1000

Quote from: iCEBREAKER on November 30, 2013, 05:23:55 AM

Quote from: jiefangqian on November 30, 2013, 12:23:10 AM

Please don't worry.
We will get more by mine.

We won't get more if they get stolen again.

Let's stop trying to run an exchange and move to direct shares.

Any project of this size should have security audits done by professionals who can be fired/sued for negligence.

I agree with this statement.

Direct payouts instead of hot/ cold wallet would be ideal. I had over 13btc in picostocks...and .75 btc in my balance...just when I was starting to have more faith in it (and trying to be optimistic) some more crap happens. Suffice to say in this game there will always be greed and crap happen. Self mining and self holding for oneself seems to be the best way. It was a great idea, however from here on out I think I am going to stop investing in picostocks unless we can have this issue rectified immediately.

Lauda

legendary

Activity: 2674

Merit: 2965

Terminated.

Inputs.io 2.0?

iCEBREAKER

legendary

Activity: 2156

Merit: 1072

Crypto is the separation of Power and State.

Quote from: jiefangqian on November 30, 2013, 12:23:10 AM

Please don't worry.
We will get more by mine.

We won't get more if they get stolen again.

Let's stop trying to run an exchange and move to direct shares.

Any project of this size should have security audits done by professionals who can be fired/sued for negligence.

jiefangqian

full member

Activity: 229

Merit: 100

Please don't worry.
We will get more by mine.

MPOE-PR

hero member

Activity: 756

Merit: 522

Quote from: ?? on ??

PicoStocks is down for a while and will remain like this for sure over the weekend.
Funds from our hot wallet and cold wallet account have been stolen

http://blockchain.info/address/1NzM1bdTKuK9z3pQUCc1raXPezYUenSNWj
http://blockchain.info/address/12RAM7r4EraZ5ESU5QJwe8sS3gj3YYEgpF

There is no sign of an intrusion into the systems. Both wallets were located on different computers. We suspect that these have been copied by people who had access to the system in the past and decrypted.

This is of course a serious loss for the company, but we expect no losses for the users. the funds collected on user account will be returned.
We will have to create a new hot wallet and we will change all PicoStocks addresses for all users, but the rest will remain as it was. We will open the system when we have positively reviewed the security and collected the funds for the users :-( Maybe in 1 week from now :-(

Told you so.

You're exactly the scumbag thief I said you were, back in Spring.

PS. Hey muppet community? This is the story of your loss.

kaerf

hero member

Activity: 631

Merit: 500

Quote from: ?? on ??

Emails are out, but emails can get lost for a while due to spam war.
I can try moving the emails to a server with a higher reputation.
I will also add an option to disarm the account with a signature. ... need few days for this.

hmm...still not getting emails from picostocks. i don't think it's in my spam folder either and i don't see any indication of rejection on my end.

kaerf

hero member

Activity: 631

Merit: 500

i seemed to have stopped getting "arming" emails, so i can't withdraw or trade...is it just me or is it happening for others too?

kaerf

hero member

Activity: 631

Merit: 500

Quote from: ?? on ??

Quote from: kaerf on November 16, 2013, 02:06:05 AM

minor feature request. can you print the current server time somewhere on the stock view pages?

Current time: .....
added on the bottom right ...

Thanks for the quick response! However, the format is currently year-day-month.

kaerf

hero member

Activity: 631

Merit: 500

minor feature request. can you print the current server time somewhere on the stock view pages?

hekiman

full member

Activity: 237

Merit: 114

Quote from: gyverlb on October 26, 2013, 01:40:13 PM

Quote from: hekiman on October 26, 2013, 07:24:54 AM

I get no arming email after login. Worked for me until now. Has anyone else the same problem?

Never worked for me.

There are at least 2 bugs in the handling of mails on picostocks :

They strip the "+" character in email addresses. "+" is often used as a delimiter to multiplex several address with the same prefix on the same mailbox.
They don't respect the SMTP protocol: the EHLO doesn't use a fully qualified and resolvable domain name, just a hostname ("s1").

If you have a + in you email address the mails are essentially sent to /dev/null.

If your email provider use basic Anti-SPAM rules they will reject or mark any incoming emails as SPAM.

The last days arming works perfect for me and i got emails from picostocks. Today i got no arming email and no reminder email. maybe their email daemon died?

gyverlb

hero member

Activity: 896

Merit: 1000

Quote from: hekiman on October 26, 2013, 07:24:54 AM

I get no arming email after login. Worked for me until now. Has anyone else the same problem?

Never worked for me.

There are at least 2 bugs in the handling of mails on picostocks :

They strip the "+" character in email addresses. "+" is often used as a delimiter to multiplex several addresses with the same prefix on the same mailbox.
They don't respect the SMTP protocol: the EHLO doesn't use a fully qualified and resolvable domain name, just a hostname ("s1").

If you have a + in you email address the mails are essentially sent to /dev/null.

If your email provider uses basic Anti-SPAM rules they will reject or mark any incoming emails as SPAM.

hekiman

full member

Activity: 237

Merit: 114

I get no arming email after login. Worked for me until now. Has anyone else the same problem?

canth

legendary

Activity: 1442

Merit: 1001

Quote from: ?? on ??

Quote from: canth on October 14, 2013, 09:42:31 PM

I'd also suggest that a password change should require the existing password - this is fairly standard security practice.

the standard is to waive this requirement when You request a password reminder.

Sorry, I wasn't being specific. After logging in to a session on picostocks, the web app allows for a new password to be set without knowing the current password - this isn't ideal if someone happens to gain very brief access to your phone/tablet/computer and resets your picostocks password without an email notification or knowing the current password.

canth

legendary

Activity: 1442

Merit: 1001

I'd also suggest that a password change should require the existing password - this is fairly standard security practice.

Transisto

donator

Activity: 1731

Merit: 1008

I don't recall where I've generated my picostock receiving address, It's not in my main wallets,

I might have been overly secure with this one, Who can I change it ?

I think it should be possible to change it to the address I send the BTC from,

yuchuanzhen

full member

Activity: 234

Merit: 100

What's wrong with the Volume? https://picostocks.com/stocks

Quote

Code    Bid      Ask      1dVol      1dChange    1dLow      1dHigh      30dChange 30dLow      30dHigh
100th   0.26000020    0.28103000    0.00000000    0.0%    0.00000000    0.00000000    -25.6%    0.20000000    0.40400000
pico      0.04500000    0.05000000    0.00000000    0.0%    0.00000000    0.00000000    -0.0%    0.04530000    0.05080000
proph   0.03000000    0.04140000    0.00000000    0.0%    0.00000000    0.00000000    -0.7%    0.03000000    0.04140000

And here: https://picostocks.com/profits/ Profits and Dividends paid by PicoStocks to shareholders on PicoStocks

Quote

Month Dividend fee Trading fee Capital fee Floating fee Total profit Profit per share Dividend paid Updated
2013-09 0.37795579 0.03667700 0.00000000 0.00000000 0.41463279 0.00000041 0.00000000 2013-09-02 01:00:01

Last update is 2013-09-02 01:00:01.
It used to update everyday/everyhours,or everyminutes.
And now,not any more.

There must be something wrong.

SebastianJu

legendary

Activity: 2674

Merit: 1083

Legendary Escrow Service - Tip Jar in Profile

Why cant i register? It tells me Invalid Bitcoin Address but the address is copied right from electrum. Its correctly shown on picostocks but it claims its invalid...

Topic: PicoStocks, bitcoin stock exchange - page 2. (Read 28450 times)