Pages:
Author

Topic: PicoStocks, bitcoin stock exchange - page 2. (Read 28450 times)

legendary
Activity: 2156
Merit: 1072
Crypto is the separation of Power and State.
December 02, 2013, 06:53:49 PM
#90

Any project of this size should have security audits done by professionals who can be fired/sued for negligence.

Security professionals do not take on that liability. There is no such thing as 100% security and contracts are drawn up to reflect that. That said, it is proper due diligence for a decent sized company to hire external security people to assess a company's code, network, policies and procedures.

Security firms can most certainly be (and often are) sued for malpractice/negligence/incompetence.

Because of this liability, they pay a lot of money to insurance companies for coverage.

The lack of 2FA and offline (actually cold) cold wallets are their two most glaring fuck-ups.
newbie
Activity: 59
Merit: 0
December 02, 2013, 04:40:43 PM
#89
Any updates?
hero member
Activity: 631
Merit: 500
November 30, 2013, 03:25:09 PM
#88

Any project of this size should have security audits done by professionals who can be fired/sued for negligence.

Security professionals do not take on that liability. There is no such thing as 100% security and contracts are drawn up to reflect that. That said, it is proper due diligence for a decent sized company to hire external security people to assess a company's code, network, policies and procedures.
hero member
Activity: 924
Merit: 1000
November 30, 2013, 03:15:00 PM
#87
Please don't worry.
We will get more by mine.

We won't get more if they get stolen again.

Let's stop trying to run an exchange and move to direct shares.

Any project of this size should have security audits done by professionals who can be fired/sued for negligence.

I agree with this statement.

Direct payouts instead of hot/ cold wallet would be ideal.  I had over 13btc in picostocks...and .75 btc in my balance...just when I was starting to have more faith in it (and trying to be optimistic) some more crap happens.  Suffice to say in this game there will always be greed and crap happen.  Self mining and self holding for oneself seems to be the best way.  It was a great idea, however from here on out I think I am going to stop investing in picostocks unless we can have this issue rectified immediately.

legendary
Activity: 2674
Merit: 2965
Terminated.
November 30, 2013, 07:25:31 AM
#86
Inputs.io 2.0?
legendary
Activity: 2156
Merit: 1072
Crypto is the separation of Power and State.
November 30, 2013, 05:23:55 AM
#85
Please don't worry.
We will get more by mine.

We won't get more if they get stolen again.

Let's stop trying to run an exchange and move to direct shares.

Any project of this size should have security audits done by professionals who can be fired/sued for negligence.
full member
Activity: 229
Merit: 100
November 30, 2013, 12:23:10 AM
#84
Please don't worry.
We will get more by mine.
hero member
Activity: 756
Merit: 522
November 29, 2013, 04:54:03 PM
#83
PicoStocks is down for a while and will remain like this for sure over the weekend.
Funds from our hot wallet and cold wallet account have been stolen

http://blockchain.info/address/1NzM1bdTKuK9z3pQUCc1raXPezYUenSNWj
http://blockchain.info/address/12RAM7r4EraZ5ESU5QJwe8sS3gj3YYEgpF

There is no sign of an intrusion into the systems. Both wallets were located on different computers. We suspect that these have been copied by people who had access to the system in the past and decrypted.

This is of course a serious loss for the company, but we expect no losses for the users. the funds collected on user account will be returned.
We will have to create a new hot wallet and we will change all PicoStocks addresses for all users, but the rest will remain as it was. We will open the system when we have positively reviewed the security and collected the funds for the users :-( Maybe in 1 week from now :-(

Told you so.

You're exactly the scumbag thief I said you were, back in Spring.

PS. Hey muppet community? This is the story of your loss.
hero member
Activity: 631
Merit: 500
November 19, 2013, 11:10:45 AM
#82
Emails are out, but emails can get lost for a while due to spam war.
I can try moving the emails to a server with a higher reputation.
I will also add an option to disarm the account with a signature. ... need few days for this.

hmm...still not getting emails from picostocks. i don't think it's in my spam folder either and i don't see any indication of rejection on my end.
hero member
Activity: 631
Merit: 500
November 18, 2013, 10:23:01 AM
#81
i seemed to have stopped getting "arming" emails, so i can't withdraw or trade...is it just me or is it happening for others too?
hero member
Activity: 631
Merit: 500
November 16, 2013, 11:52:38 PM
#80
minor feature request. can you print the current server time somewhere on the stock view pages?
Current time: .....
added on the bottom right ...

Thanks for the quick response! However, the format is currently year-day-month.
hero member
Activity: 631
Merit: 500
November 16, 2013, 02:06:05 AM
#79
minor feature request. can you print the current server time somewhere on the stock view pages?
full member
Activity: 237
Merit: 114
October 26, 2013, 03:23:32 PM
#78
I get no arming email after login. Worked for me until now. Has anyone else the same problem?

Never worked for me.

There are at least 2 bugs in the handling of mails on picostocks :
  • They strip the "+" character in email addresses. "+" is often used as a delimiter to multiplex several address with the same prefix on the same mailbox.
  • They don't respect the SMTP protocol: the EHLO doesn't use a fully qualified and resolvable domain name, just a hostname ("s1").

If you have a + in you email address the mails are essentially sent to /dev/null.

If your email provider use basic Anti-SPAM rules they will reject or mark any incoming emails as SPAM.

The last days arming works perfect for me and i got emails from picostocks. Today i got no arming email and no reminder email. maybe their email daemon died?
hero member
Activity: 896
Merit: 1000
October 26, 2013, 01:40:13 PM
#77
I get no arming email after login. Worked for me until now. Has anyone else the same problem?

Never worked for me.

There are at least 2 bugs in the handling of mails on picostocks :
  • They strip the "+" character in email addresses. "+" is often used as a delimiter to multiplex several addresses with the same prefix on the same mailbox.
  • They don't respect the SMTP protocol: the EHLO doesn't use a fully qualified and resolvable domain name, just a hostname ("s1").

If you have a + in you email address the mails are essentially sent to /dev/null.

If your email provider uses basic Anti-SPAM rules they will reject or mark any incoming emails as SPAM.
full member
Activity: 237
Merit: 114
October 26, 2013, 07:24:54 AM
#76
I get no arming email after login. Worked for me until now. Has anyone else the same problem?
legendary
Activity: 1442
Merit: 1001
October 15, 2013, 06:53:51 AM
#75
I'd also suggest that a password change should require the existing password - this is fairly standard security practice.

the standard is to waive this requirement when You request a password reminder.

Sorry, I wasn't being specific. After logging in to a session on picostocks, the web app allows for a new password to be set without knowing the current password - this isn't ideal if someone happens to gain very brief access to your phone/tablet/computer and resets your picostocks password without an email notification or knowing the current password.
legendary
Activity: 1442
Merit: 1001
October 14, 2013, 09:42:31 PM
#74
I'd also suggest that a password change should require the existing password - this is fairly standard security practice.
donator
Activity: 1731
Merit: 1008
September 25, 2013, 11:05:12 PM
#73
I don't recall where I've generated my picostock receiving address, It's not in my main wallets,

I might have been overly secure with this one, Who can I change it ?

I think it should be possible to change it to the address I send the BTC from,
full member
Activity: 234
Merit: 100
September 09, 2013, 07:48:17 PM
#72
What's wrong with the Volume? https://picostocks.com/stocks

Quote
Code    Bid                     Ask            1dVol         1dChange    1dLow            1dHigh         30dChange 30dLow            30dHigh        
100th   0.26000020    0.28103000    0.00000000    0.0%    0.00000000    0.00000000    -25.6%    0.20000000    0.40400000    
pico      0.04500000    0.05000000    0.00000000    0.0%    0.00000000    0.00000000    -0.0%    0.04530000    0.05080000    
proph   0.03000000    0.04140000    0.00000000    0.0%    0.00000000    0.00000000    -0.7%    0.03000000    0.04140000    

And here: https://picostocks.com/profits/ Profits and Dividends paid by PicoStocks to shareholders on PicoStocks
Quote
Month    Dividend fee    Trading fee    Capital fee    Floating fee    Total profit    Profit per share    Dividend paid    Updated
2013-09    0.37795579    0.03667700    0.00000000    0.00000000    0.41463279    0.00000041            0.00000000    2013-09-02 01:00:01
Last update is 2013-09-02 01:00:01.
It used to update everyday/everyhours,or everyminutes.
And now,not any more.

There must be something wrong.
legendary
Activity: 2674
Merit: 1083
Legendary Escrow Service - Tip Jar in Profile
September 06, 2013, 04:32:05 PM
#71
Why cant i register? It tells me Invalid Bitcoin Address but the address is copied right from electrum. Its correctly shown on picostocks but it claims its invalid...
Pages:
Jump to: