I realize this is a necrothread, but this was a thread started by Camp BX and my question falls under this topic.
I see that Camp BX has added Google two-factor authentication (2FA).
However, let's say I used the 2FA/TOTP code on one device and then want to move that capability onto another device. The problem I see is that when I go to create a QR code for adding the TOTP code to my second device then the secret code presented by Camp BX is the same QR code that had been presented initially with the first device. So therefore I cannot be completely assured that the TOTP secret exists only on my second device since the same secret still could exist on the first device (e.g., if it had been backed up).
So my request is to generate a new secret each time the user enabled 2FA / TOTP.
Topic: Security at Camp BX (Read 3282 times)
Right, but did you actually rent office space? Even if you did, Regus only allows 2 days of office space use per month ("virtual office" package) or 5 days/month ("virtual office plus"). It doesn't change my opinion that you are a little deceptive in prominently calling it "your office" on your website...
MRB,
You should visit a nearby Regus if you get a chance. Many of the lawyers, psychiatrists, accountants, and start-ups use Regus extensively.
We had a 3-seat office #3041 at Regus for development team since launching the project. Now as our code-base has stabilized, we have switched to the virtual office plan starting Oct 1.
I do not think that this is deceptive in any way.
- Keyur
PS: Edited for clarity
Right, but did you actually rent office space? Even if you did, Regus only allows 2 days of office space use per month ("virtual office" package) or 5 days/month ("virtual office plus"). It doesn't change my opinion that you are a little deceptive in prominently calling it "your office" on your website...
w1R903, Troll Troll, Roger, Martin: Thank you all for your words of encouragement. We really appreciate it!
- Keyur
Campbx is the only trade I trust.
Also, Since I live within 6 hours of their office in atlanta, if anything shady happens I will personally drive down there and BURN ATLANTA TO THE GROUND
Also, Since I live within 6 hours of their office in atlanta, if anything shady happens I will personally drive down there and BURN ATLANTA TO THE GROUND
Except CampBX has no physical presence at their published address. Google it; it is the address of a generic mail forwarding service with hundreds of companies listed in this suite 300. It's Keyur's right to use a mail forwarding service, but he is a little deceptive in claiming it is "CampBX's office".
MRB,
Regus also provides office space: http://www.regus.com/aboutus/default.htm
- Keyur
EU does not have a president, that rule over its member coountrys.
Really?
Just kidding. We're going way off topic here...EU does not have a president, that rule over its member coountrys.
Really?
Just kidding. We're going way off topic here... sorry you guys, but i don't trust you...
its a nice and shiney website you got, but i don't trust you.
its a nice and shiney website you got, but i don't trust you.
Kokjo,
Respect your opinion, and hope we can change it someday!
- Keyur
It is the U.S. government that cannot be trusted. Of course, when gunmen come to your door and stick their guns in your face, what do you do? And what makes you think you are immune to that in EU and Japan? They have guns too.
its the member countrys, who have them. and we are way more decentralized here, EU does not have a president, that rule over its member coountrys. Campbx is the only trade I trust.
Also, Since I live within 6 hours of their office in atlanta, if anything shady happens I will personally drive down there and BURN ATLANTA TO THE GROUND
Also, Since I live within 6 hours of their office in atlanta, if anything shady happens I will personally drive down there and BURN ATLANTA TO THE GROUND
Except CampBX has no physical presence at their published address. Google it; it is the address of a generic mail forwarding service with hundreds of companies listed in this suite 300. It's Keyur's right to use this service, but he is a little deceptive in claiming it is "CampBX's office".
Edit: suite 300 is managed by Regus who also provides "phone answering services", "virtual offices", and "shared meeting rooms"... Nothing very permanent: http://www.regus.com/locations/US/GA/Atlanta/GeorgiaAtlanta22Summit.htm?product=offices
GuildMiners uses CampBX exclusively. All coins mined in our pool are deposited automatically into CampBX. 
Campbx is the only trade I trust.
Also, Since I live within 6 hours of their office in atlanta, if anything shady happens I will personally drive down there and BURN ATLANTA TO THE GROUND
seriously though, those guys/gals fucking rock. campbx will always have my business, unless they stop (please, never!)
Also, Since I live within 6 hours of their office in atlanta, if anything shady happens I will personally drive down there and BURN ATLANTA TO THE GROUND
seriously though, those guys/gals fucking rock. campbx will always have my business, unless they stop (please, never!)
sorry you guys, but i don't trust you...
its a nice and shiney website you got, but i don't trust you.
its a nice and shiney website you got, but i don't trust you.
Kokjo,
Respect your opinion, and hope we can change it someday!
- Keyur
It is the U.S. government that cannot be trusted. Of course, when gunmen come to your door and stick their guns in your face, what do you do? And what makes you think you are immune to that in EU and Japan? They have guns too.
Let me add here that I've done several thousand dollars worth of trades on CampBX over the past month or two (mostly buying BTC to pay contractors) and I'm very pleased with their service.
There haven't been much news from Camp BX lately... Are SEPA transfers still on the roadmap?
Nmat,
We were hoping to launch in Europe late September, and also have a multi-currency back-end ready to go! Unfortunately running into some red-tape in Europe. We are hoping to get required permissions and redundant bank accounts in place by Q1 2012 to ensure uninterrupted service for our customers.
Thank you,
Keyur
That's too bad
Well, at least I hope that when it launches it will be reliable. MtGox/TradeHill have been on and off with SEPA transfers for the last months.New feature suggestion: allow users to import private keys (like MtGox does). It would be cool if you could make this sort of ubiquitous so that users don't need to worry about the correct format.
sorry you guys, but i don't trust you...
its a nice and shiney website you got, but i don't trust you.
its a nice and shiney website you got, but i don't trust you.
Kokjo,
Respect your opinion, and hope we can change it someday!
- Keyur
sorry you guys, but i don't trust you...
its a nice and shiney website you got, but i don't trust you.
its a nice and shiney website you got, but i don't trust you.
Kokjo,
Respect your opinion, and hope we can change it someday!
- Keyur
Do you have New Zealand on your roadmap?
c_k,
Not yet!
- Keyur
How do you protect yourself from a possible government seizure?
What do you do if a court randomly decides to freeze your funds because of "money laundering laws" overnight?
All your eggs are in one basket (USA), are you prepared for a possible social collapse in the coming years?
How do you handle Dollar devaluation?
Can you please answer the above^ questions?
Greets,
oOo
.
What do you do if a court randomly decides to freeze your funds because of "money laundering laws" overnight?
All your eggs are in one basket (USA), are you prepared for a possible social collapse in the coming years?
How do you handle Dollar devaluation?
Can you please answer the above^ questions?
Greets,
oOo
.
oOo,
Social collapse and dollar devaluation questions are beyond any single company's capability to answer. However, we are confident that our compliance policies and lawyers should be able to address (1) and (2) very well.
- Keyur
sorry you guys, but i don't trust you...
its a nice and shiney website you got, but i don't trust you.
its a nice and shiney website you got, but i don't trust you.
Keyur, can you tell us about how you store your wallets and such? By that, I mean that in any given day you probably only need 10% liquidity. So a good practice would be to have your active, server-accessible wallets separate from wallets containing the remainder of reserves. That major wallet should be elsewhere, such as on a computer not on your network and this computer is only turned on for 5 minutes a day in order to refill the active wallets. Also, it should be in a cage with several rabid monkeys who can only be tamed by a secret routine, such as reading them a bedtime story and giving out sedative-laden fruits. And this cage should be in a van that moves around a city 24/7. This is like that Burn Notice episode where a package was kept perpetually moving by a series of motorcycle couriers.
The computer in question should be backed up by a flash drive the size of a pill, which you repeatedly eat every few days in order to keep it in your body. The timing is perfect, I've found, to allow the backup to be only occasionally accessible depending on your regularity. If you need it in an emergency, then just eat a lot of prune juice or, in a really major emergency, find a Winogradsky column and drink it.
Then, if your site does get hacked, everyone's risk is minimized. See, I don't think many people take solace in prevention measures at exchanges any more. The more important question involves what hackers or rogue employees could obtain if given access. Please name one of the monkeys after me.
LOL! I need to keep a page somewhere with links to classic posts from this forum...this would go right at the top. The computer in question should be backed up by a flash drive the size of a pill, which you repeatedly eat every few days in order to keep it in your body. The timing is perfect, I've found, to allow the backup to be only occasionally accessible depending on your regularity. If you need it in an emergency, then just eat a lot of prune juice or, in a really major emergency, find a Winogradsky column and drink it.
Then, if your site does get hacked, everyone's risk is minimized. See, I don't think many people take solace in prevention measures at exchanges any more. The more important question involves what hackers or rogue employees could obtain if given access. Please name one of the monkeys after me.
Jump to: