Topic: TradeHill - Who we are - page 8. (Read 42352 times)

You can wire it in the same day or if you have money in your Dwolla it's almost completely automated.

oh don't worry, there will be plenty of bargains to be had over the next week. You cannot have an episode like this and then have a stable market, things will be as volatile as ever.

Shoot, I wish I had funded my TradeHill account.... I'd be buying like mad!

My prediction: you're unlikely to see bargains like this ever again.  Potential buyers are stuck with no money in their accounts.  It'll take days to get money into TradeHill.

Then again what do I know.

We're back again, trade away!

Staying closed until security has been thoroughly reviewed == a damned good reason.

TH *will* be targeted, if it hasn't been already, and personally I'm much happier that they're not taking any risks rather than opening.

The longer the exchanges are closed, the more bitcoins lose credibility.  Restore confidence back to the market, and reopen the exchanges.

Yea we now have 2 major exchanges closed, 1 of them for no good reason? Please post some kind of update.

Maybe they are too scared to open up before Mt.Gox

Someone forget to turn the trading switch back on?  Please update the website if there is a new reopen time Tradehill

When is it coming back up?

Hey, Great news about getting a Security Audit.

Umm, just dont give them "Read-only" access to our passwords, it doesn't end well.

I have a few questions.

Did you hire a Security Professional?  A real one?  What are his qualifications?  What kind of testing, tools and monitoring has been put in place?

Have you implemetned a realistic Security Strategy, like "Defense in Depth".  Is each layer of the IT infrastructure down to the database is protected with ACL's and the minimum privileges possible.

Do you require users to have good pwd,  at least 16 characters long, digits, letters and special characters along with digital certificates. 

do you run your operations on a real Unix system?  Solaris or OpenSolaris are secure by default.  They are also "special " enough that not many hackers have expertise to penetrate it and it has very good support and Security features built in. 

Is your system hosted in the cloud? 

Are you using a well designed and professionally managed database?  Is this database being operated in the most secure manner possible?  Can you prove it and show evidence of an audit?

Everything should be logged and the logs monitored for attacks. 

Do you offer all users a digital certificate with your exchange being the CA. 

Is your entire operation behind a commercial firewall appliance and do you use a secure DNS?

What SEIM monitoring tools are in place?  You should have an SEIM monitoring solution from a reputable company.  I used AlienVault to gain experience but something even better might be a commercial offering.  Trustwave comes to mind that will audit your system and provide some certifications as to your compliance with all provisions of the NSA recommendations, and any other applicable authorities like the big exchanges. 

I think if you put this in place and let it be known upfront what is going on then you could easily attract as much business as you could handle.  With the best security in the bitcoin exchange arena you could charge more for trades and still get more customers.  With as much security as mentioned here it should be no problem for a big insurance agency like Loyds or whomever to insure each account and each trade to at least 250K bitcoins at a time or better.

You are going to be the number one target if you are successful.  Plan on it and plan on getting hit and have a plan to recover.

This is going to be a huge business with any luck and being the most secure will get you all the business you handle.

I recommend a function to allow us to change our email associated with our account as well.

Come on guys! This conspiracy theory that Tradehill did the attack is just a little too wiled, don't you think? The U.S. Government, probably not but maybe. Lulzsec, much more likely. Tradehill, not very likely.

It's just an opportunity, that spammer who sent you all referrals knows that.

Thanks, beat me to it.

We have 3 people (internally) looking in to our security as I post this. We're not going to release the two factor authentication without extensive testing but I am going to say we will release an ETA as soon as we have it and this is a top priority.

They just updated their website:
We expect to resume normal operations 06/20/11 10 AM Eastern.

That's right Ivan. 

If a site won't publish the results from one or more of the readily-available penetration testing services, you should assume that their code is ready to be opened up by hackers like a tin can of sardines with a pull-tab.

When will tradehill open back up for trading?  It says a few hours on the website, but it's been 6...  I'd just like to know if it'll be 1 hour or 10 before we can start trading again?

When are you going to be able to provide a timeline for things like a full security audit and features like two factor auth that you mentioned on onlyonetv?  I understand that you won't be able to commit to specific time for features or a consultant you haven't hired, but a date when you will be able to would be nice.