Bitcoin Forum

Bitcoin => Bitcoin Technical Support => Topic started by: Eisenhower34 on September 03, 2012, 03:02:48 PM



Title: Looking for a security consultant
Post by: Eisenhower34 on September 03, 2012, 03:02:48 PM
Bitcoin-Insurance.com is ready to launch, but I would feel much saver with one or two other people checking the code for security holes.

The code is written in php with codeigniter, so some knowledge there is usefull.

As backend we use a bitcoind running on the server and ABE to read the chain and load the data into a mysqlDB from which its read later (abe in no server mode). The wallet is kept offline. I didnt write the code myself this time and to be honest I dont trust my friend who coded the backend nor myself to find all security holes he may have left there.

Edit: Those who are interested, could they summarize small a bit why they are qualified for something like said? I dont want to send my code to everybody and therfor I only want to pick trustworthy people with some years experience in this field.

A thousand thanks upfront!


Title: Re: Looking for a security consultant
Post by: Lethos on September 03, 2012, 03:22:13 PM
I could investigate the code.
However I'm sure you were hoping for someone with more reputation for doing such things.


Title: Re: Looking for a security consultant
Post by: Eisenhower34 on September 03, 2012, 06:24:15 PM
Thanks for your offer. Im hoping for someone with some experience in this field, but i would message you in case noone else replies.


Title: Re: Looking for a security consultant
Post by: notme on September 03, 2012, 06:40:21 PM
Be careful.  Announcing you have something you are worried about protecting and offering a stranger access to see how protected it is may attract black hats.


Title: Re: Looking for a security consultant
Post by: Eisenhower34 on September 03, 2012, 06:52:05 PM
Be careful.  Announcing you have something you are worried about protecting and offering a stranger access to see how protected it is may attract black hats.

A software should be secure, no matter if the source is revealed or not. :) But I understand your concern thats why I prefer trustworthy people :)


Title: Re: Looking for a security consultant
Post by: notme on September 03, 2012, 06:59:31 PM
Be careful.  Announcing you have something you are worried about protecting and offering a stranger access to see how protected it is may attract black hats.

A software should be secure, no matter if the source is revealed or not. :) But I understand your concern thats why I prefer trustworthy people :)

While that is true, if yours is not secure a black hat could pretend to secure it, fix a few things and leave one tiny hole he can later exploit.


Title: Re: Looking for a security consultant
Post by: cedivad on September 03, 2012, 07:09:44 PM
You better talk with a specialized company that does this and this alone.
You could pm me the code and I would be happy to give it a look for free, but I wouldn't if I where in you.

Btw why ci and not kohana? That's an awesome framework! :)

Btw-2, security trought obscurity works well.


Title: Re: Looking for a security consultant
Post by: Lethos on September 03, 2012, 08:05:49 PM
Thanks for your offer. Im hoping for someone with some experience in this field, but i would message you in case noone else replies.

I have the experience in this field, just not the reputation, so I have no problem if you choose someone else.
Goodluck.