Bitcoin Forum

Is this what we learned from Satoshi and Szabo that the purpose of security is insecurity?

That:


https://www.reddit.com/r/Bitcoin/comments/4g1t1l/erik_voorhees_looting_of_the_fox_the_story_of/d2dze28

How does a business that gets hacked get to claim they are STILL secure? 

I propose that an insecure security solution is not secure. 

ShapeShift should have had a more stringent audit of their new employees before hiring them. I think it's a little harsh saying that the whole system is compromised when in reality there was 1 compromised person with ulterior motives who spoiled the party for everyone. Do you think something like this can happen again if Erik finds other professionals with conscience this time around?

Do you find security in a business that doesn't give proper security audits on their security personal?  Erics blog said the person had MANY priors in another state.  Who recommend this person.  I'm going to hazard a guess here.  I think I should be paid by Vorhees to have heard it from me...the person that trained his whole staff and says that security is by nature insecure...that person, is the real leak...

The other thing, as I understand it, as they were confronting "bob" they let him literately sit in the same room and cover his tracks while they accused him. Apologies if I got that wrong, but as I understand it that is the truth, and that is insane to think about that shapeshift is still claiming competence for this.  Its just a PR move to write a blog and say "We can still claim with 100's of years of banking cannot".  You got hacked, you can no longer claim you didn't get hacked.

We both know there is a problem here.  This business is not an extension of bitcoin's secure nature.  It's an extension of our old banking system.  It's not secure by design, its admittedly insecure by design.

That's why it failed.  Thats why evoorhes won't respond.

Unless it's one guy all alone then stuff like this is always gonna happen. That's a simple fact unless you recruit people who don't know what money is.

That is absolutely ridiculous to say, and it perfectly echoes Voorhees, I'm quite confident you learned if from people like that.  These people are selling snake oil.

nothing is every immortal, unbreakable, and guaranteed..

shapeshift however is not realy risking customers funds. because its not really a 'deposit and hold' wallet service ike other exchanges.. its a quick buy/sell platform that moves funds as soon as they get sufficient confirmations.

customers dont need a login or required tohold funds within the service long or short term. its a swap site not a store site.

so customers funds are at a very very very low risk, (only those who send funds in the few minutes of a hack would be delayed/affected)

Yes I understand this.  Now.  this is unfair of you imo.  Because reading your post, your sentiments, and your knowledge, it is quite clear to me that there is no way the explanation of the hacking and the incompetence of the company sits right with you. 

These sentiments are snake oil ingredients from a company that offers security.  Bitcoin is theoretically, conjecturally, and practically secure.  All these things the alleged security expert says are not possible.

We are to be solving the problems in the way that EFFECTIVELY solve the security issues that we are presented with.  This is what Satoshi did.

Do you mean to tell me that when Szabo says "secure all things", he means security is impossible and not achievable?

Every day Erik spends on the outside is a win for him.

secure, does not mean irradicate issues. it just means reduce chances.

i agree that MANY MANY exchanges could do alot better.. the first being that there is no actual need of a hot wallet on the website server.

the wallet can be totally separate and even on multiple machines. and the web-server stores customer requests on a database. instead of processing the payments on the website. so that the separate machines read the 'order database'.

that way no private key will ever be on the same IP address as the website. the staff wont have access to the keys either.

but even it you fill the holes. no one should ever blindly presume that its "too big to fail".

No it doesn't. that is snake oil you have been sold.  Security in the context you present, means to reduce the probability so the expected value is lower than the cost of stealing. THAT is effective security.  I don't know if you understand what I say.  I don't know if I say it well.  But this is clearly what Vorhees and crew doesn't get, and clearly what has been inherited by far too much of the community.

Lowering a probability of a catastrophe is not a claim to security.

the power of marketing, makes the custumers still use their products or perhaps they provide secure stuff in the other side. imo

.@traincarswreck

>so the expected value is lower than the cost of stealing. THAT is effective security.
Why would you say that? How would you even begin to evaluate the costs of "social engineering"? The cost of brute force attack (as in threaten you with a $5 wrench)?

>Lowering a probability of a catastrophe is not a claim to security
That's exactly what security means. Security is not a Boolean value, it's a gradient, from "totally insecure" to "almost 100% secure."

This is what these people did.  Satoshi and Szabo did not teach you this.  Bitcoin's primary security feature is that the cost of attacking the system outweighs the benefit. 

This is why Titanic sunk.  did you train shapeshift staff?

You're confusing security of Bitcoin with security of services built on top of Bitcoin. Even if Bitcoin is 100% secure, it's only 100% secure if *people* never use it. As soon as you add meat to the equation, security is shot. Chain is only as strong as strong as its weakest link and all that :(

Not sure what you mean re. "did (I) train shitshift staff." Explain pl0x.

Secure solutions that are extensions of bitcoin are supposed to be secure.  Your comments are silly and asinine, but your sentiments are identical to the cited person.  No more from you. You aren't knowledgeable on this subject. You are a product of this ignorant movement, that believes people should pay for insecure business models and solutions.  Insecurity is insecure.

Only a moron or a malicious actor would argue against this in Satoshi's forum.

Reported.  We all should be able to recognize ignorance. This posters position on security is wrong.

i think your saying it wrong..

eg:
Security in the context you present, means to reduce the probability so the expected value is lower than the cost of stealing. THAT is effective security.
eg:
Lowering a probability of a catastrophe is not a claim to security.

those were your own words..

security is about lowering probability and possibility of loss. shapeshift have done what they can to mitigate probability of customers losses, far more so then other altcoin exchanges.. could they go further and reduce risk of internal thefts of the admin fee stash the service keeps.. yes. but at what point is enough enough.

nothing is ever 100% unbreakable

It doesn't mean it can't be theoretically, conjecturally, and practically secure. This is what Satoshi taught us.  Otherwise you and others need to confess to everyone that bitcoin is by nature not secure whether theoretically, conjecturally, and practically.

You (they) do NOT, as a business provider of security, get to say, we fucked big time, we got hacked, we had a massive security exploit exploited...BUT we are still secure as always and even more so.

That's snake oil.

We are to be providing effective security solutions, that are admittedly secure for their purpose, not admittedly insecure.

Do we remember what bitcoin is?  Can we at least admit its "practically" secure, as in the "useful" sense?

I am not confused here, I know what we are arguing about and why.

Let me ask, how secure is shapeshift?  If security is a gradient, then what level is it at.  If I ask you from 1 to 10, what number will you give me?  Let's save time.  You can't give me a metric.  You might say "Well this exchange is far less secure".  

Security in the context you and Eric present, is public relations, and public concern management.  His blog is a narrative, and he was too focused on deception to see how obviously bad PR it is.

Who told you their model is secure?  How do we know this?  There is no claim here.  The staff is incompetent and insecure and they built the model and hired a criminal.  What could possibly be arguing me about?

your definition is so twisted..

bitcoin is secure.. because "secure" doesnt mean 100% guaranteed unbreakable. it just means safe enough to use with a low enough risk that you can trust it for most purposes.

but if you want proof that bitcoin is not 100% guaranteed unbreakable. here are some keywords
rejects
orphans
forks
bugs

bitcoin still has these issues. but the effect they have on the user is so small that economically its not a big enough deal to cause issues. and when it does cause issues its usually sorted quite quick.

(im guessing the phrase of the week for you is "snake oil". you seem to use it alot, but for the wrong reasons)

saying something is 100% unbreakable.. is the snake oil...
saying something is secure, but not 100% guaranteed, is being morally honest

I spent years as a full time professional poker player.  When you say to me security means limiting probability I think ACTUALLY numbers.  Not religious belief.  If you tell me there is a 5% or 20% or 95% chance something will get hacked, I can tell you if it is secure or not based on the economics.  Based on tangible things.  If this cannot be done, if you do not have enough information, there is no claim for security.

The other type of security, is snake-oil.  My "new word" is accurate.  Security isn't a guess, and neither Satoshi nor Szabo espouse such ridiculous retoric.

That was before you were born again in Satoshi's holy name, I hope?
Satoshi saith unto him, I am the way, the truth, and the life: no man cometh unto the Szabo, but by me.

Damn I read the whole story about Bob and his adventures at the ShapeShift office yesterday and it seems to me Erik Voorhees is the only person to blame for these hacks. He hired a compromised server 'expert' with priors to his name and yet didn't do anything to stop this nuisance as early as possible I mean if they noticed something was off with this guy why didn't they just shut down the whole operation and apprehend Bob on the spot after all a lot of money is involved in this scam. And that paying off of hackers to get additional info just shows how inept the ShapeShift employees are in figuring out what had happened themselves. I suggest everyone to read 'Looting of the Fox The Story of Sabotage at ShapeShift' it makes for a very entertaining read.

The human factor will always be the weak point in any organization. People can be tempted and people can be bribed and worst of all, people can be threatened. You will give up the trade secrets when a gun is held against your head or one of your children or family members are held hostage.

We have our weak points and this will always be a problem with every security system.

ya :(  See how fast I know you are a rational reasonable person?

Do you remember when snowden said in the documentary, "They could put a gun at my head and I still wouldn't be able to give them the documents"?

I am so upset at these people for teaching you this.  It is not true.  Weak points need solutions, they are not inherent in security solutions.  Look at bitcoin.

I am so upset at these people for teaching you this.  It is not true.  Weak points need solutions, they are not inherent in security solutions.  Look at bitcoin.
[/quote]

i agree weak points need solutions. but to blindly say something is 100% foolproof, unbreakable, indestructible and guaranteed, is something that someone blind and dumb would say.

accepting that nothing is perfect is a good thing. it keeps people on their toes, always looking for new weak spots so that they can be fixed. but blindly saying there will never ever ever be weak spots is just making you lazy to never try maintaining it.

a good locksmith knows that no matter how many locks you put on a door, someone can still use a battering ram or smash a window.
a good alarm company knows that no matter how many motion sensors are placed around the weak spots of a house, someone can cut the wires.
a good IT expert knows that no matter how many updates and bug fixes there are, there can still be more exploits yet to be found.

atleast getting to the mindset that nothing is ever going to be 100% fool proof, will open your mind to then try even harder to get to 99.9%.

so dont ever think that suggesting something is 100% fool proof is a good thing, as it will make you complacent and lazy, and not want to keep looking for weak spots.

I didn't say the things you are basically implying I said.  I think I was quite clear. And I think I have an incredibly valid point in regard to security.  The reality is security must flow.  You secure one system and then you move to the next that it is connected to.  As long as that flow out passes threats, then you have complete conjectural, practical, and theoretical security.  We don't have the math to represent the difference between static and flowing security in this sense, but we watched it with bitcoin.

Satoshi put out his code, then the nodes grew to a secure level, a ring of core developers was created, nodes decentralized wordwide, bitcoin grew past spam protection, exchanges grew into equilibrium of honest....

This is all natural order you see?

You see we are fighting over perspective, but mine is the superior view.  You don't want the guy that trained your staff on security to start with the idea that security is insecure. Thats the PERFECT inside job.

i know what your trying to elude to. by saying if you have the mindset that secure doesnt mean 100% you believe its the same as whispering to your team 'if you find a hole, dont fill it because nothing is without holes so its best to leave a few holes open'.
but thats not reality.
having the mindset that secure doesnt mean 100% should be the same as whispering to your team 'if you find a hole, fill it and presume that there is another hole yet to be found so keep looking. keep poking and keep testing, rather then filling one hole and blissfully(ignorantly) going to sleep on the job'.

Ah.  Now I understand, you never read the quotes that I was linking.  That's not the sentiments of the person that claimed to train shapeshift.  They were saying security by nature is insecure.  They were saying don't check my work, thats just how things are.  They said it in a way that Satoshi or Szabo NEVER would.  They made me believe they actually did work for shapshift, and they made me believe they are the security leak.

Are you sure we are disagreeing here?

And this is another reason not to trust any centralized service. There is no way I will fully trust any exchange from now on I thought people learned from Mt.Gox incident.
Then we had cryptsy fail and now Shapeshift, and many more of which I have no idea or they weren't disclosed to the public - will this ever end?

Nothing that is out there, will ever be 100% secure, it doesn't matter if it's controlled by a bot or by a person since there will always be a missing part of securing most things online and it will be a matter of someone finding it and use it against the system or someone giving away the information so others would do the job. At the moment, they've improved the security as they've mentioned and surely will take a better look at their workers too. The simple thing is, you'll get surprise that anything you won't monitor properly, could/would turn against you (just matter of when) and in this case, abuse of a worker that wasn't monitored correctly in the first place. A business could be secured after such hack, when everyone does their work properly in the first place.

i read the quotes..

but you are reading it as if they purposefully left holes open.
i read it is morally being honest to say
"Even if you use the most secure hardware and the most secure software in the world, it's still possible to write your password on a sticky note and stick it on your monitor. "

no matter what you can do, there will ALWAYS be a hole someone will find. its just takes time, effort and expense to find/use that hole.
secure never means 100% fool proof. so atleast having the morals and guts to admit it, will keep you on your toes to keep trying to patch the holes.

you can have the most secure server on this planet. but if do some one was to contact the IT admin and pretend to be the CEO suggesting to do something. then even with the most secure hardware, falls flat due to human error.
accepting that there will always be a hole somewhere helps people to always be on the look out for the holes to reduce the chances of exploiting it by bad people.

for instance. Segwit is not even released. and yet there are some blind fan boys that are already calling it bug free perfection.... mindsets like that are the worse thing ever.

nothing on this planet EVER is 100% guaranteed
secure does not mean 100% guaranteed, it never has

i think you hoped that secure meant 100% guaranteed, and have been blindly believing that anyone saying something is not 100%, must be bad. when infact admitting the truth and being honest is good.

so from this day forward. please i beg of you. stop blindly believing that everything is a uptopian dream of perfection and that when things go wrong it should be treated as a surprise and have guilt thrown at those involved. but to instead realise that nothing is ever perfect and find a new solution to the latest problem and accept there will be another problem in the future and it is just a matter of time before someone finds it, hoping the person that finds it is a whitehat/staff rather than a blackhat/outsider

From what i've read was it an inside job from the start. So it seems to be their software was secure but a corrupted employee helped an outsider to get in.
Better screening could help and perhaps double authorization for employees and withdrawals.

even the most honest and moral person employed on day one. can become corrupt on day 2.

for shape shift, although customers funds were not at risk. the CEO should not have let his staff have access to his "fee's" privkey.
funds should be swept regularly where the service fee goes to an address only the CEO owns that is not within the service(paper wallet)

no privkey should exist on the same server as the website front end

So how would the hot wallet work? How would things get done if only the CEO has the private key? Would he have to sit at a terminal and process all the payouts?

no.
if you think that things can only work on one computer and databases, orders and wallets need to be in the same physical location, then it would take too long to explain everything.

but here is a summary
1. the service temporary addresses can be put on a remote system where the webserver does not send out orders to the remote system IP. infact there is nothing in the code that will reveal any information about the remote system. nothing is pushed out of the web server.
instead the webserver stores the order requests. and the remote system LOOKS IN on that database. that way remote system does not appear in the code as a destination. because again for emphasis. no data is pushed out. just stored on the webserver. and the remote system looks in and sees the orders. to then process remotely.
1. the CEO's "profits/fee" then be sent to an address (PUBLICKEY). there is no need at all for anyone to have the private key on the webserver or even the remote system, from the CEO's own paper wallet.

jesus christ you two, just make out already  ::)

how long are you going to argue semantics and pick apart every word to try and one-up each other?  Are you guys new to the internet or something, because at this point it should be obvious you won't change each other's viewpoints on the definition of 'security'

by the way, 99.9% secure is 100% insecure.  That's the #1 principle of information security.  Now I'll wait to be proven wrong based on a 'professional economic opinion' so we can get this thread to 100 pages!

https://i.imgflip.com/n8qr8.jpg

OP is correct as quoted. Only decentralized exchange can be secure. Note I recently educated how to do decentralized exchange securely:

https://bitcointalk.org/index.php?topic=1364951.0

Well I don't need to make out with no one but I agree that its semantics.  But you see I make a subtle but firm point that there is one perspective that is slightly better than the other.  I understand what someone means by nothing is secure.  But you don't want your security trainer or head security starting their presentation like that.

Do we see how Szabo suggests it in his presentations?  

Security can be 100% if we shift our paradigms until we find and effective solution.  

Example with poker everyone is asking how decentralized poker is going to deal with collusion, ie players sharing their cards with one another.  Some astute people will point out that this is essentially impossible to secure. And so the belief is you will always need third parties.

But if you can offer a colluded game that is more profitable than the current model, then you have effectively solved this collusion problem.  So you gain effective security in this sense if you could "secure" the profitability from the players perspective.

Riiight. (https://en.wikipedia.org/wiki/Reaction_formation)

Shapeshift should have implemented a military grade security systems. What I head about their hacks is that they used their passphrase as a SSH key for logging into their coin server. It was obvious that anyone can steal easily from there and changing the salts later on to hide the evidence.

They should have implemented 2FA which should not have impacted them in any way.

But in current world every person with little common sense know the value of money so its hard to get employe like you suggested.  ;D

I also think shapeshift should investigate deep inside about how this hacking have done.