Bitcoin Forum

Other => Meta => Topic started by: joulesbeef on August 03, 2011, 07:28:32 PM



Title: Why dont we have a security subforum?
Post by: joulesbeef on August 03, 2011, 07:28:32 PM
It would be a nice place to get all the mybitcoin stuff in one place.

But seriously why no security subforum?  Security practices are crap for most bitcoin users.

It would be a good place for people to get security information like why storing your wallet yourself can be way more secure than online, and how to do that securely.

it can be the one stop place to look for new trojan news and scam sites.

but more importantly it can be the one stop place for security breach information.


Title: Re: Why dont we have a security subforum?
Post by: error on August 03, 2011, 09:07:34 PM
Sounds like a good idea to me.


Title: Re: Why dont we have a security subforum?
Post by: Intervex Digital on August 03, 2011, 09:26:30 PM
+1 for this idea...  I had some BTC with MyBitcoin for a few various projects.  Had I been able to be following a security board I may have gotten the warnings a little sooner and gotten some of it out.

I think having a subforum like this would be beneficial, however, I do think it would need close and careful moderation... The ability of a competitor to commit slander or libel against their competition would be high.


Title: Re: Why dont we have a security subforum?
Post by: evolve on August 03, 2011, 09:27:23 PM
+1    i think that is a great idea.


Title: Re: Why dont we have a security subforum?
Post by: tysat on August 04, 2011, 01:11:32 AM
After some thought it's a little surprising that there isn't one already.

Definitely a good idea.


Title: Re: Why dont we have a security subforum?
Post by: jackjack on August 04, 2011, 02:07:03 AM
+1


Title: Re: Why dont we have a security subforum?
Post by: nafai on August 04, 2011, 02:18:46 AM
I concur, wholeheartedly.


Title: Re: Why dont we have a security subforum?
Post by: wumpus on August 04, 2011, 03:02:44 AM
Hey I've already +1'ed this before...


Title: Re: Why dont we have a security subforum?
Post by: Ekaros on August 05, 2011, 06:30:30 AM
Yep, also would be good to teach the hosters of some services some things...


Title: Re: Why dont we have a security subforum?
Post by: newminerr on August 05, 2011, 06:55:24 AM
+1 Good idea
Sounds like a good idea to me.
^^ w00t


Title: Re: Why dont we have a security subforum?
Post by: the joint on August 05, 2011, 07:08:42 AM
I absolutely agree.  Also, check out this idea.  https://bitcointalk.org/index.php?topic=34506.0  They sort of go hand in hand with Bitcoin's needs at the moment. 


Title: Re: Why dont we have a security subforum?
Post by: laydum on August 05, 2011, 02:52:15 PM
Sounds like a good idea +1


Title: Re: Why dont we have a security subforum?
Post by: Nagios on August 05, 2011, 05:30:44 PM
This is an awesome idea! +1


Title: Re: Why dont we have a security subforum?
Post by: wumpus on August 24, 2011, 02:37:13 PM
And still there is no security subforum, while the one for alternative block chains did get added... :(


Title: Re: Why dont we have a security subforum?
Post by: jackjack on August 24, 2011, 05:13:09 PM
And still there is no security subforum, while the one for alternative block chains did get added... :(
:(


Title: Re: Why dont we have a security subforum?
Post by: joulesbeef on August 24, 2011, 05:26:24 PM
lol i get the frownie.

I do agree the alternative coins are a security issue, and most people shouldnt jump on them so fast and the developers, while they can keep the exact release day secret, probably should post some of their more radical ideas for changes to get input on how they might be exploited. They dont even have to announce that they are making a coin, just say "what would be the ramifications if bitcoin changed it's block rate?..."

yeah I agree with all that, i still dont agree with your last post.. but that is a different subject.


WHERE IS MY SECURITY SUB FORUM!!!!!

 ??? ??? ??? ???
 ??? ??? ??? ???
 ??? >:( ??? ???
 ??? ??? ??? ???


Title: Re: Why dont we have a security subforum?
Post by: MattscheAN on August 24, 2011, 05:29:06 PM
+1


Title: Re: Why dont we have a security subforum?
Post by: lathomas64 on August 24, 2011, 07:07:19 PM
I also agree with the original post exactly as stated, and have nothing novel to add to the conversation.

What if we turn this thread into the conversations we would have in a security sub-forum to show there is enough volume of discussion to justify a new thread.


Title: Re: Why dont we have a security subforum?
Post by: joulesbeef on August 25, 2011, 12:27:38 AM
I also agree with the original post exactly as stated, and have nothing novel to add to the conversation.

What if we turn this thread into the conversations we would have in a security sub-forum to show there is enough volume of discussion to justify a new thread.
i liek this idea

dont use 'password' as your password on mtgox


Title: Re: Why dont we have a security subforum?
Post by: newminerr on August 25, 2011, 02:52:06 AM
I also agree with the original post exactly as stated, and have nothing novel to add to the conversation.

What if we turn this thread into the conversations we would have in a security sub-forum to show there is enough volume of discussion to justify a new thread.
i liek this idea

dont use 'password' as your password on mtgox
Yes 123456 is more secure.  ;D


Title: Re: Why dont we have a security subforum?
Post by: lathomas64 on August 25, 2011, 01:50:13 PM
What are some solutions you all use to keep track of several passwords without using the same password multiple places?


Title: Re: Why dont we have a security subforum?
Post by: Intervex Digital on August 25, 2011, 02:18:41 PM
What are some solutions you all use to keep track of several passwords without using the same password multiple places?

KeePass (http://keepass.info/) is a great utility and you can use it for organizing software keys as well... (and it's open source!)


Title: Re: Why dont we have a security subforum?
Post by: newminerr on August 25, 2011, 04:10:44 PM
1Password is good too but it's commercial -$39.99-.


Title: Re: Why dont we have a security subforum?
Post by: joulesbeef on August 25, 2011, 08:26:13 PM
What are some solutions you all use to keep track of several passwords without using the same password multiple places?

keypass (http://keepass.info/) is the best, if you are willing to set it up.(easy set up.. just complex if you want as much functionality as the next solution.. basically you have to store your password file online, at a site you control but having it on usb is good but you couldnt have access to it if you didnt have your usb but did have a connection to the web)

lastpass (https://lastpass.com/) is great, it  will generate random passwords for you, keep track of multiple accounts, and automatically fill in forms and auto log you into nearly every site. You can have access to your passwords as long as you can get a web connection. This isnt as good as keypass as it is a third party holding onto your passwords, if they go down for the day, you are screwed, if they get hacked you are screwed. But so far they have been exemplary. They had some odd network traffic and without knowing if they had been actually hacked they suggested everyone changes their master passwords, which was the proper thing to do, but which most corps dont do.

there are also some interesting paper passwords cards (http://www.passwordcard.org/en)

last you can also come up with simple algorithms, instead of passwords.
the following example is too simplistic but it is too give you an idea.

Like a pass for this site could be Bitcointalk$321 and for bitparking could be Bitparking$321

you can see with a simple algorithm, you can make up unique passes for each site and yet have a way to remember them.
This is too simple as I said but it is easy to make so complex that you cant recognize that the pass is based on an algorithm. This is how I have done it for years.

here is a slightly more complex example to show you.

Bitcointalk is the site.

1. mix in 987654321 every other letter.

B9i8t7c6o5i4n3t2a1l0k

looking complex but not enough.

2. If the number to the right of the letter is odd Go down 3 letters, if even go up 2 letters. If neither, leave it..
E9j8w7a6or5k4q3r2c1l0k


now my pass is looking good and yet if I forget it, i can recalculate it at any time and yet someone finding that pass wont know it is made by algorithms, or the site it is for. And you can keep making your algorythm more complex, or use different rules to make the password more complex.. and all you have to do is remember your algorythm.

it can be as simple as go up a letter down a letter and mix in 123$%&789 and every other latter capitalized.
so bitparking becomes a1J2s3Q$z%S^j7J8m9F.. looks good. for a lot of sites you will need to select only the first few letters.. cause they suck, but it will still work for you.. you can add a code to remind you like double 8s to say cut off here  a1J2s3Q$z88%S^j7J8m9F


Title: Re: Why dont we have a security subforum?
Post by: deslok on August 25, 2011, 10:25:48 PM
If you're going to take the effort to encrypt your passords mentally you should be more than capable of remembering what they are. Those password cards look like they could have some uses but i'd never use them as a personal password, too easy to leave behind. I personally find things of signifigance but without utility make excelent passwords Ex: Your house phone from 3 changes ago. no one has any real reason to remember it or to even consider that you would use it since it's no longer of any utility.


Title: Re: Why dont we have a security subforum?
Post by: joulesbeef on August 25, 2011, 11:19:51 PM
I'll mail you my password card.

you cant tell the pass from the card.. it could reduce the combinations you have to try by a tiny bit, but the way they work you can leave the password card pinned to your monitor.


it goes with
Quote
the Chief Security Officer at Sun Microsystems said yesterday, “Write down your passwords; your wallet is a lot more secure than your computer.”
and this is a bit more secure than that.

still keypass is the best of the ones i mentioned.. I used to do the algorythm thing for years, but now I just keypass it.

I dont know any of my passes though and that is a bit disconcerting but i have backups of my database encrypted with a pass I do know.


Title: Re: Why dont we have a security subforum?
Post by: deslok on September 17, 2011, 02:56:17 PM
I'm bumping this in hopes that we actually get this, i saw a security warning about php on off topic today and this would be a good place for threads about things like wallet stealers and securing your wallet(s) secure passwords how to pick and remember/store one and things of that nature


Title: Re: Why dont we have a security subforum?
Post by: johnj on September 17, 2011, 03:00:22 PM
Lastpass.


Title: Re: Why dont we have a security subforum?
Post by: deslok on September 17, 2011, 03:04:27 PM
Lastpass.

Go ahead and make a thread about it if we get a security subforum


Title: Re: Why dont we have a security subforum?
Post by: defxor on September 17, 2011, 08:19:50 PM
lastpass (https://lastpass.com/) is great, it  will generate random passwords for you, keep track of multiple accounts, and automatically fill in forms and auto log you into nearly every site. You can have access to your passwords as long as you can get a web connection. This isnt as good as keypass as it is a third party holding onto your passwords, if they go down for the day, you are screwed, if they get hacked you are screwed. But so far they have been exemplary. They had some odd network traffic and without knowing if they had been actually hacked they suggested everyone changes their master passwords, which was the proper thing to do, but which most corps dont do.

The LastPass plugin caches locally meaning you have access to your passwords offline as well, and they do not store your actual unencrypted passwords which means you're not "screwed" if they get hacked.

The most obvious attack vector is to somehow modify the javascript that gets sent to your client, or to intercept both your locally entered master password as well as the lastpass-stored encrypted keyfile.

I fully recommend LastPass, even with those two caveats in mind.

(Paying users can also use the mobile client)


Title: Re: Why dont we have a security subforum?
Post by: Transisto on September 18, 2011, 05:04:05 AM
What if we turn this thread into the conversations we would have in a security sub-forum to show there is enough volume of discussion to justify a new thread.
Security deserve it's own sub forum (not thread) because the general public want to be and feel safe about owning BTCs.

Making it on the first page will simply make it easier to find,

As for the content, enough has already been said, we should start tagging all notable security thread to be moved there.

like - so...

https://bitcointalk.org/index.php?topic=323.0
https://bitcointalk.org/index.php?topic=18238.0
https://bitcointalk.org/index.php?topic=5194.0
https://bitcointalk.org/index.php?topic=3089.0
https://bitcointalk.org/index.php?topic=33835.0
https://bitcointalk.org/index.php?topic=17240.0
..................................


Title: Re: Why dont we have a security subforum?
Post by: theymos on September 18, 2011, 06:17:25 AM
I just don't think there would be enough topics for a security section. If I saw like 30 active security topics, I would consider it.

https://bitcointalk.org/index.php?topic=323.0
https://bitcointalk.org/index.php?topic=18238.0
https://bitcointalk.org/index.php?topic=5194.0
https://bitcointalk.org/index.php?topic=3089.0
https://bitcointalk.org/index.php?topic=33835.0
https://bitcointalk.org/index.php?topic=17240.0

Two of those wouldn't belong in a security section.


Title: Re: Why dont we have a security subforum?
Post by: Transisto on September 19, 2011, 05:19:28 AM
I just don't think there would be enough topics for a security section. If I saw like 30 active security topics, I would consider it.

https://bitcointalk.org/index.php?topic=323.0
https://bitcointalk.org/index.php?topic=3089.0

Two of those wouldn't belong in a security section.
So if that mean only informative or "current" break-in post should be moved, I totally agree.

So ? other than the empty feel of a sub with 10 post what's holding this back ?

I would see it fit as a sub of "Bitcoin Discussion" or sub of "Technical Support"


Title: Re: Why dont we have a security subforum?
Post by: joulesbeef on September 19, 2011, 05:54:05 AM
I think there would be more posts if there was actually a sub-forum. Heck I would write posts if I thought there would be a place for people to easily find them. But I understand it will probably not be the most active part of these forums. But I bet it would get plenty of readers.



Title: Re: Why dont we have a security subforum?
Post by: wumpus on September 19, 2011, 10:53:26 AM
I just don't think there would be enough topics for a security section. If I saw like 30 active security topics, I would consider it.
I don't think you should add a security section because it would be extremely popular for posting in, but because it is necessary. One of the first things people practically need when they use bitcoins is up-to-date computer security. So discussion about it should be encouraged.



Title: Re: Why dont we have a security subforum?
Post by: lathomas64 on September 19, 2011, 03:58:48 PM
What if we turn this thread into the conversations we would have in a security sub-forum to show there is enough volume of discussion to justify a new thread.
Security deserve it's own sub forum (not thread) because the general public want to be and feel safe about owning BTCs.

Making it on the first page will simply make it easier to find,

As for the content, enough has already been said, we should start tagging all notable security thread to be moved there.

like - so...

https://bitcointalk.org/index.php?topic=323.0
https://bitcointalk.org/index.php?topic=18238.0
https://bitcointalk.org/index.php?topic=5194.0
https://bitcointalk.org/index.php?topic=3089.0
https://bitcointalk.org/index.php?topic=33835.0
https://bitcointalk.org/index.php?topic=17240.0
..................................

I misspoke i meant sub-forum not new thread


Title: Re: Why dont we have a security subforum?
Post by: joulesbeef on September 20, 2011, 12:46:41 AM
and really it should be a sub forum inside the newbie section.