|
Title: Cybersecurity subforum Post by: takuma sato on January 15, 2022, 06:06:38 AM Would it be a good idea to have cybersecurity subforum? It is a topic that goes hand in hand with bitcoin. Without a good setup hosting your private keys is useless, you might as well have them on an exchange than host them on some Windows machine.
For instance I wanted to talk about bios tampering to see if anyone here is using Heads: https://osresearch.net/ This I think is a key factor that no one is talking about. Checking the integrity of the bios, not only corebooting it. This way you could avoid man in the middle attacks that would go unnoticed. I wasn't sure in which subforum to post this. It is too niche to get any serious replies outside of development subforum but I think that's off-topic. In a dedicated subforum we could share different techniques to improve the setup. Title: Re: Cybersecurity subforum Post by: mk4 on January 15, 2022, 06:16:26 AM Idunno, since the cybersecurity part of Bitcoin is mostly concerning wallets, the Wallet software section might be the best for it. Or probably even just the Bitcoin Discussion is enough for that. The security subtopic doesn't have THAT much demand to have it's own subforum imo; but I'm not really against it.
Title: Re: Cybersecurity subforum Post by: hugeblack on January 15, 2022, 06:50:27 AM Regardless of the nature of the board and its importance, unless there are enough topics and discussions about it, a new board will not be created.
In other words, if there are not many topics in the main menu, and there are many discussions about them, a subforum/board dedicated to them will not be created. Let's take the Lightning Network as an actual example, although there are many topics and many discussions about them, no dedicated subforum/board has been created for them. Therefore, general terms such as "cybersecurity" will be impossible to create a dedicated board for it. Title: Re: Cybersecurity subforum Post by: BlackHatCoiner on January 15, 2022, 08:01:59 AM It is too niche to get any serious replies outside of development subforum but I think that's off-topic. From my experience, if you share good content in the Development & Technical board, your chances of having your post removed are inconsiderable, even if it isn't that on-topic. Don't hesitate to share your thoughts about something that you consider important. This forum is known for hugging high quality posting. Title: Re: Cybersecurity subforum Post by: Pmalek on January 15, 2022, 08:20:43 AM I wouldn't mind if such a sub-board got created, but at the same time, I don't think it will. It's desirable to have decent security practices and know how to keep your computer, phone, or wallet safe. But if such a sub was introduced right now, can someone name or recommend 10 threads to be moved there without having to do quite a lot of searching for threads on the forum?
Title: Re: Cybersecurity subforum Post by: uchegod-21 on January 15, 2022, 11:16:23 AM In other words, if there are not many topics in the main menu, and there are many discussions about them, a subforum/board dedicated to them will not be created. You are very correct about this. When the hype of NFT was high months ago and the demand was coming in but the board was not created. That was when I knew that the admins are not interested in creating boards or childboards that will not last or people will run out of discussion within a short time.Let's take the Lightning Network as an actual example, although there are many topics and many discussions about them, no dedicated subforum/board has been created for them. Therefore, general terms such as "cybersecurity" will be impossible to create a dedicated board for it. The Lightening network was a surprise to me when I search the forum but I didn't see any board for it. But in Development Board is saw _Rath always discussing it. I believe one of the reason why it has not gotten a childboard is that I always see a high user countering everything about Lightening network. His name is franky1. Not that he does not have nice points, he has many good points and I always read them. If childboard is created for LN, there can be home for arguments only and the purpose of the board will not be achieve. Title: Re: Cybersecurity subforum Post by: o_e_l_e_o on January 15, 2022, 12:16:04 PM It's been discussed many times before, but it has gone ignored by the admins. I think it's a good idea as there are plenty of topics which deal with general online security and privacy which get lost in various boards, or even worse, moved to Off Topic where they immediately die. The logical place for topics like these would be Off Topic, if Off Topic was actually moderated as advertised ("Other topics that might be of interest to bitcoiners"), rather than just being "Literally any old shit".
Therefore, general terms such as "cybersecurity" will be impossible to create a dedicated board for it. I disagree. Here is a post I made the last time such an idea was brought up: https://bitcointalk.org/index.php?topic=5230782.msg53974580#msg53974580. I found 14 threads just from the front page of two boards which would belong in such a new board.Looking at the front page of various boards now, I can see the same again, with threads on passcode lengths and online privacy at the top of Beginners and Help and threads on Firefox and KYC in Off Topic. Title: Re: Cybersecurity subforum Post by: DaveF on January 15, 2022, 01:17:37 PM I would support this.
Sometimes it's just nice to have a location for little tidbits of information to be posted in one central location that may or may not be impotant to some people. But will get buried in some other locations due to the number of other topics. As an example I posted this over a year ago: https://bitcointalk.org/index.php?topic=5282613 There are also a few other firewalls / brands that have vulnerabilities might be nice to have a forum to discuss things like that. Even if it's just to discuss things like the log4j vulnerability and if it will cause any issues for crypto clients / apps. -Dave Title: Re: Cybersecurity subforum Post by: Toughit on January 15, 2022, 02:29:34 PM I wouldn't mind if such a sub-board got created, but at the same time, I don't think it will. It's desirable to have decent security practices and know how to keep your computer, phone, or wallet safe. But if such a sub was introduced right now, can someone name or recommend 10 threads to be moved there without having to do quite a lot of searching for threads on the forum? I think it's a great idea. I found 7 with a short search that I would include, and the last one lists about There are a lot in Beginners and Help, but good links in many other subforums. 2fa in Other/ Beginners and Help - https://bitcointalk.org/index.php?topic=5041789.0 (https://bitcointalk.org/index.php?topic=5041789.0) Yubikey in Other/ Beginners and Help https://bitcointalk.org/index.php?topic=1353231.0 (https://bitcointalk.org/index.php?topic=1353231.0) Keyword storage in Wallet software by N0nce https://bitcointalk.org/index.php?topic=5363596.0 (https://bitcointalk.org/index.php?topic=5363596.0) Wallet Security in hardware wallets https://bitcointalk.org/index.php?topic=3176978.40 (https://bitcointalk.org/index.php?topic=3176978.40) Malwarebytes (needs discussion) in Digital Goods https://bitcointalk.org/index.php?topic=5281484.0 (https://bitcointalk.org/index.php?topic=5281484.0) Spam in Reputation https://bitcointalk.org/index.php?topic=5281484.0 (https://bitcointalk.org/index.php?topic=5281484.0) Security in Beginners and Help https://bitcointalk.org/index.php?topic=5239098.0 (https://bitcointalk.org/index.php?topic=5239098.0) Title: Re: Cybersecurity subforum Post by: dkbit98 on January 15, 2022, 04:28:36 PM Would it be a good idea to have cybersecurity subforum? It is a topic that goes hand in hand with bitcoin. I don't remember last time when moderators added some new child boards in forum, and I have been saying for some time that we should have some changes.Adding cybersecurity board could be added but only if related with Bitcoin, otherwise it would probably go to off-topic section. Lightning Network board could also be interesting, with some different opinions, but Theymos might not be in the mood for adding anything new things in forum, but I could be wrong about that :) For instance I wanted to talk about bios tampering to see if anyone here is using Heads: https://osresearch.net/ I don't use Heads, and messing around with bios is not advisable for most people.Even regular update of bios is not recommend to everyone, and should be done only if you need to fix some issue with your computer or enable new functionality. Title: Re: Cybersecurity subforum Post by: takuma sato on January 16, 2022, 04:19:44 AM Would it be a good idea to have cybersecurity subforum? It is a topic that goes hand in hand with bitcoin. I don't remember last time when moderators added some new child boards in forum, and I have been saying for some time that we should have some changes.Adding cybersecurity board could be added but only if related with Bitcoin, otherwise it would probably go to off-topic section. Lightning Network board could also be interesting, with some different opinions, but Theymos might not be in the mood for adding anything new things in forum, but I could be wrong about that :) For instance I wanted to talk about bios tampering to see if anyone here is using Heads: https://osresearch.net/ I don't use Heads, and messing around with bios is not advisable for most people.Even regular update of bios is not recommend to everyone, and should be done only if you need to fix some issue with your computer or enable new functionality. All standard bios contain proprietary blobs. If you are not using Coreboot, chances are your CPU has Intel ME enabled, which has it's own proprietary OS in it with pretty much full access to your computer at pre-boot times. Anyone that is serious about Bitcoin should be using Coreboot or Libreboot. Most people don't use Bitcoin tho, if you aren't running your own full node you aren't using Bitcoin as far as I can tell. So it all begins with a good defense at the bios level, then you build a decent Linux setup, then install Bitcoin full node client you can trust. Most people aren't even aware of Intel ME and PSP for AMD exist so without addressing that most Bitcoin nodes are potentially compromised by default. Title: Re: Cybersecurity subforum Post by: Quickseller on January 16, 2022, 05:51:47 AM Idunno, since the cybersecurity part of Bitcoin is mostly concerning wallets, the Wallet software section might be the best for it. Or probably even just the Bitcoin Discussion is enough for that. The security subtopic doesn't have THAT much demand to have it's own subforum imo; but I'm not really against it. There are three potential security concerns regarding bitcoin:1 - keeping your private keys private 2 - ensuring your full node continues to act in ways as intended 3 - ensuring your miners mine at the pools as intended There is also a potential fourth regarding clipboard, and display malware. Issues regarding 1 belongs in the wallets sub, 2 belongs in dev and tech, and 3 belongs in the mining sub. I don't think there is a high enough volume of these types of threads to warrant a new sub. Title: Re: Cybersecurity subforum Post by: o_e_l_e_o on January 16, 2022, 09:00:57 AM There are three potential security concerns regarding bitcoin Maybe that would be the case if everyone ran their own full node.We see plenty of threads regarding things like Tor or good browser practices or extensions, best OSs to uses, PGP, encryption, password managers, best 2FA practices, phishing ads and attempts, different types of malware, critical vulnerabilities in various commonly used software, punycode attacks, KYC safety, VPNs and VPSs, and so on. All of these are very relevant to using bitcoin securely and privately, and do not fit nicely in to any other board. They often end up in Beginners and Help despite being relevant for all users, or worse they are moved to Off Topic and seen by nobody except spammers. There are certainly far more topics which would fit in to such a board than are posted in some already existing boards. Title: Re: Cybersecurity subforum Post by: dkbit98 on January 16, 2022, 09:14:25 AM All standard bios contain proprietary blobs. If you are not using Coreboot, chances are your CPU has Intel ME enabled, which has it's own proprietary OS in it with pretty much full access to your computer at pre-boot times. Anyone that is serious about Bitcoin should be using Coreboot or Libreboot. Most people don't use Bitcoin tho, if you aren't running your own full node you aren't using Bitcoin as far as I can tell. So it all begins with a good defense at the bios level, then you build a decent Linux setup, then install Bitcoin full node client you can trust. Most people aren't even aware of Intel ME and PSP for AMD exist so without addressing that most Bitcoin nodes are potentially compromised by default. Sure, but you can always lock your bios with a strong password and you can disable in settings anything that you don't want to have.Don't get me wrong, I updated my bios many times and I never used corebot or libreboot so far, but maybe I will give it a try to see how it works on older computer. In addition to this you can always enable encryption during installation of any Linux OS, that makes is much more secure than any windows os will ever be, and you can always go next level with Tails, Whonix or Cubes os, but that is not recommend for majority of people. I don't see how Bitcoin nodes or any bitcoin related software can be affected with having bios password, plus encryption on OS level, plus strong password for your account. Title: Re: Cybersecurity subforum Post by: tranthidung on January 18, 2022, 02:41:46 AM Regardless of the nature of the board and its importance, unless there are enough topics and discussions about it, a new board will not be created. In other words, if there are not many topics in the main menu, and there are many discussions about them, a subforum/board dedicated to them will not be created.
Title: Re: Cybersecurity subforum Post by: takuma sato on January 18, 2022, 04:23:43 AM All standard bios contain proprietary blobs. If you are not using Coreboot, chances are your CPU has Intel ME enabled, which has it's own proprietary OS in it with pretty much full access to your computer at pre-boot times. Anyone that is serious about Bitcoin should be using Coreboot or Libreboot. Most people don't use Bitcoin tho, if you aren't running your own full node you aren't using Bitcoin as far as I can tell. So it all begins with a good defense at the bios level, then you build a decent Linux setup, then install Bitcoin full node client you can trust. Most people aren't even aware of Intel ME and PSP for AMD exist so without addressing that most Bitcoin nodes are potentially compromised by default. Sure, but you can always lock your bios with a strong password and you can disable in settings anything that you don't want to have.Don't get me wrong, I updated my bios many times and I never used corebot or libreboot so far, but maybe I will give it a try to see how it works on older computer. In addition to this you can always enable encryption during installation of any Linux OS, that makes is much more secure than any windows os will ever be, and you can always go next level with Tails, Whonix or Cubes os, but that is not recommend for majority of people. I don't see how Bitcoin nodes or any bitcoin related software can be affected with having bios password, plus encryption on OS level, plus strong password for your account. You can't disable Intel ME etc in the bios settings, that's the whole point. It runs no matter what you do, except if you flash your bios with Coreboot, which 99% of people will not do because it doesn't work in most modern computers, and it requires you to do some hardware modifications, it's not just flashing a rom file. A reason why an attacker would want big blocks on the network, besides reducing number of nodes due higher space needed, would be to take advantage of built-in exploits at the hardware level. Once 100% of the network is running on hardware that can be controlled remotely or modified in some way you have a killswitch. I haven't seen this angle discussed. Basically most of the network outside of Raspberry Pi and flashed bios' without Intel ME and PSP is potentially backdoored. Title: Re: Cybersecurity subforum Post by: dkbit98 on January 18, 2022, 01:13:23 PM You can't disable Intel ME etc in the bios settings, that's the whole point. It runs no matter what you do, except if you flash your bios with Coreboot, which 99% of people will not do because it doesn't work in most modern computers, and it requires you to do some hardware modifications, it's not just flashing a rom file. Is there any list of supported hardware for Coreboot or Libreboot?I know there are some premade stuff that work on Thinkpads but it could be issue to run this bios on custom made desktop computers. A reason why an attacker would want big blocks on the network, besides reducing number of nodes due higher space needed, would be to take advantage of built-in exploits at the hardware level. Once 100% of the network is running on hardware that can be controlled remotely or modified in some way you have a killswitch. I haven't seen this angle discussed. Basically most of the network outside of Raspberry Pi and flashed bios' without Intel ME and PSP is potentially backdoored. This is possible in theory, but more simple way of introducing a global kill switch would be to just turn of the internet, like we can see it's happening in some countries during riots.Internet is centrally controlled and controllers don't have to worry about people like you who run custom bios on computers. If they really want to hurt Bitcoin (and everything else) this is what they would do because it's more simple. Title: Re: Cybersecurity subforum Post by: kaggie on January 18, 2022, 05:56:20 PM Privacy and security would be nice, even if a sub-sub-forum. One of the largest drawbacks to bitcoin is that your regular person is at risk to losing their life savings by storing their information on their computer that may have a hole/leak in it. It's a separate topic of relevance. It would be better to have it in one location to point people to.
Title: Re: Cybersecurity subforum Post by: n0nce on January 19, 2022, 12:05:20 PM I'm in! ;) Totally agreed: we often talk about aspects of 'cybersecurity' / IT security, throughout various boards, and it would be preferable to have a central place to find all those threads.
I think it would need to be outside the Bitcoin board, since it could include topics such as general OS-level security practices, network setups and firewalls, but also lots of privacy-oriented topics such as decentralized YouTube alternatives (there was a tiny spark of interest in the community after some Bitcoin content was deleted off YouTube) and similar. Title: Re: Cybersecurity subforum Post by: Zilon on January 19, 2022, 03:08:19 PM A cybersecurity board is really necessary because as important as Blockchain and Bitcoin is to the society today it's private key security should also be a necessity because there is no need for an innovation if it's prone to attack. As the technological aspect is fully represented there should also be need for it's security board to help discuss the preventive measures to secure private keys and for the safety of our coins. I think cyber security alongside ethical hacking could be merged
Title: Re: Cybersecurity subforum Post by: Spacebar96 on January 19, 2022, 07:48:59 PM That's a good idea, if the moderator can create another child board where discussion about cyber security and bitcoin are been analyse. Since bitcoin gave it user more power to secure their wallet. It will be helpful and serves as a reminders to people on how to secure their wallet.
Title: Re: Cybersecurity subforum Post by: takuma sato on February 01, 2022, 02:57:04 AM Is there any list of supported hardware for Coreboot or Libreboot? I know there are some premade stuff that work on Thinkpads but it could be issue to run this bios on custom made desktop computers. Check your laptop brand and board here: https://coreboot.org/status/board-status.html Basically, stick to Lenovo. x230 is probably the best you could get with an i7. With Libreboot x200 or t400 for a bigger laptop and that's about it. There is a whole subject on what's better, Libreboot or Coreboot. With Libreboot you get 0 binary blobs but you lack microcode updates which are available in Coreboot (at the expense of having to use some proprietary blobs but it's considered not a problem and ME is of course disabled). You need to hardware flash for both, i think except the x60 which can be done by downloading the rom. This is possible in theory, but more simple way of introducing a global kill switch would be to just turn of the internet, like we can see it's happening in some countries during riots. Internet is centrally controlled and controllers don't have to worry about people like you who run custom bios on computers. If they really want to hurt Bitcoin (and everything else) this is what they would do because it's more simple. It would be overkill to cut the entire internet since it would crash the stock market. They can just keep Bitcoin running under a network that is compromised because no one paid attention to this. Title: Re: Cybersecurity subforum Post by: coinmanhere on February 01, 2022, 05:09:58 AM I support this idea I think it is important enough to have its own separate section. To be frank it is way too important to have its own section, I think we as a community should be more open minded than start with "I don't think so" mentality.
Title: Re: Cybersecurity subforum Post by: takuma sato on January 11, 2023, 03:31:20 AM The fact that Luke Dashjr got 3 $million worth of BTC hacked made me remember this thread. If someone with such level of expertise gets his networth hacked, it proves that cybersecurity is a crucial subject in Bitcoin and there should be a sticky guide about it, since a lot of people would find this forum when starting.
It also proves Bitcoin is not ready for prime time when it comes to self-custody of funds. Most people would probably be safer leaving it on a regulated exchange or buying through an ETF than exposing them to potential hacks unfortunately. Title: Re: Cybersecurity subforum Post by: TheBeardedBaby on January 11, 2023, 10:37:17 AM It's not a bad suggestion but I feel it would be more suitable to be like a news feed kind of type to post the latest, hacks, breaches, bugs where people can actually see if they are affected or not.
Of course, place to discuss cybersecurity is always good, but less likely to be crated. Title: Re: Cybersecurity subforum Post by: BenCodie on January 12, 2023, 04:32:37 AM Hi takuma sato. I think you are 100% on the money with this suggestion and I am passionate about supporting it. I made a thread here (https://bitcointalk.org/index.php?topic=5434404.0) with another request.
I would love to constantly maintain and update that topic with more resources, I believe that more than one topic per request mightn't be good practice or something as someone told me to lock my thread for making an additional request. Would you be open to locking this thread so we can continue the discussion there? I have given you credit in my OP and also some merit for being the person who came up with the idea first. The reason for the request is so that I can maintain and build on the original post. Thanks! Title: Re: Cybersecurity subforum Post by: NotATether on January 12, 2023, 05:03:04 AM One of two conditions must be satisfied in order to create a board:
1- there have to be sufficient number of threads about this topic in other boards to the point where that board is full of those kind of threads, 2- (for local boards) there is a large megathread. These are from my own observation and are not in any rules or moderator posts or anything like that. Title: Re: Cybersecurity subforum Post by: Helena Yu on January 12, 2023, 05:18:50 AM 1- there have to be sufficient number of threads about this topic in other boards to the point where that board is full of those kind of threads, I've collected a list about cyber security that the moderators often move the topic to off-topic board. I think those threads are deserve to be placed in new board either cybersecurity or hardware and software security, it's really bad to be placed in off-topic board where it's full of non sense thread like what's the best music, how to live longer, do you have pet etc.1. Password managers or passwords from memory (https://bitcointalk.org/index.php?topic=5404617.0) 2. Bitcoin and Antiviruses (https://bitcointalk.org/index.php?topic=5408337.0) 3. Computer and Phone Security Questions (https://bitcointalk.org/index.php?topic=5397190.0) 4. How to detect fraudulent websites. (https://bitcointalk.org/index.php?topic=5410004.0) 5. I think google is spying on us ,when our phones are in the room (https://bitcointalk.org/index.php?topic=5405072.0) 6. The best note taking apps for Windows? (https://bitcointalk.org/index.php?topic=5411465.0) 7. LastPass - Notice of Recent Security Incident (https://bitcointalk.org/index.php?topic=5411313.0) 8. Recommended 2FA app for Windows (https://bitcointalk.org/index.php?topic=5411527.0) 9. What do you use for generating strong passwords? (https://bitcointalk.org/index.php?topic=5408965.0) 10. Is my iPhone hacked? (https://bitcointalk.org/index.php?topic=5414283.0) 11. Hackers exploit critical VMware flaw to drop ransomware & miners (https://bitcointalk.org/index.php?topic=5418133.0) 12. What about a smartphone keyboard (https://bitcointalk.org/index.php?topic=5418078.0) 13. Are they set a broker in my pc and stealing my data ? (https://bitcointalk.org/index.php?topic=5419655.0) 14. [Warning]: Password Manager LassPass has been breached, accessed customer data (https://bitcointalk.org/index.php?topic=5424994.0) 15. Probably a childish question (https://bitcointalk.org/index.php?topic=5426838.0) 16. Privacy frontends for popular services (yt, reddit, twitter, fb, insta, etc) (https://bitcointalk.org/index.php?topic=5397553.0) 17. I Always Use 12 to 20 Characters Long Password 🔑 For my accounts (https://bitcointalk.org/index.php?topic=5425873.0) 18. Do not rely on your OS security (https://bitcointalk.org/index.php?topic=5429681.0) 19. Hackers stolen Last Pass users passwords and sensitivw information (https://bitcointalk.org/index.php?topic=5431869.0) 20. Copy link to clipboard - Nifty app for android (https://bitcointalk.org/index.php?topic=5432237.0) 21. Passwords - 8 characters at least, lower, upper, number, symbol (https://bitcointalk.org/index.php?topic=5425844.0) Sometime I think rather than this topic get moved to off-topic board, why it's not moved to serious discussion board? To be honest there's many threads in serious discussion board are full of non sense thread and many people doesn't care with it since the signature isn't visible, so the board get less traffic. Rather than serious discussion almost get abandoned, I would say it's better for the administrators too enable signature space on that's board, so it will increase the traffic and moderators can just increase the minimum quality or strict rules just like Bitcoin technical discussion board. Title: Re: Cybersecurity subforum Post by: BenCodie on January 12, 2023, 09:09:39 AM 1- there have to be sufficient number of threads about this topic in other boards to the point where that board is full of those kind of threads, I've collected a list about cyber security that the moderators often move the topic to off-topic board. I think those threads are deserve to be placed in new board either cybersecurity or hardware and software security, it's really bad to be placed in off-topic board where it's full of non sense thread like what's the best music, how to live longer, do you have pet etc.1. Password managers or passwords from memory (https://bitcointalk.org/index.php?topic=5404617.0) 2. Bitcoin and Antiviruses (https://bitcointalk.org/index.php?topic=5408337.0) 3. Computer and Phone Security Questions (https://bitcointalk.org/index.php?topic=5397190.0) 4. How to detect fraudulent websites. (https://bitcointalk.org/index.php?topic=5410004.0) 5. I think google is spying on us ,when our phones are in the room (https://bitcointalk.org/index.php?topic=5405072.0) 6. The best note taking apps for Windows? (https://bitcointalk.org/index.php?topic=5411465.0) 7. LastPass - Notice of Recent Security Incident (https://bitcointalk.org/index.php?topic=5411313.0) 8. Recommended 2FA app for Windows (https://bitcointalk.org/index.php?topic=5411527.0) 9. What do you use for generating strong passwords? (https://bitcointalk.org/index.php?topic=5408965.0) 10. Is my iPhone hacked? (https://bitcointalk.org/index.php?topic=5414283.0) 11. Hackers exploit critical VMware flaw to drop ransomware & miners (https://bitcointalk.org/index.php?topic=5418133.0) 12. What about a smartphone keyboard (https://bitcointalk.org/index.php?topic=5418078.0) 13. Are they set a broker in my pc and stealing my data ? (https://bitcointalk.org/index.php?topic=5419655.0) 14. [Warning]: Password Manager LassPass has been breached, accessed customer data (https://bitcointalk.org/index.php?topic=5424994.0) 15. Probably a childish question (https://bitcointalk.org/index.php?topic=5426838.0) 16. Privacy frontends for popular services (yt, reddit, twitter, fb, insta, etc) (https://bitcointalk.org/index.php?topic=5397553.0) 17. I Always Use 12 to 20 Characters Long Password 🔑 For my accounts (https://bitcointalk.org/index.php?topic=5425873.0) 18. Do not rely on your OS security (https://bitcointalk.org/index.php?topic=5429681.0) 19. Hackers stolen Last Pass users passwords and sensitivw information (https://bitcointalk.org/index.php?topic=5431869.0) 20. Copy link to clipboard - Nifty app for android (https://bitcointalk.org/index.php?topic=5432237.0) 21. Passwords - 8 characters at least, lower, upper, number, symbol (https://bitcointalk.org/index.php?topic=5425844.0) Sometime I think rather than this topic get moved to off-topic board, why it's not moved to serious discussion board? To be honest there's many threads in serious discussion board are full of non sense thread and many people doesn't care with it since the signature isn't visible, so the board get less traffic. Rather than serious discussion almost get abandoned, I would say it's better for the administrators too enable signature space on that's board, so it will increase the traffic and moderators can just increase the minimum quality or strict rules just like Bitcoin technical discussion board. This is a fantastic list. Great work! I will continue on to help build on top this list too some time this week. Title: Re: Cybersecurity subforum Post by: Mpamaegbu on January 12, 2023, 11:00:23 AM Would it be a good idea to have cybersecurity subforum? I'm all for it. It's a great idea to have such a subforum. Cyber security is a thing with anything and everything online and it will be nice to have a dedicated section of this forum for it just like what we've with "Reputation". We know where to check the integrity of users or companies when in doubt for verification or to open scam accusations on them. It should also be so for Cyber security. Title: Re: Cybersecurity subforum Post by: n0nce on January 12, 2023, 06:09:52 PM One of two conditions must be satisfied in order to create a board: I know that these are the (unwritten?) rules for new subforums, but I don't completely agree with them.1- there have to be sufficient number of threads about this topic in other boards to the point where that board is full of those kind of threads, 2- (for local boards) there is a large megathread. These are from my own observation and are not in any rules or moderator posts or anything like that. When you 'are your own bank', especially for newcomers into the whole field, having a place to find educational materials about basic cybersecurity practices (topics such as: how to secure your machine, proper backup practices, encryption guides, signature guides, pgp guides, ...), while also being a place for asking questions. You and I wouldn't believe at what kind of basic level most people struggle with even using computers. Meanwhile we encourage them to be their own bank, without even having a central place that teaches them security concepts and decreases the likeliness of them losing it all. To get back to my view on rules for new subforums: I do think that in some cases, people don't even bother creating threads about some topics, if they know they belong and will be buried immediately in off-topic, altcoin discussion, or something like that, where they won't get useful interaction and opinions. They will just go somewhere else. As a matter of fact, I sometimes just choose to talk to people in private about Lightning related stuff, since we don't have a Lightning board. Therefore, it could (this is a hypothesis) be the other way round: creating a subforum, even without existing megathreads, may encourage and attract discussion about that topic. I personally believe that Lightning and Cybersecurity would be two boards where this could take place. Title: Re: Cybersecurity subforum Post by: BenCodie on January 13, 2023, 04:36:23 AM 1- there have to be sufficient number of threads about this topic in other boards to the point where that board is full of those kind of threads, 2- (for local boards) there is a large megathread. These are from my own observation and are not in any rules or moderator posts or anything like that. If there is not even a remotely relevant place to post these kinds of topics, then they won't be posted. That's the case with cybersecurity at the moment. Title: Re: Cybersecurity subforum Post by: NotATether on January 13, 2023, 11:28:20 AM 1- there have to be sufficient number of threads about this topic in other boards to the point where that board is full of those kind of threads, 2- (for local boards) there is a large megathread. These are from my own observation and are not in any rules or moderator posts or anything like that. If there is not even a remotely relevant place to post these kinds of topics, then they won't be posted. That's the case with cybersecurity at the moment. I sometimes don't end up posting that kind of stuff for that reason, and it sucks. But where would we place a Cybersecurity board? Under Trading Discussion? Or somewhere else? I support your petition but if we are going to see a change then you need to be able to demonstrate that there is a majority consensus in favor of the idea. Perhaps run a poll or something? Title: Re: Cybersecurity subforum Post by: BenCodie on January 13, 2023, 11:44:28 AM 1- there have to be sufficient number of threads about this topic in other boards to the point where that board is full of those kind of threads, 2- (for local boards) there is a large megathread. These are from my own observation and are not in any rules or moderator posts or anything like that. If there is not even a remotely relevant place to post these kinds of topics, then they won't be posted. That's the case with cybersecurity at the moment. I sometimes don't end up posting that kind of stuff for that reason, and it sucks. But where would we place a Cybersecurity board? Under Trading Discussion? Or somewhere else? I support your petition but if we are going to see a change then you need to be able to demonstrate that there is a majority consensus in favor of the idea. Perhaps run a poll or something? I was going to start a poll in the thread that I created, weirdly there was no option to do so under additional options though. Title: Re: Cybersecurity subforum Post by: BlackHatCoiner on January 13, 2023, 12:03:01 PM Rather than serious discussion almost get abandoned, I would say it's better for the administrators too enable signature space on that's board I never understood why signatures don't appear in Serious Discussion board. Like, is it because it attracts spam? By that reasoning, should signatures be disabled on the entire forum? Are the rest of the discussions not considered serious?To get back to my view on rules for new subforums: I do think that in some cases, people don't even bother creating threads about some topics, if they know they belong and will be buried immediately in off-topic, altcoin discussion, or something like that, where they won't get useful interaction and opinions. I think what we need is simple: a brand new sub-board, with a sticky mega-list thread which is moderated in a divided manner. So that if you're having a query, you can check the thread. Title: Re: Cybersecurity subforum Post by: nutildah on January 13, 2023, 12:54:16 PM Rather than serious discussion almost get abandoned, I would say it's better for the administrators too enable signature space on that's board I never understood why signatures don't appear in Serious Discussion board. Like, is it because it attracts spam? By that reasoning, should signatures be disabled on the entire forum? Are the rest of the discussions not considered serious?Its a good compromise and an alternative to banning signatures altogether. The forum is now at its lowest traffic ranking since before Nov. 2013. For the record: https://i.imgur.com/F0FaLNF.png (https://www.similarweb.com/website/bitcointalk.org/#overview) Similarweb Global Rank for Bitcointalk (taken from what is currently available (https://www.similarweb.com/website/bitcointalk.org/) and archived (https://web.archive.org/web/20170615000000*/https://www.similarweb.com/website/bitcointalk.org/)) Sept 2022 - 35,390 Apr 2022 - 33,489 Jul 2020 - 24,833 Jul 2019 - 7,717 Jul 2018 - 2,671 Aug 2017 - 1,890 Feb 2016 - 7,762 Nov 2013 - 33,073 At the same time, there is no motivation to attract more traffic. As theymos recently explained, the forum is doing quite well financially. Bitcointalk really just has one purpose now and theymos has one job, and that is to make sure satoshi's posts remain accessible and in tact. ... and Hal's posts, can't forget him. Same goes for a handful of other early innovators and developers. I believe this trend is due to a couple of reasons. Nobody wants to hear about the first reason, so let's just talk about the second, which is signature campaigns have steadily diminished the quality of discussion on the forum for years. They encourage people to post for no reason other than to get paid, which leads to a lot of inconsequential jabber that quickly buries actual substance. Those casually visiting the forum have no motivation to wade through it for the occasionally interesting tidbits. Thus, a lot of former visitors have stopped coming here altogether. At the same time, some businesses still find sig campaigns to be a worthwhile expensive, and this is the reality even if for reasons I can't explain. You can still post in Serious Discussion if you want. Just let the people who want it enjoy a spam-free section of the forum. Title: Re: Cybersecurity subforum Post by: Helena Yu on January 13, 2023, 01:39:06 PM I never understood why signatures don't appear in Serious Discussion board. Like, is it because it attracts spam? By that reasoning, should signatures be disabled on the entire forum? Are the rest of the discussions not considered serious? Its a good compromise and an alternative to banning signatures altogether.I believe this trend is due to a couple of reasons. Nobody wants to hear about the first reason, so let's just talk about the second, which is signature campaigns have steadily diminished the quality of discussion on the forum for years. They encourage people to post for no reason other than to get paid, which leads to a lot of inconsequential jabber that quickly buries actual substance. Those casually visiting the forum have no motivation to wade through it for the occasionally interesting tidbits. Thus, a lot of former visitors have stopped coming here altogether. It's not surprising if there's an user become active in this forum because of signature campaign and they need to maintain their quality post to able stay in their campaign. This will encourage them to improve their quality post, increase the merit flow, increase the discussion, using feedback and flag correctly and trying to not break the forum rules. Because they're don't want to get red tagged, their account will become worthless. Can you imagine if the forum ban the whole signatures? any user doesn't care anymore with appropriate use of feedback, flag and trust, they will trolling in this forum since they have nothing to lose. I wouldn't be surprised if many accounts will get red painted due to personal problem or something like that. I don't see any problem if there's a user only have purpose to earn money in this forum, I believe they're came from poor country and they need to feed their family. At least this forum is an angel for them and it's good since this forum is really important for them. This forum already offer a good feature, let me show it: 1. You don't want to see an user wear avatar and signature? click Profile - Look and Layout Preferences - Don't show users' avatars. and Don't show users' signatures. 2. You see an off topic and low quality post? report the post to the moderators. 3. The moderators didn't take any action with your report? click ignore on that's annoying user. Title: Re: Cybersecurity subforum Post by: BlackHatCoiner on January 13, 2023, 02:18:07 PM I believe this trend is due to a couple of reasons. Nobody wants to hear about the first reason, so let's just talk about the second, which is signature campaigns have steadily diminished the quality of discussion on the forum for years. How sure are you about that?There is no doubt that signature campaigns have incentivized some users to give more importance to the quantity of their posts rather than their quality, so they can fulfill the post quota. But it has also incentivized knowledgeable users to assist anyone who's in trouble. Compare stackexchange (https://bitcoin.stackexchange.com/) with our Dev & Tech board. The former is alive, because a few developers are in charge of it (Pieter Wuille and Murch for the most part), and as far as I know, they get paid to moderate it. And sometimes, a SE post is left unanswered. Try out asking something in the Dev & Tech, and get zero assistance. I assure you that there will be greater chance, if nobody is paid to help. Secondly, in the early days of this forum, there were no signature campaigns. Do you think those discussions were more constructive than today's? Find me more than three constructive discussions from this old, random page of the Bitcoin Discussion: https://bitcointalk.org/index.php?board=1.52480 Title: Re: Cybersecurity subforum Post by: BenCodie on January 13, 2023, 02:20:50 PM You need to look it in the bigger picture, I can say if the forum disabling the signatures in every boards, it will be the end of this forum. Definitely not true. Yes, posts will decrease, however the quality and relevance of posts will dramatically increase in my opinion. There are a lot of people's posts where I just look at them and think; what in the world is this? Then the answer is - a lame attempt to either grow their rank or to increase their posts for the signature campaign they are a part of. Will it hurt post activity? Sure. Will it kill the forum? Definitely not. I believe that it will improve it and make the forum more what it was originally for - discussing bitcoin and its related topics. I think that it is very unlikely that signature campaigns will be removed any time in the future though. They have been a part of the forum for a long time and I don't see why they would be dis-allowed...unless all of a sudden all of the managing staff start to care about the quality so much that they are willing to piss off the vast majority of members who participate in campaigns, campaign managers, service advertisers, etc. A more relevant question is - when did this thread become about signature campaigns? Can this conversation not happen somewhere other than in the thread that is about requesting a Cybersecurity forum? The topics are not even slightly related. Title: Re: Cybersecurity subforum Post by: AbuBhakar on January 13, 2023, 02:51:36 PM The fact that Luke Dashjr got 3 $million worth of BTC hacked made me remember this thread. If someone with such level of expertise gets his networth hacked, it proves that cybersecurity is a crucial subject in Bitcoin and there should be a sticky guide about it, since a lot of people would find this forum when starting. By making a few searches on Reddit, I found a lot of cybersecurity channels listed below which can help everyone that has concern about it. It also proves Bitcoin is not ready for prime time when it comes to self-custody of funds. Most people would probably be safer leaving it on a regulated exchange or buying through an ETF than exposing them to potential hacks unfortunately.
I'm just saying that there are a lot of existing forums specialising in this subject. But I'm not against the idea because it will be convenient if we have our own. Title: Re: Cybersecurity subforum Post by: BenCodie on January 13, 2023, 03:28:11 PM The fact that Luke Dashjr got 3 $million worth of BTC hacked made me remember this thread. If someone with such level of expertise gets his networth hacked, it proves that cybersecurity is a crucial subject in Bitcoin and there should be a sticky guide about it, since a lot of people would find this forum when starting. By making a few searches on Reddit, I found a lot of cybersecurity channels listed below which can help everyone that has concern about it. It also proves Bitcoin is not ready for prime time when it comes to self-custody of funds. Most people would probably be safer leaving it on a regulated exchange or buying through an ETF than exposing them to potential hacks unfortunately.
I'm just saying that there are a lot of existing forums specialising in this subject. But I'm not against the idea because it will be convenient if we have our own. Yes, the topic is covered in other places. There are also many other places that cover the topics that are here on BitcoinTalk. I know you have stated that you are not against the idea so this next comment isn't directed toward you, but for those who do think that this is valid reason for it not to exist here, I don't think that's a valid reason not to have the board here. Title: Re: Cybersecurity subforum Post by: Adbitco on January 15, 2023, 10:50:49 AM The fact that Luke Dashjr got 3 $million worth of BTC hacked made me remember this thread. If someone with such level of expertise gets his networth hacked, it proves that cybersecurity is a crucial subject in Bitcoin and there should be a sticky guide about it, since a lot of people would find this forum when starting. By making a few searches on Reddit, I found a lot of cybersecurity channels listed below which can help everyone that has concern about it. It also proves Bitcoin is not ready for prime time when it comes to self-custody of funds. Most people would probably be safer leaving it on a regulated exchange or buying through an ETF than exposing them to potential hacks unfortunately.
I'm just saying that there are a lot of existing forums specialising in this subject. But I'm not against the idea because it will be convenient if we have our own. Yeah Absolutely correct, I think for me when we talking of security it should be the number one key factors over here, from recent development concerning hacks (https://bitcointalk.org/index.php?topic=5433643.0) that was carried out from Electrum, if there where to be proper subforum that mainly involved with Cybersecurity discussion, lot of people would have been aware of this maybe not to accept the wallet update. Therefore making a provision would be deem necessary for me to further expand and educates ourselves about security knowledge and impaction most especially for the beginners to be aware of pros and cons. Title: Re: Cybersecurity subforum Post by: decodx on January 15, 2023, 11:57:30 AM A board dedicated to cybersecurity discussions? Yes please!
But, it's ultimately up to the administrators of this forum to decide whether or not to have a cybersecurity board. They may have their own reasons for not adding one, such as a lack of interest from the community. They might also consider the existing boards and if the topic is already being covered. Title: Re: Cybersecurity subforum Post by: n0nce on January 15, 2023, 03:06:08 PM But where would we place a Cybersecurity board? Under Trading Discussion? Or somewhere else? I would suggest 'Other', probably. Poll sounds good.I support your petition but if we are going to see a change then you need to be able to demonstrate that there is a majority consensus in favor of the idea. Perhaps run a poll or something? The fact that Luke Dashjr got 3 $million worth of BTC hacked made me remember this thread. If someone with such level of expertise gets his networth hacked, it proves that cybersecurity is a crucial subject in Bitcoin and there should be a sticky guide about it, since a lot of people would find this forum when starting. Exactly what I'm thinking, too. Sure, there are other places on the web with cybersecurity news and security practices to follow yourself. But the same argument could be applied to all other content on here. Also, I'm sure a cybersecurity board on Bitcointalk would contain lots of topics that have something to do with Bitcoin. Meanwhile other sites and forums that offer cybersecurity advice, probably don't cover Bitcoin-specific stuff like how to secure a machine running hot wallets.Title: Re: Cybersecurity subforum Post by: BlackHatCoiner on January 15, 2023, 03:33:46 PM The only counter-argument I consider valid, is that Beginners & Help already satisfies a big part of that need. (And please, for God's sake, pin that encyclopedia (https://bitcointalk.org/index.php?topic=5364418.0) already)
But, it's ultimately up to the administrators of this forum to decide whether or not to have a cybersecurity board. Maybe it's time for changes in the mod team as well. I mean, some boards even have inactive moderators, such as Beginners & Help and Greek board.Title: Re: Cybersecurity subforum Post by: AverageGlabella on January 15, 2023, 03:39:41 PM By making a few searches on Reddit, I found a lot of cybersecurity channels listed below which can help everyone that has concern about it. I would prefer to use the forum and not look at 3rd party resources and I think that is a problem with computers progressing quantum computers are going to be discussed more and more and while the security implications of them are not huge right now years down the line they will become more of a concern. That could mean we have a lot of posts about quantum computers and how they could harm btc and I think a security board would be perfect for that instead of development board where this is normally discussed. Title: Re: Cybersecurity subforum Post by: BenCodie on January 16, 2023, 04:41:27 AM A board dedicated to cybersecurity discussions? Yes please! But, it's ultimately up to the administrators of this forum to decide whether or not to have a cybersecurity board. They may have their own reasons for not adding one, such as a lack of interest from the community. They might also consider the existing boards and if the topic is already being covered. If you haven't voted already, there is a poll going on in this thread: https://bitcointalk.org/index.php?topic=5434404.msg61601871 By making a few searches on Reddit, I found a lot of cybersecurity channels listed below which can help everyone that has concern about it. I would prefer to use the forum and not look at 3rd party resources and I think that is a problem with computers progressing quantum computers are going to be discussed more and more and while the security implications of them are not huge right now years down the line they will become more of a concern. That could mean we have a lot of posts about quantum computers and how they could harm btc and I think a security board would be perfect for that instead of development board where this is normally discussed. Title: Re: Cybersecurity subforum Post by: Smartprofit on January 16, 2023, 02:58:24 PM In my opinion, this is a very good idea! I very often read threads on the Bitcointalk forum that describe how users have lost their bitcoins and other cryptocurrencies as a result of ignoring cybersecurity rules.
At the same time, new risks and threats arise in the virtual space every day. I know that there are members on the forum who are very knowledgeable about this topic. I would like to get their opinion on this or that issue of ensuring cybersecurity. For me (as a crypto enthusiast) this is very important. The new topic section on the Bitcointalk forum is a great idea in my opinion. Perhaps this would attract new users to the forum (experts in the field of cybersecurity). Title: Re: Cybersecurity subforum Post by: JollyGood on September 17, 2023, 11:20:12 AM The thread has not been posted in since January but I am posting here because this is a very good topic to have discussions about. In a nutshell, I do not think the sub-board will be created on the basis it is not essential as far as the forum is concerned. Yes, it would have some use in real-life situations and the internet is full of advice and links (as suggested below) but unless there is something specific to cover security aspects related to the forum, there simply is not a requirement for it.
The fact that Luke Dashjr got 3 $million worth of BTC hacked made me remember this thread. If someone with such level of expertise gets his networth hacked, it proves that cybersecurity is a crucial subject in Bitcoin and there should be a sticky guide about it, since a lot of people would find this forum when starting. By making a few searches on Reddit, I found a lot of cybersecurity channels listed below which can help everyone that has concern about it. It also proves Bitcoin is not ready for prime time when it comes to self-custody of funds. Most people would probably be safer leaving it on a regulated exchange or buying through an ETF than exposing them to potential hacks unfortunately.
I'm just saying that there are a lot of existing forums specialising in this subject. But I'm not against the idea because it will be convenient if we have our own. Title: Re: Cybersecurity subforum Post by: MusaPk on September 18, 2023, 04:11:30 PM I shared a Cyber security certification by ICS2 on Off Topic but wasn't able to get any response there. Just saw this thread for Cyber Security so sharing it here also. May be here someone will find it useful. It's not a referral type of thing and I wont get any benefit if anyone do that. It's best part is you get free training and free one attempt. After you clear the exam you can get certification by paying 50$.
I recently completed a certification in Cyber security that is offered by ICS2 (International Information Systems Security Certification Consortium). ICS2 is prominent association of cyber security with around 500,000 members globally and is known for its CISSP(The Certified Information Systems Security Professional ). https://www.isc2.org/about The certification is good for anyone who is perusing career in Cyber Security. The main reason I am sharing this certification is that you are free to attempt this course and once you clear it you need to pay 50$ (Annual Maintenance Fee) to become member of ICS2. Here is link to register for CC - Certified in Cybersecurity (CC) program offered by ICS2. https://www.isc2.org/landing/1mcc (This is not a referral link, just the ICS2 website link and I wont get any benefit with any new registration) Once you register you will get a promo code that allows to attempt the course for free. You can also find complete training course material once you register. https://talkimg.com/images/2023/09/16/6IsY8.png (https://www.youtube.com/watch?v=HeE-NUKEJDI) Title: Re: Cybersecurity subforum Post by: JollyGood on October 03, 2023, 02:05:19 AM I have just posted in your other thread (https://bitcointalk.org/index.php?topic=5466993) in the Off-topic board.
For those thinking about obtaining certification, the links you provided would be helpful. I am not suggesting nor advocating using the service but thought if it is mentioned within a wider reach related specifically to the forum, the discussion could be interesting.Overall, I do not know why anything related to ICS2 would be of use in a subforum because all forum members should take certain precautions for security without the need of being told but I was curious about what ICS2 was therefore went online to have a little read about it. A search revealed some reviewers and commentors alluded they felt the certification was easy to obtain or had little value when listing on a CV. Some mentioned they were happy with the result they achieved after they signed up and paid an affordable fee. I shared a Cyber security certification by ICS2 on Off Topic but wasn't able to get any response there. Just saw this thread for Cyber Security so sharing it here also. May be here someone will find it useful. It's not a referral type of thing and I wont get any benefit if anyone do that. It's best part is you get free training and free one attempt. After you clear the exam you can get certification by paying 50$. Title: Re: Cybersecurity subforum Post by: JollyGood on December 04, 2023, 08:45:10 PM This thread deserves a bump for the content of the OP as well as the message by MusaPk (https://bitcointalk.org/index.php?topic=5381463.msg62865526#msg62865526) regarding the Cyber Security Certification by ICS2.
Would it be a good idea to have cybersecurity subforum? It is a topic that goes hand in hand with bitcoin. Without a good setup hosting your private keys is useless, you might as well have them on an exchange than host them on some Windows machine. For instance I wanted to talk about bios tampering to see if anyone here is using Heads: https://osresearch.net/ This I think is a key factor that no one is talking about. Checking the integrity of the bios, not only corebooting it. This way you could avoid man in the middle attacks that would go unnoticed. I wasn't sure in which subforum to post this. It is too niche to get any serious replies outside of development subforum but I think that's off-topic. In a dedicated subforum we could share different techniques to improve the setup. |
