Rails gives you the infrastructure to easily write them since day one. But they don't just write themselves  The real facepalm flaw is the fact that production passwords are stored in the code itself. This is plain wrong. You're effectively giving the github (or whatever source control system you use) access to all funds at all times. And it's fucking trivial to get right, just make a deploy hook to copy the production configuration files from the production server, to the production server. so, this is good material for the wiki that should be written. even if it is "fucking trivial to get right" (ie, fucking obvious). |
|
|
|
Again, you're thinking a lack of high tech solutions is the problem. It's not. In the example about the cleaning lady there are other ways to go about finding the location to commit the crime. For example, if it was me I would start collecting information on the target. I'd do several things first:
1. Do a WHOIS lookup on the member's domain name; unless intentionally obscured this will provide the member's real name or company name...
2. Click the forum member's profile, see what else I can learn about him, like an email address (which I might try to phish email)
3. Do a forum search of all the member's posts; did he ever mention where he was located?
Only after starting with the above would I even get into tracking down IP addresses. See? Low tech is often FAR more effective.
high tech is not the solution to the problems in your previous emails, but my comment was a bit of a sidetrack (that i wish to drop from this thread after this point is made): i was strictly talking about an idea of how to hide a hot wallet server, disconnected from your previous points. the above, provided some basic precaution on part of the developer, would not reveal a means into the wallet server. |
|
|
|
I'm not against a guide. I just think the focus should be less about the technical, and more about common sense.
During one of the last hack discussions a forum member posted that he properly secured his server, citing various technical precautions. He mentioned he did this to protect the X amount of funds stored on the server, and he was glad for the high bandwidth line to his office allowing him to have the server there.
Another poster said er it's probably not a good idea to tell people where your server holding these funds is at. For example, one could look up where you are located and pay the cleaning lady 10K to look the other way. That would be worth it for a theft worth say 60K plus.
Low tech security precautions shouldn't be ignored in favor of high tech ones.
i wonder if it would be possible to 'hide' the hot wallet server by putting it on its own box, and only allowing tor hidden service connections in. that way, the IP at least would never be known... |
|
|
|
I can audit any Rails app. But I'm expensive I run bitcoin-central.net which hasn't suffered a single security issue since it started operating in december 2010, and this despite the source being open for all to see. what kind of costs? would you be willing to make a web page about it? personally i think one of the greatest services you could do to the community would be offering your services openly on this forum, on a pay-it-forward basis, but i don't expect many people to go that way. however, we somehow need to address the fact of the matter that most bitcoin startups are going to be under- or non-capitalized, and that security failures (perhaps solved by audits that this 17 year old for example could probably not afford) are not helping adoption. how about a site where we list the auditors and the individual companies they are consulting, which would not only build credibility and the possibility of profit, but make very visible who is responsible for each one. |
|
|
|
|
something tells me that you guys should add videos to accompany these kinds of announcements. people need to be able to see into your eyes and see your sorrow and regret, to know that you're telling the truth.
we'd not have so much of this finger-pointing if that were the case, i'll bet.
|
|
|
|
wow that forum sure looks like a bureaucratic hell. |
|
|
|
Just had a quick look.
Not one test in the whole codebase.
aren't unit tests a default part of rails these days? or is that some other kind of test? |
|
|
|
|
i think it is also important to have a chapter/section about your personal security habits as a developer, and why one hole in the security chain causes the whole thing to crumble (again, anecdotes would be a Good Thing).
is anyone actually going to make this? i think we need it. i would do it myself if i felt technically competent enough (and i really don't).
|
|
|
|
Why was the bitcoin stored on MtGox anyway? Why not secure in their own wallet.
This reliance on third parties where the Bitcoinica credentials can be spoofed seems to be at the root of all the hacks.
I'm sorry for all involved. I have to say that bitcoin really is the most amazing geek soap opera. If the bitcoin value was backed by drama it would be stratospheric.
i was wondering this too. some technical reason? |
|
|
|
let's just say for the moment that whether it's basic security or 'bitcoin security' doesn't matter. we NEED to provide our community with great guides so that enthusiastic young people, even inexperienced, can read it and build according to standard.
and that means the rest of the community can say to them, hey, did you run through part X of our procedure? please publish your results.
i don't imagine something so advanced as a 'test suite' for all sites (impossible, i'm sure), but i do think we could at least start to imagine standards.
Okay, but RULE 1 of the guide is that you are only as secure as your weakest link. Bitcoinica Hack #1 = probably an inside job at Linode Bitcoinca Hack #2 = Patrick's email server was compromised, oops! Bitcoinca Mt.Gox Hack = We didn't change a password Tihan re-used, sorry! i think it's perfectly sensible to start such a guide with this kind of stuff, although i would drop the conspiratorial tone (even if it proves to be true). How to make a secure bitcoin application. CHAP 1: Why is security crucial when making bitcoin applications? CHAP 1A: Security anecdotes from bitcoin's history (aka Stupid Mistakes) CHAP 2: Basic server security CHAP 3: Hot wallets vs Cold Wallets etc |
|
|
|
What would be nice is a preconfigured server optimized for bitcoin security and privacy. How would that have helped this latest Mt.Gox password incompetence, or the earlier Linode (likely inside job) hack? it's hard to know without a full audit. look i know everyone is upset about this, but the solutions are simply more hand-holding, more documentation, and less stupidity (on part of both the developers AND the users). |
|
|
|
The truth is "bitcoin apps" are not the problem. The problem is improper security handling. Take the Linode hack for example. Bitcoinica and several other bitcoin related sites had bitcoins stolen. There wasn't a specific "bug" that left these apps vulnerable. The Linode hack was probably an inside job by someone at Linode. There was ONE poster with Linode however that said wasn't affected because he didn't store funds on a server controlled by someone else. The problem here is not app security, it's lacking proper forethought. Another example from this latest breach: While all passwords were changed after the theft which occurred May 11th, the password for LastPass was not compromised and thus left unchanged.
ALL passwords should have been changed. Even basic security 101 says change your password ever so often, even without any breach, ESPECIALLY if funds are related to it. The problem is high value funds being left vulnerable by people who don't take adequate security care and forethought. BitcoinArmory.com is an example of GREAT security forethought, and is probably the safest way to cold store bitcoins in existence. let's just say for the moment that whether it's basic security or 'bitcoin security' doesn't matter. we NEED to provide our community with great guides so that enthusiastic young people, even inexperienced, can read it and build according to standard. and that means the rest of the community can say to them, hey, did you run through part X of our procedure? please publish your results. i don't imagine something so advanced as a 'test suite' for all sites (impossible, i'm sure), but i do think we could at least start to imagine standards. |
|
|
|
unfortunatly it does not work like that. audit has a very spesific meaning in the security world. it is like a check list against a standard, with applied due dilligence for the particular use - with legal implications if passed or failed (or even just attempted) for example you would audit against things like FIPS, etc. however not just anyone can claim to be a security auditor (like they could a legitimatly call themselves a pentester, security tester, security expert, etc, because none of that shit has proper legal meaning) In the banking world trust in auditors is gained from insurance against the companies and quite a lot of legal stuff. Now, on to bitcoin, their are no standards to audit against, therefore no possibility of _bitcoin_ auditors. I and the small team I work with know enough to create devices that would pass FIPS testing if it was relevant. (it is only in so much as the processing of transactions - data in motion, that can be lifted more or less as is from the current banking system) the data a rest stuff is unique to bitcoin. There is no legal stuff either, this is also a requirement of an audit. Due dilligence is also something that must be done in order to work out not only if the people can do the job, but to make sure they can do the required standards (that dont yet exist in the bitcoin world) Solutions are being worked on. but they take time. Security products have to be secure and no one can protect against stupidity. hope this helps? There are zero bitcoin auditors. however there is a lot of talented people. It is kinda a pet hate of mine (people misusing the word audit). cheers, steve i really respect your opinion and feedback steve, so don't take this the wrong way: i completely agree that there are incredible levels of detail to this, which are not covered by a blanket term like 'auditor'. however, i think that we need not get bogged down by this for the time being: what we need right now is smart people, documenting and talking about this openly, so that we can CREATE _bitcoin_ auditors. it's clear that not many people really know what that means yet, but i DO NOT mean to imply in my suggestion, that we suddenly generate a class of people with whom we suddenly give all kinds of trust. trust and reputation must be earned, but we need to start somewhere, and i don't think we can wait for the perfect solution to manifest. |
|
|
|
Think about it. genjix takes a very long time to pay people back.. taking time out to write an article bashing bitcoin for the first time ever (a comment to the article even states "i thought Amir was pro-Bitcoin?"). Then as soon as the price jumps to $7.50, oh we had another hacking and 1/3 of the BTC are gone.
higher price is more incentive for _any_ thief. |
|
|
|
If you don't have a need to IMMEDIATELY do transactions with bitcoin:
Here how it would works:
1. Put all your bitcoin in a cold wallet and place it in a safe.
2. Open it once a day to process all the pending transactions.
3. Put the cold wallet back in the safe.
What it need:
1. Several USB drives.
2. Software to keep transactions request and query the blockchain and then write to USB drive.
3. Making sure you have enough public keys on hand.
4. At least one airgapped computer dedicated to processing the data in the USB drive.
Anybody who knows security, feel free to points out any flaw.
it's obvious that the most interesting bitcoin apps are probably always going to be those where "hot" exchanges are pretty important. what about that? |
|
|
|
I think some actually accredited security professionals should produce said guide.
no, i think WE need to produce what we can of it, and then let security professionals audit that. otherwise it is never going to get done. |
|
|
|
|
why in the name of fuck are you guys keeping such huge amounts of money in a _new and mostly untested website_ ?
|
|
|
|
|
can you guys who are able to do this kind of stuff come forward? can you be called upon to audit new bitcoin apps when they come out, for a little coin?
how can we trust the auditors? what system should we use to measure and track that?
let's start getting this stuff organized, or we're just going to keep having more and more of these stupid, annoying, painful problems.
|
|
|
|
|
Show Posts
