Shapeshift: Security by nature insecure "I personally trained their staff."

[whoreble]

I spent years as a full time professional poker player.

That was before you were born again in Satoshi's holy name, I hope?
Satoshi saith unto him, I am the way, the truth, and the life: no man cometh unto the Szabo, but by me.

[Wendigo]

Damn I read the whole story about Bob and his adventures at the ShapeShift office yesterday and it seems to me Erik Voorhees is the only person to blame for these hacks. He hired a compromised server 'expert' with priors to his name and yet didn't do anything to stop this nuisance as early as possible I mean if they noticed something was off with this guy why didn't they just shut down the whole operation and apprehend Bob on the spot after all a lot of money is involved in this scam. And that paying off of hackers to get additional info just shows how inept the ShapeShift employees are in figuring out what had happened themselves. I suggest everyone to read 'Looting of the Fox The Story of Sabotage at ShapeShift' it makes for a very entertaining read.

[Kakmakr]

The human factor will always be the weak point in any organization. People can be tempted and people can be bribed and worst of all, people can be threatened. You will give up the trade secrets when a gun is held against your head or one of your children or family members are held hostage.

We have our weak points and this will always be a problem with every security system.

[traincarswreck]

Damn I read the whole story about Bob and his adventures at the ShapeShift office yesterday and it seems to me Erik Voorhees is the only person to blame for these hacks. He hired a compromised server 'expert' with priors to his name and yet didn't do anything to stop this nuisance as early as possible I mean if they noticed something was off with this guy why didn't they just shut down the whole operation and apprehend Bob on the spot after all a lot of money is involved in this scam. And that paying off of hackers to get additional info just shows how inept the ShapeShift employees are in figuring out what had happened themselves. I suggest everyone to read 'Looting of the Fox The Story of Sabotage at ShapeShift' it makes for a very entertaining read.

ya   See how fast I know you are a rational reasonable person?

[traincarswreck]

The human factor will always be the weak point in any organization. People can be tempted and people can be bribed and worst of all, people can be threatened. You will give up the trade secrets when a gun is held against your head or one of your children or family members are held hostage.

Do you remember when snowden said in the documentary, "They could put a gun at my head and I still wouldn't be able to give them the documents"?

We have our weak points and this will always be a problem with every security system.

I am so upset at these people for teaching you this.  It is not true.  Weak points need solutions, they are not inherent in security solutions.  Look at bitcoin.

[franky1]

We have our weak points and this will always be a problem with every security system.

I am so upset at these people for teaching you this.  It is not true.  Weak points need solutions, they are not inherent in security solutions.  Look at bitcoin.
[/quote]

i agree weak points need solutions. but to blindly say something is 100% foolproof, unbreakable, indestructible and guaranteed, is something that someone blind and dumb would say.

accepting that nothing is perfect is a good thing. it keeps people on their toes, always looking for new weak spots so that they can be fixed. but blindly saying there will never ever ever be weak spots is just making you lazy to never try maintaining it.

a good locksmith knows that no matter how many locks you put on a door, someone can still use a battering ram or smash a window.
a good alarm company knows that no matter how many motion sensors are placed around the weak spots of a house, someone can cut the wires.
a good IT expert knows that no matter how many updates and bug fixes there are, there can still be more exploits yet to be found.

atleast getting to the mindset that nothing is ever going to be 100% fool proof, will open your mind to then try even harder to get to 99.9%.

so dont ever think that suggesting something is 100% fool proof is a good thing, as it will make you complacent and lazy, and not want to keep looking for weak spots.

[traincarswreck]

I didn't say the things you are basically implying I said.  I think I was quite clear. And I think I have an incredibly valid point in regard to security.  The reality is security must flow.  You secure one system and then you move to the next that it is connected to.  As long as that flow out passes threats, then you have complete conjectural, practical, and theoretical security.  We don't have the math to represent the difference between static and flowing security in this sense, but we watched it with bitcoin.

Satoshi put out his code, then the nodes grew to a secure level, a ring of core developers was created, nodes decentralized wordwide, bitcoin grew past spam protection, exchanges grew into equilibrium of honest....

This is all natural order you see?

You see we are fighting over perspective, but mine is the superior view.  You don't want the guy that trained your staff on security to start with the idea that security is insecure. Thats the PERFECT inside job.

[franky1]

You see we are fighting over perspective, but mine is the superior view.  You don't want the guy that trained your staff on security to start with the idea that security is insecure. Thats the PERFECT inside job.

i know what your trying to elude to. by saying if you have the mindset that secure doesnt mean 100% you believe its the same as whispering to your team 'if you find a hole, dont fill it because nothing is without holes so its best to leave a few holes open'.
but thats not reality.
having the mindset that secure doesnt mean 100% should be the same as whispering to your team 'if you find a hole, fill it and presume that there is another hole yet to be found so keep looking. keep poking and keep testing, rather then filling one hole and blissfully(ignorantly) going to sleep on the job'.

[traincarswreck]

i know what your trying to elude to. by saying if you have the mindset that secure doesnt mean 100% you believe its the same as whispering to your team 'if you find a hole, dont fill it because nothing is without holes so its best to leave a few holes open'.
but thats not reality.
having the mindset that secure doesnt mean 100% should be the same as whispering to your team 'if you find a hole, fill it and presume that there is another hole yet to be found so keep looking. keep poking and keep testing, rather then filling one hole and blissfully(ignorantly) going to sleep on the job'.

Ah.  Now I understand, you never read the quotes that I was linking.  That's not the sentiments of the person that claimed to train shapeshift.  They were saying security by nature is insecure.  They were saying don't check my work, thats just how things are.  They said it in a way that Satoshi or Szabo NEVER would.  They made me believe they actually did work for shapshift, and they made me believe they are the security leak.

Are you sure we are disagreeing here?

[maku]

They might have good security, but there's inside job or human error.
A chain is only as strong as its weakest link

And this is another reason not to trust any centralized service. There is no way I will fully trust any exchange from now on I thought people learned from Mt.Gox incident.
Then we had cryptsy fail and now Shapeshift, and many more of which I have no idea or they weren't disclosed to the public - will this ever end?

[SFR10]

Nothing that is out there, will ever be 100% secure, it doesn't matter if it's controlled by a bot or by a person since there will always be a missing part of securing most things online and it will be a matter of someone finding it and use it against the system or someone giving away the information so others would do the job. At the moment, they've improved the security as they've mentioned and surely will take a better look at their workers too. The simple thing is, you'll get surprise that anything you won't monitor properly, could/would turn against you (just matter of when) and in this case, abuse of a worker that wasn't monitored correctly in the first place. A business could be secured after such hack, when everyone does their work properly in the first place.

[franky1]

Ah.  Now I understand, you never read the quotes that I was linking.  That's not the sentiments of the person that claimed to train shapeshift.  They were saying security by nature is insecure.  They were saying don't check my work, thats just how things are.  They said it in a way that Satoshi or Szabo NEVER would.  They made me believe they actually did work for shapshift, and they made me believe they are the security leak.

Are you sure we are disagreeing here?

i read the quotes..

but you are reading it as if they purposefully left holes open.
i read it is morally being honest to say
"Even if you use the most secure hardware and the most secure software in the world, it's still possible to write your password on a sticky note and stick it on your monitor. "

no matter what you can do, there will ALWAYS be a hole someone will find. its just takes time, effort and expense to find/use that hole.
secure never means 100% fool proof. so atleast having the morals and guts to admit it, will keep you on your toes to keep trying to patch the holes.

you can have the most secure server on this planet. but if do some one was to contact the IT admin and pretend to be the CEO suggesting to do something. then even with the most secure hardware, falls flat due to human error.
accepting that there will always be a hole somewhere helps people to always be on the look out for the holes to reduce the chances of exploiting it by bad people.

for instance. Segwit is not even released. and yet there are some blind fan boys that are already calling it bug free perfection.... mindsets like that are the worse thing ever.

nothing on this planet EVER is 100% guaranteed
secure does not mean 100% guaranteed, it never has

i think you hoped that secure meant 100% guaranteed, and have been blindly believing that anyone saying something is not 100%, must be bad. when infact admitting the truth and being honest is good.

so from this day forward. please i beg of you. stop blindly believing that everything is a uptopian dream of perfection and that when things go wrong it should be treated as a surprise and have guilt thrown at those involved. but to instead realise that nothing is ever perfect and find a new solution to the latest problem and accept there will be another problem in the future and it is just a matter of time before someone finds it, hoping the person that finds it is a whitehat/staff rather than a blackhat/outsider

[Zaun]

From what i've read was it an inside job from the start. So it seems to be their software was secure but a corrupted employee helped an outsider to get in.
Better screening could help and perhaps double authorization for employees and withdrawals.

[franky1]

From what i've read was it an inside job from the start. So it seems to be their software was secure but a corrupted employee helped an outsider to get in.
Better screening could help and perhaps double authorization for employees and withdrawals.

even the most honest and moral person employed on day one. can become corrupt on day 2.

for shape shift, although customers funds were not at risk. the CEO should not have let his staff have access to his "fee's" privkey.
funds should be swept regularly where the service fee goes to an address only the CEO owns that is not within the service(paper wallet)

no privkey should exist on the same server as the website front end

[whoreble]

...
for shape shift, although customers funds were not at risk. the CEO should not have let his staff have access to his "fee's" privkey.
funds should be swept regularly where the service fee goes to an address only the CEO owns that is not within the service(paper wallet)

no privkey should exist on the same server as the website front end

So how would the hot wallet work? How would things get done if only the CEO has the private key? Would he have to sit at a terminal and process all the payouts?

[franky1]

So how would the hot wallet work? How would things get done if only the CEO has the private key? Would he have to sit at a terminal and process all the payouts?

no.
if you think that things can only work on one computer and databases, orders and wallets need to be in the same physical location, then it would take too long to explain everything.

but here is a summary
1. the service temporary addresses can be put on a remote system where the webserver does not send out orders to the remote system IP. infact there is nothing in the code that will reveal any information about the remote system. nothing is pushed out of the web server.
instead the webserver stores the order requests. and the remote system LOOKS IN on that database. that way remote system does not appear in the code as a destination. because again for emphasis. no data is pushed out. just stored on the webserver. and the remote system looks in and sees the orders. to then process remotely.
1. the CEO's "profits/fee" then be sent to an address (PUBLICKEY). there is no need at all for anyone to have the private key on the webserver or even the remote system, from the CEO's own paper wallet.

[Arrakeen]

jesus christ you two, just make out already 

how long are you going to argue semantics and pick apart every word to try and one-up each other?  Are you guys new to the internet or something, because at this point it should be obvious you won't change each other's viewpoints on the definition of 'security'

by the way, 99.9% secure is 100% insecure.  That's the #1 principle of information security.  Now I'll wait to be proven wrong based on a 'professional economic opinion' so we can get this thread to 100 pages!

[TPTB_need_war]

How does a business that gets hacked get to claim they are STILL secure?

ShapeShift should have had a more stringent audit of their new employees before hiring them. I think it's a little harsh saying that the whole system is compromised when in reality there was 1 compromised person with ulterior motives who spoiled the party for everyone. Do you think something like this can happen again if Erik finds other professionals with conscience this time around?

OP is correct as quoted. Only decentralized exchange can be secure. Note I recently educated how to do decentralized exchange securely:

https://bitcointalk.org/index.php?topic=1364951.0

[traincarswreck]

jesus christ you two, just make out already  

Well I don't need to make out with no one but I agree that its semantics.  But you see I make a subtle but firm point that there is one perspective that is slightly better than the other.  I understand what someone means by nothing is secure.  But you don't want your security trainer or head security starting their presentation like that.

Do we see how Szabo suggests it in his presentations?  

Security can be 100% if we shift our paradigms until we find and effective solution.  

Example with poker everyone is asking how decentralized poker is going to deal with collusion, ie players sharing their cards with one another.  Some astute people will point out that this is essentially impossible to secure. And so the belief is you will always need third parties.

But if you can offer a colluded game that is more profitable than the current model, then you have effectively solved this collusion problem.  So you gain effective security in this sense if you could "secure" the profitability from the players perspective.

[Blacula X]

jesus christ you two, just make out already  

Well I don't need to make out with no one

Riiight.