Bitcoin Forum
December 05, 2016, 04:56:39 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Security?!  (Read 510 times)
BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
June 20, 2011, 07:35:28 PM
 #1

Want to know the weakest link on your computer? That's you. Yes, you, not exactly you as you but you as human. The human part...

For starters put one thing on your brain: There's no such thing as electronic security! Electronics provides surveillance, not security.
If you've a cam filming someone being murdered, the only thing the cam does is that: Tells you what happened. Will change nothing for the murdered guy, unless you believe in heaven and ghosts smiling at court-house.
Whereas a human officer would try to use his psychological abilities to demote the murder from doing it. Doesn't mean he will succeed, but might and that makes a whole difference.

In fact you can run a system with plain-text passwords and users with passwords as simple as 123 (well...maybe not this much) and still look like the ultimate safe heaven, as you can run the top edge electronic "security" system and have it as secure as a toy box. It all relies in one thing: how much did you weighted the human factor?

«Hey! I use SHA512 password hashing!» So?!... It will just slow an eventual attacker from know what they're, not prevent him from doing so, specially if you've no clue that your db has been compromised.

In fact your security is reversely proportional to how many people has access to it. If you've something you run alone, you're 100x safer than if you've 100 co-admins.
Add injury to the sorrow, comes auditing. Many of them are who's in need of an audit and by adding auditors you add an unknown human party to access your system.

Whereas machine security is somehow linear, hole/exploit/virus, humans are random, they argue over something and one may not care to how many innocent people he may hurt to get to the other.

My advice here, for those interested in security is to weight as much as possible the human contact with your system. Do not forget to look for holes in the machine, but don't go by create a crater in the human side to fill a tiny hole in the machine!
1480956999
Hero Member
*
Offline Offline

Posts: 1480956999

View Profile Personal Message (Offline)

Ignore
1480956999
Reply with quote  #2

1480956999
Report to moderator
1480956999
Hero Member
*
Offline Offline

Posts: 1480956999

View Profile Personal Message (Offline)

Ignore
1480956999
Reply with quote  #2

1480956999
Report to moderator
1480956999
Hero Member
*
Offline Offline

Posts: 1480956999

View Profile Personal Message (Offline)

Ignore
1480956999
Reply with quote  #2

1480956999
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480956999
Hero Member
*
Offline Offline

Posts: 1480956999

View Profile Personal Message (Offline)

Ignore
1480956999
Reply with quote  #2

1480956999
Report to moderator
1480956999
Hero Member
*
Offline Offline

Posts: 1480956999

View Profile Personal Message (Offline)

Ignore
1480956999
Reply with quote  #2

1480956999
Report to moderator
1480956999
Hero Member
*
Offline Offline

Posts: 1480956999

View Profile Personal Message (Offline)

Ignore
1480956999
Reply with quote  #2

1480956999
Report to moderator
Oldminer
Legendary
*
Offline Offline

Activity: 1022



View Profile
June 20, 2011, 07:59:41 PM
 #2

Some good points. ala MtGox? Smiley

If you like my post please feel free to give me some positive rep https://bitcointalk.org/index.php?action=trust;u=18639
Tip me BTC: 1FBmoYijXVizfYk25CpiN8Eds9J6YiRDaX
BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
June 20, 2011, 08:04:50 PM
 #3

Some good points. ala MtGox? Smiley

Actually lately we'd 3 major attacks, 2 of them million dollars "secure", PSN and SEGA, and MtGox.
All failed in the same (cheap) spot: HUMAN SIDE.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!