ikonic (OP)
Newbie
Offline
Activity: 15
Merit: 0
|
|
June 21, 2011, 02:50:41 AM Last edit: June 21, 2011, 03:10:32 AM by ikonic |
|
Given that BitCoin is still in its infancy, many of the stock exchanges are being run by inexperienced coders or business types with no real online financial experience... and as such, putting the entire community at risk. Therefore, what I am proposing is that the BitCoin community draft together a set of agreed security standards and best practices that all trusted exchanges should adhere to. As an example of Web Standards, the basics would be Web Application Requirements- Website to be tested to ensure SQL injections (including truncation attacks) do not exist
- Website to be tested to ensure XSS injections do not exist
- Website to be tested to ensure XPATH injections do not exist
- Website to be tested to ensure CSRF vulnerabilities do not exist
- All transactional functionality should be undertaken with http post using CSRF nuonces
- Any and all interaction with the database should done using either Stored or Prepared Procedures
HTTP Response Header Requirements- All cookies to have the "HttpOnly" and "Secure" attributes
- HTTP Headers should not include Server OS version
- HTTP Headers should not include Web Server version
- HTTP Headers must include an X-Frame-Options directive
Data Storage and Analysis Requirements- All passwords should be stored using one way encryption with a unique salt per user (salt to be a minimum 128bits)
- Where the need for database analysis is required the data should be purged of all PII prior to be delivered to the auditor
- Users with permissions to the database should be limited to the web application only
Finally, this list isn't extensive but only a start so it would be good to get others feedback. btw: Sorry about being stuck in the newb section but alas such is life. Note: Not here for the MT Gox bashing, it will achieve nothing. Lets talk about the future instead. Edit:Another good idea to discuss it the limit that can be transfered daily/hourly. For instance, setting a maximum dollar amount to transfer out is pointless as you can simply crash the price and pull out. Perhaps a better idea would be to set volume limits instead? BitCoin Transfer Requirements- Maximum Daily Transfer Limit - Currency $1000
- Maximum Daily Transfer Limit - BitCoins 1000
|
|
|
|
muad_dib
Member
Offline
Activity: 140
Merit: 10
|
|
June 21, 2011, 09:13:34 AM |
|
well 1000 bitcoins are a lot of money.
Moreover we need 2 levels of password:
1) An account password, sent via password-authenticated key agreement and not https
2) A Time-synchronized one-time passwords or a 2d key, to authorize movements, so that even if the password is stolen, it is impossible to authorize another transaction.
Users should not be allowed to choose passwords. A 25 characters long, strongly randomized password should be generated for the user, so he's forced to use something like keepassx.
I think we need an independent security committee to write a security standard and certify exchanges.
|
|
|
|
piuk
|
|
June 21, 2011, 09:20:53 AM |
|
Exchange code should be open source like britcoin.
|
|
|
|
hamdi
|
|
June 21, 2011, 09:23:12 AM |
|
no use of cookies at all.
|
|
|
|
Superform
Newbie
Offline
Activity: 56
Merit: 0
|
|
June 21, 2011, 09:26:56 AM |
|
if anyone wants to colaborate on a proper exchange I can help with supplying a domain bitcoin-market.com
I also have over 10 years of share trading experience
another suggestion is the exchange should issue a username which is a random string of numbers/letters instead of using your email name etc
|
|
|
|
Epinnoia
|
|
June 21, 2011, 11:35:54 AM Last edit: June 21, 2011, 11:47:50 AM by Epinnoia |
|
The BCSE is a great tool, but can get you into some serious trouble with the SEC if you do any sort of public offering through it. I've spoken with a lawyer who specializes in this area (securities law) about it, and we came to the conclusion that it would be legitimate ONLY for non-public offerings -- for example, where you approached each person individually and got them to invest... You could also put the offering/alert on a password-protected page, and be safe. But if the offering is on an open page, viewable by the public, then you are making a public offering, and must register it with the SEC.
And those people who invest privately CANNOT SELL THOSE STOCKS publicly either.
In other words, if I privately approached Jack, John, and Jeff for investments, and they agreed, then their stocks can only legally be traded among each other, or bought back by the company itself.
|
|
|
|
Findeton
|
|
June 21, 2011, 11:44:12 AM |
|
Yes, we do need regulation. This kind of regulation.
|
|
|
|
davout
Legendary
Offline
Activity: 1372
Merit: 1008
1davout
|
|
June 21, 2011, 11:47:41 AM |
|
All passwords should be stored using one way encryption with a unique salt per user (salt to be a minimum 128bits) iterative hashing
Fixed that for you.
|
|
|
|
ikonic (OP)
Newbie
Offline
Activity: 15
Merit: 0
|
|
June 21, 2011, 11:47:08 PM |
|
well 1000 bitcoins are a lot of money. Perhaps accounts should have daily transaction limits where the user can reduce online at any time but it requires admin intervention to raise. Moreover we need 2 levels of password: 1) An account password, sent via password-authenticated key agreement and not https
2) A Time-synchronized one-time passwords or a 2d key, to authorize movements, so that even if the password is stolen, it is impossible to authorize another transaction. I assume you're talking about a TAN? This is a good idea. no use of cookies at all. Not really a big fan of this, It means the URL requires a session identifier to be included or then entire site runs through POSTS? All passwords should be stored using one way encryption with a unique salt per user (salt to be a minimum 128bits) iterative hashing
Fixed that for you. thx
|
|
|
|
DonnyCMU
|
|
June 22, 2011, 12:46:20 AM |
|
Users should not be allowed to choose passwords. A 25 characters long, strongly randomized password should be generated for the user, so he's forced to use something like keepassx.
Ridiculous. If I have 5 bitcoins in my account and want to use 'boobies' as my password, it should be my own rights, my own problem, at my own risk! Most security-minded people never bother to see how usable these measures are. Don't you hate it when you always use a simple password for non-important login, and then there's this silly site that demand the password for you to log-in and play flash games must contain 2 numbers, 3 signs, and 1 egyptian hieroglyph???
|
|
|
|
Anonymous
Guest
|
|
June 22, 2011, 12:49:16 AM |
|
The BCSE is a great tool, but can get you into some serious trouble with the SEC if you do any sort of public offering through it. I've spoken with a lawyer who specializes in this area (securities law) about it, and we came to the conclusion that it would be legitimate ONLY for non-public offerings -- for example, where you approached each person individually and got them to invest... You could also put the offering/alert on a password-protected page, and be safe. But if the offering is on an open page, viewable by the public, then you are making a public offering, and must register it with the SEC.
And those people who invest privately CANNOT SELL THOSE STOCKS publicly either.
In other words, if I privately approached Jack, John, and Jeff for investments, and they agreed, then their stocks can only legally be traded among each other, or bought back by the company itself.
These pedantic laws have nothing on people who trade anonymously under the veil of the sovereign web. The SEC is irrelevant. Any regulation they try to throw at Bitcoin exchanges is irrelevant.
|
|
|
|
Chick
Member
Offline
Activity: 70
Merit: 10
|
|
June 22, 2011, 12:51:06 AM |
|
Given that BitCoin is still in its infancy, many of the stock exchanges are being run by inexperienced coders or business types with no real online financial experience... and as such, putting the entire community at risk.
Therefore, what I am proposing is that the BitCoin community draft together a set of agreed security standards and best practices that all trusted exchanges should adhere to.
As an example of Web Standards, the basics would beWeb Application RequirementsWebsite to be tested to ensure SQL injections (including truncation attacks) do not exist Website to be tested to ensure XSS injections do not exist Website to be tested to ensure XPATH injections do not exist Website to be tested to ensure CSRF vulnerabilities do not existAll transactional functionality should be undertaken with http post using CSRF nuoncesAny and all interaction with the database should done using either Stored or Prepared Procedures
HTTP Response Header RequirementsAll cookies to have the "HttpOnly" and "Secure" attributesHTTP Headers should not include Server OS versionHTTP Headers should not include Web Server versionHTTP Headers must include an X-Frame-Options directive
Data Storage and Analysis RequirementsAll passwords should be stored using one way encryption with a unique salt per user (salt to be a minimum 128bits)Where the need for database analysis is required the data should be purged of all PII prior to be delivered to the auditorUsers with permissions to the database should be limited to the web application only
Finally, this list isn't extensive but only a start so it would be good to get others feedback.
btw: Sorry about being stuck in the newb section but alas such is life.
Note: Not here for the MT Gox bashing, it will achieve nothing. Lets talk about the future instead.
Edit: Another good idea to discuss it the limit that can be transfered daily/hourly. For instance, setting a maximum dollar amount to transfer out is pointless as you can simply crash the price and pull out. Perhaps a better idea would be to set volume limits instead?
BitCoin Transfer RequirementsMaximum Daily Transfer Limit - Currency $1000Maximum Daily Transfer Limit - BitCoins 1000
To sum it all up, BANK LEVEL SECURITY. No bullshit "25 letter passwords". Take my money and STFU.
|
|
|
|
ikonic (OP)
Newbie
Offline
Activity: 15
Merit: 0
|
|
June 22, 2011, 01:06:09 AM |
|
To sum it all up, BANK LEVEL SECURITY. No bullshit "25 letter passwords". Take my money and STFU. I am actually the senior developer/team leader for the online banking team which provide online services (mobile and internet banking/lending) to around 30 financial instituions. I also run a security forum and am familar with the nuoance of online transactions. In saying that, I am not going to drop every single piece of information straight up unless others are interested in participating. And BANK LEVEL SECURITY is shit. Just ask the CitiBank customers who card details have been nabbed... What I am proposing is something far more secure and workable.
|
|
|
|
Findeton
|
|
June 22, 2011, 02:37:00 PM |
|
To sum it all up, BANK LEVEL SECURITY. No bullshit "25 letter passwords". Take my money and STFU. I am actually the senior developer/team leader for the online banking team which provide online services (mobile and internet banking/lending) to around 30 financial instituions. I also run a security forum and am familar with the nuoance of online transactions. In saying that, I am not going to drop every single piece of information straight up unless others are interested in participating. And BANK LEVEL SECURITY is shit. Just ask the CitiBank customers who card details have been nabbed... What I am proposing is something far more secure and workable. What about using bcrypt?
|
|
|
|
davout
Legendary
Offline
Activity: 1372
Merit: 1008
1davout
|
|
June 22, 2011, 02:59:57 PM |
|
Any regulation they try to throw at Bitcoin exchanges is irrelevant.
Frozen bank accounts are relevant.
|
|
|
|
Rassah
Legendary
Offline
Activity: 1680
Merit: 1035
|
|
June 22, 2011, 03:41:49 PM |
|
A simple e-mail notification when BTC withdrawal address is changed, and lock on withdrawing funds for at least 24 hours after address change, would be nice too (BTCGuild's method)
|
|
|
|
Piper67
Legendary
Offline
Activity: 1106
Merit: 1001
|
|
June 22, 2011, 03:50:12 PM |
|
A simple e-mail notification when BTC withdrawal address is changed, and lock on withdrawing funds for at least 24 hours after address change, would be nice too (BTCGuild's method)
Agreed, Bitmarket.eu has this extremely simple function, whereby any changes (to your email address, BTC withdrawal address, etc) has to be confirmed through a two step process. Simple and effective.
|
|
|
|
muad_dib
Member
Offline
Activity: 140
Merit: 10
|
|
June 23, 2011, 10:46:16 AM |
|
Ridiculous. If I have 5 bitcoins in my account and want to use 'boobies' as my password, it should be my own rights, my own problem, at my own risk!
Most security-minded people never bother to see how usable these measures are.
Don't you hate it when you always use a simple password for non-important login, and then there's this silly site that demand the password for you to log-in and play flash games must contain 2 numbers, 3 signs, and 1 egyptian hieroglyph???
Just use KeepassX, so you are also safe from simple keyloggers.
|
|
|
|
killer2021
Member
Offline
Activity: 84
Merit: 10
|
|
June 23, 2011, 12:51:33 PM |
|
A simple e-mail notification when BTC withdrawal address is changed, and lock on withdrawing funds for at least 24 hours after address change, would be nice too (BTCGuild's method)
I'd like to have to have an option of having a code sent to my mobile with a code in it to activate the withdraw. Make the mobile number unchangeable after registration. Only way to change it is when the account has zero balances. Even if the account is hacked, good luck withdrawing.
|
|
|
|
benjamindees
Legendary
Offline
Activity: 1330
Merit: 1000
|
|
June 23, 2011, 01:02:41 PM |
|
Are we talking about stock exchange,like glbse, or currency exchange, like mt gox and tradehill?
|
Civil Liberty Through Complex Mathematics
|
|
|
|