Bitcoin Forum
January 22, 2021, 01:17:23 AM *
News: Latest Bitcoin Core release: 0.21.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Security status in Cryptocurrency exchanges  (Read 167 times)
LeGaulois
Copper Member
Legendary
*
Offline Offline

Activity: 1680
Merit: 1974

Bitcoin Ninja Unregulated Banker Unbanking Folks


View Profile
February 23, 2018, 09:34:29 PM
Merited by mprep (4), alyssa85 (1), JanpriX (1), FlightyPouch (1), timerland (1)
 #1

I made this graphic using some data from Sqreen. (Yeah, I know it's not a professional one I am usually able to do better but I never tried to use bar graphs or histograms  so I was just playing around)

140 cryptocurrency exchanges have been checked one by one for basic security issues. It doesn't mean these exchanges have vulnerabilities but they should improve some basic security controls



Quote
out of the 140 exchanges we analyzed less than 40% of them are using headers like the Strict-Transport-Security header or the X-XSS-Protection header. 20% expose server information which isn’t a security vulnerability in itself but that clearly shows the low level of security best practices implemented. And 26% of them use frontend libraries with known vulnerabilities. Only 2% implemented a Content-Security-Policy that, if done well, can offer powerful protection against clickjacking or XSS


1611278243
Hero Member
*
Offline Offline

Posts: 1611278243

View Profile Personal Message (Offline)

Ignore
1611278243
Reply with quote  #2

1611278243
Report to moderator
1611278243
Hero Member
*
Offline Offline

Posts: 1611278243

View Profile Personal Message (Offline)

Ignore
1611278243
Reply with quote  #2

1611278243
Report to moderator
Satoshi is no god. He did not come down from the mountain with 10 golden rules engraved in stone for no one to question.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1611278243
Hero Member
*
Offline Offline

Posts: 1611278243

View Profile Personal Message (Offline)

Ignore
1611278243
Reply with quote  #2

1611278243
Report to moderator
1611278243
Hero Member
*
Offline Offline

Posts: 1611278243

View Profile Personal Message (Offline)

Ignore
1611278243
Reply with quote  #2

1611278243
Report to moderator
1611278243
Hero Member
*
Offline Offline

Posts: 1611278243

View Profile Personal Message (Offline)

Ignore
1611278243
Reply with quote  #2

1611278243
Report to moderator
alyssa85
Legendary
*
Offline Offline

Activity: 1652
Merit: 1088

CryptoTalk.Org - Get Paid for every Post!


View Profile
February 24, 2018, 11:12:46 AM
 #2

That's an interesting graphic. Can you explain what some of the elements mean? What does "strict transport" do, and what are public key pins?

Also, can you list which exchanges have the most security? (perhaps do another graphic scoring the exchanges on each element)

 
                                . ██████████.
                              .████████████████.
                           .██████████████████████.
                        -█████████████████████████████
                     .██████████████████████████████████.
                  -█████████████████████████████████████████
               -███████████████████████████████████████████████
           .-█████████████████████████████████████████████████████.
        .████████████████████████████████████████████████████████████
       .██████████████████████████████████████████████████████████████.
       .██████████████████████████████████████████████████████████████.
       ..████████████████████████████████████████████████████████████..
       .   .██████████████████████████████████████████████████████.
       .      .████████████████████████████████████████████████.

       .       .██████████████████████████████████████████████
       .    ██████████████████████████████████████████████████████
       .█████████████████████████████████████████████████████████████.
        .███████████████████████████████████████████████████████████
           .█████████████████████████████████████████████████████
              .████████████████████████████████████████████████
                   ████████████████████████████████████████
                      ██████████████████████████████████
                          ██████████████████████████
                             ████████████████████
                               ████████████████
                                   █████████
.YoBit InvestBox.|.BUY X10 AND EARN 10% DAILY.🏆
slackcryptoz
Sr. Member
****
Offline Offline

Activity: 457
Merit: 250


View Profile
February 24, 2018, 11:13:26 AM
 #3

That's an good effort to give a perfect information regarding the security factors of several cryptocurrency exchanges that were operating around the globe. Exchange authorities develop the best security features be be more secure, but the hacking and large volume stealing of assets still continues.
Patatas
Legendary
*
Offline Offline

Activity: 1736
Merit: 1111


Bamboo DeFi, Pre-Sale Live Now. >>Join IEO<<


View Profile
February 24, 2018, 02:26:24 PM
 #4

You can just google the terms..

That's an interesting graphic. Can you explain what some of the elements mean? What does "strict transport" do, and what are public key pins?


Basically,they're headers.I'm sure you won't understand if you're coming from a non-technical/programming background.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security

https://developer.mozilla.org/en-US/docs/Web/HTTP/Public_Key_Pinning

@OP these mentioned are just surface level security mechanisms.Pretty sure most of these websites are easily prone to other attacks like SQL Injection etc.What is your source of data for the graphs ?

░░░░░░░░░░░░▄▄▄▄▄▄▄███
▄▄▄▄░░░▄▄█▄▀▀▀▀▀▀███▀▀██
█████▀▀██▀▀████████▀███▄
████████▄████████████████▄
████▄███▀▀███████▀█████▄
░░███████▌▄▀██▄▄█▄███████
████▐███▌███▀▀▄▄█████████
█████████████▀▀██▀▄███▀████
██████▀████▀▄▀███████▄█▄▀█████
███████████████▄▄▄██████████▀
█████████████████▄▄███████▀
░░▀▄███████▀▄███▀▀▀▀▄▄▀████▀
░░░░░▀▀▀▀▀▄▄▄▀▀▀▀▀▀▀░░▀▀▀▀
▐███
██
██
██████▄▀
▐███
▐█
███▄▀
██
▐█
▐██
██
██
▐███
     Make your inner panda grow!     
TELEGRAM   TWITTER   MEDIUM   ANN THREAD
[]
Powered
by
▬▬▬▬▬
LeGaulois
Copper Member
Legendary
*
Offline Offline

Activity: 1680
Merit: 1974

Bitcoin Ninja Unregulated Banker Unbanking Folks


View Profile
February 24, 2018, 06:34:55 PM
 #5

I used data from Sqreen.io as mentioned in the OP, and yes it's just surface level security mechanisms so imagine if you check at the heart of the system. For sure you will find some sites prone to other attacks.

What surprised me first was simply the number of cryptocurrency exchanges tested. I couldn't imagine there are at least 140 websites online.
Then was the fact the biggest exchanges are badly graded with a score 3.8 out of 10.

JanpriX
Hero Member
*****
Offline Offline

Activity: 1582
Merit: 596


Join the world-leading crypto sportsbook NOW!


View Profile
February 24, 2018, 08:47:13 PM
 #6

Really appreciate this type of thread which helps the community be aware of things that go unnoticed. And to think that this is a very serious and important information for all of us but the very first time that I read something regarding the topic pointed out in the OP.

Honestly speaking, I don't know most of the terms in those graphs but what I'm sure of is that those are very important security measures to be used by cryptoexchanges and to see that almost all of them have very low security features implemented are very disheartening. Huge amount of money overflows to those exchanges but they don't use it to improve and secure their platform. Well, I will not be surprised if the number of problematic exchanges will arise in the coming months due to security issues.  Embarrassed

  ▄▄█████▄▄███████▄▄
 ███████████
     ▀▀███▄
█████████████        ▀██▄
█████████████          ██▄
███████████            ██▄
██▀▀█████▀▀              ██
██                       ██
██                       ██
▀██                     ██▀
 ▀██                   ██▀
  ▀██▄               ▄██▀
    ▀███▄▄       ▄▄███▀
       ▀▀█████████▀▀
███████████    LEADING CRYPTO SPORTSBOOK & CASINO    ███████████
MULTI
CURRENCY
1500+
CASINO GAMES
CRYPTO EXCLUSIVE
CLUBHOUSE
FAST & SECURE
PAYMENTS
..PLAY NOW!..
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!