Bitcoin Forum
September 24, 2018, 08:40:05 PM *
News: ♦♦ New info! Bitcoin Core users absolutely must upgrade to previously-announced 0.16.3 [Torrent]. All Bitcoin users should temporarily trust confirmations slightly less. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Security status in Cryptocurrency exchanges  (Read 67 times)
LeGaulois
Copper Member
Hero Member
*****
Offline Offline

Activity: 826
Merit: 855

Bitcoin Ninja Unregulated Banker Unbanking Folks


View Profile
February 23, 2018, 09:34:29 PM
Merited by mprep (4), alyssa85 (1), JanpriX (1), timerland (1), FlightyPouch (1)
 #1

I made this graphic using some data from Sqreen. (Yeah, I know it's not a professional one I am usually able to do better but I never tried to use bar graphs or histograms  so I was just playing around)

140 cryptocurrency exchanges have been checked one by one for basic security issues. It doesn't mean these exchanges have vulnerabilities but they should improve some basic security controls



Quote
out of the 140 exchanges we analyzed less than 40% of them are using headers like the Strict-Transport-Security header or the X-XSS-Protection header. 20% expose server information which isn’t a security vulnerability in itself but that clearly shows the low level of security best practices implemented. And 26% of them use frontend libraries with known vulnerabilities. Only 2% implemented a Content-Security-Policy that, if done well, can offer powerful protection against clickjacking or XSS


1537821605
Hero Member
*
Offline Offline

Posts: 1537821605

View Profile Personal Message (Offline)

Ignore
1537821605
Reply with quote  #2

1537821605
Report to moderator
1537821605
Hero Member
*
Offline Offline

Posts: 1537821605

View Profile Personal Message (Offline)

Ignore
1537821605
Reply with quote  #2

1537821605
Report to moderator
1537821605
Hero Member
*
Offline Offline

Posts: 1537821605

View Profile Personal Message (Offline)

Ignore
1537821605
Reply with quote  #2

1537821605
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
alyssa85
Legendary
*
Offline Offline

Activity: 1288
Merit: 1056


View Profile
February 24, 2018, 11:12:46 AM
 #2

That's an interesting graphic. Can you explain what some of the elements mean? What does "strict transport" do, and what are public key pins?

Also, can you list which exchanges have the most security? (perhaps do another graphic scoring the exchanges on each element)

slackcryptoz
Sr. Member
****
Offline Offline

Activity: 407
Merit: 250



View Profile
February 24, 2018, 11:13:26 AM
 #3

That's an good effort to give a perfect information regarding the security factors of several cryptocurrency exchanges that were operating around the globe. Exchange authorities develop the best security features be be more secure, but the hacking and large volume stealing of assets still continues.

                    ░███▄
                   ░██████
                    ▀████▀
     
    ░▄███▒          ▒███▄▒
    ░█████▒         █████▒
    ░█████▒         █████▒
    ░█████▒         █████▒
    ░█████▒         █████▒
    ░█████▒  ▄██▄   █████▒
    ░█████▒ ██████ ░█████▒
    ░█████▒  ████▀ ░█████▒
     ▒██████▄    ▄██████▒▒
      ░████████████████▒▒
        ░███████████▒▒▒
            ░▀▀▀▀▀▀
KuBitX████████
██  ██
██  ██
██  ██
██  ██
██  ██
██  ██
██  ██
██  ██
██  ██
██  ██
██  ██
██  ██
██  ██████
██  ██████
██  ██
██  ██
██  ██
██  ██
██  ██
██  ██
██  ██
██  ██
██  ██
██  ██
██  ██
██  ██
████████
Patatas
Legendary
*
Offline Offline

Activity: 1302
Merit: 1020


Crypto-Games.net: Multiple coins, multiple games


View Profile
February 24, 2018, 02:26:24 PM
 #4

You can just google the terms..

That's an interesting graphic. Can you explain what some of the elements mean? What does "strict transport" do, and what are public key pins?


Basically,they're headers.I'm sure you won't understand if you're coming from a non-technical/programming background.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security

https://developer.mozilla.org/en-US/docs/Web/HTTP/Public_Key_Pinning

@OP these mentioned are just surface level security mechanisms.Pretty sure most of these websites are easily prone to other attacks like SQL Injection etc.What is your source of data for the graphs ?


▄▄▄████████▄▄▄
▄██████████████████▄
▄██████████████████████▄
██████████████████████████
████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
████████████████████████████
██████████████████████████
▀██████████████████████▀
▀██████████████████▀
▀▀▀████████▀▀▀
   ███████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
███████
BTC  ◉PLAY  ◉XMR  ◉DOGE  ◉BCH  ◉STRAT  ◉ETH  ◉GAS  ◉LTC  ◉DASH  ◉PPC
     ▄▄██████████████▄▄
  ▄██████████████████████▄        █████
▄██████████████████████████▄      █████
████ ▄▄▄▄▄ ▄▄▄▄▄▄ ▄▄▄▄▄ ████     ▄██▀
████ █████ ██████ █████ ████    ▄██▀
████ █████ ██████ █████ ████    ██▀
████ █████ ██████ █████ ████    ██
████ ▀▀▀▀▀ ▀▀▀▀▀▀ ▀▀▀▀▀ ████ ▄██████▄
████████████████████████████ ████████
███████▀            ▀███████ ▀██████▀
█████▀                ▀█████
▀██████████████████████████▀
  ▀▀████████████████████▀▀ 
✔️DICE           
✔️BLACKJACK
✔️PLINKO
✔️VIDEO POKER
✔️ROULETTE     
✔️LOTTO
LeGaulois
Copper Member
Hero Member
*****
Offline Offline

Activity: 826
Merit: 855

Bitcoin Ninja Unregulated Banker Unbanking Folks


View Profile
February 24, 2018, 06:34:55 PM
 #5

I used data from Sqreen.io as mentioned in the OP, and yes it's just surface level security mechanisms so imagine if you check at the heart of the system. For sure you will find some sites prone to other attacks.

What surprised me first was simply the number of cryptocurrency exchanges tested. I couldn't imagine there are at least 140 websites online.
Then was the fact the biggest exchanges are badly graded with a score 3.8 out of 10.

JanpriX
Hero Member
*****
Offline Offline

Activity: 952
Merit: 520


Buy The Fucking Dip


View Profile
February 24, 2018, 08:47:13 PM
 #6

Really appreciate this type of thread which helps the community be aware of things that go unnoticed. And to think that this is a very serious and important information for all of us but the very first time that I read something regarding the topic pointed out in the OP.

Honestly speaking, I don't know most of the terms in those graphs but what I'm sure of is that those are very important security measures to be used by cryptoexchanges and to see that almost all of them have very low security features implemented are very disheartening. Huge amount of money overflows to those exchanges but they don't use it to improve and secure their platform. Well, I will not be surprised if the number of problematic exchanges will arise in the coming months due to security issues.  Embarrassed


       █
      ██
     ██
   ██ ██
 █ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██

       █
      ██
     ██
   ██ ██
 █ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
  B

          ▄▄▄▄▄▄
     ▄▄████████████▄▄
   ▄█████▀▀    ▀▀█████▄
  ████▀            ▀████
 ████                ████
▐███                  ███▌
███▌                  ▐███
▐███           ▄▄     ███▌
 ████         ▀███▄  ▐███
  ████▄         ▀███▄███
   ▀█████▄▄     ▄█████▀
     ▀▀████████████▀▀
          ▀▀▀▀▀▀
T 
.Better. Quick..

.Transparent....






             ▄████▄▄   ▄
█▄          ██████████▀▄
███        ███████████▀
▐████▄     ██████████▌
▄▄██████▄▄▄▄█████████▌
▀████████████████████
  ▀█████████████████
  ▄▄███████████████
   ▀█████████████▀
    ▄▄█████████▀
▀▀██████████▀
    ▀▀▀▀▀






▄█████████████████████████▄
███████████████████████████
███████████████▀       ████
██████████████      ▄▄▄████
██████████████    ▐████████
██████████████    ▐████████
██████████            ▐████
██████████            █████
██████████████    ▐████████
██████████████    ▐████████
██████████████    ▐████████
▀█████████████    ▐███████▀






                   ▄▄████
              ▄▄████████▌
         ▄▄█████████▀███
    ▄▄██████████▀▀ ▄███▌
▄████████████▀▀  ▄█████
▀▀▀███████▀   ▄███████▌
      ██    ▄█████████
       █  ▄██████████▌
       █  ███████████
       █ ██▀ ▀██████▌
       ██▀     ▀████
                 ▀█▌
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!