Bitcoin Forum
December 10, 2016, 03:18:40 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Coinsmack.com is hosted on Linode  (Read 1429 times)
PrintCoins
Hero Member
*****
Offline Offline

Activity: 524



View Profile WWW
March 02, 2012, 08:53:47 PM
 #1

Some people today have faced some serious financial pain, and I have the utmost sympathy for  them, and respect that those who run services on linode that have been stolen from are eating the costs themselves.

In the most non-gloating way that I can say this: I hosted a bitcoin service on linode and when I heard the news of the hack, I was completely unconcerned.

Now, granted coinsmack's losses could have been covered by the change floating around in some people's couches. But even if the service was handling thousands of bitcoins, I still would be fine hosted on linode even if someone roots me.

The reason why that is the case is that I don't run bitcoind on web servers. I consider it just a matter of time for a web server to be compromised, as there are just so many vectors of attack.

So the way I set it up is that I generated 10000 keypairs on a local machine behind a firewall and with no other services turned on. It runs bitcoind with local rcp calls only. The public addresses are copied up to the webserver, and the webserver uses blockexplorer to check balances. Based upon the logic of the site as far as what needs to be paid out to what addresses, an admin page is generated that contains the data that is fed into the local bitcoind to handle the transactions (it is really all handled in just one massive transaction).

This is manually initiated, so my monkey brain can take a quick scan of things and make sure things look alright before pressing the big red shiny button. Where the money goes and how much goes where is still determined by the webserver, but the transaction only happens outside of the webserver and by a manual process.

Some people have asked why bitcoind on the hacked sites was not encrypted. This would indeed have saved them in this case, but if the site was hacked in another way where the server stayed online, and bitcoind had already decrypted the wallet so it could take transactions, that would still have resulted in the same loses.

Trusting a webserver to store your wallet is a dangerous thing as is shown time and time again.

Bitmessage.org: BM-2cT3oFVj68gugBD5JFvP3qmoBHWXJQ6ZkT
BTC Addr:18AA1hq6DVHn5WuK1fQhr5CdkqeG5Mj2ZL <--did you like my post? Send some encouragement here.
Print bitcoin bills: http://print.printcoins.com/
1481339920
Hero Member
*
Offline Offline

Posts: 1481339920

View Profile Personal Message (Offline)

Ignore
1481339920
Reply with quote  #2

1481339920
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
hazek
Legendary
*
Offline Offline

Activity: 1078


View Profile
March 02, 2012, 10:52:15 PM
 #2

Smart.  Cool

My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)

If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
Revalin
Hero Member
*****
Offline Offline

Activity: 728


165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g


View Profile
March 03, 2012, 02:43:47 AM
 #3

+1.  I strongly recommend keeping wallets of any significant value in a separate high-security location and retrieving queued transactions from your web server.

      War is God's way of teaching Americans geography.  --Ambrose Bierce
Bitcoin is the Devil's way of teaching geeks economics.  --Revalin 165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g
hashcoin
Full Member
***
Offline Offline

Activity: 122


View Profile
March 03, 2012, 03:39:32 AM
 #4

Is this really an honest comparison?  The practices of those who got hit are likely quite similar.  In all cases, the coins stolen were those in the "hot wallet" -- coins needed for immediate disbursement.  If you don't run the kind of business that needs to support immediate disbursement, using an offline address is a tautology.  The issues only arise when you need to support immediate disbursement. 
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
March 03, 2012, 04:12:17 AM
 #5

I find the need for immediate disbursement to be illusory.  I for one would be more comfortable with a business that only allowed me to withdraw a trivial amount immediately, and required cursory manual review for larger amounts.  I would not be bothered by having to wait 6 hours to withdraw 43000 BTC (hypothetical I suppose, since I'm not withdrawing like that with any regularity), but would expect that I could immediately withdraw (for example) 43 BTC just in case I wanted to make a payment with my account.

I think 43000 BTC is simply too much to have on a hot wallet.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
BitPay Business Solutions
Hero Member
*****
Offline Offline

Activity: 756


View Profile WWW
March 03, 2012, 04:23:38 AM
 #6

I find the need for immediate disbursement to be illusory.  I for one would be more comfortable with a business that only allowed me to withdraw a trivial amount immediately, and required cursory manual review for larger amounts.  I would not be bothered by having to wait 6 hours to withdraw 43000 BTC (hypothetical I suppose, since I'm not withdrawing like that with any regularity), but would expect that I could immediately withdraw (for example) 43 BTC just in case I wanted to make a payment with my account.

I think 43000 BTC is simply too much to have on a hot wallet.

Yes Mike, but when your service has thousands of customers, 43000 BTC doesn't give much instant spendability per user. 

BitPay : The World Leader in Bitcoin Business Solutions

https://bitpay.com

Does your website accept bitcoins?
BkkCoins
Hero Member
*****
Offline Offline

Activity: 784


firstbits:1MinerQ


View Profile WWW
March 03, 2012, 04:29:59 AM
 #7

I find the need for immediate disbursement to be illusory.  I for one would be more comfortable with a business that only allowed me to withdraw a trivial amount immediately, and required cursory manual review for larger amounts.  I would not be bothered by having to wait 6 hours to withdraw 43000 BTC (hypothetical I suppose, since I'm not withdrawing like that with any regularity), but would expect that I could immediately withdraw (for example) 43 BTC just in case I wanted to make a payment with my account.

I think 43000 BTC is simply too much to have on a hot wallet.
I have no idea what Bitcoinica volumes are like but it surely seems like far too much. I think a better way to handle it would be a priority queueing mechanism. Small amounts could be disbursed immediately from the hot wallet, larger amounts could trigger replenishment and really wacky amounts could just be relayed for manual auditing. Combine this with automated replenishment of the hot wallet at suitable intervals. Also, it would be easy to modify the trigger levels based on hot wallet balance to keep flows steady.

One mechanism for this is pre-canned offline transactions that are submitted at intervals from another system. They can't be modified after creation and I think there is even a mechanism for post-dating. A script on the offline system could be used to generate a number of them for some reasonable time period so you aren't bothered with manual intervention unless the expected overall volume increases substantially. This would be quite simple to setup.

Well, there's likely all sorts of ways to secure things but the first step is realizing that out-of-the-box use isn't adequate for online high value wallets.

PrintCoins
Hero Member
*****
Offline Offline

Activity: 524



View Profile WWW
March 03, 2012, 05:54:04 AM
 #8

If a service has an employee, they can during business hours fetch pending payouts from the websever, and confirm that the offline wallet should make the payout. This person should have the very limited yes/no power.

I think even for trading platforms an intern doing this once every couple hours would be fine. Who needs immedate payout?

Bitmessage.org: BM-2cT3oFVj68gugBD5JFvP3qmoBHWXJQ6ZkT
BTC Addr:18AA1hq6DVHn5WuK1fQhr5CdkqeG5Mj2ZL <--did you like my post? Send some encouragement here.
Print bitcoin bills: http://print.printcoins.com/
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
March 03, 2012, 04:11:02 PM
 #9

Yes Mike, but when your service has thousands of customers, 43000 BTC doesn't give much instant spendability per user. 

Not even when you consider flow of incoming funds into the hot wallet? And especially when it's a service where most transactions are just private journal entries in a database, not BTC withdrawals?

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!