paulie_w (OP)
|
|
July 13, 2012, 03:42:28 PM |
|
folks,
i think that it is time that we, at a minimum, start putting together a wiki guide for making secure bitcoin apps, from web to desktop to mobile.
who is competent enough to make one? maybe start to collaboratively put that together? it's really important that everyone's knowledge on the subject of security start being pooled and guided so that new people coming into the community with an enthusiasm for making great apps, don't end up like bitcoinica!
so how about it?
|
|
|
|
|
|
"There should not be any signed int. If you've found a signed int
somewhere, please tell me (within the next 25 years please) and I'll
change it to unsigned int." -- Satoshi
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
proudhon
Legendary
Offline
Activity: 2198
Merit: 1311
|
|
July 13, 2012, 03:47:39 PM |
|
folks,
i think that it is time that we, at a minimum, start putting together a wiki guide for making secure bitcoin apps, from web to desktop to mobile.
who is competent enough to make one? maybe start to collaboratively put that together? it's really important that everyone's knowledge on the subject of security start being pooled and guided so that new people coming into the community with an enthusiasm for making great apps, don't end up like bitcoinica!
so how about it?
How about first we make a comprehension and simple to understand guid on how to secure your own bitcoins.
|
Bitcoin Fact: the price of bitcoin will not be greater than $70k for more than 25 consecutive days at any point in the rest of recorded human history.
|
|
|
paulie_w (OP)
|
|
July 13, 2012, 03:56:20 PM |
|
both of these things would be hugely useful, right?
maybe they can be on the same wiki. ;-)
|
|
|
|
Coinabul
|
|
July 13, 2012, 04:02:14 PM |
|
I think some actually accredited security professionals should produce said guide.
|
|
|
|
kiba
Legendary
Offline
Activity: 980
Merit: 1014
|
|
July 13, 2012, 04:07:00 PM |
|
If you don't have a need to IMMEDIATELY do transactions with bitcoin:
Here how it would works:
1. Put all your bitcoin in a cold wallet and place it in a safe. 2. Open it once a day to process all the pending transactions. 3. Put the cold wallet back in the safe.
What it need:
1. Several USB drives. 2. Software to keep transactions request and query the blockchain and then write to USB drive. 3. Making sure you have enough public keys on hand. 4. At least one airgapped computer dedicated to processing the data in the USB drive.
Anybody who knows security, feel free to points out any flaw.
|
|
|
|
paulie_w (OP)
|
|
July 13, 2012, 04:07:50 PM |
|
I think some actually accredited security professionals should produce said guide.
no, i think WE need to produce what we can of it, and then let security professionals audit that. otherwise it is never going to get done.
|
|
|
|
paulie_w (OP)
|
|
July 13, 2012, 04:08:55 PM |
|
If you don't have a need to IMMEDIATELY do transactions with bitcoin:
Here how it would works:
1. Put all your bitcoin in a cold wallet and place it in a safe. 2. Open it once a day to process all the pending transactions. 3. Put the cold wallet back in the safe.
What it need:
1. Several USB drives. 2. Software to keep transactions request and query the blockchain and then write to USB drive. 3. Making sure you have enough public keys on hand. 4. At least one airgapped computer dedicated to processing the data in the USB drive.
Anybody who knows security, feel free to points out any flaw.
it's obvious that the most interesting bitcoin apps are probably always going to be those where "hot" exchanges are pretty important. what about that?
|
|
|
|
acoindr
Legendary
Offline
Activity: 1050
Merit: 1002
|
|
July 13, 2012, 05:52:03 PM |
|
The truth is "bitcoin apps" are not the problem. The problem is improper security handling. Take the Linode hack for example. Bitcoinica and several other bitcoin related sites had bitcoins stolen. There wasn't a specific "bug" that left these apps vulnerable. The Linode hack was probably an inside job by someone at Linode. There was ONE poster with Linode however that said wasn't affected because he didn't store funds on a server controlled by someone else. The problem here is not app security, it's lacking proper forethought. Another example from this latest breach: While all passwords were changed after the theft which occurred May 11th, the password for LastPass was not compromised and thus left unchanged.
ALL passwords should have been changed. Even basic security 101 says change your password ever so often, even without any breach, ESPECIALLY if funds are related to it. The problem is high value funds being left vulnerable by people who don't take adequate security care and forethought. BitcoinArmory.com is an example of GREAT security forethought, and is probably the safest way to cold store bitcoins in existence.
|
|
|
|
unclemantis
Member
Offline
Activity: 98
Merit: 10
(:firstbits => "1mantis")
|
|
July 13, 2012, 06:07:09 PM |
|
There definitively needs to be a Standard Operating Procedure or ISO that EVERY shop that handles Bitcoin can follow.
|
|
|
|
Timo Y
Legendary
Offline
Activity: 938
Merit: 1001
bitcoin - the aerogel of money
|
|
July 13, 2012, 06:32:38 PM |
|
This isn't a bitcoin specific problem. Many books have been written on how to secure a web server. I'm not sure if a universal guide would be useful. Different architectures require different security measures. What would be nice is a preconfigured server optimized for bitcoin security and privacy. Something like tails except designed for running a simple bitcoin web app. The barriers to entry need to be lower. Developing bitcoin-accepting websites shouldn't be an exclusive privilege of security experts.
|
|
|
|
paulie_w (OP)
|
|
July 13, 2012, 06:34:59 PM |
|
The truth is "bitcoin apps" are not the problem. The problem is improper security handling. Take the Linode hack for example. Bitcoinica and several other bitcoin related sites had bitcoins stolen. There wasn't a specific "bug" that left these apps vulnerable. The Linode hack was probably an inside job by someone at Linode. There was ONE poster with Linode however that said wasn't affected because he didn't store funds on a server controlled by someone else. The problem here is not app security, it's lacking proper forethought. Another example from this latest breach: While all passwords were changed after the theft which occurred May 11th, the password for LastPass was not compromised and thus left unchanged.
ALL passwords should have been changed. Even basic security 101 says change your password ever so often, even without any breach, ESPECIALLY if funds are related to it. The problem is high value funds being left vulnerable by people who don't take adequate security care and forethought. BitcoinArmory.com is an example of GREAT security forethought, and is probably the safest way to cold store bitcoins in existence. let's just say for the moment that whether it's basic security or 'bitcoin security' doesn't matter. we NEED to provide our community with great guides so that enthusiastic young people, even inexperienced, can read it and build according to standard. and that means the rest of the community can say to them, hey, did you run through part X of our procedure? please publish your results. i don't imagine something so advanced as a 'test suite' for all sites (impossible, i'm sure), but i do think we could at least start to imagine standards.
|
|
|
|
acoindr
Legendary
Offline
Activity: 1050
Merit: 1002
|
|
July 13, 2012, 06:36:23 PM |
|
What would be nice is a preconfigured server optimized for bitcoin security and privacy. How would that have helped this latest Mt.Gox password incompetence, or the earlier Linode (likely inside job) hack?
|
|
|
|
paulie_w (OP)
|
|
July 13, 2012, 06:38:15 PM |
|
What would be nice is a preconfigured server optimized for bitcoin security and privacy. How would that have helped this latest Mt.Gox password incompetence, or the earlier Linode (likely inside job) hack? it's hard to know without a full audit. look i know everyone is upset about this, but the solutions are simply more hand-holding, more documentation, and less stupidity (on part of both the developers AND the users).
|
|
|
|
acoindr
Legendary
Offline
Activity: 1050
Merit: 1002
|
|
July 13, 2012, 06:40:34 PM |
|
let's just say for the moment that whether it's basic security or 'bitcoin security' doesn't matter. we NEED to provide our community with great guides so that enthusiastic young people, even inexperienced, can read it and build according to standard.
and that means the rest of the community can say to them, hey, did you run through part X of our procedure? please publish your results.
i don't imagine something so advanced as a 'test suite' for all sites (impossible, i'm sure), but i do think we could at least start to imagine standards.
Okay, but RULE 1 of the guide is that you are only as secure as your weakest link. Bitcoinica Hack #1 Linode = probably an inside job at Linode Bitcoinca Hack #2 = Moved to Rackspace; Patrick's email server was compromised, oops! Bitcoinca Mt.Gox Hack = We didn't change a password Tihan re-used, sorry! Edit: I should change the word "hack" above because no hacking was even required. Thieves without computer knowledge could have executed all of the above thefts.
|
|
|
|
paulie_w (OP)
|
|
July 13, 2012, 06:44:20 PM |
|
let's just say for the moment that whether it's basic security or 'bitcoin security' doesn't matter. we NEED to provide our community with great guides so that enthusiastic young people, even inexperienced, can read it and build according to standard.
and that means the rest of the community can say to them, hey, did you run through part X of our procedure? please publish your results.
i don't imagine something so advanced as a 'test suite' for all sites (impossible, i'm sure), but i do think we could at least start to imagine standards.
Okay, but RULE 1 of the guide is that you are only as secure as your weakest link. Bitcoinica Hack #1 = probably an inside job at Linode Bitcoinca Hack #2 = Patrick's email server was compromised, oops! Bitcoinca Mt.Gox Hack = We didn't change a password Tihan re-used, sorry! i think it's perfectly sensible to start such a guide with this kind of stuff, although i would drop the conspiratorial tone (even if it proves to be true). How to make a secure bitcoin application. CHAP 1: Why is security crucial when making bitcoin applications? CHAP 1A: Security anecdotes from bitcoin's history (aka Stupid Mistakes) CHAP 2: Basic server security CHAP 3: Hot wallets vs Cold Wallets etc
|
|
|
|
paulie_w (OP)
|
|
July 13, 2012, 06:48:26 PM |
|
i think it is also important to have a chapter/section about your personal security habits as a developer, and why one hole in the security chain causes the whole thing to crumble (again, anecdotes would be a Good Thing).
is anyone actually going to make this? i think we need it. i would do it myself if i felt technically competent enough (and i really don't).
|
|
|
|
acoindr
Legendary
Offline
Activity: 1050
Merit: 1002
|
|
July 13, 2012, 06:55:37 PM |
|
i think it's perfectly sensible to start such a guide with this kind of stuff, although i would drop the conspiratorial tone (even if it proves to be true).
How to make a secure bitcoin application.
CHAP 1: Why is security crucial when making bitcoin applications? CHAP 1A: Security anecdotes from bitcoin's history (aka Stupid Mistakes) CHAP 2: Basic server security CHAP 3: Hot wallets vs Cold Wallets
etc
I'm not against a guide. I just think the focus should be less about the technical, and more about common sense. During one of the last hack discussions a forum member posted that he properly secured his server, citing various technical precautions. He mentioned he did this to protect the X amount of funds stored on the server, and he was glad for the high bandwidth line to his office allowing him to have the server there. Another poster said er it's probably not a good idea to tell people where your server holding these funds is at. For example, one could look up where you are located and pay the cleaning lady 10K to look the other way. That would be worth it for a theft worth say 60K plus. Low tech security precautions shouldn't be ignored in favor of high tech ones.
|
|
|
|
paulie_w (OP)
|
|
July 13, 2012, 06:59:55 PM |
|
I'm not against a guide. I just think the focus should be less about the technical, and more about common sense.
During one of the last hack discussions a forum member posted that he properly secured his server, citing various technical precautions. He mentioned he did this to protect the X amount of funds stored on the server, and he was glad for the high bandwidth line to his office allowing him to have the server there.
Another poster said er it's probably not a good idea to tell people where your server holding these funds is at. For example, one could look up where you are located and pay the cleaning lady 10K to look the other way. That would be worth it for a theft worth say 60K plus.
Low tech security precautions shouldn't be ignored in favor of high tech ones.
i wonder if it would be possible to 'hide' the hot wallet server by putting it on its own box, and only allowing tor hidden service connections in. that way, the IP at least would never be known...
|
|
|
|
acoindr
Legendary
Offline
Activity: 1050
Merit: 1002
|
|
July 13, 2012, 07:08:09 PM |
|
I'm not against a guide. I just think the focus should be less about the technical, and more about common sense.
During one of the last hack discussions a forum member posted that he properly secured his server, citing various technical precautions. He mentioned he did this to protect the X amount of funds stored on the server, and he was glad for the high bandwidth line to his office allowing him to have the server there.
Another poster said er it's probably not a good idea to tell people where your server holding these funds is at. For example, one could look up where you are located and pay the cleaning lady 10K to look the other way. That would be worth it for a theft worth say 60K plus.
Low tech security precautions shouldn't be ignored in favor of high tech ones.
i wonder if it would be possible to 'hide' the hot wallet server by putting it on its own box, and only allowing tor hidden service connections in. that way, the IP at least would never be known... Again, you're thinking a lack of high tech solutions is the problem. It's not. In the example about the cleaning lady there are other ways to go about finding the location to commit the crime. For example, if it was me I would start collecting information on the target. I'd do several things first: 1. Do a WHOIS lookup on the member's domain name; unless intentionally obscured this will provide the member's real name or company name... 2. Click the forum member's profile, see what else I can learn about him, like an email address (which I might try to phish email) 3. Do a forum search of all the member's posts; did he ever mention where he was located? Only after starting with the above would I even get into tracking down IP addresses. See? Low tech is often FAR more effective.
|
|
|
|
paulie_w (OP)
|
|
July 13, 2012, 07:15:41 PM |
|
Again, you're thinking a lack of high tech solutions is the problem. It's not. In the example about the cleaning lady there are other ways to go about finding the location to commit the crime. For example, if it was me I would start collecting information on the target. I'd do several things first:
1. Do a WHOIS lookup on the member's domain name; unless intentionally obscured this will provide the member's real name or company name... 2. Click the forum member's profile, see what else I can learn about him, like an email address (which I might try to phish email) 3. Do a forum search of all the member's posts; did he ever mention where he was located?
Only after starting with the above would I even get into tracking down IP addresses. See? Low tech is often FAR more effective.
high tech is not the solution to the problems in your previous emails, but my comment was a bit of a sidetrack (that i wish to drop from this thread after this point is made): i was strictly talking about an idea of how to hide a hot wallet server, disconnected from your previous points. the above, provided some basic precaution on part of the developer, would not reveal a means into the wallet server.
|
|
|
|
acoindr
Legendary
Offline
Activity: 1050
Merit: 1002
|
|
July 13, 2012, 07:17:48 PM |
|
high tech is not the solution to the problems in your previous emails, but my comment was a bit of a sidetrack (that i wish to drop from this thread after this point is made):
i was strictly talking about an idea of how to hide a hot wallet server, disconnected from your previous points. the above, provided some basic precaution on part of the developer, would not reveal a means into the wallet server.
Oh, gotcha Yes, securing hot wallets has been discussed, but I don't know the thread off hand.
|
|
|
|
|
EnergyVampire
|
|
July 13, 2012, 07:47:40 PM |
|
Do trading sites like MtGox, BTC-E, BitStamp, Intersango, bitFloor, GLBSE, etc need a hot wallet at all?
|
|
|
|
acoindr
Legendary
Offline
Activity: 1050
Merit: 1002
|
|
July 13, 2012, 07:53:09 PM |
|
Do trading sites like MtGox, BTC-E, BitStamp, Intersango, bitFloor, GLBSE, etc need a hot wallet at all?
It depends on amount of volume. A site like MtGox having the majority of bitcoin exchange probably does, because manually processing transactions would be labor intensive. But remember it's possible to secure a hot wallet, and this latest theft had nothing to do with a hot wallet all.
|
|
|
|
kiba
Legendary
Offline
Activity: 980
Merit: 1014
|
|
July 13, 2012, 07:57:14 PM |
|
It depends on amount of volume. A site like MtGox having the majority of bitcoin exchange probably does, because manually processing transactions would be labor intensive.
They just need automation. But remember it's possible to secure a hot wallet, and this latest theft had nothing to do with a hot wallet all.
It does. Having a balance with mtgox is effectively a hot wallet.
|
|
|
|
acoindr
Legendary
Offline
Activity: 1050
Merit: 1002
|
|
July 13, 2012, 08:09:14 PM |
|
It does. Having a balance with mtgox is effectively a hot wallet.
I meant people seem to think hot wallets are the reason bitcoins are vulnerable, but wallets are only one potential vulnerability. This latest theft was due to sloppy password handling, and 40K USD was stolen in addition to 40K BTC.
|
|
|
|
World
|
|
July 13, 2012, 08:23:51 PM |
|
folks, start putting together a wiki guide for making secure bitcoin apps, from web to desktop to mobile.
who is competent enough to make one? maybe start to collaboratively put that together? it's really important that everyone's knowledge on the subject of security start being pooled and guided so that new people coming into the community with an enthusiasm for making great apps, don't end up like bitcoinica!
so how about it?
https://en.bitcoin.it/wiki/Securing_online_services
|
Supporting people with beautiful creative ideas. Bitcoin is because of the developers,exchanges,merchants,miners,investors,users,machines and blockchain technologies work together.
|
|
|
EnergyVampire
|
|
July 13, 2012, 08:24:51 PM Last edit: July 13, 2012, 08:35:04 PM by EnergyVampire |
|
+1 for this initiative
I like the whole idea of Standard Operating Procedures (SOP), Transparency, Disclosures, Best Practices, etc for sites that take custody of customers funds. Not so much as a requirement for starting the site but as a way for potential/current customers to evaluate the risk involved when dealing with them.
The Bitcoin Protocol is innovative but financial institutions on the other hand have been around for a very long time.
Caveat emptor
|
|
|
|
kiba
Legendary
Offline
Activity: 980
Merit: 1014
|
|
July 13, 2012, 08:27:31 PM |
|
I meant people seem to think hot wallets are the reason bitcoins are vulnerable, but wallets are only one potential vulnerability. This latest theft was due to sloppy password handling, and 40K USD was stolen in addition to 40K BTC.
You're right, I guess. Even if the bitcoin were offline, the thief could have wait and wait until the balances were loaded into mtgox and use to pay customers or the site start operating.
|
|
|
|
paulie_w (OP)
|
|
July 13, 2012, 08:42:18 PM |
|
folks, start putting together a wiki guide for making secure bitcoin apps, from web to desktop to mobile.
who is competent enough to make one? maybe start to collaboratively put that together? it's really important that everyone's knowledge on the subject of security start being pooled and guided so that new people coming into the community with an enthusiasm for making great apps, don't end up like bitcoinica!
so how about it?
https://en.bitcoin.it/wiki/Securing_online_servicesoh, great start! i see that it was started in may. may we use this as the base, and expand it as discussed?
|
|
|
|
h00ters
Newbie
Offline
Activity: 22
Merit: 0
|
|
July 14, 2012, 01:34:55 AM |
|
Don't know what you're goal is, but anything can be hacked with time. Using proper security techniques help, but anything can be by-passed. I.E 2-factor auth, dont use same passwords etc... Simple, logical things...
Tip, Don't believe everyone that says they are a security expert without any proof... I.E Patrick from Bitconica...
|
|
|
|
World
|
|
July 14, 2012, 08:41:58 PM |
|
oh, great start! i see that it was started in may. may we use this as the base, and expand it as discussed?
Mike Hearn was the author https://bitcointalk.org/index.php?topic=82098.msg904743#msg904743
|
Supporting people with beautiful creative ideas. Bitcoin is because of the developers,exchanges,merchants,miners,investors,users,machines and blockchain technologies work together.
|
|
|
mistfpga
Member
Offline
Activity: 86
Merit: 13
|
|
July 14, 2012, 09:23:08 PM |
|
Hi Paulie, the advice you want people to use already exists, the Open Web Application Security Project https://www.owasp.org/index.php/Main_Pageyou will find professional people, who are very good at what they do. These people may even be persuaded to work on bitcoin - that place is like a repository of web app security. if a company does not follow thier advice... go check it out. get some people interested... bitcoin is a blockchain and interaction with this chain. it is not securing web apps. sorry to be a miserable git. steve
|
|
|
|
paulie_w (OP)
|
|
July 16, 2012, 03:44:58 PM |
|
|
|
|
|
Gavin Andresen
Legendary
Offline
Activity: 1652
Merit: 2216
Chief Scientist
|
|
July 16, 2012, 06:12:43 PM |
|
Starting with OWASP is good advice. But if you are holding other people's bitcoins, just securing the app is not enough. You need people who have experience securing money telling you how to create processes to make sure you're not the victim of embezzlement, that you are complying with legal requirements, keeping adequate records, keeping customers' funds separate from the funds used to pay expenses, that regular audits are done to detect problems early, and so on. The Bitcoin Protocol is innovative but financial institutions on the other hand have been around for a very long time.
+1
|
How often do you get the chance to work on a potentially world-changing project?
|
|
|
|