Bitcoin Forum
March 28, 2024, 06:09:39 PM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: we need a comprehensive guide for making SAFE bitcoin apps!!  (Read 2474 times)
paulie_w (OP)
Sr. Member
****
Offline Offline

Activity: 420
Merit: 250


View Profile
July 13, 2012, 03:42:28 PM
 #1

folks,

i think that it is time that we, at a minimum, start putting together a wiki guide for making secure bitcoin apps, from web to desktop to mobile.

who is competent enough to make one? maybe start to collaboratively put that together? it's really important that everyone's knowledge on the subject of security start being pooled and guided so that new people coming into the community with an enthusiasm for making great apps, don't end up like bitcoinica!

so how about it?
Bitcoin mining is now a specialized and very risky industry, just like gold mining. Amateur miners are unlikely to make much money, and may even lose money. Bitcoin is much more than just mining, though!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
proudhon
Legendary
*
Offline Offline

Activity: 2198
Merit: 1309



View Profile
July 13, 2012, 03:47:39 PM
 #2

folks,

i think that it is time that we, at a minimum, start putting together a wiki guide for making secure bitcoin apps, from web to desktop to mobile.

who is competent enough to make one? maybe start to collaboratively put that together? it's really important that everyone's knowledge on the subject of security start being pooled and guided so that new people coming into the community with an enthusiasm for making great apps, don't end up like bitcoinica!

so how about it?

How about first we make a comprehension and simple to understand guid on how to secure your own bitcoins.

Bitcoin Fact: the price of bitcoin will not be greater than $70k for more than 25 consecutive days at any point in the rest of recorded human history.
paulie_w (OP)
Sr. Member
****
Offline Offline

Activity: 420
Merit: 250


View Profile
July 13, 2012, 03:56:20 PM
 #3

both of these things would be hugely useful, right?

maybe they can be on the same wiki. ;-)
Coinabul
Hero Member
*****
Offline Offline

Activity: 588
Merit: 500


Coinabul - Gold Unbarred


View Profile WWW
July 13, 2012, 04:02:14 PM
 #4

I think some actually accredited security professionals should produce said guide.

Coinabul.com - Gold Unbarred
Website owners, let me put my ads on your site! PM me!
kiba
Legendary
*
Offline Offline

Activity: 980
Merit: 1014


View Profile
July 13, 2012, 04:07:00 PM
 #5

If you don't have a need to IMMEDIATELY do transactions with bitcoin:

Here how it would works:

1. Put all your bitcoin in a cold wallet and place it in a safe.
2. Open it once a day to process all the pending transactions.
3. Put the cold wallet back in the safe.

What it need:

1. Several USB drives.
2. Software to keep transactions request and query the blockchain and then write to USB drive.
3. Making sure you have enough public keys on hand.
4. At least one airgapped computer dedicated to processing the data in the USB drive.

Anybody who knows security, feel free to points out any flaw.

paulie_w (OP)
Sr. Member
****
Offline Offline

Activity: 420
Merit: 250


View Profile
July 13, 2012, 04:07:50 PM
 #6

I think some actually accredited security professionals should produce said guide.

no, i think WE need to produce what we can of it, and then let security professionals audit that. otherwise it is never going to get done.
paulie_w (OP)
Sr. Member
****
Offline Offline

Activity: 420
Merit: 250


View Profile
July 13, 2012, 04:08:55 PM
 #7

If you don't have a need to IMMEDIATELY do transactions with bitcoin:

Here how it would works:

1. Put all your bitcoin in a cold wallet and place it in a safe.
2. Open it once a day to process all the pending transactions.
3. Put the cold wallet back in the safe.

What it need:

1. Several USB drives.
2. Software to keep transactions request and query the blockchain and then write to USB drive.
3. Making sure you have enough public keys on hand.
4. At least one airgapped computer dedicated to processing the data in the USB drive.

Anybody who knows security, feel free to points out any flaw.

it's obvious that the most interesting bitcoin apps are probably always going to be those where "hot" exchanges are pretty important. what about that?
acoindr
Legendary
*
Offline Offline

Activity: 1050
Merit: 1002


View Profile
July 13, 2012, 05:52:03 PM
 #8

The truth is "bitcoin apps" are not the problem.

The problem is improper security handling. Take the Linode hack for example. Bitcoinica and several other bitcoin related sites had bitcoins stolen. There wasn't a specific "bug" that left these apps vulnerable. The Linode hack was probably an inside job by someone at Linode.

There was ONE poster with Linode however that said wasn't affected because he didn't store funds on a server controlled by someone else.

The problem here is not app security, it's lacking proper forethought.

Another example from this latest breach:

While all passwords were changed after the theft which occurred May 11th, the password for LastPass was not compromised and thus left unchanged.

ALL passwords should have been changed. Even basic security 101 says change your password ever so often, even without any breach, ESPECIALLY if funds are related to it.

The problem is high value funds being left vulnerable by people who don't take adequate security care and forethought.

BitcoinArmory.com is an example of GREAT security forethought, and is probably the safest way to cold store bitcoins in existence.
unclemantis
Member
**
Offline Offline

Activity: 98
Merit: 10


(:firstbits => "1mantis")


View Profile
July 13, 2012, 06:07:09 PM
 #9

There definitively needs to be a Standard Operating Procedure or ISO that EVERY shop that handles Bitcoin can follow.

PHP, Ruby, Rails, ASP, JavaScript, SQL
20+ years experience w/ Internet Technologies
Bitcoin OTC | GPG Public Key                                                                               thoughts?
Timo Y
Legendary
*
Offline Offline

Activity: 938
Merit: 1001


bitcoin - the aerogel of money


View Profile
July 13, 2012, 06:32:38 PM
 #10

This isn't a bitcoin specific problem.  Many books have been written on how to secure a web server.  I'm not sure if a universal guide would be useful.  Different architectures require different security measures. 

What would be nice is a preconfigured server optimized for bitcoin security and privacy.  Something like  tails except designed for running a simple bitcoin web app. 

The barriers to entry need to be lower.  Developing bitcoin-accepting websites shouldn't be an exclusive privilege of security experts.

GPG ID: FA868D77   bitcoin-otc:forever-d
paulie_w (OP)
Sr. Member
****
Offline Offline

Activity: 420
Merit: 250


View Profile
July 13, 2012, 06:34:59 PM
 #11

The truth is "bitcoin apps" are not the problem.

The problem is improper security handling. Take the Linode hack for example. Bitcoinica and several other bitcoin related sites had bitcoins stolen. There wasn't a specific "bug" that left these apps vulnerable. The Linode hack was probably an inside job by someone at Linode.

There was ONE poster with Linode however that said wasn't affected because he didn't store funds on a server controlled by someone else.

The problem here is not app security, it's lacking proper forethought.

Another example from this latest breach:

While all passwords were changed after the theft which occurred May 11th, the password for LastPass was not compromised and thus left unchanged.

ALL passwords should have been changed. Even basic security 101 says change your password ever so often, even without any breach, ESPECIALLY if funds are related to it.

The problem is high value funds being left vulnerable by people who don't take adequate security care and forethought.

BitcoinArmory.com is an example of GREAT security forethought, and is probably the safest way to cold store bitcoins in existence.

let's just say for the moment that whether it's basic security or 'bitcoin security' doesn't matter. we NEED to provide our community with great guides so that enthusiastic young people, even inexperienced, can read it and build according to standard.

and that means the rest of the community can say to them, hey, did you run through part X of our procedure? please publish your results.

i don't imagine something so advanced as a 'test suite' for all sites (impossible, i'm sure), but i do think we could at least start to imagine standards.
acoindr
Legendary
*
Offline Offline

Activity: 1050
Merit: 1002


View Profile
July 13, 2012, 06:36:23 PM
 #12

What would be nice is a preconfigured server optimized for bitcoin security and privacy. 

How would that have helped this latest Mt.Gox password incompetence, or the earlier Linode (likely inside job) hack?
paulie_w (OP)
Sr. Member
****
Offline Offline

Activity: 420
Merit: 250


View Profile
July 13, 2012, 06:38:15 PM
 #13

What would be nice is a preconfigured server optimized for bitcoin security and privacy. 

How would that have helped this latest Mt.Gox password incompetence, or the earlier Linode (likely inside job) hack?

it's hard to know without a full audit.

look i know everyone is upset about this, but the solutions are simply more hand-holding, more documentation, and less stupidity (on part of both the developers AND the users).
acoindr
Legendary
*
Offline Offline

Activity: 1050
Merit: 1002


View Profile
July 13, 2012, 06:40:34 PM
 #14

let's just say for the moment that whether it's basic security or 'bitcoin security' doesn't matter. we NEED to provide our community with great guides so that enthusiastic young people, even inexperienced, can read it and build according to standard.

and that means the rest of the community can say to them, hey, did you run through part X of our procedure? please publish your results.

i don't imagine something so advanced as a 'test suite' for all sites (impossible, i'm sure), but i do think we could at least start to imagine standards.

Okay, but RULE 1 of the guide is that you are only as secure as your weakest link.

Bitcoinica Hack #1 Linode = probably an inside job at Linode

Bitcoinca Hack #2 = Moved to Rackspace; Patrick's email server was compromised, oops!

Bitcoinca Mt.Gox Hack =  We didn't change a password Tihan re-used, sorry!

Edit: I should change the word "hack" above because no hacking was even required. Thieves without computer knowledge could have executed all of the above thefts.
paulie_w (OP)
Sr. Member
****
Offline Offline

Activity: 420
Merit: 250


View Profile
July 13, 2012, 06:44:20 PM
 #15

let's just say for the moment that whether it's basic security or 'bitcoin security' doesn't matter. we NEED to provide our community with great guides so that enthusiastic young people, even inexperienced, can read it and build according to standard.

and that means the rest of the community can say to them, hey, did you run through part X of our procedure? please publish your results.

i don't imagine something so advanced as a 'test suite' for all sites (impossible, i'm sure), but i do think we could at least start to imagine standards.

Okay, but RULE 1 of the guide is that you are only as secure as your weakest link.

Bitcoinica Hack #1 = probably an inside job at Linode

Bitcoinca Hack #2 = Patrick's email server was compromised, oops!

Bitcoinca Mt.Gox Hack =  We didn't change a password Tihan re-used, sorry!

i think it's perfectly sensible to start such a guide with this kind of stuff, although i would drop the conspiratorial tone (even if it proves to be true).

How to make a secure bitcoin application.

CHAP 1: Why is security crucial when making bitcoin applications?
CHAP 1A: Security anecdotes from bitcoin's history (aka Stupid Mistakes)
CHAP 2: Basic server security
CHAP 3: Hot wallets vs Cold Wallets

etc
paulie_w (OP)
Sr. Member
****
Offline Offline

Activity: 420
Merit: 250


View Profile
July 13, 2012, 06:48:26 PM
 #16

i think it is also important to have a chapter/section about your personal security habits as a developer, and why one hole in the security chain causes the whole thing to crumble (again, anecdotes would be a Good Thing).

is anyone actually going to make this? i think we need it. i would do it myself if i felt technically competent enough (and i really don't).
acoindr
Legendary
*
Offline Offline

Activity: 1050
Merit: 1002


View Profile
July 13, 2012, 06:55:37 PM
 #17

i think it's perfectly sensible to start such a guide with this kind of stuff, although i would drop the conspiratorial tone (even if it proves to be true).

How to make a secure bitcoin application.

CHAP 1: Why is security crucial when making bitcoin applications?
CHAP 1A: Security anecdotes from bitcoin's history (aka Stupid Mistakes)
CHAP 2: Basic server security
CHAP 3: Hot wallets vs Cold Wallets

etc

I'm not against a guide. I just think the focus should be less about the technical, and more about common sense.

During one of the last hack discussions a forum member posted that he properly secured his server, citing various technical precautions. He mentioned he did this to protect the X amount of funds stored on the server, and he was glad for the high bandwidth line to his office allowing him to have the server there.

Another poster said er it's probably not a good idea to tell people where your server holding these funds is at. For example, one could look up where you are located and pay the cleaning lady 10K to look the other way.  That would be worth it for a theft worth say 60K plus.

Low tech security precautions shouldn't be ignored in favor of high tech ones.
paulie_w (OP)
Sr. Member
****
Offline Offline

Activity: 420
Merit: 250


View Profile
July 13, 2012, 06:59:55 PM
 #18

Quote
I'm not against a guide. I just think the focus should be less about the technical, and more about common sense.

During one of the last hack discussions a forum member posted that he properly secured his server, citing various technical precautions. He mentioned he did this to protect the X amount of funds stored on the server, and he was glad for the high bandwidth line to his office allowing him to have the server there.

Another poster said er it's probably not a good idea to tell people where your server holding these funds is at. For example, one could look up where you are located and pay the cleaning lady 10K to look the other way.  That would be worth it for a theft worth say 60K plus.

Low tech security precautions shouldn't be ignored in favor of high tech ones.

i wonder if it would be possible to 'hide' the hot wallet server by putting it on its own box, and only allowing tor hidden service connections in.

that way, the IP at least would never be known...
acoindr
Legendary
*
Offline Offline

Activity: 1050
Merit: 1002


View Profile
July 13, 2012, 07:08:09 PM
 #19

Quote
I'm not against a guide. I just think the focus should be less about the technical, and more about common sense.

During one of the last hack discussions a forum member posted that he properly secured his server, citing various technical precautions. He mentioned he did this to protect the X amount of funds stored on the server, and he was glad for the high bandwidth line to his office allowing him to have the server there.

Another poster said er it's probably not a good idea to tell people where your server holding these funds is at. For example, one could look up where you are located and pay the cleaning lady 10K to look the other way.  That would be worth it for a theft worth say 60K plus.

Low tech security precautions shouldn't be ignored in favor of high tech ones.

i wonder if it would be possible to 'hide' the hot wallet server by putting it on its own box, and only allowing tor hidden service connections in.

that way, the IP at least would never be known...

Again, you're thinking a lack of high tech solutions is the problem. It's not. In the example about the cleaning lady there are other ways to go about finding the location to commit the crime. For example, if it was me I would start collecting information on the target. I'd do several things first:

1. Do a WHOIS lookup on the member's domain name; unless intentionally obscured this will provide the member's real name or company name...
2. Click the forum member's profile, see what else I can learn about him, like an email address (which I might try to phish email)
3. Do a forum search of all the member's posts; did he ever mention where he was located?

Only after starting with the above would I even get into tracking down IP addresses. See? Low tech is often FAR more effective.

paulie_w (OP)
Sr. Member
****
Offline Offline

Activity: 420
Merit: 250


View Profile
July 13, 2012, 07:15:41 PM
 #20

Quote
Again, you're thinking a lack of high tech solutions is the problem. It's not. In the example about the cleaning lady there are other ways to go about finding the location to commit the crime. For example, if it was me I would start collecting information on the target. I'd do several things first:

1. Do a WHOIS lookup on the member's domain name; unless intentionally obscured this will provide the member's real name or company name...
2. Click the forum member's profile, see what else I can learn about him, like an email address (which I might try to phish email)
3. Do a forum search of all the member's posts; did he ever mention where he was located?

Only after starting with the above would I even get into tracking down IP addresses. See? Low tech is often FAR more effective.

high tech is not the solution to the problems in your previous emails, but my comment was a bit of a sidetrack (that i wish to drop from this thread after this point is made):

i was strictly talking about an idea of how to hide a hot wallet server, disconnected from your previous points. the above, provided some basic precaution on part of the developer, would not reveal a means into the wallet server.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!