Bitcoin Forum
December 06, 2016, 04:22:59 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 [3]  All
  Print  
Author Topic: Bitcoin is a hackers dream  (Read 5149 times)
caveden
Legendary
*
Offline Offline

Activity: 1106



View Profile
July 20, 2012, 04:43:30 PM
 #41

A. If you go after the thief, he will be ultimately unsuccessful in his plan, and others will think twice if theft is worth the consequences. Going after thieves protects honest people from becoming victims.

B. If you go after service provider (assuming no criminal negligence or insider jobs, in which case A applies), you will punish the victim - and we are talking potentially devastating consequences for their careers, families, and health. Other service providers will boost up security out of fear, and outsource the cost to third parties or to customers[/u]. Thieves will have nothing to fear, and will now have to either step up their efforts or find another victim. Either way, more shitty situations which could have been avoided with option A.

Good points. I highlighted an important part of your post.

If criminals are never punished, innocents will always pay for it one way or another. Security is not free. If we didn't have to worry much about criminals, we could use these resources in better ways. And I know no better way to create a counter-incentive to crime then to punish those who commit it.

I tend to agree with OP.

Me too, except that I don't think this problem is exclusive to bitcoin. It's a "cyberspace problem". Hackers are almost never punished, and the costs of their actions fall over everybody else. Actually, as Timo Y quoted below notes, it's a little better in BTC-world than in CC-word as here the costs of a hack are not totally diluted. (I wouldn't be so harsh on all those who put their money on Bitcoinica though...)

So are credit cards.

What fraction of carders actually get caught?

Even if the credit card customer is negligent, it's usually the bank that takes the hit, and then socializes the cost among all customers. Very rarely the it's the scammer.

With bitcoin, at least I don't have to pay for other people's negligence. And yes, if you entrust tens of thousands of dollars to an alpha-web app run by an one-man enterprise then that is also a form of negligence.


18rZYyWcafwD86xvLrfuxWG5xEMMWUtVkL
1481041379
Hero Member
*
Offline Offline

Posts: 1481041379

View Profile Personal Message (Offline)

Ignore
1481041379
Reply with quote  #2

1481041379
Report to moderator
1481041379
Hero Member
*
Offline Offline

Posts: 1481041379

View Profile Personal Message (Offline)

Ignore
1481041379
Reply with quote  #2

1481041379
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481041379
Hero Member
*
Offline Offline

Posts: 1481041379

View Profile Personal Message (Offline)

Ignore
1481041379
Reply with quote  #2

1481041379
Report to moderator
Transisto
Donator
Legendary
*
Offline Offline

Activity: 1624



View Profile WWW
July 20, 2012, 04:48:35 PM
 #42

...
The software part I agree can make it "virtually" impossible to steal, but there always is a physical and mental part that is near impossible to secure without high costs and high inconveniences.
...
Perhaps you could elaborate on the "physical and mental part" and explain what they have to do with Bitcoin and not any other asset.
You understand having a paper wallet in a vault is not convenient for spending it ?
You understand this vault has a cost right ?
You understand someone know how to open than vault right ? (without force)

You may not know, but there are ways and drugs that will make you do anything even against your will.
Transisto
Donator
Legendary
*
Offline Offline

Activity: 1624



View Profile WWW
July 20, 2012, 05:18:49 PM
 #43

...
The software part I agree can make it "virtually" impossible to steal, but there always is a physical and mental part that is near impossible to secure without high costs and high inconveniences.
...
Perhaps you could elaborate on the "physical and mental part" and explain what they have to do with Bitcoin and not any other asset.
You understand having a paper wallet in a vault is not convenient for spending it ?
You understand this vault has a cost right ?
You understand someone know how to open than vault right ? (without force)

You may be unaware of it, but there are ways and drugs that will make you do anything even against your will.

Who said anything about a paper wallet? Who said anything about a vault? And your examples go far beyond "hacking".

You can have convenience or you can have security. With clients like Armory you can even have both.

For the price of a cheap laptop and a few thumb drives you can have security that is practically impossible to break. When individually inaccessible pieces of your wallet are spread around in different physical locations, it's going to be pretty hard to "hack". If you fear drugs or torture, and would prefer death over having your Bitcoins stolen, give pieces of your wallet to random family members and tell them to keep secure regardless of any kidnapping ransoms.

I stand by my statement, "I feel it's far easier and far cheaper to secure Bitcoins than any other asset I can think of." I can split the wallet to make it worthless without obtaining each piece. With physical assets, even if they are stored in a vault, once that is breached, you've lost your asset.

I think I've already agreed on the secure part of software (armory), but software run on hardware and are used by brains.

Anyway how convenient is it to have to remember where and recover all the piece of paper wallet are stored before spending it.

That make me think, do we want people to sit on their paper wallet forever or actually use Ƀ for commerce ?
Transisto
Donator
Legendary
*
Offline Offline

Activity: 1624



View Profile WWW
July 20, 2012, 06:31:37 PM
 #44

...
Well, maybe you didn't realize that you aren't required to keep ALL your Bitcoins on ONE wallet? Wink

You can have a myriad of security measures for as many wallets as you desire. No one in their right mind would make an offline fragmented wallet for 1 Bitcoin.

One of the more amazing features of Bitcoin is, once you have created the deep savings wallet, you can safely SEND as many coins as you wish from anywhere in the world.
What is the deep in "deep saving wallet" ?
Do you mean "safely SEND as many coins as you wish" to it ? The opposite is not true.
on9isrock
Member
**
Offline Offline

Activity: 70



View Profile
July 21, 2012, 03:00:16 PM
 #45

we have to admit that is nothing 100% safe/secure
believe me this word come from old folks

my address :18TTx6qBr2LTiyRu6SuLDX1SFwDCQyeJRC
bigasic
Hero Member
*****
Offline Offline

Activity: 742



View Profile
July 21, 2012, 05:19:19 PM
 #46

The only place where I have coins that are not encrypted on my HDD or USB is with an exchanger that uses the yubikey with 2 factor authentication.. The only downside is is that if I were to lose my key, I would be sol for about 2 weeks...

Thats another question.. Is the yubikey is as secure as they make it?
Tril
Full Member
***
Offline Offline

Activity: 212


View Profile
July 21, 2012, 07:39:08 PM
 #47

From the title, I thought this thread was about the other kind of hackers and would have some cool ideas about multisignatures, or verifying receipt of coins without having to have the private key online, or hackerspaces, or other great ideas.  Oh well.  I'll address this:

I think OP was referring to the mindset of certain Bitcoin users, not criticizing btc itself. Apparently many think that it's perfectly ok to steal, and to let thieves operate without any consequences.

It's not OK to steal, and it's wrong for the thief to do so.  It's also wrong to harm innocents or destroy bitcoin entirely in the quest to punish thieves.

Bitcoin provides Internet cash, which does have the weakness of being stealable.  While no one wants to encourage theft, it's a difficult problem, because the initial proposed solution to stop thieves just makes things worse.  Tainting coins makes it too easy for thieves to cause trouble for innocent recipients of stolen coins and adds very little to stop the thief, so it's been rejected as unacceptable by most.  What else can be done?  Convincing merchants and service providers to demand their customers prove the origin of all their coins?  The blockchain can't offer proof, as it's easy to trade private keys outside the blockchain.  Verifying identity?  Adds very little protection (thieves also routinely steal identities) while defeating one of the main reasons to use bitcoin, pseudonymity.  And any intentional collaboration of major mining pools to reverse selected transactions would strike fear into the heart of every Bitcoin user.  Even if improved versions of all of those solutions were adopted by honest merchants, you still have plenty of unscrupulous sellers willing to accept known stolen bitcoins; after all they are "cold", "hard", verifiable bitcoins.

It's easy to pass blame, but everything has tradeoffs.  Yes, bitcoin holders can increase wallet security, at a cost.  Yes, MtGox can make withdrawals more difficult, which they have been doing, but customers have been complaining.  Governments can collaborate internationally to allow stronger investigation and enforcement of computer crime across borders, but this reduces everyone's freedom.  As Internet cash, bitcoin enforces the idea of "trust no one, but yourself" and the wallet holder is ultimately responsible for his or her own security.  And anyone who trusts someone else with their coins is also indirectly responsible for that security.  I knew Bitcoinica had a large hot wallet based on how fast withdrawals were occurring, so I withdrew all my funds.  I have no coins or funds in MtGox or GLBSE because they're huge targets.  I could be making more money if I took these risks but it's up to me.  Security is a trade-off and has a cost.  With Bitcoin, everyone has the freedom to decide who to trust and how much to invest in security.

OP, I understand your disappointment at the state of things.  It's best not to complain about the state of Bitcoin but instead treat the weakness as opportunity.  Go ahead, come up with an amazing new way to stop thefts.  And yes, demand more security from those who hold your coins.  I expect it will be needed, as stealing bitcoins need not be the only incentive for the thieves; they're also paid in fiat, created out of nothing by those who stand to profit from Bitcoin's demise.   Increasing amounts of resources will be spent on attacking bitcoin sites as Bitcoin grows, so at each price jump, spend some bitcoins on as much security as the value of those coins demand, and it will likely pay off.
niko
Hero Member
*****
Offline Offline

Activity: 742


There is more to Bitcoin than bitcoins.


View Profile
July 21, 2012, 09:06:41 PM
 #48



Tril, thanks for the great analysis. You make some very good points.

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
Pages: « 1 2 [3]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!