Re: we need a comprehensive guide for making SAFE bitcoin apps!!

Quote from: paulie_w on July 13, 2012, 06:34:59 PM

let's just say for the moment that whether it's basic security or 'bitcoin security' doesn't matter. we NEED to provide our community with great guides so that enthusiastic young people, even inexperienced, can read it and build according to standard.

and that means the rest of the community can say to them, hey, did you run through part X of our procedure? please publish your results.

i don't imagine something so advanced as a 'test suite' for all sites (impossible, i'm sure), but i do think we could at least start to imagine standards.

Okay, but RULE 1 of the guide is that you are only as secure as your weakest link.

Bitcoinica Hack #1 Linode = probably an inside job at Linode

Bitcoinca Hack #2 = Moved to Rackspace; Patrick's email server was compromised, oops!

Bitcoinca Mt.Gox Hack = We didn't change a password Tihan re-used, sorry!

Edit: I should change the word "hack" above because no hacking was even required. Thieves without computer knowledge could have executed all of the above thefts.