Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Archival
Merits 2 from 2 users
Re: Too many vulnerability/Hacks
by
pebwindkraft
on 15/02/2018, 08:22:59 UTC
⭐ Merited by nullius (1) ,TryNinja (1)
A fairly general statement, leading to speculation...
If there were possible security issues in a none-defined incident, what do you want to explain?
And one could say: Bitcoin was not attacked, the people handling bitcoins got attacked.
So some generic thoughts:

a general pattern in bitcoin is: only if you hold the private keys, you are the owner of the bitcoin (and they are secure with you).
If you loose your private key, or someone else has the private key, its a matter of trust into the person, who now holds the private keys. Similiar to your fiat-wallet. People can give it back, or they keep it for themselves.
So: only put the trading amount into your exchange, and keep the rest with your personal wallet.

Now the second approach for theft of bitcoins is the protection of your operating system. Similiar to the protection of your house. If there is nothing inside, you don't need to have high walls and an electric fence around it... This translates to:

- small funds can use an online wallet
- monthly values have a need for a full node on unixoide systems (yes, really!), and maybe already hardware wallet
- and yearly values need to be protected with cold storage and multisigs

I am not a Windows hater, I was using it all the time. But when sound drivers have key loggers, and Win10 is sending keystrokes into log files back to Microsoft, it requires a good piece of knowledge, to secure the OS at an appropriate level. By default installation this system is insecure, and a good entrance door to remote attacks. (Compare this to OpenBSD).

Then there are additional layers of security, were people fall victim:
phishing - we all know about the different approaches of phishing, and obviously this reoccurs all the time. This is a social issue, not a technical.

java script - well, this is probably one of the best, cause it brings unverified code via the internet to your local machine. If you are dealing with high valued funds, and have priv keys on your internet connected machine, and java script activated, how can you protect your system?

booking system - on many exchanges there were booking systems not adequatly protected, leading to losses

verification - I have even heard about systems, that put the verification of a transaction or a block to the clients machine

So in summary: Bitcoin per se is secure, the code is verified and reviewed, and only professionals develop it :-) On other crypto currencies one would have to evaluate first the level of security (or again: trust tht "these people" do a correct job, but then don't be surprised if funds are lost).

A good security is a trade-off: if you need to protect high values, you need to invest also higher efforst in security. You need to get away from trusting a mobile device, an operating system or the code to be secure just with their default installation. INVEST IN SECURITY!