Search content
Sort by
Showing 15 of 15 results by ikonic
(1) To set up my 2-factor login, I send you a string of 260 symbols, to be interpreted as a passcard with 10 rows (0-9) and 26 columns (A-Z).
The problem with this method is that if you are sending this information over the internet then it has failed since most trojans record all HTTP trafficAny and all interaction with the database should done using either Stored or Prepared Procedures
Prepared statements, yes, stored procs, NO.
HTTP Response Header Requirements
- All cookies to have the "HttpOnly" and "Secure" attributes
HTTP Headers should not include Server OS versionHTTP Headers should not include Web Server version- HTTP Headers must include an X-Frame-Options directive
Security though obscurity isn't real security. The hacker isn't going to look at your headers and then run a specific exploit script; they'll just run them all and then some. My Apache logs are full of attempts to exploit IIS vulnerabilities, every day.
Also you can't really expect the client to honor any particular headers, either. (You should still use the security attributes, ofc, just don't count on them working).
- Where the need for database analysis is required the data should be purged of all PII prior to be delivered to the auditor
There is no need to purge anything if you follow a proper release managment process.
You should have at least three different environments: development, QA and production. Dev never sees the production data, and it's where you do all your development and most of your analysis. QA is a replica of the production, used for testing the releases before moving them into production. QA can also serve as a backup when production goes down.
Another good idea to discuss it the limit that can be transfered daily/hourly.
For instance, setting a maximum dollar amount to transfer out is pointless as you can simply crash the price and pull out. Perhaps a better idea would be to set volume limits instead?
For instance, setting a maximum dollar amount to transfer out is pointless as you can simply crash the price and pull out. Perhaps a better idea would be to set volume limits instead?
You could use a 48+ hour average or something.
There could be rules to detect suspicious activity (sudden spikes in volume etc) which could trigger safety measures, such as seizing trade and withdrawals completely until the activity has been audited.
password: 12iu1287fas90sdfouisdfoiuwejz93jlkjad93mlsafd9
hash: j12j90asdfuoi1u29123912j1lk1291jl129j11jhr
sorry password is insecure, please include capital letters
Its not just about the length... its the width that counts as well. don't let anyone tell you differenthash: j12j90asdfuoi1u29123912j1lk1291jl129j11jhr
sorry password is insecure, please include capital letters
And if you aint packing upper and lower case, numbers and special characters, then you can't join the party
Except that the only BCrypt library I can find doesn't implement the HashAlgorithm class so I can't use it with my existing solution. I'd have to rewrite the entire login system... Which I might still do... We'll see 
You could use Rijndael instead
Well, hey, if it's got a GetHashCode() method (which it appears to) I can use it with the code I've got, the only question is how does it compare to BCrypt? I'm obviously not a crypto expert considering I was going to use an SHA variant so what does the crowd think?
have seen http://bcrypt.codeplex.com/
Except that the only BCrypt library I can find doesn't implement the HashAlgorithm class so I can't use it with my existing solution. I'd have to rewrite the entire login system... Which I might still do... We'll see
You could use Rijndael instead
Are we talking about stock exchange,like glbse, or currency exchange, like mt gox and tradehill?
The more I think about it, it should really be an across the board for standard for any site that deals with bitcoins.
The finance industry is going to be bound by PCI one day and something similar should happen for bit coin sites.
A simple e-mail notification when BTC withdrawal address is changed, and lock on withdrawing funds for at least 24 hours after address change, would be nice too (BTCGuild's method)
I'd like to have to have an option of having a code sent to my mobile with a code in it to activate the withdraw. Make the mobile number unchangeable after registration. Only way to change it is when the account has zero balances. Even if the account is hacked, good luck withdrawing.
+1
I also have a post here on creating security best practices for bit coin sites (http://forum.bitcoin.org/index.php?topic=20377.0)
I also have a post here on creating security best practices for bit coin sites (http://forum.bitcoin.org/index.php?topic=20377.0)
To sum it all up, BANK LEVEL SECURITY. No bullshit "25 letter passwords".
Take my money and STFU.
I am actually the senior developer/team leader for the online banking team which provide online services (mobile and internet banking/lending) to around 30 financial instituions. I also run a security forum and am familar with the nuoance of online transactions.Take my money and STFU.
In saying that, I am not going to drop every single piece of information straight up unless others are interested in participating.
And BANK LEVEL SECURITY is shit. Just ask the CitiBank customers who card details have been nabbed...
What I am proposing is something far more secure and workable.
well 1000 bitcoins are a lot of money.
Perhaps accounts should have daily transaction limits where the user can reduce online at any time but it requires admin intervention to raise.Moreover we need 2 levels of password:
1) An account password, sent via password-authenticated key agreement and not https
2) A Time-synchronized one-time passwords or a 2d key, to authorize movements, so that even if the password is stolen, it is impossible to authorize another transaction.
I assume you're talking about a TAN? This is a good idea.1) An account password, sent via password-authenticated key agreement and not https
2) A Time-synchronized one-time passwords or a 2d key, to authorize movements, so that even if the password is stolen, it is impossible to authorize another transaction.
no use of cookies at all.
Not really a big fan of this, It means the URL requires a session identifier to be included or then entire site runs through POSTS?All passwords should be stored using one way encryption with a unique salt per user (salt to be a minimum 128bits) iterative hashing
Fixed that for you.Interesting Read. Seems to be a lot of angst of OS.
The bottom line is though, OS are only as strong or weak as the people hardening them.
Anyways, don't want to highjack the thread but for those would like to help contribute towards a Bitcoin Stock Exchange Security Standar, I have created a thread here http://forum.bitcoin.org/index.php?topic=20377.0
The bottom line is though, OS are only as strong or weak as the people hardening them.
Anyways, don't want to highjack the thread but for those would like to help contribute towards a Bitcoin Stock Exchange Security Standar, I have created a thread here http://forum.bitcoin.org/index.php?topic=20377.0
I've read quite a few times in this thread to make backups of your bitcoin wallet. But if I'm not completely wrong, then even stealing just the backup data results in losing all your bitcoins. So from a security perspective, better don't make backup copies!
The idea is to create an encrypted back up of the wallet, not just a copy.
I am not a bot... seriousily!
Anyways, I just want to comment on a number of threads relating to the MT Gox hack (for the time being)
Also, would prefer not to link to any other accounts I use for obvious reasons.
In terms of bit coins, I own em, I buy em and I sell em.
Anyways, I just want to comment on a number of threads relating to the MT Gox hack (for the time being)
Also, would prefer not to link to any other accounts I use for obvious reasons.
In terms of bit coins, I own em, I buy em and I sell em.
Should a mod read this can you please move my topic (http://forum.bitcoin.org/index.php?topic=20377.0) into the Bitcoin discussion area?
Given that BitCoin is still in its infancy, many of the stock exchanges are being run by inexperienced coders or business types with no real online financial experience... and as such, putting the entire community at risk.
Therefore, what I am proposing is that the BitCoin community draft together a set of agreed security standards and best practices that all trusted exchanges should adhere to.
As an example of Web Standards, the basics would be
Web Application Requirements
HTTP Response Header Requirements
Data Storage and Analysis Requirements
Finally, this list isn't extensive but only a start so it would be good to get others feedback.
btw: Sorry about being stuck in the newb section but alas such is life.
Note: Not here for the MT Gox bashing, it will achieve nothing. Lets talk about the future instead.
Edit:
Another good idea to discuss it the limit that can be transfered daily/hourly.
For instance, setting a maximum dollar amount to transfer out is pointless as you can simply crash the price and pull out. Perhaps a better idea would be to set volume limits instead?
BitCoin Transfer Requirements
Therefore, what I am proposing is that the BitCoin community draft together a set of agreed security standards and best practices that all trusted exchanges should adhere to.
As an example of Web Standards, the basics would be
Web Application Requirements
- Website to be tested to ensure SQL injections (including truncation attacks) do not exist
- Website to be tested to ensure XSS injections do not exist
- Website to be tested to ensure XPATH injections do not exist
- Website to be tested to ensure CSRF vulnerabilities do not exist
- All transactional functionality should be undertaken with http post using CSRF nuonces
- Any and all interaction with the database should done using either Stored or Prepared Procedures
HTTP Response Header Requirements
- All cookies to have the "HttpOnly" and "Secure" attributes
- HTTP Headers should not include Server OS version
- HTTP Headers should not include Web Server version
- HTTP Headers must include an X-Frame-Options directive
Data Storage and Analysis Requirements
- All passwords should be stored using one way encryption with a unique salt per user (salt to be a minimum 128bits)
- Where the need for database analysis is required the data should be purged of all PII prior to be delivered to the auditor
- Users with permissions to the database should be limited to the web application only
Finally, this list isn't extensive but only a start so it would be good to get others feedback.
btw: Sorry about being stuck in the newb section but alas such is life.
Note: Not here for the MT Gox bashing, it will achieve nothing. Lets talk about the future instead.
Edit:
Another good idea to discuss it the limit that can be transfered daily/hourly.
For instance, setting a maximum dollar amount to transfer out is pointless as you can simply crash the price and pull out. Perhaps a better idea would be to set volume limits instead?
BitCoin Transfer Requirements
- Maximum Daily Transfer Limit - Currency $1000
- Maximum Daily Transfer Limit - BitCoins 1000
I am not a bot... seriousily!
Anyways, I just want to comment on a number of threads relating to the MT Gox hack (for the time being)
Also, would prefer not to link to any other accounts I use for obvious reasons.
In terms of bit coins, I own em, I buy em and I sell em.
Anyways, I just want to comment on a number of threads relating to the MT Gox hack (for the time being)
Also, would prefer not to link to any other accounts I use for obvious reasons.
In terms of bit coins, I own em, I buy em and I sell em.