Bitcoins and Geek Security = ?
Many tech-savvy geeks over-engineer the simplest of solutions, solely for extensibility. Moreover, security-minded geeks tend to be unusually paranoid and enforce (sometimes complex) security practices accordingly. Neither of these should be seen as faults, but rather as unique traits that us (as geeks) often share.
Bitcoin, the first P2P crypto-currency, has gained much popularity in recent months with its value reaching a peak of over $30 on one of its supporting money exchanges. Being supported mostly by geeks, it’s not surprising that a number of e-businesses and services have been established to support the virtual currency. As expected, there have already been a number of breaches by malicious users seeking some Bitcoin booty. Although the cryptography behind Bitcoin is interesting, I find the behavior of the Bitcoin community more fascinating. This is especially concerning security and privacy matters.
As a penetration tester, I regularly assess applications/infrastructure with direct contact to real-life currency e.g. online personal/business banking solutions. Furthermore, having also worked on (fraud) forensic investigations, I have a good understanding of the average banking client. With this in mind and after comparing the attitudes of my other non-security-aware geek friends, I find it truly inspiring the manner in which most Bitcoin community members have a burning desire to ensure that their (Bitcoin) wallets are kept safe from theft.
The forums showcase some of the proposed ideas that, while not always practical or effective, illustrate how far a member would go to ensure that earnings are not stolen. Below are a few threads, in no particular order, that I found interesting:
- Bitcoin Stock Exchange Security Standards (… it’s like the start of a Bitcoin PCI-type standard)
- Swapping Wallets for Increased Anonymity
- Secret keys could be memorizable
- How I manage and protect my wallets
- HOWTO: have a safe BTC storage w/o - encryption, backups, or a clean computer!
- Idea for a hardware-based Bitcoin savings account (… my favourite)
Whether (or not) Bitcoin will succeed in the long run is questionable. But in a world where the top 10 hacks resemble the previous year’s list, I have found a sparkle of hope to believe that the next generation of internet users just might be smart (or determined) enough to eradicate the age-old vulnerabilities that plague applications/infrastructure today.