Bitcoins and Geek Security = ?

Many tech-savvy geeks over-engineer the simplest of solutions, solely for extensibility. Moreover, security-minded geeks tend to be unusually paranoid and enforce (sometimes complex) security practices accordingly. Neither of these should be seen as faults, but rather as unique traits that us (as geeks) often share.

Bitcoin, the first P2P crypto-currency, has gained much popularity in recent months with its value reaching a peak of over $30 on one of its supporting money exchanges. Being supported mostly by geeks, it’s not surprising that a number of e-businesses and services have been established to support the virtual currency. As expected, there have already been a number of breaches by malicious users seeking some Bitcoin booty. Although the cryptography behind Bitcoin is interesting, I find the behavior of the Bitcoin community more fascinating. This is especially concerning security and privacy matters.

As a penetration tester, I regularly assess applications/infrastructure with direct contact to real-life currency e.g. online personal/business banking solutions. Furthermore, having also worked on (fraud) forensic investigations, I have a good understanding of the average banking client. With this in mind and after comparing the attitudes of my other non-security-aware geek friends, I find it truly inspiring the manner in which most Bitcoin community members have a burning desire to ensure that their (Bitcoin) wallets are kept safe from theft.

The forums showcase some of the proposed ideas that, while not always practical or effective, illustrate how far a member would go to ensure that earnings are not stolen. Below are a few threads, in no particular order, that I found interesting:

Whether (or not) Bitcoin will succeed in the long run is questionable. But in a world where the top 10 hacks resemble the previous year’s list, I have found a sparkle of hope to believe that the next generation of internet users just might be smart (or determined) enough to eradicate the age-old vulnerabilities that plague applications/infrastructure today.

The hacker/cracker arms race will never end as new vulnerabilities will always be discovered, but I can at least hope that some of the older vulnerabilities will eventually become extinct.