Things I couldn’t find elsewhere

Bitcoin - pulling the curtains on computer security

Bitcoin English Internet Security Uncategorized

3 minutes

All software contain bugs. All complex software contain numerous bugs. Some of those bugs are security holes.

When you hear that a software vendor has found and fixed a security problem that means that somehow that specific bug came up on someone’s radar. People who find these holes for a living, and there are quite a few, sell them to others who then exploit them to create massive botnets, extract credit card information from unsuspecting users or in some cases try to attack online banking accounts. A regular "zero day" exploit into a computer system connected to the Internet can be sold for tens of thousands of dollars making it a worthwhile occupation for crackers.

However, while many regular computer users have had their computers taken over it’s often not something they themselves notice. If their system it’s just used for drive by DDoSing as part of a botnet, encrypted communication forwarding in a virus control protocol or activities otherwise not disturbing their normal computer usage, they have no reason to ponder the fact that any Internet computer system can be broken into. Even if their online banking account gets accessed the banks replace the balance, sometimes without the customer even knowing, since it’s worse for their reputation having to admit security problems.

Crackers, on their part, are content with selling exploits on the black market for regular fixed prices. Until Bitcoin. A fully digital currency, kept either stored on a regular Internet connected home computer, mobile Internet device or with a cloud service provider is a much more juicy target for a security exploit finding cracker. No profit taking middle men, no traceable transactions in regular national currencies and with the possibility to target many such wallets in a very short time.

All software contain bugs. All complex software contain numerous bugs. Some of those bugs are security holes.

I’m a Bitcoin proponent. I support decentralisation and the removal of the banking and finance tax on human to human monetary transactions. I do have a strong background in computer security though and the above argument has me worried as a serious hindrance to Bitcoin adoption. In short, the only reason you currently still have control over your bitcoins isn’t because you’re better at keeping them safe compared to everyone else - it’s because no one has made you a target. Yet.

(Yes I’m aware of the concept of brain and/or paper wallets - but the currency of the Internet still has to surface when a transaction is to be made and an exploited system could well switch out the target of that transfer then)

I believe, if Bitcoin continues to gain general acceptance, we’ll see for the first time since computers became a household item an awareness of just how insecure such systems really are. It’s not a fault of Bitoin - its protocol still hasn’t been broken - but a fact of complex software. The only solution is to completely redesign our current computing paradigm. Yeah that will happen.