Topic: Cybersecurity subforum - page 2. (Read 939 times)

If there is not even a remotely relevant place to post these kinds of topics, then they won't be posted. That's the case with cybersecurity at the moment.

I know that these are the (unwritten?) rules for new subforums, but I don't completely agree with them.

When you 'are your own bank', especially for newcomers into the whole field, having a place to find educational materials about basic cybersecurity practices (topics such as: how to secure your machine, proper backup practices, encryption guides, signature guides, pgp guides, ...), while also being a place for asking questions.

You and I wouldn't believe at what kind of basic level most people struggle with even using computers. Meanwhile we encourage them to be their own bank, without even having a central place that teaches them security concepts and decreases the likeliness of them losing it all.

To get back to my view on rules for new subforums: I do think that in some cases, people don't even bother creating threads about some topics, if they know they belong and will be buried immediately in off-topic, altcoin discussion, or something like that, where they won't get useful interaction and opinions. They will just go somewhere else. As a matter of fact, I sometimes just choose to talk to people in private about Lightning related stuff, since we don't have a Lightning board.
Therefore, it could (this is a hypothesis) be the other way round: creating a subforum, even without existing megathreads, may encourage and attract discussion about that topic. I personally believe that Lightning and Cybersecurity would be two boards where this could take place.

I'm all for it. It's a great idea to have such a subforum. Cyber security is a thing with anything and everything online and it will be nice to have a dedicated section of this forum for it just like what we've with "Reputation". We know where to check the integrity of users or companies when in doubt for verification or to open scam accusations on them. It should also be so for Cyber security.

This is a fantastic list. Great work! I will continue on to help build on top this list too some time this week.

I've collected a list about cyber security that the moderators often move the topic to off-topic board. I think those threads are deserve to be placed in new board either cybersecurity or hardware and software security, it's really bad to be placed in off-topic board where it's full of non sense thread like what's the best music, how to live longer, do you have pet etc.

1. Password managers or passwords from memory
2. Bitcoin and Antiviruses
3. Computer and Phone Security Questions
4. How to detect fraudulent websites.
5. I think google is spying on us ,when our phones are in the room
6. The best note taking apps for Windows?
7. LastPass - Notice of Recent Security Incident
8. Recommended 2FA app for Windows 
9. What do you use for generating strong passwords?
10. Is my iPhone hacked?
11. Hackers exploit critical VMware flaw to drop ransomware & miners
12. What about a smartphone keyboard 
13. Are they set a broker in my pc and stealing my data ? 
14. [Warning]: Password Manager LassPass has been breached, accessed customer data 
15. Probably a childish question 
16. Privacy frontends for popular services (yt, reddit, twitter, fb, insta, etc)
17. I Always Use 12 to 20 Characters Long Password 🔑 For my accounts
18. Do not rely on your OS security 
19. Hackers stolen Last Pass users passwords and sensitivw information
20. Copy link to clipboard - Nifty app for android 
21. Passwords - 8 characters at least, lower, upper, number, symbol

Sometime I think rather than this topic get moved to off-topic board, why it's not moved to serious discussion board?

To be honest there's many threads in serious discussion board are full of non sense thread and many people doesn't care with it since the signature isn't visible, so the board get less traffic.

Rather than serious discussion almost get abandoned, I would say it's better for the administrators too enable signature space on that's board, so it will increase the traffic and moderators can just increase the minimum quality or strict rules just like Bitcoin technical discussion board.

One of two conditions must be satisfied in order to create a board:

1- there have to be sufficient number of threads about this topic in other boards to the point where that board is full of those kind of threads,
2- (for local boards) there is a large megathread.

These are from my own observation and are not in any rules or moderator posts or anything like that.

Hi takuma sato. I think you are 100% on the money with this suggestion and I am passionate about supporting it. I made a thread here with another request.

I would love to constantly maintain and update that topic with more resources, I believe that more than one topic per request mightn't be good practice or something as someone told me to lock my thread for making an additional request. Would you be open to locking this thread so we can continue the discussion there? I have given you credit in my OP and also some merit for being the person who came up with the idea first. The reason for the request is so that I can maintain and build on the original post.

Thanks!

It's not a bad suggestion but I feel it would be more suitable to be like a news feed kind of type to post the latest, hacks, breaches, bugs where people can actually see if they are affected or not.

Of course, place to discuss cybersecurity is always good, but less likely to be crated.

The fact that Luke Dashjr got 3 $million worth of BTC hacked made me remember this thread. If someone with such level of expertise gets his networth hacked, it proves that cybersecurity is a crucial subject in Bitcoin and there should be a sticky guide about it, since a lot of people would find this forum when starting.

It also proves Bitcoin is not ready for prime time when it comes to self-custody of funds. Most people would probably be safer leaving it on a regulated exchange or buying through an ETF than exposing them to potential hacks unfortunately.

I support this idea I think it is important enough to have its own separate section. To be frank it is way too important to have its own section, I think we as a community should be more open minded than start with "I don't think so" mentality.

Check your laptop brand and board here:

https://coreboot.org/status/board-status.html

Basically, stick to Lenovo. x230 is probably the best you could get with an i7. With Libreboot x200 or t400 for a bigger laptop and that's about it. There is a whole subject on what's better, Libreboot or Coreboot. With Libreboot you get 0 binary blobs but you lack microcode updates which are available in Coreboot (at the expense of having to use some proprietary blobs but it's considered not a problem and ME is of course disabled). You need to hardware flash for both, i think except the x60 which can be done by downloading the rom.



It would be overkill to cut the entire internet since it would crash the stock market. They can just keep Bitcoin running under a network that is compromised because no one paid attention to this.

That's a good idea, if the moderator can create another child board where discussion about cyber security and bitcoin are been analyse. Since bitcoin gave it user more power to secure their wallet. It will be helpful and serves as a reminders to people on how to secure their wallet.

A board is really necessary because as important as Blockchain and Bitcoin is to the society today it's private key security should also be a necessity because there is no need for an innovation if it's prone to attack. As the technological aspect is fully represented there should also be need for it's security board to help discuss the preventive measures to secure private keys and for the safety of our coins. I think cyber security alongside ethical hacking could be merged

I'm in! Totally agreed: we often talk about aspects of 'cybersecurity' / IT security, throughout various boards, and it would be preferable to have a central place to find all those threads.
I think it would need to be outside the Bitcoin board, since it could include topics such as general OS-level security practices, network setups and firewalls, but also lots of privacy-oriented topics such as decentralized YouTube alternatives (there was a tiny spark of interest in the community after some Bitcoin content was deleted off YouTube) and similar.

Privacy and security would be nice, even if a sub-sub-forum. One of the largest drawbacks to bitcoin is that your regular person is at risk to losing their life savings by storing their information on their computer that may have a hole/leak in it. It's a separate topic of relevance. It would be better to have it in one location to point people to.

Is there any list of supported hardware for Coreboot or Libreboot?
I know there are some premade stuff that work on Thinkpads but it could be issue to run this bios on custom made desktop computers.

This is possible in theory, but more simple way of introducing a global kill switch would be to just turn of the internet, like we can see it's happening in some countries during riots.
Internet is centrally controlled and controllers don't have to worry about people like you who run custom bios on computers.
If they really want to hurt Bitcoin (and everything else) this is what they would do because it's more simple.

You can't disable Intel ME etc in the bios settings, that's the whole point. It runs no matter what you do, except if you flash your bios with Coreboot, which 99% of people will not do because it doesn't work in most modern computers, and it requires you to do some hardware modifications, it's not just flashing a rom file.

A reason why an attacker would want big blocks on the network, besides reducing number of nodes due higher space needed, would be to take advantage of built-in exploits at the hardware level. Once 100% of the network is running on hardware that can be controlled remotely or modified in some way you have a killswitch. I haven't seen this angle discussed. Basically most of the network outside of Raspberry Pi and flashed bios' without Intel ME and PSP is potentially backdoored.

• Good topics on security and privacy
• Disable auto-downloading in Telegram to avoid malware. I remember that someone in the forum made a topic about this one (I can not find that topic for now). I bring this security issue because it is a good example that in this forum, we have very active members to warn communities about that.

Sure, but you can always lock your bios with a strong password and you can disable in settings anything that you don't want to have.
Don't get me wrong, I updated my bios many times and I never used corebot or libreboot so far, but maybe I will give it a try to see how it works on older computer.
In addition to this you can always enable encryption during installation of any Linux OS, that makes is much more secure than any windows os will ever be,
and you can always go next level with Tails, Whonix or Cubes os, but that is not recommend for majority of people.
I don't see how Bitcoin nodes or any bitcoin related software can be affected with having bios password, plus encryption on OS level, plus strong password for your account.

Maybe that would be the case if everyone ran their own full node.

We see plenty of threads regarding things like Tor or good browser practices or extensions, best OSs to uses, PGP, encryption, password managers, best 2FA practices, phishing ads and attempts, different types of malware, critical vulnerabilities in various commonly used software, punycode attacks, KYC safety, VPNs and VPSs, and so on. All of these are very relevant to using bitcoin securely and privately, and do not fit nicely in to any other board. They often end up in Beginners and Help despite being relevant for all users, or worse they are moved to Off Topic and seen by nobody except spammers.

There are certainly far more topics which would fit in to such a board than are posted in some already existing boards.