Pages:
Author

Topic: Discussion: "Cybersecurity and Privacy" board + Poll (request v1) - page 9. (Read 3313 times)

staff
Activity: 3304
Merit: 4115
I don't like it. Lots of sub-boards can bring worry. If you want to talk about something specific for a Bitcoin wallet, use a Wallet software sub-board. If you want to ask questions related to wallet software, use that board. If you're interested in improving your competence around security, you should visit the proposed board.

We should also have a separate privacy-related sub-board, in my opinion, but that's off-topic.
Potentially having a privacy section that's a child of security as they're somewhat related or simply a dedicated Security & Privacy section. Probably one of the few times I'd like to see something implemented not based on demand, but because I think it's somewhat important to understand. Plus, I could probably talk security a lot, and would have some threads in mind to contribute to the section which don't really fit anywhere worthwhile currently. Off topic or very loosely Beginners & Help maybe.

I'd probably contribute some specific Qubes features which could be beneficial for Bitcoin users in securing their assets as well as some unrelated security benefits.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
If someone's exchange is hacked, that can go to exchange board.
The point of such board isn't to address your issue (only). It is to educate yourself about security, with guides, lists, stories etc. And I'm in favor of such board.

a better construction would probably be:

Security > Wallet software > Bitcoin wallets
I don't like it. Lots of sub-boards can bring worry. If you want to talk about something specific for a Bitcoin wallet, use a Wallet software sub-board. If you want to ask questions related to wallet software, use that board. If you're interested in improving your competence around security, you should visit the proposed board.

We should also have a separate privacy-related sub-board, in my opinion, but that's off-topic.
legendary
Activity: 1526
Merit: 1359
I like the idea. A dedicated board for discussing the latest threats, sharing tips and resources, and asking questions related to cybersecurity would be a valuable addition to the community. I do not see any negative side to this proposal.
legendary
Activity: 1666
Merit: 1037
We are permanently in a state of digital warfare, where people are targeted even without prompting. I think it probably was not necessary when Bitcoin started, or even 2-3 years ago it could have been called "somewhat necessary"...but now, I think it is definitely necessary. I have done a lot of research and reading to support this view, trust me!

Under the wallets section would be most viable to relating it to Bitcoin (as cybersecurity in terms of Bitcoin is to protect your wallet and funds). Though (and I know aesthetics is not a primary focus for anyone) I think it aesthetically won't fit well there considering all of the other boards are for specific wallet software rather than subject/topic categories. I do think it deserves to be at most a sub-board, rather than a sub-board of a sub-board. Where it fits is challenging.

Yea a reconstruction of the Wallet section is great as well!

Instead of Bitcoin > Wallet software

a better construction would probably be:

Security > Wallet software > Bitcoin wallets

So we can have other things like Security > Internet security general, etc

I don't like the idea of putting it under the wallets subboard. You can try perhaps under the Development and Technical discussion board, but even there, I do not think that it is a suitable location either. Another place could be somewhere under the Economy board: Economy > Cybersecurity.

Economy is good. I suggested under "Other" with the additional label of privacy to go along with it. "Cybersecurity and Privacy".

I will do some more thinking and elaborate on the OP at some stage when I have some free time.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
We are permanently in a state of digital warfare, where people are targeted even without prompting. I think it probably was not necessary when Bitcoin started, or even 2-3 years ago it could have been called "somewhat necessary"...but now, I think it is definitely necessary. I have done a lot of research and reading to support this view, trust me!

Under the wallets section would be most viable to relating it to Bitcoin (as cybersecurity in terms of Bitcoin is to protect your wallet and funds). Though (and I know aesthetics is not a primary focus for anyone) I think it aesthetically won't fit well there considering all of the other boards are for specific wallet software rather than subject/topic categories. I do think it deserves to be at most a sub-board, rather than a sub-board of a sub-board. Where it fits is challenging.

Yea a reconstruction of the Wallet section is great as well!

Instead of Bitcoin > Wallet software

a better construction would probably be:

Security > Wallet software > Bitcoin wallets

So we can have other things like Security > Internet security general, etc

I don't like the idea of putting it under the wallets subboard. You can try perhaps under the Development and Technical discussion board, but even there, I do not think that it is a suitable location either. Another place could be somewhere under the Economy board: Economy > Cybersecurity.
legendary
Activity: 1666
Merit: 1037
If someone's exchange is hacked, that can go to exchange board. If someone's wallet is hacked, that can go to software wallet board. If it is a web wallet that is hacked, it can go to web wallet board.

I think you've missed the entire premise/purpose of the board request. It is definitely not primarily to post about being hacked. It is meant to discuss everything surrounding cybersecurity such as ways to defend yourself online or improve overall system security in order to prevent being hacked in the first place.

This has been requested before Cybersecurity subforum, lock your topic and continue in this thread.
He has a new idea to be updating the OP with cyber security threads which can be a reason why this thread is different from the old one, but no good reason we should have a cyber security board.

Do you know what the word "precedent" is, or means? Every single thread that is and will be linked are proof that people need to know how to improve their cybersecurity and serves as an individual reason as to why a board that includes information to prevent the same thing from happening again is needed.

I'm not going to lie to you, I'm pretty astounded with your post. If I could negative merit it, I would.

We are permanently in a state of digital warfare, where people are targeted even without prompting. I think it probably was not necessary when Bitcoin started, or even 2-3 years ago it could have been called "somewhat necessary"...but now, I think it is definitely necessary. I have done a lot of research and reading to support this view, trust me!

Under the wallets section would be most viable to relating it to Bitcoin (as cybersecurity in terms of Bitcoin is to protect your wallet and funds). Though (and I know aesthetics is not a primary focus for anyone) I think it aesthetically won't fit well there considering all of the other boards are for specific wallet software rather than subject/topic categories. I do think it deserves to be at most a sub-board, rather than a sub-board of a sub-board. Where it fits is challenging.

Yea a reconstruction of the Wallet section is great as well!

Instead of Bitcoin > Wallet software

a better construction would probably be:

Security > Wallet software > Bitcoin wallets

So we can have other things like Security > Internet security general, etc

The solutions in the wallet section are kind of outdated, some definitely don't need their own board. I think that the wallet section is another can of worms though.

I think a Cybersecurity section is as important as Politics and Society, and it would even deserve a place in the "Other" category.

Better yet, since privacy (in a way) goes hand in hand with security, or at least the content of both topics could exist within the same board, naming the board "Privacy and Security" or "Cybersecurity and Privacy" would allow it to fit well above or below "Politics and Society".
mk4
legendary
Activity: 2870
Merit: 3873
📟 t3rminal.xyz
We are permanently in a state of digital warfare, where people are targeted even without prompting. I think it probably was not necessary when Bitcoin started, or even 2-3 years ago it could have been called "somewhat necessary"...but now, I think it is definitely necessary. I have done a lot of research and reading to support this view, trust me!

Under the wallets section would be most viable to relating it to Bitcoin (as cybersecurity in terms of Bitcoin is to protect your wallet and funds). Though (and I know aesthetics is not a primary focus for anyone) I think it aesthetically won't fit well there considering all of the other boards are for specific wallet software rather than subject/topic categories. I do think it deserves to be at most a sub-board, rather than a sub-board of a sub-board. Where it fits is challenging.

Yea a reconstruction of the Wallet section is great as well!

Instead of Bitcoin > Wallet software

a better construction would probably be:

Security > Wallet software > Bitcoin wallets

So we can have other things like Security > Internet security general, etc
legendary
Activity: 1652
Merit: 1208
Gamble responsibly
If someone's exchange is hacked, that can go to exchange board. If someone's wallet is hacked, that can go to software wallet board. If it is a web wallet that is hacked, it can go to web wallet board.

This has been requested before Cybersecurity subforum, lock your topic and continue in this thread.
He has a new idea to be updating the OP with cyber security threads which can be a reason why this thread is different from the old one, but no good reason we should have a cyber security board.
legendary
Activity: 1666
Merit: 1037
Not sure if one is necessary, as they can pretty much fall under the Wallet software section. https://bitcointalk.org/index.php?board=37.0

On the other hand, such a section would probably be good for things like the LastPass breach, etc which aren't necessarily bitcoin/crypto-related.

We are permanently in a state of digital warfare, where people are targeted even without prompting. I think it probably was not necessary when Bitcoin started, or even 2-3 years ago it could have been called "somewhat necessary"...but now, I think it is definitely necessary. I have done a lot of research and reading to support this view, trust me!

Under the wallets section would be most viable to relating it to Bitcoin (as cybersecurity in terms of Bitcoin is to protect your wallet and funds). Though (and I know aesthetics is not a primary focus for anyone) I think it aesthetically won't fit well there considering all of the other boards are for specific wallet software rather than subject/topic categories. I do think it deserves to be at most a sub-board, rather than a sub-board of a sub-board. Where it fits is challenging.
mk4
legendary
Activity: 2870
Merit: 3873
📟 t3rminal.xyz
Not sure if one is necessary, as they can pretty much fall under the Wallet software section. https://bitcointalk.org/index.php?board=37.0

On the other hand, such a section would probably be good for things like the LastPass breach, etc which aren't necessarily bitcoin/crypto-related.
legendary
Activity: 1666
Merit: 1037
This has been requested before Cybersecurity subforum, lock your topic and continue in this thread.

Thank you! Locked & updated OP.

Edit - I am leaving this thread open as I wish to update the precedent and elaborate on the details of the OP much further than the other post. I am also going to request the OP of the other thread to lock his topic so that new discussion can occur here about it.

Edit 2 - I have requested the OP of the original thread to lock their thread and move to this one with good reason, if they are open to doing it:

Hi takuma sato. I think you are 100% on the money with this suggestion and I am passionate about supporting it. I made a thread here with another request.

I would love to constantly maintain and update that topic with more resources, I believe that more than one topic per request mightn't be good practice or something as someone told me to lock my thread for making an additional request. Would you be open to locking this thread so we can continue the discussion there? I have given you credit in my OP and also some merit for being the person who came up with the idea first. The reason for the request is so that I can maintain and build on the original post.

Thanks!



Edit May 01 2023 - Adding past call to actions into this post



Call to action for attention to the community vote, posted on August 31, 2023

Call to action

Have you casted a vote in the unofficial community vote for a cybersecurity and privacy board?

If you haven't, it is now very easy to cast a vote. All you need to do is state your position on the topic, and either quote a member who you agree with for your reasoning, or share your opinion!

Cast your vote here

Call to action for attention to this request, posted on May 1, 2023

On April 30 2023, Avirunes received a loan from shasan and was reportedly hacked of the whole amount lent (0.015 BTC, approx $450 USD market value). The hack shows a lot of similarities to the situation that occurred with julerz12, Avirunes was likely to have been infected with malware that was able to either grab the secret/seed phrase of the Electrum wallet, or sweep/send from the electrum wallet to the hackers address.

If the Cybersecurity and Privacy board was added any time in the last 3 months after the situation with julerz12, maybe a post there (such as one explaining and emphasizing that all users should be using Linux over Windows) may have prevented the OP from being hacked.

The Cybersecurity and Privacy board is becoming imperative for the safety of BitcoinTalk users as two incidents have now effected and caused damage to the BitcoinTalk economy.



Call to action for attention to this request, posted on April 23, 2023

Theymos, enable us to increase our online armor and to help do the same for individuals who are otherwise vulnerable by adding the Cybersecurity & Privacy board!




This is a rather older article that I stumbled across recently however I believe that it highlights the shift from being a victim of deception (controllable by common sense, experience, reduced naivety, skepticism and/or wisdom) to being a victim of hacks - which is controllable only with exposure to knowledge. The majority of people don't have access to accurate information without looking for it, which is what I hope the Cybersecurity & Privacy board here on BitcoinTalk would achieve!

Source: https://edition.cnn.com/2022/08/16/tech/crypto-hack-rise-2022/index.html
The good news: Significantly less people are falling for ponzi schemes similar to BitConnect than in 2017:
Quote from: cnn
But there may be at least one silver lining in the report: The amount of money lost in cryptocurrency scams, such as the $2 billion dollar Ponzi scheme carried out by BitConnect founder Satish Kumbhani, was 65% less than the year prior as the falling value of crypto made it a less enticing investment opportunity for potential victims.
The bad news: Over $1.9 billion has been hacked or stolen from protocols and users during the first 7 months of 2022

Some more validation of the need for the Cybersecurity & Privacy board below.



As of March 2023, ransomware attacks are increasing
Source: https://www.ghacks.net/2023/04/22/ransomware-attacks-record-march/

Basic cybersecurity measures can very easily prevent the threat of non-targeted ransomware.



GDAC hot wallet hacked for $13 million

List of some recent exchange hacks: https://www.hedgewithcrypto.com/cryptocurrency-exchange-hacks/

The end-user could have easily prevented their exposure to centralized exchange hacks by not using them altogether or keeping their coins off-exchange unless they need to use the exchange (last resort, many alternatives out there nowadays).  




Some other non-crypto hacks in 2023 where the end-user may have been able to reduce their exposure if they were taking intermediate to advanced privacy measures:

Quote
April 10

Pizza Hut/KFC Data Breach: Yum! Brands, which owns fast food chains Pizza Hut, KFC, and Taco Bell, has informed a number of individuals that their personal data was exposed during a ransomware attack that took place in January of this year. The hospitality giant confirmed that names, driver's license, and ID card info was stolen. An investigation into whether the information has been used to commit fraud already is currently underway.

How risk for the end user could have been mitigated:
- Don't upload personal/sensitive information where you don't need to (why on earth would you upload a drivers license/ID card to these companies anyway?)
- Use non-identifiable information and a pre-paid debit card to make purchases, if possible.
- Don't trade your identity/privacy/payment information for convenience.

Quote
March 24

ChatGPT Data Leak: A bug found in ChatGPT's open-source library caused the chatbot to leak the personal data of customers, which included some credit card information and the titles of some chats they initiated.  “In the hours before we took ChatGPT offline,” OpenAI said after the incident, “it was possible for some users to see another active user’s first and last name, email address, payment address, the last four digits (only) of a credit card number, and credit card expiration date. Full credit card numbers were not exposed at any time.”

How risk for the end user could have been mitigated:
- Using PVA's to create a ChatGPT account in conjunction with a VPN/Proxy to make the data less/non-identifiable to the chatGPT user.

Quote
Chick-fil-A Data Breach: fast food chain Chick-fil-A is investigating “suspicious activity” linked to a select number of customer accounts. The company has published information on what customers should do if they notice suspicious activity on their accounts, and advised such customers to remove any stored payment methods on the account.

How risk could have been mitigated by the end user:
- Using a pre-paid debit card solution separate from the main bank account would allow the user to easily disable access to funds without effecting day to day life.

Quote
February 21

Activision Data Breach: Call of Duty makers Activision has suffered a data breach, with sensitive employee data and content schedules exfiltrated from the company's computer systems. Although the breach occurred in early December 2022, the company has only recently revealed this to the public. According to reports, an employee's credentials were obtained in a phishing attack and subsequently used to infiltrate the system.

Quote
Twitter Data Breach: Twitter users' data was continuously bought and sold on the dark web during 2022, and it seems 2023 is going to be no different. According to recent reports, a bank of email addresses belonging to around 200 million Twitter users is being sold on the dark web right now for as little as $2. Even though the flaw that led to this leak was fixed in January 2022, the data is still being leaked by various threat actors.

How risk for the end user could have been mitigated:
- Using a privacy-friendly, disposable email with non-identifiable information for the activision account to make the mistake of the employee of no concern for the end-user.

Quote
PayPal Data Breach: A letter sent to PayPal customers on January 18, 2023, says that on December 20, 2022, “unauthorized parties” were able to access PayPal customer accounts using stolen login credentials.

PayPal goes on to say that the company has “no information” regarding the misuse of this personal information or “any unauthorized transactions” on customer accounts and that there isn't any evidence that the customer credentials were stolen from PayPal's systems.

How risk could have been mitigated by the end user:
- Don't use paypal (there are many alternatives that serve the same purpose out there)

Quote
December 1

LastPass Data Breach: Password manager LastPass has told some customers that their information was accessed during a recent security breach. According to LastPass, however, no passwords were accessed by the intruder. This is not the first time LastPass has fallen victim to a breach of their systems this year – someone broke into their development environment in August, but again, no passwords were accessed.

How risk could have been mitigated by the end user:
- Using offline encryption methods on external storage to protect passwords instead of using supposedly "encrypted" and "secure" cloud storage services


Source: https://tech.co/news/data-breaches-updated-list



Call to action for attention to this request, posted on March 30, 2023
Since the demise of ChipMixer, users have begun to question lately about whether or not it is a wise move to participate in mixing signature campaigns, and if there are any risk to users who are being paid to have these services in their signatures around the forum, such as in this thread:
Participating in Mixer Signatures

BitcoinTalk staff were allegedly asked not to promote these services, raising more cause for concern:
staff were asked to stop advertising mixing services

Additionally, recent news has exposed that an unknown person or group (dubbed "LinkingLion") may be collecting IP addresses from Bitcoin nodes/users.

If the Cybersecurity & Privacy board were added, I would be almost certain that there would be a bountiful amount of knowledge and resources that would allow people to reduce their fears and take comfort in the measures that they are taking to keep their privacy from being compromised. The reasons for adding this board are only increasing by the day and I could bet that it would soon become a necessity if we want to help to assist the (unfortunately) wider, currently unaware/uninformed portion of the community in upholding their anonymity and privacy.
hero member
Activity: 952
Merit: 662
This has been requested before Cybersecurity subforum, lock your topic and continue in this thread.
legendary
Activity: 1666
Merit: 1037
Pages:
Jump to: