GLBSE switching DNS servers, may cause issues

Dalkore

legendary

Activity: 1330

Merit: 1026

Mining since 2010 & Hosting since 2012

Quote from: Nefario on May 14, 2012, 09:45:20 PM

As part of using cloudflares service (to protect and speed up GLBSE for users) we're required to change the DNS servers for the domain.

This means that over the next 24 hours there may be connection issues as a result(name not resolving). This is also responsible for the SSL errors or warnings users may be experiencing.

We're sorry for any inconvenience caused but believe this is a move for the better, the end result will be a much faster service for users.

Thank you for the heads up. Glad to see your taking steps to improve the service.

Dal

sunnankar

legendary

Activity: 1031

Merit: 1000

Quote from: Nefario on May 15, 2012, 11:25:37 AM

Regarding making accounts more secure.
Once a users email has been compromised, and two factor authentication is not enabled there is no way for us to tell the difference between the hacker and the real account owner.

I am going to be adding more security features that will hopefully prevent accounts getting cleared out, but the above mentioned won't do much except piss off users.

We only keep a small fraction of BTC on our server, nearly all of it is in cold storage, I think GLBSE isn't really a worthwhile target for attackers. There isn't much to steal.

Perhaps adding a security question to distinguish between hacker/owner would be a viable option.

Another option would be to have a withdrawal address unable to be added for X hours/days and that period, once set, could only be increased to a max of like 30 days or something. Same with an email address and allow users to add additional contact info, if they want.

I also think increased security burdens should be voluntary since it may not be worth the hassle if you have 3BTC in the account but if you have 3000BTC.

I agree there is a balance between security and usabilty. But currently I feel GLBSE is too insecure. Just making it less likely a thief could profit even if they compromise an account goes a long way towards deterence.

REF

hero member

Activity: 529

Merit: 500

Quote from: BinaryMage on May 15, 2012, 10:21:56 AM

Quote from: REF on May 15, 2012, 08:40:27 AM

3. google auth can be done with a phone app, yubikey is a usb.

4. I wouldn't have a problem with a mandatory 1hour(personally I wouldnt even mind 24hrs) wait time on all withdrawals before they get processed. Its maybe a little annoying to some people but it may turn out to be just enough time to prevent massive thief. I think it would be better to be a site wide feature rather than account based.

3. How is a Yubikey more secure than Google Auth? Both require physical possession of the device you own and both are extremely unlikely to get hacked. The latter is just cheaper and more convenient.

4. 1 hour I could tolerate, but I doubt it would be enough to prevent thievery; Nefario can't individually process each withdrawal, and a lot of BTC is transferred in and out of GLBSE daily. 24 hours would do more, but it would be an extreme inconvenience to people who need to move funds around quickly.

I didnt say either was more secure. Im not sure what you read, all I did was point out one was on a phone the other a usb. It appeared sukrim said yubikey was on a phone and its not so I was clearing that up. Although there is a yubikey app im not sure how it works I think you still need the yubikey usb and you can then add it to a phone.

If nerfario was awake it might be enough time to shut everything down and cancel pending transitions. Think about bitcoincia zhoutong was awake and was able to react quickly to prevent further damage. I didnt say he should individually process each transaction. Make them wait in limbo for an hour before they are processed automatically. I know it wouldnt help if the private keys got stolen but it is still another hurtle at least in the way of hacked accounts.

Nefario

hero member

Activity: 602

Merit: 513

GLBSE Support [email protected]

Quote from: sunnankar on May 15, 2012, 07:45:22 AM

Quote from: BinaryMage on May 14, 2012, 11:27:56 PM

It's probably astronomically less than the possibility of the GLBSE server being hacked, but you are correct, a chance does exist. I suspect that the DDOS protection and speedup will be worth it to the majority of users, however.

Nefario needs to build in some additional security tools, things besides only the cumbersome and annoying two factor authentication, and once a good option is decided on it should probably take top priority. Things like:

1. The ability to require a different password(s) than the login to make change email, trades or withdraw bitcoins, etc.

2. With changes discussed in #1 add the ability to require a transaction PIN code which is sent via email.

3. Perhaps offer a YubiKey option. But being fairly minimalist and one who travels often I do not want another little piece of physical crap to deal with and possibly lose.

4. The ability to 'freeze' an account for a specified amount of time. Or an ability to require a BTC withdrawal to take X amount of time before it is submitted to the network during which it could be canceled.

Just some things that could add enough friction to make it not worth a thief's time and reduce the potential profitability from messing with GLBSE accounts.

Regarding making accounts more secure.
Once a users email has been compromised, and two factor authentication is not enabled there is no way for us to tell the difference between the hacker and the real account owner.

I am going to be adding more security features that will hopefully prevent accounts getting cleared out, but the above mentioned won't do much except piss off users.

We only keep a small fraction of BTC on our server, nearly all of it is in cold storage, I think GLBSE isn't really a worthwhile target for attackers. There isn't much to steal.

gabbynot

sr. member

Activity: 341

Merit: 250

I would assume that most of GLBSE's BTC is kept in cold storage.

Nefario

hero member

Activity: 602

Merit: 513

GLBSE Support [email protected]

Quote from: BinaryMage on May 14, 2012, 10:38:52 PM

Quote from: drakahn on May 14, 2012, 10:38:14 PM

Quote from: BinaryMage on May 14, 2012, 10:25:54 PM

Quote from: drakahn on May 14, 2012, 09:55:49 PM

Would this have caused my account to not work at all?

I doubt it. What do you mean by "not work at all"?

I could not log in, Nefario has fixed it for me but i have no idea what was wrong.

Perhaps some database records got garbled. Anyway, glad it's fixed.

No, he wasn't solving the captcha after the failed login.

BinaryMage

hero member

Activity: 560

Merit: 500

Ad astra.

Quote from: REF on May 15, 2012, 08:40:27 AM

3. google auth can be done with a phone app, yubikey is a usb.

4. I wouldn't have a problem with a mandatory 1hour(personally I wouldnt even mind 24hrs) wait time on all withdrawals before they get processed. Its maybe a little annoying to some people but it may turn out to be just enough time to prevent massive theif. I think it would be better to be a site wide feature rather than account based.

3. How is a Yubikey more secure than Google Auth? Both require physical possession of the device you own and both are extremely unlikely to get hacked. The latter is just cheaper and more convenient.

4. 1 hour I could tolerate, but I doubt it would be enough to prevent thievery; Nefario can't individually process each withdrawal, and a lot of BTC is transferred in and out of GLBSE daily. 24 hours would do more, but it would be an extreme inconvenience to people who need to move funds around quickly.

REF

hero member

Activity: 529

Merit: 500

Quote from: Sukrim on May 15, 2012, 08:10:07 AM

Quote from: sunnankar on May 15, 2012, 07:45:22 AM

1. The ability to require a different password(s) than the login to make change email, trades or withdraw bitcoins, etc.

2. With changes discussed in #1 add the ability to require a transaction PIN code which is sent via email.

3. Perhaps offer a YubiKey option. But being fairly minimalist and one who travels often I do not want another little piece of physical crap to deal with and possibly lose.

4. The ability to 'freeze' an account for a specified amount of time. Or an ability to require a BTC withdrawal to take X amount of time before it is submitted to the network during which it could be canceled.

Just some things that could add enough friction to make it not worth a thief's time and reduce the potential profitability from messing with GLBSE accounts.

1. As long as one can read the API key, one could empty an account much faster anyways. Also if an email account is compromised too (as it is often the case), these passwords would just get reset/changed.

2. Email is not secure at all.

3. It requires a mobile phone afaik...

4. Great, and who decides that an account can/should be frozen? Account owner can be the "hacker", GLBSE would disrupt trading, GLBSE on request of account owner would mean the request could be forged. The delaying payouts thing can also be used to grief account holders... and if it can be changed later, it will be - or it will create lots of support requests if it can't.

3. google auth can be done with a phone app, yubikey is a usb.

4. I wouldn't have a problem with a mandatory 1hour(personally I wouldnt even mind 24hrs) wait time on all withdrawals before they get processed. Its maybe a little annoying to some people but it may turn out to be just enough time to prevent massive theif. I think it would be better to be a site wide feature rather than account based.

Sukrim

legendary

Activity: 2618

Merit: 1007

Quote from: sunnankar on May 15, 2012, 07:45:22 AM

1. The ability to require a different password(s) than the login to make change email, trades or withdraw bitcoins, etc.

2. With changes discussed in #1 add the ability to require a transaction PIN code which is sent via email.

3. Perhaps offer a YubiKey option. But being fairly minimalist and one who travels often I do not want another little piece of physical crap to deal with and possibly lose.

4. The ability to 'freeze' an account for a specified amount of time. Or an ability to require a BTC withdrawal to take X amount of time before it is submitted to the network during which it could be canceled.

Just some things that could add enough friction to make it not worth a thief's time and reduce the potential profitability from messing with GLBSE accounts.

1. As long as one can read the API key, one could empty an account much faster anyways. Also if an email account is compromised too (as it is often the case), these passwords would just get reset/changed.

2. Email is not secure at all.

3. It requires a mobile phone afaik...

4. Great, and who decides that an account can/should be frozen? Account owner can be the "hacker", GLBSE would disrupt trading, GLBSE on request of account owner would mean the request could be forged. The delaying payouts thing can also be used to grief account holders... and if it can be changed later, it will be - or it will create lots of support requests if it can't.

sunnankar

legendary

Activity: 1031

Merit: 1000

Quote from: BinaryMage on May 14, 2012, 11:27:56 PM

It's probably astronomically less than the possibility of the GLBSE server being hacked, but you are correct, a chance does exist. I suspect that the DDOS protection and speedup will be worth it to the majority of users, however.

Nefario needs to build in some additional security tools, things besides only the cumbersome and annoying two factor authentication, and once a good option is decided on it should probably take top priority. Things like:

1. The ability to require a different password(s) than the login to make change email, trades or withdraw bitcoins, etc.

2. With changes discussed in #1 add the ability to require a transaction PIN code which is sent via email.

3. Perhaps offer a YubiKey option. But being fairly minimalist and one who travels often I do not want another little piece of physical crap to deal with and possibly lose.

4. The ability to 'freeze' an account for a specified amount of time. Or an ability to require a BTC withdrawal to take X amount of time before it is submitted to the network during which it could be canceled.

Just some things that could add enough friction to make it not worth a thief's time and reduce the potential profitability from messing with GLBSE accounts.

BinaryMage

hero member

Activity: 560

Merit: 500

Ad astra.

Quote from: Deafboy on May 14, 2012, 11:20:32 PM

I am aware of what cloudflare do and how. But there is still small possibility of someone exploiting Cloudflares service and provide a cached copy of edited html document instead of original. And there is no need to steal wallet.dat to get money out there.

It's probably astronomically less than the possibility of the GLBSE server being hacked, but you are correct, a chance does exist. I suspect that the DDOS protection and speedup will be worth it to the majority of users, however.

Deafboy

hero member

Activity: 482

Merit: 502

I am aware of what cloudflare do and how. But there is still small possibility of someone exploiting Cloudflares service and provide a cached copy of edited html document instead of original. And there is no need to steal wallet.dat to get money out there.

BinaryMage

hero member

Activity: 560

Merit: 500

Ad astra.

Quote from: Deafboy on May 14, 2012, 10:52:09 PM

Isn't involving 3rd party in communication with glbse a potential security threat?
Cloudflare is providing good and valuable service, but look at the recent incident with Linode (slush's pool and Bitcoinica targeted) and Rackspace (Bitcoinica).
Trust is weakness. We already need to trust GLBSE, issuers of shares, and now also Cloudflare.
Is faster loading of images on website really worth it?

CloudFlare doesn't host wallets, Linode and Rackspace did. Major difference there.

All CloudFlare does, IIRC, is provide a passthrough server to protect against DDOS and the like and provide analytics services.

Deafboy

hero member

Activity: 482

Merit: 502

Isn't involving 3rd party in communication with glbse a potential security threat?
Cloudflare is providing good and valuable service, but look at the recent incident with Linode (slush's pool and Bitcoinica targeted) and Rackspace (Bitcoinica).
Trust is weakness. We already need to trust GLBSE, issuers of shares, and now also Cloudflare.
Is faster loading of images on website really worth it?

BinaryMage

hero member

Activity: 560

Merit: 500

Ad astra.

Quote from: drakahn on May 14, 2012, 10:38:14 PM

Quote from: BinaryMage on May 14, 2012, 10:25:54 PM

Quote from: drakahn on May 14, 2012, 09:55:49 PM

Would this have caused my account to not work at all?

I doubt it. What do you mean by "not work at all"?

I could not log in, Nefario has fixed it for me but i have no idea what was wrong.

Perhaps some database records got garbled. Anyway, glad it's fixed.

drakahn

hero member

Activity: 504

Merit: 500

Quote from: BinaryMage on May 14, 2012, 10:25:54 PM

Quote from: drakahn on May 14, 2012, 09:55:49 PM

Would this have caused my account to not work at all?

I doubt it. What do you mean by "not work at all"?

I could not log in, Nefario has fixed it for me but i have no idea what was wrong.

BinaryMage

hero member

Activity: 560

Merit: 500

Ad astra.

Quote from: drakahn on May 14, 2012, 09:55:49 PM

Would this have caused my account to not work at all?

I doubt it. What do you mean by "not work at all"?

drakahn

hero member

Activity: 504

Merit: 500

Would this have caused my account to not work at all?

Nefario

hero member

Activity: 602

Merit: 513

GLBSE Support [email protected]

As part of using cloudflares service (to protect and speed up GLBSE for users) we're required to change the DNS servers for the domain.

This means that over the next 24 hours there may be connection issues as a result(name not resolving). This is also responsible for the SSL errors or warnings users may be experiencing.

We're sorry for any inconvenience caused but believe this is a move for the better, the end result will be a much faster service for users.

Topic: GLBSE switching DNS servers, may cause issues (Read 2178 times)