May 06, 2015
State of Bitcoin Security
Bojan Simic@bojansimic @[email protected]
Bitcoin Security Project
When it comes to security….
Bitcoin Security Project
Remember the 5th of November
Bitcoin Security Project
Enigma Machine in WW2
Bitcoin Security Project
00000000
Bitcoin Security Project
Need a Debit Card?
Bitcoin Security Project
Internet Security
Target – 70,000,000 credit
card records
Adobe – 38,000,000 CC
numbers & user accounts
American Business Hack – 160,000,000 credit card
numbers and bank accounts
SONY PSN – 77,000,000 User
Accounts
US Military – 76,000,000 SSNs of
Veterans
Top 4 hacks of 2013 resulted in 575 MILLION compromised accounts!
Bitcoin Security Project
Bitcoin (In)security
Bitcoin Savings & Trust
Bitcoin Security Project
Why?
Bitcoin Security Project
Hackers are getting smarter, there’s more of them, and there are more targets every day
91% of surveyed companies had a security incident in the last 12 months.
Bitcoin Security Project
So what can you do about it?
Bitcoin Security Project
The average security breach costs $50,000 – $650,000
Bitcoin Security Project
Hire or train developers qualified in security
Protecting Sensitive Data
Preventing Injection Attacks
Preventing XSS
Access Control Strategy
Business Function Access Control
Data Layer Access Control
Securing User Sessions
Managing Identities in Apps
Using SSL
Threat Modeling for Apps
18.8%
77.0%
70.0%
30.0%
55.0%
40.0%
51.0%
61.0%
69.0%
24.0%
Developer’s Scores
Companies that train developers in security have 73% less vulnerabilities
Bitcoin Security Project
Store your bitcoins securely!
Paper Wallet
COLD STORAGE!
Smaller businesses are victims of cyber crimes more often than big firms
Bitcoin Security Project
Encrypt EVERYTHING!
• Transactions• Passwords• SSNs• Addresses• Images• Credit Cards• DOB• Other PII…
73% of Americans have been victims of a cyber security crime
Bitcoin Security Project
Take advantage of free resources & tools
Bitcoin Security Project
Start a security bug bounty!
Fixing a security vulnerability post-release costs 30X more than in dev
Bitcoin Security Project
?’s(Donations)
• Follow @cryptosecurity • Sign up at bitcoinsecurityproject.org• [email protected]