Risk
3/12/2014
12:45 PM
Connect Directly
RSS
E-Mail
50%
50%

Bitcoin, Meet Darwin: Crypto Currency's Future

First-movers rarely survive, but some experts see a real future for government-issued crypto currency.

example when it comes to advancing the use of trusted platform modules (TPMs) to ensure that a small amount of data can be stored securely and not get hacked. "We've been talking about TPMs for ages, and it doesn't work for normal users, and it barely works for security professionals," he said. "Bitcoin says your Mom needs a TPM that she can work with, and there are actual investments going on to make that happen, and I'm fascinated by that."

Such TPMs would allow crypto-currency holders to store their virtual currency not only offline, but in a system that can't be directly connected to the Internet. "That's how I store my bitcoins when I purchase or mine them... and I'm pretty confident that they won't get stolen," said Joe Stewart, director of malware research at Dell SecureWorks, in an interview at the recent RSA conference in San Francisco.

Stewart noted that two hardware-based Bitcoin wallets -- HW-1 and Trezor -- are being developed for this express purpose. More technically astute types can roll their own, using a Raspberry Pi computer. Any transactions then get carried from a PC over to the homemade wallet, where they're signed, before being brought back to the computer. "As long as you keep that Raspberry Pi from ever connecting to the Internet, it's safe," he said.

These types of hardware wallets could become the norm for all online banking, regardless of the currency being used. "This same transaction-technology verification works great for banks, because you could use it even with a fully compromised PC," Stewart said. In other words, today's must-have Bitcoin accessory could become tomorrow's de rigueur defense against sophisticated banking Trojans.

Why wait? "Commercial accounts should be demanding this type of technology," Stewart said. "Our hope is that perhaps the adoption of Bitcoin hardware and wallets showing how transaction integrity verification works will drive them to say: 'Why isn't this how my bank works?'"

Likewise, the better aspects of Bitcoin -- the block-chain system, partial anonymity, and overall system integrity -- are already leading more and more people to ask: Why isn't this how tomorrow's government-issued currency will work?

Is Amazon Web Services always the best choice for an infrastructure-as-a-service partner? Register for this InformationWeek editorial webinar and learn about the key differentiators that can mean success for your IaaS project -- or defeat. The How To Choose An IaaS Partner webinar happens March 14. Registration is free.

Mathew Schwartz is a freelance writer, editor, and photographer, as well the InformationWeek information security reporter. View Full Bio

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
ZedicusJones
50%
50%
ZedicusJones,
User Rank: Apprentice
3/13/2014 | 2:32:19 PM
Re: Bitcoin/Napster
In a way cryptocurrencies are the second movers of non-governmental electronic payment systems, after failures like e-gold.

 

Stability should increase as more vendors and employeeds accept it at payment, and as secondary markets mature (being able to against hedge agains sudden shifts in value). In some ways these cryptocurrencies have been too successful, increasing in value faster than you want in a unit of account.
Whoopty
50%
50%
Whoopty,
User Rank: Moderator
3/13/2014 | 11:00:29 AM
Re: Bitcoinitis
That's a good point and I'm not really sure Bitcoin could ever go the way of Napster and in essence be killed off in its original form. Even if Bitcoin doesn't become a world wide, regularly used currency, as long as it maintains some semblance of stability, whatever that value is, it has potential for use a way of trading instantaneously. There might be better alternatives in the future, but I think Bitcoin is going to be arounnd for a long time. 
g33ksupport
50%
50%
g33ksupport,
User Rank: Apprentice
3/13/2014 | 9:09:32 AM
Re: Bitcoin/Napster
I guess first we would need to distinguish between second movers and copy cats.  There are plenty of other cryptocurrencies that have tried to jump on the band wagon yet offer little more than Bitcoin.

The biggest issue it currently has is the comparisons and exchange rate with fiat currenciesl.

For example, if I buy an some components for 1 btc and then sell the assembled item for 2 btc, I have made 100% profit.  But when I start factoring in exchange rates, depending on when I obtained the bitcoin will massively impact my profit.  For it to work, everyone using it has to be on the same page and not be interested in cashing in when things are good or bad.
ZedicusJones
50%
50%
ZedicusJones,
User Rank: Apprentice
3/12/2014 | 6:05:33 PM
Re: Bitcoin/Napster
Bitcoins are not more worse than better. The markets are learning and improving. Hardware devices are appearing to make transactions more secure.  The free coinage of money is going to be a wonderful boon the the market economy, and the idea of this public distributed blockchain is what makes this idea practical. 


This is a case of buyer beware. The weaknesses of the Bitcoin system that these attacks are expoiting are well known and publicized, and are for the most part easily avoided.

 

It is logically possible to believe government should punish criminals but should not issue money. People are expecting the government to track down the theives as theft is a crime, however nobody sane is expecting the government to indemnify losses due to theft, as those by default are borne by the owners of a property. Just as if I take cash out of the bank, I'm responsible for losses, but I'm still going to file a police report if somebody mugs me and takes my wallet.
ZedicusJones
100%
0%
ZedicusJones,
User Rank: Apprentice
3/12/2014 | 5:38:18 PM
Re: Bitcoinitis
You could probably ban exchanges effectively, but the peer to peer nature of the blockchain means that there's no effective technical way to prohibit or reverse a transaction.

 

The beauty of these various blockchains is that they operate by consensus. If a government sticks thier hands in it, and modified it to protect the role of banks,  and mucks it all up (to put it politely), why would anyone go for it over current supplies.

Banks and big corps are never going to willingly accept the public nature of the blockchain either.


So at best we can expect governemnts and banks to adopt some of the technological measures that bitcoin uses, but they aren't going to adopt any of the big revolutionary ideas.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Moderator
3/12/2014 | 4:11:02 PM
Re: Bitcoin/Napster
The analogy is somewhat fair, though while Napster clearly violated copyright law, I don't think Bitcon is illegal outside of separate incidents of money laundering or other financial crimes.

The thing I find difficult to understand is why one would want a currency that exists outside of a government. Governments exist in part to protect those who pay into the system. If you're rejecting governance out of some libertarian notion of freedom, it seems odd to expect any help from the government when the hackers come for your Bitcoins. You're on your own, for better or worse. And lately Bitcoin seems to have more worse than better.
Laurianne
50%
50%
Laurianne,
User Rank: Apprentice
3/12/2014 | 3:32:47 PM
Bitcoin/Napster
What do you think of the Bitcoin/Napster comparison, readers? Will the second movers be more likely to win your trust?
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Ninja
3/12/2014 | 3:26:33 PM
So, is the model a DMZ?
Is the big-picture that you store your cryptocurrency offline, then when you want to spend some, you move it into a "DMZ" or airlock en route to the payee? Only a small amount is vulnerable, and only for a short period of time?
Saturation
50%
50%
Saturation,
User Rank: Apprentice
3/12/2014 | 3:16:27 PM
Bitcoinitis
Currently all the furor over Bitcoins assumes it will the top player in the growing field.  But anyone can create another Bitcoin protocol, each upgrading either the protocol's flaws or flaws in the human component: regulation and organization.  Even if a less regulated, less traceable version of bitcoin survives to allow clandestine money flow, countries can easily outlaw it to create and nurture their own bitcoin currency or at least, those it sanctions.  A true world wide currency can exists that in science fiction were referred to as 'credits'.  In a global market, as all country economies are affected by each other's economic activities, it more unlikely for a currency to exists outside of the world system; consider the effect of being outside the world economy to the North Korean won or the Cuban peso.  The bottom line is the government controlled versions are more likely to flourish, so there is even more odds for bitcoin to not succeed in the long term.

 
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3562
Published: 2014-08-21
Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.

CVE-2014-3577
Published: 2014-08-21
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-...

CVE-2014-5158
Published: 2014-08-21
The (1) av-centerd SOAP service and (2) backup command in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary commands via unspecified vectors.

CVE-2014-5159
Published: 2014-08-21
SQL injection vulnerability in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary SQL commands via the ws_data parameter.

CVE-2014-5210
Published: 2014-08-21
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) remote_task or (2) get_license request, a different vulnerability than CVE-2014-3804 and CVE-2014-3805.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.