Risk
3/12/2014
12:45 PM
50%
50%

Bitcoin, Meet Darwin: Crypto Currency's Future

First-movers rarely survive, but some experts see a real future for government-issued crypto currency.

example when it comes to advancing the use of trusted platform modules (TPMs) to ensure that a small amount of data can be stored securely and not get hacked. "We've been talking about TPMs for ages, and it doesn't work for normal users, and it barely works for security professionals," he said. "Bitcoin says your Mom needs a TPM that she can work with, and there are actual investments going on to make that happen, and I'm fascinated by that."

Such TPMs would allow crypto-currency holders to store their virtual currency not only offline, but in a system that can't be directly connected to the Internet. "That's how I store my bitcoins when I purchase or mine them... and I'm pretty confident that they won't get stolen," said Joe Stewart, director of malware research at Dell SecureWorks, in an interview at the recent RSA conference in San Francisco.

Stewart noted that two hardware-based Bitcoin wallets -- HW-1 and Trezor -- are being developed for this express purpose. More technically astute types can roll their own, using a Raspberry Pi computer. Any transactions then get carried from a PC over to the homemade wallet, where they're signed, before being brought back to the computer. "As long as you keep that Raspberry Pi from ever connecting to the Internet, it's safe," he said.

These types of hardware wallets could become the norm for all online banking, regardless of the currency being used. "This same transaction-technology verification works great for banks, because you could use it even with a fully compromised PC," Stewart said. In other words, today's must-have Bitcoin accessory could become tomorrow's de rigueur defense against sophisticated banking Trojans.

Why wait? "Commercial accounts should be demanding this type of technology," Stewart said. "Our hope is that perhaps the adoption of Bitcoin hardware and wallets showing how transaction integrity verification works will drive them to say: 'Why isn't this how my bank works?'"

Likewise, the better aspects of Bitcoin -- the block-chain system, partial anonymity, and overall system integrity -- are already leading more and more people to ask: Why isn't this how tomorrow's government-issued currency will work?

Is Amazon Web Services always the best choice for an infrastructure-as-a-service partner? Register for this InformationWeek editorial webinar and learn about the key differentiators that can mean success for your IaaS project -- or defeat. The How To Choose An IaaS Partner webinar happens March 14. Registration is free.

Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014. View Full Bio

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
ZedicusJones
50%
50%
ZedicusJones,
User Rank: Apprentice
3/13/2014 | 2:32:19 PM
Re: Bitcoin/Napster
In a way cryptocurrencies are the second movers of non-governmental electronic payment systems, after failures like e-gold.

 

Stability should increase as more vendors and employeeds accept it at payment, and as secondary markets mature (being able to against hedge agains sudden shifts in value). In some ways these cryptocurrencies have been too successful, increasing in value faster than you want in a unit of account.
Whoopty
50%
50%
Whoopty,
User Rank: Moderator
3/13/2014 | 11:00:29 AM
Re: Bitcoinitis
That's a good point and I'm not really sure Bitcoin could ever go the way of Napster and in essence be killed off in its original form. Even if Bitcoin doesn't become a world wide, regularly used currency, as long as it maintains some semblance of stability, whatever that value is, it has potential for use a way of trading instantaneously. There might be better alternatives in the future, but I think Bitcoin is going to be arounnd for a long time. 
g33ksupport
50%
50%
g33ksupport,
User Rank: Apprentice
3/13/2014 | 9:09:32 AM
Re: Bitcoin/Napster
I guess first we would need to distinguish between second movers and copy cats.  There are plenty of other cryptocurrencies that have tried to jump on the band wagon yet offer little more than Bitcoin.

The biggest issue it currently has is the comparisons and exchange rate with fiat currenciesl.

For example, if I buy an some components for 1 btc and then sell the assembled item for 2 btc, I have made 100% profit.  But when I start factoring in exchange rates, depending on when I obtained the bitcoin will massively impact my profit.  For it to work, everyone using it has to be on the same page and not be interested in cashing in when things are good or bad.
ZedicusJones
50%
50%
ZedicusJones,
User Rank: Apprentice
3/12/2014 | 6:05:33 PM
Re: Bitcoin/Napster
Bitcoins are not more worse than better. The markets are learning and improving. Hardware devices are appearing to make transactions more secure.  The free coinage of money is going to be a wonderful boon the the market economy, and the idea of this public distributed blockchain is what makes this idea practical. 


This is a case of buyer beware. The weaknesses of the Bitcoin system that these attacks are expoiting are well known and publicized, and are for the most part easily avoided.

 

It is logically possible to believe government should punish criminals but should not issue money. People are expecting the government to track down the theives as theft is a crime, however nobody sane is expecting the government to indemnify losses due to theft, as those by default are borne by the owners of a property. Just as if I take cash out of the bank, I'm responsible for losses, but I'm still going to file a police report if somebody mugs me and takes my wallet.
ZedicusJones
100%
0%
ZedicusJones,
User Rank: Apprentice
3/12/2014 | 5:38:18 PM
Re: Bitcoinitis
You could probably ban exchanges effectively, but the peer to peer nature of the blockchain means that there's no effective technical way to prohibit or reverse a transaction.

 

The beauty of these various blockchains is that they operate by consensus. If a government sticks thier hands in it, and modified it to protect the role of banks,  and mucks it all up (to put it politely), why would anyone go for it over current supplies.

Banks and big corps are never going to willingly accept the public nature of the blockchain either.


So at best we can expect governemnts and banks to adopt some of the technological measures that bitcoin uses, but they aren't going to adopt any of the big revolutionary ideas.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Moderator
3/12/2014 | 4:11:02 PM
Re: Bitcoin/Napster
The analogy is somewhat fair, though while Napster clearly violated copyright law, I don't think Bitcon is illegal outside of separate incidents of money laundering or other financial crimes.

The thing I find difficult to understand is why one would want a currency that exists outside of a government. Governments exist in part to protect those who pay into the system. If you're rejecting governance out of some libertarian notion of freedom, it seems odd to expect any help from the government when the hackers come for your Bitcoins. You're on your own, for better or worse. And lately Bitcoin seems to have more worse than better.
Laurianne
50%
50%
Laurianne,
User Rank: Apprentice
3/12/2014 | 3:32:47 PM
Bitcoin/Napster
What do you think of the Bitcoin/Napster comparison, readers? Will the second movers be more likely to win your trust?
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Ninja
3/12/2014 | 3:26:33 PM
So, is the model a DMZ?
Is the big-picture that you store your cryptocurrency offline, then when you want to spend some, you move it into a "DMZ" or airlock en route to the payee? Only a small amount is vulnerable, and only for a short period of time?
Saturation
50%
50%
Saturation,
User Rank: Apprentice
3/12/2014 | 3:16:27 PM
Bitcoinitis
Currently all the furor over Bitcoins assumes it will the top player in the growing field.  But anyone can create another Bitcoin protocol, each upgrading either the protocol's flaws or flaws in the human component: regulation and organization.  Even if a less regulated, less traceable version of bitcoin survives to allow clandestine money flow, countries can easily outlaw it to create and nurture their own bitcoin currency or at least, those it sanctions.  A true world wide currency can exists that in science fiction were referred to as 'credits'.  In a global market, as all country economies are affected by each other's economic activities, it more unlikely for a currency to exists outside of the world system; consider the effect of being outside the world economy to the North Korean won or the Cuban peso.  The bottom line is the government controlled versions are more likely to flourish, so there is even more odds for bitcoin to not succeed in the long term.

 
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5395
Published: 2014-11-21
Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the authentication of users ...

CVE-2014-7137
Published: 2014-11-21
Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM before 3.6.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) contactid parameter in an addcontact action, (2) ligne parameter in a swapstatut action, or (3) project_ref parameter to projet/tasks/contact.php; (4...

CVE-2014-7871
Published: 2014-11-21
SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call.

CVE-2014-8090
Published: 2014-11-21
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nes...

CVE-2014-8469
Published: 2014-11-21
Cross-site scripting (XSS) vulnerability in Guests/Boots in AdminCP in Moxi9 PHPFox before 4 Beta allows remote attackers to inject arbitrary web script or HTML via the User-Agent header.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?