Maidsafe Security Audit

TIOT

Personally I see Maidsafe as the go to place for manufacturers of “The internet of Things”. Soon your fridge, your television and everything else will be on the internet (that’s if your naive enough to think it is safe). But who I’m? because soon consumer won’t even have a say in it (even now they don’t have a say in it, heck they just think they are advance with all this new (wow my phone can control EVERYTHING AROUND ME)) nonsense. So basically it comes down to those pesky manufacturers, who seems to be fond of dropping products on the market with BIG SECURITY HOLES in them. So imagine a future where some kind of virus, manage to record all the data out of a billion households. Ofcourse it will be on the news (like that is news) and people will be really angry (about what most of them don’t even know) and again some will ask or code something with more security. Sometimes I just think that manufacturers are leaving security holes on purpose. This is the funny part about security holes being discovered, sometimes after the fact a few (yeah maybe a handfull) close up the securityholes, the others just let it get out of hand and do nothing about it. If these two would just go hand in hand and just solve the problem in it’s entirety, maybe we could let the internet look handsome. HeartBleed is a good example, that some people/companies just don’t give a [insert profanity here] about consumers safety.

TIOT meet MAIDSAFE
Because “The internet of Things” will follow the same path that everything that came in contact with computers did. We can be 100% sure that it will get nasty, even so nasty that they will change the word in the dictionary (NASTY = NSA, they leave out the TY, because it means “Thanks You”). The NSA will have ALL DATA and record all new data in realtime, sounds like a fun future. So some people will get angry and demand more security, those who want real safety will have their appliances running on the Maidsafe network. I can even see fridges and other devices with a Maidsafe logo on it, because that stands for SECURITY for your IOT device. Honestly the internet’s security is in sucha bad shape, that HTTPS means nothing now adays. The way things are now, actually on works to Maidsafe’s advantage and a fresh breese through this landscape of disorder would surely do some GOOD.

MAIDSAFE SECURITY AUDIT

We’ve all heard the Maidsafe pitch (I’m still drooling when I listen to it). What I’m trying to ask is, would you be willing to pay for a Maidsafe security audit in the future? [I fully agree with this cute and smart girl, saying that hackers are the Internet’s immune system][1]. Another way the immune system works, is it memorizes threats and easily prevent them in the future. It’s this kind of attitude that pushes us forward, the great thing about Maidsafe is that it’s set up with security in mind. Allthough I wonder and that’s why I’m ready to pay a price in the future for a audit. Please don’t get me wrong here, I’m not saying that Maidsafe is not safe (I wouldn’t even know, I’m a simple consumer), I’m just saying that we regurlarly need to test our systems, maybe in the future the system could test it self for errors or what have you. Incase you wonder why we would need an audit, manufacturer are also customers/users/implementers of Maidsafe in/on their appliances. Yeah I could go on and on and on, but this would also be another unique selling point of the Maidsafe network.
[1]: Hackers: the internet's immune system | Keren Elazari - YouTube

2 Likes

Good points well made. We do have much of our work audited and debated with universities when we can, to handle logic etc. The community helps to. In terms of code implementation we force everything to the highest compiler levels we can, which also helps. There has been quite a bit of work this week on that part for 3rd party libs we were not sure of (and di have to upgrade some due to potential bugs).

Perhaps the largest help we have though is people in the community attacking the system. We know there is one very capable person with a team in Paris (yes Christophe I mean you :slight_smile: ) and more of this will help a lot as we move on.

I would love to get the message across to all potential crackers though that this system will benefit all of us and help out where possible.

So any and all should audit, attack and generally poke about for weaknesses. It will be very welcome.

5 Likes

Actually in the future I was planning to make use of [CROWDCURITY][1]

Yeah I know now they’re only testing websites, but who knows they might dig into other code. Because I’m the loudmouth that starts this “pay to audit Maidsafe” I will pay 1% of the “SUPER High Reward”, depending on how rich I’m in this future that I’m talking about I’ll even pay 10% ($200).

We should take security SUPER serious (yeah I’m in a super moode today), because it will take Maidsafe to places we didn’t even imagine.
[1]: https://www.crowdcurity.com/

I just searched the forum for “security audit” and found this old thread. I have it in mind for two reasons. Firstly, as Maidsafe continue their fine progress with the SAFE Network (well done devs), the time for thinking of these things gets closer. Secondly, TavisOrmandy!!! Have you seen that he’s been finding vulnerabilities in LastPass over the last week or so? From my uneducated viewpoint he seems to be something of a phenomenon!

LastPass has been around for some time and is well established and relatively well respected. It seems to have been among the most secure closed source password managers around. Yet there are critical flaws in their product. They respond quickly when a problem is disclosed to them, which is a lot better than many companies. Nevertheless, it’s worrying when a tool which people rely on for such important activities is revealed as being insecure.

I’ll be fascinated to see how the SAFE Network stands up to people poke poke poking away at it (afterall it’s bound to happen).

I’m really quite unqualified to assess these aspects of the network, so perhaps others can chime in here if I’m talking crap! It seems to me that the way the network is structured builds in a great deal of anti-fragility as far as individual’s “accounts” are concerned. If any problems crop up with the network as a whole I’m confident that the developers and the community together will find solutions. If not, then at least something will have been learned, and progress can subsequently be made.

I hold the community and the developers in high regard and you all give me hope for a better world. So thanks for that!

I’ve had some vodka (which was given to me as a present), so please pardon any typos, ramblings or idiocies.

Yours thankfully,

What’s my name again?!?!

7 Likes

Security audits are more important for proprietary software… “While LastPass is a highly rated service, it is proprietary software.”

The open source nature of SAFE allows anyone anytime to seek and find weaknesses and challenge them. Reasons open source is better that closed source… reasons that freedom is better than secrecy, you might say :wink:

Once we are close to beta and the base is stable, then it’ll likely come in for more rigorous scrutiny.

1 Like

I agree. There is an important point to be made though. While open source stuff does allow close inspection, it doesn’t guarantee that it will receive it! Even if it does, the quality of the inspection can vary. Look at Heartbleed - I think that vulnerability was found in open source stuff a very long time after it was introduced. My hope and belief is that, due to the importance and “groundbreakingness” of the SAFE Network, it will receive A LOT of attention and scrutiny.

Actually, as I type I’ve reconsidered and I think terminology comes into play with this discussion. A security audit, as you say, would tend to be a little more relevant with proprietary stuff. What I would like to see with the SAFE Network, alongside a security audit, is a thorough attempt by all and sundry to poke holes in it!

Oh look! I think I went around in a circle. I’m thinking as I type…
My conclusion is that I would like to see a very focused security audit from a capable group. This should be combined with the ability and willingness for as many people as possible to dig for possible attack vectors on the the network due to it’s open source nature.

It would be beneficial and intriguing. Whadaya think?

2 Likes

I work for one of those pesky manufacturers and it is not as simple as you make it seem :wink:

As soon as SAFEcoin is activated we’ll have our security audit in the form of people trying to steal our MONEY. Whenever there is MONEY involved bad actors will come…

The Maidsafe CEP could maybe also be a reason for people to start poking, but again i’s all about the dum dum didudumdum :money_mouth:

2 Likes