pull down to refresh
316 sats \ 5 replies \ @RecklessApotheosis OP 23 May 2023 \ parent \ on: Lightning Network Security Overview bitcoin
That's a great suggestion, thanks! I think you're referring to the "Medium of Exchange" social engineering attack on Vultr? I should totally include that! Unfortunately now that I'm checking, the website is down. I found the recap on the Wayback Machine, and will include it in my paper, thanks for the suggestion!
Do you have other examples I should include that you're aware of?
Yes. Regarding that case, from my PoV, Vultr have always seemed solid security and very thorough when contacting support when needed to. So, made me wonder how the hack had occured, but then again, I'd think twice hosting a node on a vps (being newish to linux security.)
I think it was a pretty good round up of most of the pitfalls of nodes and issues with LN development, not many other things spring to mind.
Maybe if I was to warn new node-spinners, just that LN is very much in development. I think that's often overlooked (as with Bitcoin Core, I suppose!) I've filed issues about bugs with both LND and bitcoin core, though both minor.
Some of the platforms like LN+ and amboss are super helpful to learn and experiment for the reckless, but guess the higher fees on bitcoin will be an issue for channel opening/closing, and keeping a lid on identity with nyms, social handles, emails etc., can never be overlooked.
just my 2 sats ;-)
reply
OK, could you refresh and check the paper now? I added a section in the examples with a fairly lengthy summary of the MoE event. I'm definitely willing to add citations or if you have a TG/Twitter handle (or this one on Stacker?) that you'd like credited!
reply
It was nice to read that. Thanks! If you like, you can credit my memory [xz@stacker.news]
BTW, Not sure whether tor DoS is a related security issue that needs inclusion.
Maybe a seperate topic?
reply
Next update I'll credit you, thanks for the memory!
I'm not sure, I feel like ToR DoS is a LN Node adjacent concern, especially among first-time noderunners and very small (or privacy concerned) operations that are ToR-only.
One of my ideas, was to retain this file as an "executive summary" and then a separate document for each failure event, and a deep dive into the technical aspects so if a reader wants an in-depth historical post mortem on a specific event, they can read up on just that event. What do you think?
reply
Yeah, guess so. It's not a fundamental requirement, though privacy and security are entwined.
Think that's a great idea for a project, to be summarised and can be referenced over time.
Trying to improve front-end web skills to summarize documentation in a more visual way, mostly just to aid my own understanding of bitcoin, but see where it all goes.
reply