BanklessDAO
BanklessDAO
/
Operations Department
Operations Department
/
📖
Notion Administration
/
Top-Level BanklessDAO Notion Pages
Top-Level BanklessDAO Notion Pages
/
🚧
Projects
/
🛡️
InfoSec Team
/
BanklessDAO InfoSec Meeting 39

BanklessDAO InfoSec Meeting 39

Created
Dec 8, 2022
Tags
Meeting Date
Attendees
stackthat.eth, BogDrakonov, Tony Stark, twoeggs, d0wnlore
 
  • twoeggs presents a third party project that DAOlationships and Bankless Consulting can leverage InfoSec for to help out with.
    • Custom thread feeds and risk warnings
    • This could help stop financial loss by warning users when they might be falling for a scam or that they’re using a risky (safety, design, etc…) protocol ie: Iron Finance
    • Tony Stark took some notes he will add
        • notion image
    • Here is an example of a survey that we could send to Bankless community to get a sense of how scams affect them and how to make them feel more secure Sample survey https://forms.gle/GSyWaS3aEn3VDobSA
    • twoeggs talked to DSide.
      • InfoSec will create the survey and work with Bankless Research to give it to the community and collect the results.
      • Bankless Consulting side of things we go out to the various wallet makers and pitch the project. InfoSec joins via the consulting side of things to do the integration work
    • Next step is to finalize the survey in the next InfoSec meeting and have some details from Research around they’re involvement
      • Tony Stark can assist twoeggs with the Research connection
  • DNS migration
    • Started pointing at Cloudflare
      • Waiting for records to kick in
      • Will keep an eye on this
    • Need to migrate registration and then setup DNSSEC
    • BogDrakonov and stackthat.eth working on this
    • Start enabling Cloudflare proxy for various sites
      • Work with the project owners on this
    • Debugging some CF proxy stuff as part of the migration
     
    • Updates from last week
      • Discord audit
        • Lists imported into GSheets. Working on a graph of the risky permissions
        • Need to figure out who owns a lot of the roles
        • Firehose has some risks in terms of channels it shouldn’t have access to
        • Review Wick dashboard recommendations
        • Need to get ready to migrate to Cloudflare for DNS
        • Google phishing alert for Bankless Card was fixed.
          • stackthat.eth validating that everything is clear
          • Also need to look at Bing for this
     
    BanklessDAO
    BanklessDAO
    /
    Operations Department
    Operations Department
    /
    📖
    Notion Administration
    /
    Top-Level BanklessDAO Notion Pages
    Top-Level BanklessDAO Notion Pages
    /
    🚧
    Projects
    /
    🛡️
    InfoSec Team
    /
    BanklessDAO InfoSec Meeting 39

    BanklessDAO InfoSec Meeting 39

    Created
    Dec 8, 2022
    Tags
    Meeting Date
    Attendees
    stackthat.eth, BogDrakonov, Tony Stark, twoeggs, d0wnlore
     
    • twoeggs presents a third party project that DAOlationships and Bankless Consulting can leverage InfoSec for to help out with.
      • Custom thread feeds and risk warnings
      • This could help stop financial loss by warning users when they might be falling for a scam or that they’re using a risky (safety, design, etc…) protocol ie: Iron Finance
      • Tony Stark took some notes he will add
          • notion image
      • Here is an example of a survey that we could send to Bankless community to get a sense of how scams affect them and how to make them feel more secure Sample survey https://forms.gle/GSyWaS3aEn3VDobSA
      • twoeggs talked to DSide.
        • InfoSec will create the survey and work with Bankless Research to give it to the community and collect the results.
        • Bankless Consulting side of things we go out to the various wallet makers and pitch the project. InfoSec joins via the consulting side of things to do the integration work
      • Next step is to finalize the survey in the next InfoSec meeting and have some details from Research around they’re involvement
        • Tony Stark can assist twoeggs with the Research connection
    • DNS migration
      • Started pointing at Cloudflare
        • Waiting for records to kick in
        • Will keep an eye on this
      • Need to migrate registration and then setup DNSSEC
      • BogDrakonov and stackthat.eth working on this
      • Start enabling Cloudflare proxy for various sites
        • Work with the project owners on this
      • Debugging some CF proxy stuff as part of the migration
       
      • Updates from last week
        • Discord audit
          • Lists imported into GSheets. Working on a graph of the risky permissions
          • Need to figure out who owns a lot of the roles
          • Firehose has some risks in terms of channels it shouldn’t have access to
          • Review Wick dashboard recommendations
          • Need to get ready to migrate to Cloudflare for DNS
          • Google phishing alert for Bankless Card was fixed.
            • stackthat.eth validating that everything is clear
            • Also need to look at Bing for this