Pages:
Author

Topic: Armory - Discussion Thread - page 14. (Read 521901 times)

legendary
Activity: 1148
Merit: 1018
February 19, 2015, 10:41:10 AM
Oops, I just updated to Bitcoin Core 0.10.0 and fired up Armory 0.92.3, it looks stuck on "building databases"... Did I screw up?
legendary
Activity: 1372
Merit: 1000
February 17, 2015, 01:15:37 PM
I thought turning off all autorun/start functions on my hot and cold computer protected me.

I agree this exploit probably isn't being wasted on us.

Does anyone produce a "secure" USB drive or a drive whose firmware is read only?

I'm glad my offline backup never has internet assess, the question is now can I repurpose the machine at some later date without compromising my passwords and seeds? 
sr. member
Activity: 442
Merit: 250
Found Lost beach - quiet now
February 17, 2015, 12:48:27 PM
I thought turning off all autorun/start functions on my hot and cold computer protected me.

I agree this exploit probably isn't being wasted on us.

Does anyone produce a "secure" USB drive or a drive whose firmware is read only?
legendary
Activity: 3794
Merit: 1375
Armory Developer
February 17, 2015, 11:24:17 AM
Maybe time to chuck in this again:

Tx signing via minimodem
https://bitcointalksearch.org/topic/tx-signing-via-minimodem-735111

Can of course be used with any sort of data you need to send / receive from the air-gapped system.

We have someone looking at it. No ETAs, but we are working the code.
legendary
Activity: 1358
Merit: 1001
https://gliph.me/hUF
February 17, 2015, 11:03:25 AM
Maybe time to chuck in this again:

Tx signing via minimodem
https://bitcointalksearch.org/topic/tx-signing-via-minimodem-735111

Can of course be used with any sort of data you need to send / receive from the air-gapped system.
hero member
Activity: 547
Merit: 500
Decor in numeris
February 17, 2015, 03:01:43 AM
That's not to say it couldn't be done on Linux or Mac ... but simply those weren't the target platforms.  And this is literally the most advanced malware on the planet, so we can hope that there's a high barrier to entry to replicate this on the other OS (as I write this, I realize there's no guarantee that they haven't already...)

The only "good" thing there is to say about this in connection with Armory is that these guys are professionals with huge budgets.  They are not going to expose themselves by stealing our meagre bitcoin stashes.  That gives us a short respite, at least until this malware leaks into the hands of the common criminals.  Who will probably mainly go after the home banking password. Smiley
legendary
Activity: 1400
Merit: 1013
February 17, 2015, 02:17:11 AM
I see a potential market for actual (not soft) hardware again.
legendary
Activity: 1358
Merit: 1001
https://gliph.me/hUF
February 17, 2015, 02:08:35 AM
The infographic shows only FAT16 and 32 are affected?
legendary
Activity: 3920
Merit: 2349
Eadem mutata resurgo
February 17, 2015, 12:28:23 AM
most hdd are first loaded with windows at the factory so if the firmware is infected anytime before linux is installed then it will still be in the firmware, unless special efforts are made to reflash the hdd firmware before installing linux.
legendary
Activity: 1762
Merit: 1011
February 16, 2015, 10:42:53 PM

Wow, epic.  Thanks for that link, I hadn't seen that yet. 

Indeed Fanny is quite a piece of malware.  To save anyone else reading the effort of finding the section:

Quote
Fanny: A computer worm that exploited what in 2008 were two zero-day vulnerabilities in Windows to self-replicate each time an infected USB stick was inserted into a targeted computer. The main purpose of Fanny was to conduct reconnaissance on sensitive air-gapped networks. After infecting a computer not connected to the Internet, Fanny collected network information and saved it to a hidden area of the USB drive. If the stick was later plugged in to an Internet-computer, it would upload the data to attacker servers and download any attacker commands. If the stick was later plugged into the air-gapped machine, the downloaded commands would be executed. This process would continue each time the stick was switched between air-gapped and Internet-connected machines.

Luckily (?!?) all this malware seems to be specifically targeted at Windows.  In fact, there's no mention of any other OSes, and many of the descriptions of the malware are extremely Windows-specific:

Quote
GrayFish is the crowning achievement of the Equation Group. The malware platform is so complex that Kaspersky researchers still understand only a fraction of its capabilities and inner workings. Key to the sophistication of GrayFish is its bootkit, which allows it to take extraordinarily granular control of the machines it infects.

"This allows it to control the launching of Windows at each stage," Kaspersky's written report explained. "In fact, after infection, the computer is not run by itself anymore: it is GrayFish that runs it step by step, making the necessary changes on the fly."

That's not to say it couldn't be done on Linux or Mac ... but simply those weren't the target platforms.  And this is literally the most advanced malware on the planet, so we can hope that there's a high barrier to entry to replicate this on the other OS (as I write this, I realize there's no guarantee that they haven't already...)



It was mentioned in there or some other article that they believe a Mac OS version of some of this malware is also out there.
legendary
Activity: 1428
Merit: 1093
Core Armory Developer
February 16, 2015, 10:13:56 PM

Wow, epic.  Thanks for that link, I hadn't seen that yet. 

Indeed Fanny is quite a piece of malware.  To save anyone else reading the effort of finding the section:

Quote
Fanny: A computer worm that exploited what in 2008 were two zero-day vulnerabilities in Windows to self-replicate each time an infected USB stick was inserted into a targeted computer. The main purpose of Fanny was to conduct reconnaissance on sensitive air-gapped networks. After infecting a computer not connected to the Internet, Fanny collected network information and saved it to a hidden area of the USB drive. If the stick was later plugged in to an Internet-computer, it would upload the data to attacker servers and download any attacker commands. If the stick was later plugged into the air-gapped machine, the downloaded commands would be executed. This process would continue each time the stick was switched between air-gapped and Internet-connected machines.

Luckily (?!?) all this malware seems to be specifically targeted at Windows.  In fact, there's no mention of any other OSes, and many of the descriptions of the malware are extremely Windows-specific:

Quote
GrayFish is the crowning achievement of the Equation Group. The malware platform is so complex that Kaspersky researchers still understand only a fraction of its capabilities and inner workings. Key to the sophistication of GrayFish is its bootkit, which allows it to take extraordinarily granular control of the machines it infects.

"This allows it to control the launching of Windows at each stage," Kaspersky's written report explained. "In fact, after infection, the computer is not run by itself anymore: it is GrayFish that runs it step by step, making the necessary changes on the fly."

That's not to say it couldn't be done on Linux or Mac ... but simply those weren't the target platforms.  And this is literally the most advanced malware on the planet, so we can hope that there's a high barrier to entry to replicate this on the other OS (as I write this, I realize there's no guarantee that they haven't already...)

legendary
Activity: 2912
Merit: 1060
February 16, 2015, 07:32:06 PM
  • (2) You should not upgrade to Core 0.10 without this version!.  In other words, this new version of Armory is required if you plan to use the new version of Bitcoin Core (headers-first).  Luckily, they will probably both be officially released about the same time (end of Jan 2015).

Aha. Valuable information. Great work as usual!

What's the ETA, given that Core 0.10 has been released?

Works fine now, basically rc
legendary
Activity: 1762
Merit: 1011
February 16, 2015, 07:12:22 PM
  • (2) You should not upgrade to Core 0.10 without this version!.  In other words, this new version of Armory is required if you plan to use the new version of Bitcoin Core (headers-first).  Luckily, they will probably both be officially released about the same time (end of Jan 2015).

Aha. Valuable information. Great work as usual!

What's the ETA, given that Core 0.10 has been released?
hero member
Activity: 672
Merit: 504
a.k.a. gurnec on GitHub
January 13, 2015, 05:18:26 PM
what's this Bitcoin Core 0.9.4 update notification i'm getting from Ubuntu?  it's from Launchpad Bitcoin PPA.  what do we do with it?
If 0.9 still works for you, you don't need 0.9.4. It's an(other) OpenSSL libraries clanger

To elaborate a bit, if you follow the advice next to the "News" alert at the top of every bitcointalk.org page, you don't need 0.9.4. It's a minor update whose main reason for existence is to work around the OpenSSL change mentioned in the News alert (plus a few other pretty minor bug fixes).
legendary
Activity: 3430
Merit: 3080
January 13, 2015, 04:55:46 PM
what's this Bitcoin Core 0.9.4 update notification i'm getting from Ubuntu?  it's from Launchpad Bitcoin PPA.  what do we do with it?

If 0.9 still works for you, you don't need 0.9.4. It's an(other) OpenSSL libraries clanger
legendary
Activity: 1764
Merit: 1002
January 13, 2015, 04:51:26 PM
what's this Bitcoin Core 0.9.4 update notification i'm getting from Ubuntu?  it's from Launchpad Bitcoin PPA.  what do we do with it?
legendary
Activity: 1078
Merit: 1006
100 satoshis -> ISO code
January 09, 2015, 07:17:16 PM
    • (2) You should not upgrade to Core 0.10 without this version!.  In other words, this new version of Armory is required if you plan to use the new version of Bitcoin Core (headers-first).  Luckily, they will probably both be officially released about the same time (end of Jan 2015).
     

    Aha. Valuable information. Great work as usual!
    legendary
    Activity: 1428
    Merit: 1093
    Core Armory Developer
    January 09, 2015, 07:05:12 PM
    Armory 0.93 is now in testing!   For details:  https://bitcointalksearch.org/topic/armory-093-testing-release-with-005-btc-bug-bounty-919202


    Worry not, everyone on the Armory team is alive and well, despite the lack of updates over the last few months.  We've been working diligently on both 0.93 as well as some not-yet-public things that you'll hear about soon!  In the meantime, please help test 0.93 testing version and claim some bounties!   https://bitcointalksearch.org/topic/armory-093-testing-release-with-005-btc-bug-bounty-919202

    I'll just reiterate two important points from that thread:

    • (1) This uses a new DB engine which is not compatible with the 0.92.3 databases.  If you are short on disk space, I recommend waiting to upgrade, and/or manually deleting the 0.92 databases after you've confirmed 0.93 works for you.  Before the final release we will determine an appropriate way to automatically delete the old DBs, or at least ask the user.
    • (2) You should not upgrade to Core 0.10 without this version!.  In other words, this new version of Armory is required if you plan to use the new version of Bitcoin Core (headers-first).  Luckily, they will probably both be officially released about the same time (end of Jan 2015).
     
    newbie
    Activity: 42
    Merit: 0
    December 22, 2014, 11:23:00 AM
    We were messing with his data files earlier, he probably just needs to rebuild

    His Bitcoin could also be corrupt

    Most likely you're right! volume data again tripled
    http://ia116.mycdn.me/image?t=3&bid=666104991112&id=666104991112&plc=WEB&tkn=VoH3CTyteNNRhQxcTIHUppeFLVA
    Pages:
    Jump to: