Topic: Armory - Discussion Thread - page 14. (Read 521749 times)
Oops, I just updated to Bitcoin Core 0.10.0 and fired up Armory 0.92.3, it looks stuck on "building databases"... Did I screw up?
I thought turning off all autorun/start functions on my hot and cold computer protected me.
I agree this exploit probably isn't being wasted on us.
Does anyone produce a "secure" USB drive or a drive whose firmware is read only?
I agree this exploit probably isn't being wasted on us.
Does anyone produce a "secure" USB drive or a drive whose firmware is read only?
I'm glad my offline backup never has internet assess, the question is now can I repurpose the machine at some later date without compromising my passwords and seeds?
I thought turning off all autorun/start functions on my hot and cold computer protected me.
I agree this exploit probably isn't being wasted on us.
Does anyone produce a "secure" USB drive or a drive whose firmware is read only?
I agree this exploit probably isn't being wasted on us.
Does anyone produce a "secure" USB drive or a drive whose firmware is read only?
Maybe time to chuck in this again:
Tx signing via minimodem
https://bitcointalksearch.org/topic/tx-signing-via-minimodem-735111
Can of course be used with any sort of data you need to send / receive from the air-gapped system.
Tx signing via minimodem
https://bitcointalksearch.org/topic/tx-signing-via-minimodem-735111
Can of course be used with any sort of data you need to send / receive from the air-gapped system.
We have someone looking at it. No ETAs, but we are working the code.
Maybe time to chuck in this again:
Tx signing via minimodem
https://bitcointalksearch.org/topic/tx-signing-via-minimodem-735111
Can of course be used with any sort of data you need to send / receive from the air-gapped system.
Tx signing via minimodem
https://bitcointalksearch.org/topic/tx-signing-via-minimodem-735111
Can of course be used with any sort of data you need to send / receive from the air-gapped system.
That's not to say it couldn't be done on Linux or Mac ... but simply those weren't the target platforms. And this is literally the most advanced malware on the planet, so we can hope that there's a high barrier to entry to replicate this on the other OS (as I write this, I realize there's no guarantee that they haven't already...)
The only "good" thing there is to say about this in connection with Armory is that these guys are professionals with huge budgets. They are not going to expose themselves by stealing our meagre bitcoin stashes. That gives us a short respite, at least until this malware leaks into the hands of the common criminals. Who will probably mainly go after the home banking password.
I see a potential market for actual (not soft) hardware again.
The infographic shows only FAT16 and 32 are affected?
most hdd are first loaded with windows at the factory so if the firmware is infected anytime before linux is installed then it will still be in the firmware, unless special efforts are made to reflash the hdd firmware before installing linux.
Fanny problems:
http://arstechnica.com/security/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/3/
http://arstechnica.com/security/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/3/
Wow, epic. Thanks for that link, I hadn't seen that yet.
Indeed Fanny is quite a piece of malware. To save anyone else reading the effort of finding the section:
Quote
Fanny: A computer worm that exploited what in 2008 were two zero-day vulnerabilities in Windows to self-replicate each time an infected USB stick was inserted into a targeted computer. The main purpose of Fanny was to conduct reconnaissance on sensitive air-gapped networks. After infecting a computer not connected to the Internet, Fanny collected network information and saved it to a hidden area of the USB drive. If the stick was later plugged in to an Internet-computer, it would upload the data to attacker servers and download any attacker commands. If the stick was later plugged into the air-gapped machine, the downloaded commands would be executed. This process would continue each time the stick was switched between air-gapped and Internet-connected machines.
Luckily (?!?) all this malware seems to be specifically targeted at Windows. In fact, there's no mention of any other OSes, and many of the descriptions of the malware are extremely Windows-specific:
Quote
GrayFish is the crowning achievement of the Equation Group. The malware platform is so complex that Kaspersky researchers still understand only a fraction of its capabilities and inner workings. Key to the sophistication of GrayFish is its bootkit, which allows it to take extraordinarily granular control of the machines it infects.
"This allows it to control the launching of Windows at each stage," Kaspersky's written report explained. "In fact, after infection, the computer is not run by itself anymore: it is GrayFish that runs it step by step, making the necessary changes on the fly."
"This allows it to control the launching of Windows at each stage," Kaspersky's written report explained. "In fact, after infection, the computer is not run by itself anymore: it is GrayFish that runs it step by step, making the necessary changes on the fly."
That's not to say it couldn't be done on Linux or Mac ... but simply those weren't the target platforms. And this is literally the most advanced malware on the planet, so we can hope that there's a high barrier to entry to replicate this on the other OS (as I write this, I realize there's no guarantee that they haven't already...)
It was mentioned in there or some other article that they believe a Mac OS version of some of this malware is also out there.
Fanny problems:
http://arstechnica.com/security/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/3/
http://arstechnica.com/security/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/3/
Wow, epic. Thanks for that link, I hadn't seen that yet.
Indeed Fanny is quite a piece of malware. To save anyone else reading the effort of finding the section:
Quote
Fanny: A computer worm that exploited what in 2008 were two zero-day vulnerabilities in Windows to self-replicate each time an infected USB stick was inserted into a targeted computer. The main purpose of Fanny was to conduct reconnaissance on sensitive air-gapped networks. After infecting a computer not connected to the Internet, Fanny collected network information and saved it to a hidden area of the USB drive. If the stick was later plugged in to an Internet-computer, it would upload the data to attacker servers and download any attacker commands. If the stick was later plugged into the air-gapped machine, the downloaded commands would be executed. This process would continue each time the stick was switched between air-gapped and Internet-connected machines.
Luckily (?!?) all this malware seems to be specifically targeted at Windows. In fact, there's no mention of any other OSes, and many of the descriptions of the malware are extremely Windows-specific:
Quote
GrayFish is the crowning achievement of the Equation Group. The malware platform is so complex that Kaspersky researchers still understand only a fraction of its capabilities and inner workings. Key to the sophistication of GrayFish is its bootkit, which allows it to take extraordinarily granular control of the machines it infects.
"This allows it to control the launching of Windows at each stage," Kaspersky's written report explained. "In fact, after infection, the computer is not run by itself anymore: it is GrayFish that runs it step by step, making the necessary changes on the fly."
"This allows it to control the launching of Windows at each stage," Kaspersky's written report explained. "In fact, after infection, the computer is not run by itself anymore: it is GrayFish that runs it step by step, making the necessary changes on the fly."
That's not to say it couldn't be done on Linux or Mac ... but simply those weren't the target platforms. And this is literally the most advanced malware on the planet, so we can hope that there's a high barrier to entry to replicate this on the other OS (as I write this, I realize there's no guarantee that they haven't already...)
- (2) You should not upgrade to Core 0.10 without this version!. In other words, this new version of Armory is required if you plan to use the new version of Bitcoin Core (headers-first). Luckily, they will probably both be officially released about the same time (end of Jan 2015).
Aha. Valuable information. Great work as usual!
What's the ETA, given that Core 0.10 has been released?
Works fine now, basically rc
- (2) You should not upgrade to Core 0.10 without this version!. In other words, this new version of Armory is required if you plan to use the new version of Bitcoin Core (headers-first). Luckily, they will probably both be officially released about the same time (end of Jan 2015).
Aha. Valuable information. Great work as usual!
What's the ETA, given that Core 0.10 has been released?
what's this Bitcoin Core 0.9.4 update notification i'm getting from Ubuntu? it's from Launchpad Bitcoin PPA. what do we do with it?
If 0.9 still works for you, you don't need 0.9.4. It's an(other) OpenSSL libraries clangerTo elaborate a bit, if you follow the advice next to the "News" alert at the top of every bitcointalk.org page, you don't need 0.9.4. It's a minor update whose main reason for existence is to work around the OpenSSL change mentioned in the News alert (plus a few other pretty minor bug fixes).
what's this Bitcoin Core 0.9.4 update notification i'm getting from Ubuntu? it's from Launchpad Bitcoin PPA. what do we do with it?
If 0.9 still works for you, you don't need 0.9.4. It's an(other) OpenSSL libraries clanger
what's this Bitcoin Core 0.9.4 update notification i'm getting from Ubuntu? it's from Launchpad Bitcoin PPA. what do we do with it?
- (2) You should not upgrade to Core 0.10 without this version!. In other words, this new version of Armory is required if you plan to use the new version of Bitcoin Core (headers-first). Luckily, they will probably both be officially released about the same time (end of Jan 2015).
Aha. Valuable information. Great work as usual!
Armory 0.93 is now in testing! For details: https://bitcointalksearch.org/topic/armory-093-testing-release-with-005-btc-bug-bounty-919202
Worry not, everyone on the Armory team is alive and well, despite the lack of updates over the last few months. We've been working diligently on both 0.93 as well as some not-yet-public things that you'll hear about soon! In the meantime, please help test 0.93 testing version and claim some bounties! https://bitcointalksearch.org/topic/armory-093-testing-release-with-005-btc-bug-bounty-919202
I'll just reiterate two important points from that thread:
Worry not, everyone on the Armory team is alive and well, despite the lack of updates over the last few months. We've been working diligently on both 0.93 as well as some not-yet-public things that you'll hear about soon! In the meantime, please help test 0.93 testing version and claim some bounties! https://bitcointalksearch.org/topic/armory-093-testing-release-with-005-btc-bug-bounty-919202
I'll just reiterate two important points from that thread:
- (1) This uses a new DB engine which is not compatible with the 0.92.3 databases. If you are short on disk space, I recommend waiting to upgrade, and/or manually deleting the 0.92 databases after you've confirmed 0.93 works for you. Before the final release we will determine an appropriate way to automatically delete the old DBs, or at least ask the user.
- (2) You should not upgrade to Core 0.10 without this version!. In other words, this new version of Armory is required if you plan to use the new version of Bitcoin Core (headers-first). Luckily, they will probably both be officially released about the same time (end of Jan 2015).
We were messing with his data files earlier, he probably just needs to rebuild
His Bitcoin could also be corrupt
His Bitcoin could also be corrupt
Most likely you're right! volume data again tripled
http://ia116.mycdn.me/image?t=3&bid=666104991112&id=666104991112&plc=WEB&tkn=VoH3CTyteNNRhQxcTIHUppeFLVA
Jump to: