Author

Topic: Bitadress.org safety concerns (Read 882 times)

legendary
Activity: 2506
Merit: 1010
October 31, 2013, 02:03:49 PM
#9
For example, I notice they are loading external Javascript files from Googles servers.. Isn't external Javascript a very very bad thing to do on such a site?

I had been using http://www.changedetection.com to monitor the site and then manually verify and post an OK on the BitAddress forum thread.   Sure, that's not foolproof since if the site were compromised and spits out a compromised page let's say for 1 out of 10 requests, the chances are very low I'ld know for some time (i.e., a 10% chance of detecting it, 90% chance the attacker would get away with it -- for at least one day.)

Here are the steps I follow:
 - http://bitcoin.stackexchange.com/a/9115/153
member
Activity: 80
Merit: 10
Lead developer
October 31, 2013, 01:19:25 PM
#8
You can look at project's GitHub commit history. Git commits are guarded with SHA-256, so they can't be changed after a commit is made. For added security, you can use Git's diff functionality to actually see what changed between revisions.
full member
Activity: 182
Merit: 100
1MCKW9AkWj3aopC1aPegcZEf2fYNrhUQVf
October 31, 2013, 01:12:17 PM
#7
Yes, let's make a big joke about security. That's the way to go with Bitcoin.

The truth is, the code at bitaddress.org could be compromised at any moment and nobody would notice it.

Feel free to assume NSA/FBI/CIA would not resort to such low forms of attack. I'd rather not assume anything. Not after learning about the methods they are using to protect the "interests" of US gov.
legendary
Activity: 1862
Merit: 1011
Reverse engineer from time to time
October 31, 2013, 01:08:56 PM
#6
Nice guess but each point was way off Cheesy

It's funny to face ridicule about such safety concerns especially in the post-Snowden world.

It's also interesting to get Ad Hominems. What does it matter who I am if what I'm saying makes sense. So why don't you stick to the facts and try to defend the use of external javascript files?
Yeah, it'd be worse if Rainden also released some disturbing information.
full member
Activity: 182
Merit: 100
1MCKW9AkWj3aopC1aPegcZEf2fYNrhUQVf
October 31, 2013, 01:04:21 PM
#5
Nice guess but each point was way off Cheesy

It's funny to face ridicule about such safety concerns especially in the post-Snowden world.

It's also interesting to get Ad Hominems. What does it matter who I am if what I'm saying makes sense. So why don't you stick to the facts and try to defend the use of external javascript files?
hero member
Activity: 952
Merit: 1009
October 31, 2013, 12:59:39 PM
#4
Your real name is Simon. You're a furry of the fox persuasion from Caracas Venezuela. You like listening to gothic rock / dark cabaret.

The three letter agencies are the least of your problem.
full member
Activity: 182
Merit: 100
1MCKW9AkWj3aopC1aPegcZEf2fYNrhUQVf
October 31, 2013, 12:56:46 PM
#3
Sounds good! I don't like then hundreds of lines I have to read at bitaddress. The more there is code --> the more there is potential danger.
legendary
Activity: 1106
Merit: 1016
090930
October 31, 2013, 12:54:51 PM
#2
You can take a look at NoBrainr (see signature!) and decide if you like it. It's only 20 lines of code and as transparent as it gets.
full member
Activity: 182
Merit: 100
1MCKW9AkWj3aopC1aPegcZEf2fYNrhUQVf
October 31, 2013, 12:35:10 PM
#1
Is there any good way to see if there has been any changes to the source code of Bitaddress.org in recent months/years?

You would think a website like that would be the ideal target for three letter agencies. For example, I notice they are loading external Javascript files from Googles servers.. Isn't external Javascript a very very bad thing to do on such a site? Basically it allows Google to insert whatever Javascript they want on the page, whenever they want...

Which brings me to my last question:

Is there a better, more simple way of generating paper wallets?
Jump to: