Topic: Gold collapsing. Bitcoin UP. - page 1265. (Read 2032274 times)

In theory the agent on the host could have code that understands the linux file system and accesses it directly through the VM's disk image file which is on the host.  But in practice this isn't going to happen today.  Because that ability (accessing Linux file systems in windows) would be pretty valuable as a real product...

i assume an automated attack coming from the host for a wallet.dat would turn up nothing even with the VM open?

an even simpler question, encryption doesn't help an open VM, correct?

with a wallet in a VM, two attack vectors exist:

First, through the host computer into the file that backs the file system of the guest.  At this point I would guess that this attack is unlikely in a security through obscurity sense -- because the attacker would have difficulty determining which VM hosted your wallet, have difficulty either downloading the 50GB backing file or parsing the guest file system on the host.  But if the attacker KNEW you had bitcoins, as opposed to a drive-by that just grabs whatever presents itself, it would be much more likely.  A successful attack through the host essentially requires human agent interaction, as opposed to the automated process of searching for a wallet.dat file...

Second, into the VM directly.  It is assumed that you are running your wallet in the VM to isolate it.  So the attack surface is much smaller than the host, hopefully uses a less popular OS (AKA Linux), and is reduced functionality both in the programs you are running and the ports that are open.  Don't be surfing random bitcoin info (with a little "present") sites in a browser inside your guest computer!!!

WRT your question:

If an attacker is in your VM, it would very easy to figure out your IP address.  Just send a UDP packet somewhere.  Your home gateway is not set up to filter outgoing packets, but it will rewrite the "from" IP address during NAT traversal.  Better to stop people from getting in in the first place (see above).  But if you were a programmer, you could for example, modify the virtualbox or xen networking layer to only route through TOR.  But justus is correct, this would be susceptible to an attack through the rather large host/guest interface layer.  If you are really that paranoid, better to route all traffic through a single home-brew router that pushes everything (it lets through) into TOR and have router's setup and control be inaccessible except through console.

your other question: any technology capable of traversing the NAT between your home or office network and the rest of the internet is inherently capable of traversing the NAT between the host and guest.

PPS: doing your normal banking on a similarly isolated linux VM is also a pretty good idea... and it has the added bonus that a typical laptop thief won't check your browser history inside the VM for your bank info.

i know you know what you're talking about so please give us recommendations.  like the NAT vs bridged?  what about Shared Folders?  a no no?  what do you think about VMWare Fusion?

If you know exactly what you're doing when you set up the virtualized environment and make no mistakes, and if there are no zero-day exploits in your host OS virtualization software, and if whatever method you use to allow the guest OS to talk to the network at large is perfectly anonymous and private, then maybe that's true.

Thinking about it from a user perspective (I'm no programmer) it looks like a VM is way more secure if you always run the VM HD of a removable drive.  You will also have to be more careful to backup more often.

let me ask your opinion and that of the other tech experts here on something runeks said over in Reddit.

that by putting one's wallet inside a VM, it becomes much more secure, if not impossible for a gubmint entering your pc via the VM to get out of it and access your IP address thru the native OS and connected router.  is this accurate?  and does it depend on whether one's network adapter uses NAT or bridged?

i have been assuming this is the case since day 1.

I agree there.  It would be good if bitcoin natively used secure sockets and random ports.  It isn't very susuceptible to manipulating packet contents, but at some point we may want it to be harder to identify bitcoin traffic.

zerg, thanx for keeping us updated.

how hard would it be to graph the results?  we must be close to an all time high?

To the moon.  And here I would have linked an article about the experimental 100+mB laser link to the LADEE satellite but the site is down because of the USG partial shutdown.  Its amazing how these government computers require constant human intervention whereas my servers run for weeks, even a whole year, without any intervention.  I have visions of uniformed employees running in man sized gerbil exercisers powering these devices...

i guess the thinking goes that if and when the entire internet is down, the gubmint will have it's hands full trying to bring it back up, let alone trying to take meshnets down.

lasers + satellites 

You still have limited range and routers/repeaters.  That's where the network is vulnerable to manipulation.

Nice, at that point the existential threat scenarios may be limited to things like a major government using imminent domain over a leading chip fab company (Intel/TI/Samsung) and making them produce copious 14nm ASICs for use in a government takeover of the mining, smaller efforts would be doomed.  This is so unlikely and would expose too much weakness in the perception of the world that I don't see it as meaningful.

Yeah, I was thinking that building radio stations would be the more costing-save solution, compared with cables, assuming neutrinos remain unusable by then.

Well that's the thing. He's talking about radio waves.

Not sure how manipulable those are.

Now you have brought up an interesting problem: can someone(e.g., superpowerful alphabet agencies) actually manage to exert control on the whole network by manipulating what's being sent through the cables? Maybe when we get all super-rich with bitcoins we need to construct our own submarine fiber systems, secured by quantum cryptography which is resistant to both sabotage and quantum computing.

Absolutely. When I can say more than that it's a big project, I will.

Yes, network connectivity with no catastrophic events, including breakage of the crypto through any means. That would be solved by other methods, but there is enough flexibility to accommodate rapid updates.

Widespread proliferation expected within three years, regardless of which project takes the lead; who builds out doesn't matter, only that it happens. With numerous competing projects, some will undoubtedly be more prominent than others in certain areas.

Gold collapsing. Bitcoin UP.