Pages:
Author

Topic: Instawallet/Bitcoin-Central Security Breach - page 12. (Read 85356 times)

hero member
Activity: 700
Merit: 500

Chrome is the ultimate spyware

And I love it for that.

I can google for a new movie on my desktop, then completely forget about it and weeks later my phone will automagically remind me that "hey that movie you googled a while ago is now running in that theater near you".
Without me doing anything.

Or I look up a restaurant at lunchtime and later at dinnertime i'm in the area and my phone goes "dude that steak restaurant you looked up is like 20 minutes away thought you should know duder".
Without me doing anything.

Or when it's like half an hour before I usually leave work to go home and my phone going "Yeah, here's the thing. You know how you drive at x pm and take that route usually? That's gonna bite you in the ass today. I mean, just look at that traffic jam. Look at this shit. You'd better drive this way. Just saying".

Without me doing anything.

It's perfect and exactly what my phone should do.

The lesson here is not: Google is evil.

The lesson is: Security through Obscurity does never ever work.

So true.
newbie
Activity: 47
Merit: 0
Still no mention of instawallet  Huh
For some reason this feels intentional to me, I'm glad I wasn't on that service (only bitcoin-central).

Still though, instawallet's cold storage got transferred out with 82 confirmations last time I checked (hours ago), it should mostly be fine I guess.
newbie
Activity: 24
Merit: 0

Since nobody commented on other thread, https://bitcointalksearch.org/topic/easywallet-defect-164638, thought it might be useful to mention that Easywallet has same problem with google.

About 1000 wallets visible from web. Balance seems to be zero on all.


hero member
Activity: 756
Merit: 1000
either way the lesson will be "trust no one to hold your coins".
Seconded

Apparently every new batch of Bitcoiners will need to learn this valuable lesson.

If you aren't the sole controller of your private keys, you don't have any bitcoins.

Take whatever steps necessary to be the sole controller of your private keys people!
In short "Keep your private keys private". Rule number ONE in Bitcoin land.

bitcoin-central.net has updated its message

Still no mention of instawallet  Huh

Jan
legendary
Activity: 1043
Merit: 1002
either way the lesson will be "trust no one to hold your coins".
Seconded

Apparently every new batch of Bitcoiners will need to learn this valuable lesson.

If you aren't the sole controller of your private keys, you don't have any bitcoins.

Take whatever steps necessary to be the sole controller of your private keys people!
In short "Keep your private keys private". Rule number ONE in Bitcoin land.
legendary
Activity: 952
Merit: 1000
legendary
Activity: 1284
Merit: 1001
None of them are actually on instawallet, though. https://www.google.com/search?q=%22instawallet.org/w/%22+site:instawallet.org

I realise that this may be because they have now removed direct links from Google, but the number is meaningless.
newbie
Activity: 29
Merit: 0
What about we try and stay on topic?

Has anyone been able to contact the people at Paymium, the company behind instawallet and bitcoin-central?
sr. member
Activity: 306
Merit: 250
Donations: http://tny.im/nx

First rule, don't trust that number Google gives you. It is always way off all the results one can get (some guy did a research on that, turns out you only have access to the first 1000 results or so). And second, you don't know how many of these results are the same wallet URL appearing on multiple pages.
hero member
Activity: 896
Merit: 532
Former curator of The Bitcoin Museum
/flameon

I love google, I haven't been lost ANYWHERE in like 4 years!

I WANT my browser to know what I'm thinking, and web searches to sell me shit that interests me!

I LOVE the fact if I don't know something, I can just GOOGLE it!

/flameoff
legendary
Activity: 1148
Merit: 1018
FACTS:

1) Google is evil, and will spy on you in order to have as much information possible to cash it in form of advertisments
2) sending your funds to a wallet consisting in an non-password protected URL is RIDICOLOUS

3. Spelling is a lost art.

4. I would like to see your spelling skills in Turkish.
hero member
Activity: 756
Merit: 522
FACTS:

1) Google is evil, and will spy on you in order to have as much information possible to cash it in form of advertisments
2) sending your funds to a wallet consisting in an non-password protected URL is RIDICOLOUS

3. Spelling is a lost art.
legendary
Activity: 952
Merit: 1000
If you put password in URL on your website, it is not Googles fault. It would be your and your only your complete and grossly negligible disregard of most trivial best practices in information security.

Do not blame Google it is not their fault.



I find it hard to believe that 3000+ instawallets were posted on the web.  Maybe a dozen, maybe even 10 dozen, but 3,000?

1) How many people created instawallets?
2) Out of those, how many actually used those instawallets?
3) Out of those, how many still hold balances in instawallets?
4) Out of those, how many decided it was a good idea to post their instawallet URL's on the web somewhere, despite the huge red warning against doing so?

I just don't see 3,000 as coming solely from URLs that people have posted online.  As someone else mentioned, I believe Google also gathers information about websites based on what people access through their browser or other services.  If the URL might exist, Google crawls it to find out.
https://www.google.com/search?q="instawallet.org%2Fw%2F"

About 29,400 results were found.
legendary
Activity: 1148
Merit: 1018
sending your funds to a wallet consisting in an non-password protected URL is RIDICOLOUS
These services have their place. Instawallet is a brilliant service for introducing newbies to bitcoin. A newbie can have a bitcoin address up and running and making payments, literally within seconds. In this era of short attention spans, the Instawallet service is invaluable for spreading bitcoin adoption.

I frequently tell friends to visit Instawallet.org and quote me the address they see. Then I send some small change to that address. They immediately "get" bitcoin.

Yeah, in this era of short attention spans Instawallet is perfect to have newbie's coins stolen.

Tell your friends to use blockchain.info's My Wallet for their first pennies, is quite as immediate as Instawallet and much more secure.
hero member
Activity: 756
Merit: 1000
I made two withdrawals from jnstawallet 2 nights ago around 1am GMT. The first one did not show up but the second one did. I messages Davout about the first one not showing up and I also emailed support at instawallet. I wasn't worried as it actually happened last time I withdrew money from them too. That took 24 hours. I also thought that as it was a bank holiday there might be a delay in support.

If this money was sent should I be sure to receive this whatever happens with the rest of instawallets issues?

So in regards to this, without being too technical. Why would a transaction take two days to confirm?

Is it something to do with instawallet being free?

Can anyone help with this?
full member
Activity: 197
Merit: 100
sending your funds to a wallet consisting in an non-password protected URL is RIDICOLOUS
These services have their place. Instawallet is a brilliant service for introducing newbies to bitcoin. A newbie can have a bitcoin address up and running and making payments, literally within seconds. In this era of short attention spans, the Instawallet service is invaluable for spreading bitcoin adoption.

I frequently tell friends to visit Instawallet.org and quote me the address they see. Then I send some small change to that address. They immediately "get" bitcoin.
hero member
Activity: 756
Merit: 1000
The waiting is killing me
legendary
Activity: 3906
Merit: 6249
Decentralization Maximalist
Bitcoin-Central about a minute ago again showed me the normal light-blue design, but with an "Internal Server Error". Now they have restored the "Maintainance" message.

Seems they will be up again soon.
legendary
Activity: 1148
Merit: 1018
FACTS:

1) Google is evil, and will spy on you in order to have as much information possible to cash it in form of advertisments
2) sending your funds to a wallet consisting in an non-password protected URL is RIDICOLOUS
Pages:
Jump to: