Instawallet/Bitcoin-Central Security Breach - page 12.

Atruk

hero member

Activity: 700

Merit: 500

Quote from: greyhawk on April 02, 2013, 07:48:49 AM

Quote from: Atruk on April 02, 2013, 07:35:02 AM

Chrome is the ultimate spyware

And I love it for that.

I can google for a new movie on my desktop, then completely forget about it and weeks later my phone will automagically remind me that "hey that movie you googled a while ago is now running in that theater near you".
Without me doing anything.

Or I look up a restaurant at lunchtime and later at dinnertime i'm in the area and my phone goes "dude that steak restaurant you looked up is like 20 minutes away thought you should know duder".
Without me doing anything.

Or when it's like half an hour before I usually leave work to go home and my phone going "Yeah, here's the thing. You know how you drive at x pm and take that route usually? That's gonna bite you in the ass today. I mean, just look at that traffic jam. Look at this shit. You'd better drive this way. Just saying".

Without me doing anything.

It's perfect and exactly what my phone should do.

The lesson here is not: Google is evil.

The lesson is: Security through Obscurity does never ever work.

So true.

lucb1e

newbie

Activity: 47

Merit: 0

Quote from: steelboy on April 02, 2013, 12:59:38 PM

Still no mention of instawallet Huh

For some reason this feels intentional to me, I'm glad I wasn't on that service (only bitcoin-central).

Still though, instawallet's cold storage got transferred out with 82 confirmations last time I checked (hours ago), it should mostly be fine I guess.

pbtc

newbie

Activity: 24

Merit: 0

Since nobody commented on other thread, https://bitcointalksearch.org/topic/easywallet-defect-164638, thought it might be useful to mention that Easywallet has same problem with google.

About 1000 wallets visible from web. Balance seems to be zero on all.

steelboy

hero member

Activity: 756

Merit: 1000

Quote from: Jan on April 02, 2013, 12:56:17 PM

Quote from: ?? on ??

Quote from: lucb1e on April 01, 2013, 04:47:38 PM

Quote from: mccorvic on April 01, 2013, 03:19:51 PM

either way the lesson will be "trust no one to hold your coins".

Seconded

Apparently every new batch of Bitcoiners will need to learn this valuable lesson.

If you aren't the sole controller of your private keys, you don't have any bitcoins.

Take whatever steps necessary to be the sole controller of your private keys people!

In short "Keep your private keys private". Rule number ONE in Bitcoin land.

bitcoin-central.net has updated its message

Still no mention of instawallet Huh

Jan

legendary

Activity: 1043

Merit: 1002

Quote from: ?? on ??

Quote from: lucb1e on April 01, 2013, 04:47:38 PM

Quote from: mccorvic on April 01, 2013, 03:19:51 PM

either way the lesson will be "trust no one to hold your coins".

Seconded

Apparently every new batch of Bitcoiners will need to learn this valuable lesson.

If you aren't the sole controller of your private keys, you don't have any bitcoins.

Take whatever steps necessary to be the sole controller of your private keys people!

In short "Keep your private keys private". Rule number ONE in Bitcoin land.

ingrownpocket

legendary

Activity: 952

Merit: 1000

Quote from: Raoul Duke on April 02, 2013, 12:20:06 PM

Quote from: ingrownpocket on April 02, 2013, 10:40:49 AM

https://www.google.com/search?q="instawallet.org%2Fw%2F"

About 29,400 results were found.

At least do it properly: https://www.google.com/search?q=inurl%3A%2Fw%2F+site%3Ainstawallet.org Wink

I wanted to do the exact opposite of that.
Trying to show him where Google got those addresses. Wink

Raoul Duke

legendary

Activity: 1358

Merit: 1002

Quote from: ingrownpocket on April 02, 2013, 10:40:49 AM

https://www.google.com/search?q="instawallet.org%2Fw%2F"

About 29,400 results were found.

At least do it properly: https://www.google.com/search?q=inurl%3A%2Fw%2F+site%3Ainstawallet.org Wink

Grinder

legendary

Activity: 1284

Merit: 1001

Quote from: ingrownpocket on April 02, 2013, 10:40:49 AM

https://www.google.com/search?q="instawallet.org%2Fw%2F"

About 29,400 results were found.

None of them are actually on instawallet, though. https://www.google.com/search?q=%22instawallet.org/w/%22+site:instawallet.org

I realise that this may be because they have now removed direct links from Google, but the number is meaningless.

Arthur Randolph

newbie

Activity: 29

Merit: 0

What about we try and stay on topic?

Has anyone been able to contact the people at Paymium, the company behind instawallet and bitcoin-central?

gbl08ma

sr. member

Activity: 306

Merit: 250

Donations: http://tny.im/nx

Quote from: ingrownpocket on April 02, 2013, 10:40:49 AM

https://www.google.com/search?q="instawallet.org%2Fw%2F"

About 29,400 results were found.

First rule, don't trust that number Google gives you. It is always way off all the results one can get (some guy did a research on that, turns out you only have access to the first 1000 results or so). And second, you don't know how many of these results are the same wallet URL appearing on multiple pages.

DobZombie

hero member

Activity: 896

Merit: 532

Former curator of The Bitcoin Museum

/flameon

I love google, I haven't been lost ANYWHERE in like 4 years!

I WANT my browser to know what I'm thinking, and web searches to sell me shit that interests me!

I LOVE the fact if I don't know something, I can just GOOGLE it!

/flameoff

Rampion

legendary

Activity: 1148

Merit: 1018

Quote from: MPOE-PR on April 02, 2013, 10:55:10 AM

Quote from: Rampion on April 02, 2013, 09:34:43 AM

FACTS:

1) Google is evil, and will spy on you in order to have as much information possible to cash it in form of advertisments
2) sending your funds to a wallet consisting in an non-password protected URL is RIDICOLOUS

3. Spelling is a lost art.

4. I would like to see your spelling skills in Turkish.

MPOE-PR

hero member

Activity: 756

Merit: 522

Quote from: Rampion on April 02, 2013, 09:34:43 AM

FACTS:

1) Google is evil, and will spy on you in order to have as much information possible to cash it in form of advertisments
2) sending your funds to a wallet consisting in an non-password protected URL is RIDICOLOUS

3. Spelling is a lost art.

ingrownpocket

legendary

Activity: 952

Merit: 1000

Quote from: SgtSpike on April 01, 2013, 10:16:32 PM

Quote from: ?? on ??

If you put password in URL on your website, it is not Googles fault. It would be your and your only your complete and grossly negligible disregard of most trivial best practices in information security.

Do not blame Google it is not their fault.

I find it hard to believe that 3000+ instawallets were posted on the web. Maybe a dozen, maybe even 10 dozen, but 3,000?

1) How many people created instawallets?
2) Out of those, how many actually used those instawallets?
3) Out of those, how many still hold balances in instawallets?
4) Out of those, how many decided it was a good idea to post their instawallet URL's on the web somewhere, despite the huge red warning against doing so?

I just don't see 3,000 as coming solely from URLs that people have posted online. As someone else mentioned, I believe Google also gathers information about websites based on what people access through their browser or other services. If the URL might exist, Google crawls it to find out.

https://www.google.com/search?q="instawallet.org%2Fw%2F"

About 29,400 results were found.

Rampion

legendary

Activity: 1148

Merit: 1018

Quote from: DublinBrian on April 02, 2013, 10:37:30 AM

Quote from: Rampion on April 02, 2013, 09:34:43 AM

sending your funds to a wallet consisting in an non-password protected URL is RIDICOLOUS

These services have their place. Instawallet is a brilliant service for introducing newbies to bitcoin. A newbie can have a bitcoin address up and running and making payments, literally within seconds. In this era of short attention spans, the Instawallet service is invaluable for spreading bitcoin adoption.

I frequently tell friends to visit Instawallet.org and quote me the address they see. Then I send some small change to that address. They immediately "get" bitcoin.

Yeah, in this era of short attention spans Instawallet is perfect to have newbie's coins stolen.

Tell your friends to use blockchain.info's My Wallet for their first pennies, is quite as immediate as Instawallet and much more secure.

steelboy

hero member

Activity: 756

Merit: 1000

Quote from: steelboy on April 01, 2013, 06:11:23 PM

Quote from: steelboy on April 01, 2013, 05:02:07 PM

I made two withdrawals from jnstawallet 2 nights ago around 1am GMT. The first one did not show up but the second one did. I messages Davout about the first one not showing up and I also emailed support at instawallet. I wasn't worried as it actually happened last time I withdrew money from them too. That took 24 hours. I also thought that as it was a bank holiday there might be a delay in support.

If this money was sent should I be sure to receive this whatever happens with the rest of instawallets issues?

So in regards to this, without being too technical. Why would a transaction take two days to confirm?

Is it something to do with instawallet being free?

Can anyone help with this?

DublinBrian

full member

Activity: 197

Merit: 100

Quote from: Rampion on April 02, 2013, 09:34:43 AM

sending your funds to a wallet consisting in an non-password protected URL is RIDICOLOUS

These services have their place. Instawallet is a brilliant service for introducing newbies to bitcoin. A newbie can have a bitcoin address up and running and making payments, literally within seconds. In this era of short attention spans, the Instawallet service is invaluable for spreading bitcoin adoption.

I frequently tell friends to visit Instawallet.org and quote me the address they see. Then I send some small change to that address. They immediately "get" bitcoin.

steelboy

hero member

Activity: 756

Merit: 1000

The waiting is killing me

d5000

legendary

Activity: 3906

Merit: 6249

Decentralization Maximalist

Bitcoin-Central about a minute ago again showed me the normal light-blue design, but with an "Internal Server Error". Now they have restored the "Maintainance" message.

Seems they will be up again soon.

Rampion

legendary

Activity: 1148

Merit: 1018

FACTS:

1) Google is evil, and will spy on you in order to have as much information possible to cash it in form of advertisments
2) sending your funds to a wallet consisting in an non-password protected URL is RIDICOLOUS

Topic: Instawallet/Bitcoin-Central Security Breach - page 12. (Read 85276 times)