Author

Topic: Malicious PACs and Bitcoins (Read 720 times)

newbie
Activity: 42
Merit: 0
May 19, 2013, 02:32:27 PM
#12
Bitcoins do not exist as a separate entity, in the network there are only transactions. Each transaction has some other transactions as inputs and a destination address, and it's signed using the sender's key. Stealing means publication of an unauthorized transaction in favor of the thief's address, and the resulting funds are quite usable by the thief, and lost for the original owner, since the transactions are irreversible.
sr. member
Activity: 294
Merit: 250
May 19, 2013, 02:19:08 PM
#11
If Bitcoins are a set of digital Alpha/numerric characters for each Bitcoin, then each REAL transaction should add the sellers 'input' characters to the code that verify that the seller ACTUALLY sold them to a Specific buyer, who know has them in his Account/s. They need to be traceable, that way.
So, stealing them would not add any verifiable characters to each Bitcoin, which should render them worthless to the thief, but still holding their value for the owner they were 'stolen' from.
IF he was SMART enough to keep them backed-up, then he'd still have his version of the digital docs, that have his code attached to them,

NO?
newbie
Activity: 42
Merit: 0
May 19, 2013, 01:58:17 PM
#10
He is right, that there is Trojan software in a heap of bitcoin stuff,
but wrong in saying encrypting your wallet will stop it getting stolen.
Exactly. If you caught a Trojan tailored for bitcoin, you're pretty much done no matter what you do. There's a thousand ways to intercept your password next time you type it, by patching your bitcoin client for example. Bitcoin is extremely insecure in this respect.
hero member
Activity: 602
Merit: 500
May 19, 2013, 01:50:09 PM
#9
I keep backups of my wallets and have them encrypted by really strong passwords that I store in Keypass. I enter part of my main Keypass password with a virtual keyboard to thwart ( love that word heheh ) potential keyloggers.

I figure, even if my wallet.dat files get stolen, it'll take a millenium with current technology to break the encryption, so I feel pretty safe.

Am i though ?
The article speaks about a phishing attack on Mtgox, so your measures will not help in this case. If you will be a victim of such an attack, they could steal your bitcoins stored at the exchange, and possibly also the money.

He is right, that there is Trojan software in a heap of bitcoin stuff,
but wrong in saying encrypting your wallet will stop it getting stolen.
The trojens are often keyloggers so they just record your passwords and send that back with the wallet.dat
Even without your encryption password I suspect someone with enough FPGA fire power could brute force your password anyway.
Your best bet is to have your bitcoin client on a linux boot from a USB stick and keep it in a sterile quarantined OS.


How to make all this n00b friendly? Smiley
sr. member
Activity: 294
Merit: 250
May 19, 2013, 01:48:57 PM
#8
I keep backups of my wallets and have them encrypted by really strong passwords that I store in Keypass. I enter part of my main Keypass password with a virtual keyboard to thwart ( love that word heheh ) potential keyloggers.

I figure, even if my wallet.dat files get stolen, it'll take a millenium with current technology to break the encryption, so I feel pretty safe.

Am i though ?
The article speaks about a phishing attack on Mtgox, so your measures will not help in this case. If you will be a victim of such an attack, they could steal your bitcoins stored at the exchange, and possibly also the money.

He is right, that there is Trojan software in a heap of bitcoin stuff,
but wrong in saying encrypting your wallet will stop it getting stolen.
The trojens are often keyloggers so they just record your passwords and send that back with the wallet.dat
Even without your encryption password I suspect someone with enough FPGA fire power could brute force your password anyway.
Your best bet is to have your bitcoin client on a linux boot from a USB stick and keep it in a sterile quarantined OS.
newbie
Activity: 42
Merit: 0
May 19, 2013, 01:43:43 PM
#7
I keep backups of my wallets and have them encrypted by really strong passwords that I store in Keypass. I enter part of my main Keypass password with a virtual keyboard to thwart ( love that word heheh ) potential keyloggers.

I figure, even if my wallet.dat files get stolen, it'll take a millenium with current technology to break the encryption, so I feel pretty safe.

Am i though ?
The article speaks about a phishing attack on Mtgox, so your measures will not help in this case. If you will be a victim of such an attack, they could steal your bitcoins stored at the exchange, and possibly also the money.
hero member
Activity: 714
Merit: 510
May 19, 2013, 01:27:30 PM
#6
i wonder with all these alt coin releases  Smiley what if again i say what if they offer you coin x   ..and steal your wallet.dat Smiley   especially the way that they mine new coins convert to ltc or btc.. again i say what if lol


Encrypt your wallet and use Yubikey.
sr. member
Activity: 294
Merit: 250
May 19, 2013, 12:52:47 PM
#5
i wonder with all these alt coin releases  Smiley what if again i say what if they offer you coin x   ..and steal your wallet.dat Smiley   especially the way that they mine new coins convert to ltc or btc.. again i say what if lol
hero member
Activity: 602
Merit: 500
May 19, 2013, 12:52:18 PM
#4
I keep backups of my wallets and have them encrypted by really strong passwords that I store in Keypass. I enter part of my main Keypass password with a virtual keyboard to thwart ( love that word heheh ) potential keyloggers.

I figure, even if my wallet.dat files get stolen, it'll take a millenium with current technology to break the encryption, so I feel pretty safe.

Am i though ?

Most people don't do it the way you do it, its to hard over time so they get sloppy Smiley
legendary
Activity: 1274
Merit: 1050
May 19, 2013, 12:50:00 PM
#3
I keep backups of my wallets and have them encrypted by really strong passwords that I store in Keypass. I enter part of my main Keypass password with a virtual keyboard to thwart ( love that word heheh ) potential keyloggers.

I figure, even if my wallet.dat files get stolen, it'll take a millenium with current technology to break the encryption, so I feel pretty safe.

Am i though ?
hero member
Activity: 602
Merit: 500
May 19, 2013, 12:43:44 PM
#2
Yea focus on security has always been learning by burning.

Jump to: