Topic: [PSA] Bitcoin Gambling SSL Security (Read 1118 times)

Telling people SSL / RSA is safe, would give them a false sense of security. We have seen how the NSA has exploited SSL and we still believe that it's safe.

Watch this and see if you agree with me ----> https://www.youtube.com/watch?v=CJNxbpbHA-I

Using VPN's are even less safe.  .... Let's agree on one thing... SSL will not stop expert hackers. 

I have that extension installed already. I was just asking that because he said that hackers can imitate SSL as well and most people including me will not check certificates and will think that it is the right site, if it shows https:// and the glowing site name/favicon with the padlock.

Great bit of information for people using Tor/Vpn and other such services, every little precaution is necessary when it comes to protecting your sensitive information and Bitcoins.


Didn't know about this, will defo use this to check fingerprints to make sure I am visiting the correct site. Thanks

If you are not using SSL, the URL will look correct, but there will not be a padlock, and the url will start with http:// rather than https://

If you are using SSL, there will be a padlock and https and your connection is encrypted and you are reasonably safe. Just pay attention to any popups you might get about "expired ceritificates" and such, and also check the fingerprint of the SSL cert for extra safety as OP mentioned.

I would recommend the browser addon HTTPS Everywhere, which will check the fingerprints automatically for you and also force your browser to use SSL on most websites. This will mitigate the risk of this kind of attack significantly without you needing to do anything.

Note that this kind of attack can happen to anyone using the internet, however it is most frequently seen on Tor, VPN's, proxies and public wifi as it is easier for an attacker to get "in-the-middle" of your internet connection. The NSA have used backbone internet routers to execute these attacks, these routers relay vast amount of the internets traffic so they can do this to almost any connection, so this kind of thing can happen to anyone.

If you are using Chrome you can always use this extension in order to force the https to all the sites: https://chrome.google.com/webstore/detail/https-everywhere/gcbommkclmclpchllfjekcdonpmejbdp

Thoughtful, an SSL is never a sure gurantee
An one should take this up in every best possible means. An informative post by the way

This is exactly what I asked on primedice announcement thread yesterday. I knew about TOR and that it can get your account compromised if you're not careful and you can end up getting your coins stolen but I was confused about VPN. Thanks for this.


If hacker uses a SSL to impersonate a site, will the site address still show up as it does originally in the address bar? I mean the green/blue glowed up name with the favicon and the padlock? Ex.

Great post. It should also be noted having a SSL does NOT make a website more "trustworthy" at all. Anyone can purchase a SSL and they're usually pretty cheap. I only bring this up because I've seen other sites try to mislead visitors before with SSL.

Noted. Gald that I'm using the HTTPS version of Bitcointalk.org and many other sites.

I've always used the GRC's site to check cert hashes every now and then
https://www.grc.com/fingerprints.htm

When using any site that involves money, from online shopping, to bitcoin web wallets, to bitcoin gaming, one recurring risk which has been seen is the Man in the Middle Attack (MITM).  This is when an attacker, somewhere between your computer and the website you are accessing, intercepts your connection and impersonates the website you are trying to access.  The MITM attack has been seen on the Tor network, when a malicious exit node will impersonate certain bitcoin sites to try and steal a user's bitcoins when they put their login information into the fake site.  So what is the solution to make sure you are secure?

SSL and HTTPS

SSL is a method of end to end encryption that makes sure the information between your computer and the site you are accessing is unable to be altered in transit.  People using VPN's and the Tor program to access various bitcoin sites are at higher risk due to putting more systems in between your computer and the site you are accessing.  By verifying you are connecting to a domain that begins with https with the lock icon next to it, you can ensure that your connection to the site is not being intercepted.  For further security, you can verify the certificate they are presenting you is a valid certificate.

https://i.imgur.com/DUqDAV8.png?1

Common Bitcoin SSL Certificate Hashes (4/30/2015)

PrimeDice - https://primedice.com

SHA-256 Fingerprint: 98:3A:82:A8:50:19:48:19:32:BD:90:19:D6:8C:3E:00:4C:75:FF:69:65:C7:64:B0:8C:86:D2:76:AA:B5:54:D5
SHA1 Fingerprint: 8A:D6:87:4B:99:B2:E1:31:CD:60:A9:BA:72:EF:92:00:4D:40:94:64

Just-Dice - https://just-dice.com

SHA-256 Fingerprint: 78:9B:E9:39:C8:9B:8F:FA:7A:7B:9F:A2:93:B1:79:B4:EA:F7:DF:9C:42:22:4C:5E:2E:18:39:70:3C:EF:0D:1F
SHA1 Fingerprint: 63:31:BA:A9:E0:B3:E3:2A:35:3B:4B:91:35:BC:7D:AF:CA:19:60:CC

Blockchain.info - https://blockchain.info

SHA-256 Fingerprint: D0:3F:04:0B:D9:85:5F:F0:B3:C9:78:89:2B:31:36:8E:D4:C3:76:AA:D5:26:02:9C:33:42:F2:B7:93:F2:85:E1
SHA1 Fingerprint: 94:10:81:EB:E4:62:B5:BD:7B:03:DE:79:C7:A6:4D:91:30:13:7B:E0