Author

Topic: Solution for getting rid of clipboard malwares. (Read 327 times)

newbie
Activity: 6
Merit: 0
December 26, 2019, 09:43:58 AM
#18
Lets look at newbies that are first introduced to Bitcoin and crypto addresses.
They would benefit for something like this,
but I would prefer that we have some second layer solution on Bitcoin network to solve this
instead of using CruxPay or any other alternative

I think we need Website and account here, and this things can be hacked very easy :/
or maybe I am wrong?!

https://i.imgur.com/mIRuscm.png

What tracking monster should I choose for registration? Roll Eyes
How about NONE

Hi dkbit98,

Thanks for your response. CRUXPay is actually using Bitcoin Blockchain as it's core to store the mapping of CRUX ID's with a priate key of the wallet. It is built on top of Blockstack. CRUXPay is useful for both the begginers and experienced users because it hides the complexity behind Blockchain based systems and now users can just use crypto's like in other payment method, Paypal.

The Image you have shared is the login page of wallets which are going to integrate CRUXPay in their systems. No login required on CRUXPay by any end user. The integration of CRUXPay is already live in ZelCore and Magnum wallets. I request you to please give it a try and share your valuable feedback.
legendary
Activity: 2212
Merit: 7064
Lets look at newbies that are first introduced to Bitcoin and crypto addresses.
They would benefit for something like this,
but I would prefer that we have some second layer solution on Bitcoin network to solve this
instead of using CruxPay or any other alternative

I think we need Website and account here, and this things can be hacked very easy :/
or maybe I am wrong?!



What tracking monster should I choose for registration? Roll Eyes
How about NONE
hero member
Activity: 2338
Merit: 757
Even the problem can be resolved by re-check before send , this new feature can help prevent great damages with lazy persons and make more difficult for hackers to steal your coins. AFAICU, if the device is infected by some(any) keyboard malwares , it can be used to send btc without the need to copy paste addresses.
After reading all comments , i think this is interesting . I really want to know more opinions from experts and blockchain devs.
I suggest op to move the topic to [project developpement] section or the [technical discussion] .
member
Activity: 78
Merit: 20
and this mapping is store on Bitcoin Blockchain as a transaction

Is this different than zilliqa / unstoppable domains?
Do you have discussions with the most popular wallet providers to use this naming system? Because if not, it's all in vain.

We have already discussed it with most of the wallets. The CRUXPay is currently live in Zelcore and Magnum wallet. The integration is currently on going in many wallets including Exodus.

We appreciate if you can use it and share your valuable feedback.
member
Activity: 103
Merit: 10
@ETFbitcoin
1. Not really secure. Hacker just need to hack their server rather than trying to make you install malicious software or do something stupid.
CRUXPay is not a centralized system instead it is a decentralized naming service built on top of Blockstack. The CRUX ID is actually mapped with the seed of your wallet and this mapping is stored on Bitcoin Blockchain as a transaction so, noone can temper that mapping, if the seed of wallet is secure.

2. You need to trust them not to perform any malicious attack.
CRUXPay does not own the CRUX ID to address mapping so, this is as secure as bitcoin blockchain. Only the owner of the wallet seed can change the mapping.

3. Cryptocurrency supposed to be as trustless as possible
CRUX protocol is a developed on Blockstack so, the naming is trustless.

I doubt it's as secure as Bitcoin's blockchain, but thanks for the clarification.

Still, it encourage address re-use which is bad for privacy, unless you use private-focused cryptocurrency (e.g. Monero)
@ETFbitcoin

Thanks for your response. The mapping of CRUX ID with a private key of the seed of a wallet is Stored on Bitcoin Blockchain that is why I mentioned it is as secure as Bitcoin Blockchain.

By design CRUX does not enourage address reuse because this decision is taken by the wallet which is integrating CRUXPay. CRUXPay has features to update the address as soon as it gets used.
legendary
Activity: 1638
Merit: 1046
Updated antivirus is enough to get rid with clipboard malware there are many developers making new tools which is duplicate of any other software just to get $$.

You can protect your PC for any clipboard malware if you have both malwarebytes or any updated AV you don't need that tool which needs ID. 
member
Activity: 103
Merit: 10
    Isn't it better to use KeePass auto-fill function instead of using copy-paste. Just save all your addresses you are using to KeePass. So easy and safe.

    Here is what I'm talking about, it looks like this:


    @iasenko
    @o_e_l_e_o
    It is better if all the addresses are saved in the keypass but, CRUXPay is much more than that.
    • You get decentralized human readable addresses mapped with all the addresses of your crypto assets so, sending and receiving funds is like sending an email or tagging a handle in a tweet.
    • CRUXPay also explain a feature to recieve pull payments from the services you are using like how Amazon or UBER withdraws funds from your creadit card. In case of CRUXPay any service can send a withdrawal request to your CRUX ID and you can approve with a single tap to send the fund from your wallet.
    • CRUXPay can also act like an identity manager in Crypto space like how metamask does for ETH based dApp's. Any dApp which has integrated CRUX protocal can connect With your wallet and talk to it for sending and recieveing funds and also use it as an identity for the dApp

    I tried it and fellt secure and easy.
    it's as risky as using web wallets. If it's hacked, the hacker can simply edit the address linked to your user id and replace it with his address.
    Also, there are some privacy concerns. As far as I can see, you can only link one address to your uid whilst it's advised to use a different addy for each transaction.
    If you care about your privacy, you will have to login to your account and add new address whenever you expect to receive funds which is not practucal at all.

    @khaled0111
    Your CURX ID and the asset address mapping will not be edited if the seed of your wallet is secured because the mapping of a private key from your seed and the CRUX ID is stored on Bitcoin Blockchain as a transaction so noone can change that if the wallet seed is safe.

    Linking the new address to your CRUX ID when your previous address has recieved the funds can be done by your wallet so, if the wallet decides to update the address they can do it. CRUXPay has a provision for it.

    @ETFbitcoin
    1. Not really secure. Hacker just need to hack their server rather than trying to make you install malicious software or do something stupid.
    CRUXPay is not a centralized system instead it is a decentralized naming service built on top of Blockstack. The CRUX ID is actually mapped with the seed of your wallet and this mapping is stored on Bitcoin Blockchain as a transaction so, noone can temper that mapping, if the seed of wallet is secure.

    2. You need to trust them not to perform any malicious attack.
    CRUXPay does not own the CRUX ID to address mapping so, this is as secure as bitcoin blockchain. Only the owner of the wallet seed can change the mapping.

    3. Cryptocurrency supposed to be as trustless as possible
    CRUX protocol is a developed on Blockstack so, the naming is trustless.

    Seems like a great solution but haven't heard of them before. We should be careful using new service like this because their server will now be the hackers target. Why not scan qr codes of the wallet you are sending to.
    Yes, CRUXPay is indeed a new service. It's very difficult to scan the QR code when the QR code image and the wallet both are in the same device Smiley[/list]
    legendary
    Activity: 3668
    Merit: 6382
    Looking for campaign manager? Contact icopress!
    and this mapping is store on Bitcoin Blockchain as a transaction

    Is this different than zilliqa / unstoppable domains?
    Do you have discussions with the most popular wallet providers to use this naming system? Because if not, it's all in vain.
    member
    Activity: 103
    Merit: 10
    Getting a human readable short address that are typeable would mostly clear off this issue.

    What if an adversary changes the Bitcoin address that is aliased by human-readable shortname though? According to their site "you can easily delete or modify your addresses linked to your CRUX ID" which has me wondering what would prevent such an attack from happening. To make matters worse, people would feel safe that their clipboard hasn't been tampered with, while in the background payments are being routed to the wrong address without the user even having the chance to double-check.

    Interesting service though, will keep an eye on it.

    Hey HeRetiK - Thanks for your response. Your human readable CRUX ID is basically mapped with a private key of your wallet seed and this mapping is store on Bitcoin Blockchain as a transaction so, noone in the world can temper that mapping if the seed of your wallet is secure.

    You can visit this Doc to know more about the tech implementation of CRUX protocol:
    https://docs.cruxpay.com/docs/cruxpay-protocol
    sr. member
    Activity: 1204
    Merit: 270
    Hire Bitcointalk Camp. Manager @ r7promotions.com
    We need to be aware of how we work to get rid of clipboard malware And the interesting services offered here should be avoided. These are commonly used to hack hackers You protect your privacy and do not use an ID for various purposes Different IDs should be used for each job.
    hero member
    Activity: 2212
    Merit: 805
    Top Crypto Casino
    This is a completely over-engineered solution to what is a very simply problem to solve.

    Double check the address. It's literally that simply. Look at the address you are about to send to. Check it against the address you want to send to, direct from source (be that website, email, PM, wallet, whatever). You are introducing unnecessary trust for a third party as well as another attack vector for attackers because you are too lazy to double check an address?

    I also went to their website and clicked on "Get Started", just out of curiosity. The only way to proceed is by logging in with either a Facebook or a Google account. What a huge invasion of privacy.

    Absolutely avoid.

    That's what I thought too. Why need a software for such a little task... So much risks for so little reward. I've been crosschecking addresses I've been sending tx to and so far so good, it's the safest option. It has even become a routine for me. Being security conscious to that extent has helped me a great deal. But since we're different, I wouldn't blame anyone for using a software to take the "little" workload off.





    legendary
    Activity: 2268
    Merit: 18711
    This is a completely over-engineered solution to what is a very simply problem to solve.

    Double check the address. It's literally that simply. Look at the address you are about to send to. Check it against the address you want to send to, direct from source (be that website, email, PM, wallet, whatever). You are introducing unnecessary trust for a third party as well as another attack vector for attackers because you are too lazy to double check an address?

    I also went to their website and clicked on "Get Started", just out of curiosity. The only way to proceed is by logging in with either a Facebook or a Google account. What a huge invasion of privacy.

    Absolutely avoid.
    sr. member
    Activity: 1204
    Merit: 388
    Seems like a great solution but haven't heard of them before. We should be careful using new service like this because their server will now be the hackers target. Why not scan qr codes of the wallet you are sending to.
    legendary
    Activity: 2702
    Merit: 3045
    Top Crypto Casino
    I tried it and fellt secure and easy.
    it's as risky as using web wallets. If it's hacked, the hacker can simply edit the address linked to your user id and replace it with his address.
    Also, there are some privacy concerns. As far as I can see, you can only link one address to your uid whilst it's advised to use a different addy for each transaction.
    If you care about your privacy, you will have to login to your account and add new address whenever you expect to receive funds which is not practucal at all.
    hero member
    Activity: 2030
    Merit: 578
    No God or Kings, only BITCOIN.
    Read this thread created by LoyceV How to lose your Bitcoins with CTRL-C CTRL-V.

    I tried it and fellt secure and easy.
    Is it your first time using their service or not? Interesting service to try to avoid these kinds of attacks, thanks for sharing it here as well as to iasenko for the information.
    legendary
    Activity: 2240
    Merit: 3150
    ₿uy / $ell ..oeleo ;(
    Isn't it better to use KeePass auto-fill function instead of using copy-paste. Just save all your addresses you are using to KeePass. So easy and safe.

    Here is what I'm talking about, it looks like this:


    legendary
    Activity: 3122
    Merit: 2178
    Playgram - The Telegram Casino
    Getting a human readable short address that are typeable would mostly clear off this issue.

    What if an adversary changes the Bitcoin address that is aliased by human-readable shortname though? According to their site "you can easily delete or modify your addresses linked to your CRUX ID" which has me wondering what would prevent such an attack from happening. To make matters worse, people would feel safe that their clipboard hasn't been tampered with, while in the background payments are being routed to the wrong address without the user even having the chance to double-check.

    Interesting service though, will keep an eye on it.
    member
    Activity: 103
    Merit: 10
    Recent days we have been seeing news and users reporting some clipboard malwares where the copied address were changed and the funds getting sent to hackets address etc., Getting a human readable short address that are typeable would mostly clear off this issue. I reacently can accross a similar service where your multiple coin address can accept payment through one human readable id created.

    I tried it and fellt secure and easy. I call it because even when I am doing other work and not near the system my trading is "on". That is I enter this simple address no tension of cross check or malware hack or which coin I am trading it is just simple. It is just like a email id that's it.



    Image source
    Jump to: