Pages:
Author

Topic: The biggest security hole -> Default values (Read 4142 times)

member
Activity: 70
Merit: 10
http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect

Since you think passwords are so easy to break, here is a SINGLE-ROUND md5 hash of a password I use daily. It even has dictionary based words in it so that it's easier to remember. Let me know when you've cracked it: 3dcd7dd499205f7f36544e71d3e8ed49

Here's another single-round md5 which would be considered very weak by most security professionals: 827a9861340aa529ad351cd80fcd1283
Let me know when you've cracked that one, too!
full member
Activity: 140
Merit: 100
Enough with your fallacies! Either do something productive or zip it!

Your stating resumes to:

You're doing a life vest and the attackers will come with a canon... so for your "solution" I can say you are creating an armor that to stand a canon attack and they will come with a nuke.

I fully confess to having no idea how to parse that sentence.

Quote
And you miss the central point:
In nowhere I stated my "solution" was the panacea of all wallet.dat issues It's an interesting and easy to implement feature, not the
Strawman.  I never said you did.  I just said it has no quantifiable value.  However you did say: "Having default values set is the biggest security hole on most software".  So if moving solves this issue then simple substitution reveals that you believe that moving default files "Solves the biggest security hole on most software".  While that isn't saying that it makes security perfect it does say a heck of a lot more than: "an interesting and easy to implement feature".

Quote
"ultimate anti-hack bullshit" as you're trying to sell out yours.
Strawman again.  I just said that encryption has a quantifiable value.

Quote
And yeah, some might use AReallyF*#@ngLongPassw00rdWhichTakesAgesToCrack, whereas others don't like to be bothered and will simply input 123...
Which is irrelevant to the discussion.  In one case the attack surface is reduced in the other it is not.

I'm glad we had this talk.
legendary
Activity: 1218
Merit: 1000
Enough with your fallacies! Either do something productive or zip it!

Your stating resumes to:

You're doing a life vest and the attackers will come with a canon... so for your "solution" I can say you are creating an armor that to stand a canon attack and they will come with a nuke.

And you miss the central point:
In nowhere I stated my "solution" was the panacea of all wallet.dat issues It's an interesting and easy to implement feature, not the "ultimate anti-hack bullshit" as you're trying to sell out yours.

And yeah, some might use AReallyF*#@ngLongPassw00rdWhichTakesAgesToCrack, whereas others don't like to be bothered and will simply input 123...
full member
Activity: 140
Merit: 100
Not significantly as evidenced by actual tests.  Kokjo demonstrated using the /proc pseudo-filesystem to find the file without any exhaustive scanning. 

This is just valid for LINUX, there's no such "/proc" vfs under Windows.

So it's valid.  Good. 

Quote
there's no such "/proc" vfs under Windows.

Process explorer finds files opened by processes just fine...and you missed the part about me scanning my system in 8 seconds.

Quote
as the script itself would need to be chmoded to get the executable bit.

You really don't get how these things work do you.  Nobody claimed that the script was a completely functional trojan.

Quote
The value of encrypt without move is zero. Either you use a password
So you have to use a password cracker not a file stealer.   You have just admitted that the attack surface has been reduced.  Congratulations, on your enlightenment.

Quote
you can remember and potentially weak as so, or you use a great password you need to store in your computer.
False dichotomy.  Some of us, every day use passwords that would take a hundred years to crack.  That doesn't even take into consideration things like passphrases or sequential memory-hard algorithms.  As stated before using encryption creates a known median case.  How much time moving buys you is an unknown.  So it's value is unknown.

QED.
legendary
Activity: 1218
Merit: 1000
Not significantly as evidenced by actual tests.  Kokjo demonstrated using the /proc pseudo-filesystem to find the file without any exhaustive scanning. 

This is just valid for LINUX, there's no such "/proc" vfs under Windows. For Linux his shell script was actually a goof attempt of show something, not only there're no known virus targeting bitcoin under Linux at the moment, as the script itself would need to be chmoded to get the executable bit.

The value of encrypt without move is zero. Either you use a password you can remember and potentially weak as so, or you use a great password you need to store in your computer. If that "ultimate stealer" can find the renamed and moved wallet.dat, can also get that other file where you stored the password to the wallet.

If you've nothing else to do than troll, then just leave. IMO you're just trolling.
full member
Activity: 140
Merit: 100
You miss some utility on my proposal,

No, no I don't.

Quote
And scan the computer gives out an alert to the user, by over usage of hd access and slowness of the system
Not significantly as evidenced by actual tests.  Kokjo demonstrated using the /proc pseudo-filesystem to find the file without any exhaustive scanning. 

Quote
Therefore, encrypt the wallet can be seen as complementary to this idea.

To the idea of the on system relocating or renaming of the file.  Encryption reduces the attack surface moving does not.  I have explained this already.

Quote
If you think your idea alone is the panacea of everything and will reduce any attack surface then you're wrong and are selling false sense of security.

Again either you simply don't read, don't understand or don't want to.  It's all up there.  Moving a wallet off-system is fine it's better than just relocating the file on your hard drive but the scanning technique doesn't need to be changed very much to compensate.  The value is in how frequently you keep your wallet offline.  The difference between encrypting and moving is that the reduction in attack surface is predictable in the case of encryption and is not in the case of moving.   So the value of encrypting is known, the value of moving is not.

IMHO: You should not be giving security advice.
legendary
Activity: 1218
Merit: 1000
You miss some utility on my proposal, the improved security of make you have to scan the computer to find it is just a surplus of the overall functionality.

And scan the computer gives out an alert to the user, by over usage of hd access and slowness of the system - this alone already worth it; more important than prevent an attack is to know when you're attacked so you can try to do something about, actually your idea of encrypt it voids mostly by refusing my idea, if the wallet is still a sitting duck under ~/.bitcoin/wallet.dat or %APPDATA%\Bitcoin\wallet.dat a trojan targeting it can get it without ringing any bells, leaving the robber time enough to try to break the user's password while the user is still using that wallet totally unaware of any danger. This means sooner or later the attacker manages to break the key and the user is pretty much done and caught by surprise.

My idea could be improved by hot-swap, allowing you to load another wallet without need to restart the client. It can be good to split wallets, allowing yet another security layer; by having his wallets spawned for 3 or 4 thumbdrives or SD cards will allow that even if one is attacked he doesn't go back to 0 coins. - Damage control.

Therefore, encrypt the wallet can be seen as complementary to this idea. If you think your idea alone is the panacea of everything and will reduce any attack surface then you're wrong and are selling false sense of security.
full member
Activity: 140
Merit: 100
I didn't run your code or even googled it, just read the claims and it seams you were improving it to scan the hard-drive for any position where the wallet may be. Sorry if you didn't, anyway there's always a good reason to not re-publish it.

You clearly did not read the post very well and do not understand the attack posted and did not understand what I said about modifying it and apparently how it's almost irrelevant if something is published once on the internet or a hundred times.   Ever hear the adage: "You don't know enough to know what you don't know?"

Quote
Removing attack vectors == make the attacker's life harder.

You are using the term in an obscure way.   Clearly you can remove a vector  that is not a threat.

So rather than deal with your oddness I'll talk about my approach to security:

It is rare to know the probability of specific exploit being employed because it is rare to know enough about the environment to determine the probability of attack.  If it is rare to know the probability of an attack you are unlikely to know the utility of a defense.   i.e. how likely it was worth the cost of deployment.  So rather than talk about fixing potential attacks I tend to talk about reducing the attack surface.   That is removing or increasing the difficulty by a useful median case of a group of methods situated around obtaining an asset.
 
The wallet.dat file contains an asset you want to protect.   Moving it does not alter the attack surface.  It may have utility but as established....you can't know that!
However encrypting the wallet.dat file can reduce the attack surface.  It can remove the potential for an attacker to obtain the asset by a useful median case.
legendary
Activity: 1218
Merit: 1000
I didn't run your code or even googled it, just read the claims and it seams you were improving it to scan the hard-drive for any position where the wallet may be. Sorry if you didn't, anyway there's always a good reason to not re-publish it.

Removing attack vectors == make the attacker's life harder.

Moving the wallet already removes one attack vector; its sitting duck place.

Encrypt it, as you suggest earlier, removes another; be able to easily open it.
full member
Activity: 140
Merit: 100
Yeah... I already come across 5 variants (normally just with user/pass replaced) of that ftp stealer. Why not make it easier and publish it everywhere?

In other words I *thought* you wrote this yourself but now that I googled it I see you didn't...and I forgot to admit that it isn't a Virus.

Quote
Coders normally wage enough to not need to steal, script kiddies however doesn't and will thank you a lot for your effort.

Ok, in case you haven't heard of it I'd like you to introduce to you Google.   It's this idea that the Internet should have some relatively centralized way of finding things.  Essentially it means that if it's in one place...it's everywhere.

Quote
This isn't even about "security through obscurity or clarity" this is just making their life easier.

Yes, I have now enabled those hackers who have access to the Bitcoin forum but not access to Google.   Do you really see that as a large group?

Quote
I see most of those to pretend to be security experts to be nothing but dumb brats;

Not sure to whom you are referring but I've actually explicitly stated that I'm not an expert.  I'm a professional.   IT Security is simply part of my job.

Quote
security isn't about making an attack impossible, because that's also impossible to achieve.

Equivocation.   "an attack" is not the same as "any attack".   Obviously it is possible to remove some attack vectors.
legendary
Activity: 1218
Merit: 1000
Yeah... I already come across 5 variants (normally just with user/pass replaced) of that ftp stealer. Why not make it easier and publish it everywhere?
Coders normally wage enough to not need to steal, script kiddies however doesn't and will thank you a lot for your effort.

This isn't even about "security through obscurity or clarity" this is just making their life easier.

I see most of those to pretend to be security experts to be nothing but dumb brats; security isn't about making an attack impossible, because that's also impossible to achieve. Security is about make the attackers' life as hard as we can and keep vigilante.
full member
Activity: 140
Merit: 100
DELETE THAT S*** ASAP

From where I stand, despite you look a good coder, you're RETARDED!
Uh...You look a good agitated?

Quote
You just posted MASM32 code for a virus, do you at least have a clue on what you're doing?! Or trolling is more important to you?!
So it would be bad if something on the internet was posted some where else on the internet?

Anyway don't get your panties in a bunch there grandma.

This isn't a virus.   Just the payload.  This is, essentially no different than the script that was posted kokjo yesterday.

Or didn't your l33t security sk1lz tell you that.

sr. member
Activity: 294
Merit: 252
DELETE THAT S*** ASAP

From where I stand, despite you look a good coder, you're RETARDED!
You just posted MASM32 code for a virus, do you at least have a clue on what you're doing?! Or trolling is more important to you?!

So what? It's already out there, anybody who wants to can find it easily. It's not like your browser's going to execute it or something.  Cheesy

I hope nobody's listening to you for security obscurity advice.
legendary
Activity: 1218
Merit: 1000
DELETE THAT S*** ASAP

From where I stand, despite you look a good coder, you're RETARDED!
You just posted MASM32 code for a virus, do you at least have a clue on what you're doing?! Or trolling is more important to you?!
sr. member
Activity: 294
Merit: 250
If there were to be a browser vulnerability that facilitated the stealing of a file (without relying on something like Java), what would be an incredibly easy target? Exactly, a Bitcoin wallet in a default location.

likewise a file I can use the OS search facility to find.


You seem to have conveniently left out the second part of my post.

The chance of a browser exploit that allows scanning the disk for a certain file is infinitely smaller than the chance of a browser exploit that allows stealing a file in a predefined location.
full member
Activity: 126
Merit: 100
ummm... returning to the thread topic (i.e., Default Vaues), i don't understand something.

we can already control where the client looks for its configuration file (-conf=), and where it looks for its data (-datadir=).

why can't we have an option like -wallet= ?

it's hardly perfect, or even particularly elegant:  but it seems to me that the ability to run a wallet.dat file that was called foo.bar would eliminate about 90% of the scriptkiddie issues.

no?
Not for very long - for example under unix I could just query the process table and find out the command line arguments.  You could change the binary itself...

diff -Naur bitcoin/src/init.cpp bitcoin2/src/init.cpp
--- bitcoin/src/init.cpp        2011-07-06 16:26:16.920000001 -0400
+++ bitcoin2/src/init.cpp       2011-07-06 16:28:27.890000001 -0400
@@ -386,7 +386,7 @@
     printf("Loading wallet...\n");
     nStart = GetTimeMillis();
     bool fFirstRun;
-    pwalletMain = new CWallet("wallet.dat");
+    pwalletMain = new CWallet("boogie.dat");
     if (!pwalletMain->LoadWallet(fFirstRun))
         strErrors += _("Error loading wallet.dat      \n");
     printf(" wallet      %15"PRI64d"ms\n", GetTimeMillis() - nStart);


but then you can look at the files the app is using (kokjo did) or scan the binary...blah blah...



yes.

but how many of the scriptkiddies have your level of knowledge?  the heavies run darkcomet by rote...

a -wallet= command line option isn't a panacea - but there's very little that is in the realm of security.  we chip away at attack vectors like the attackers chip away at us.

eh.  i wouldn't mind having the option to run wallet off a thumbdrive, without the rest of the data directory on it.
full member
Activity: 140
Merit: 100
ummm... returning to the thread topic (i.e., Default Vaues), i don't understand something.

we can already control where the client looks for its configuration file (-conf=), and where it looks for its data (-datadir=).

why can't we have an option like -wallet= ?

it's hardly perfect, or even particularly elegant:  but it seems to me that the ability to run a wallet.dat file that was called foo.bar would eliminate about 90% of the scriptkiddie issues.

no?
Not for very long - for example under unix I could just query the process table and find out the command line arguments.  You could change the binary itself...

diff -Naur bitcoin/src/init.cpp bitcoin2/src/init.cpp
--- bitcoin/src/init.cpp        2011-07-06 16:26:16.920000001 -0400
+++ bitcoin2/src/init.cpp       2011-07-06 16:28:27.890000001 -0400
@@ -386,7 +386,7 @@
     printf("Loading wallet...\n");
     nStart = GetTimeMillis();
     bool fFirstRun;
-    pwalletMain = new CWallet("wallet.dat");
+    pwalletMain = new CWallet("boogie.dat");
     if (!pwalletMain->LoadWallet(fFirstRun))
         strErrors += _("Error loading wallet.dat      \n");
     printf(" wallet      %15"PRI64d"ms\n", GetTimeMillis() - nStart);


but then you can look at the files the app is using (kokjo did) or scan the binary...blah blah...

full member
Activity: 140
Merit: 100
You insist to talk (troll) about hypothetical attacks whereas this measure prevents existing and ongoing attacks.

No. I'm just saying that it would be trivial to modify an existing app to make your modification worthless.  If you don't understand the value in that, then you don't really understand security.  Easy enough to demonstrate though.   Make your change to the app, hand me the code for an existing filestealing exploit and your new source tree.  See if we can make it find your file.

Quote
Yes... and if your scan can read it telepathically can get the wallet even if you store in the brain...   Roll Eyes

Strawman fallacy.  I'm talking about something that anyone who develops software can see is trivial to implement...unlike telepathy.

Quote
BTW, in an average used system the OS built-in "find" takes ages to actually "find" something...
time find / -name wallet.dat
real    0m8.198s


QED
full member
Activity: 140
Merit: 100
Compared with encrypting the file with OpenSSL and a passphrase the "file stealing attack" no longer works.

I'm giving up on you 2... useless! You speak out like wannabes!

Hey is this maud_dib again?  You are the poser here.  Just like maubby you can almost trace your knowledge of cryptography through your googling of each issue as it's mentioned.

Quote
Yes, encrypt your wallet for safety and storage... but the bitcoin client will need to access it unencrypted. Unless, instead of all that nonconstructive trolling you would say something like: "Add an encryption layer in the bitcoin wallet to request a password to open the file."

We are talking about modifying the client.  You might as well criticize your own idea by saying: "Move the wallet? but the bitcoin client will need to access it in the standard location."


Quote
still a weak password and say goodbye to it, but it would be another good security measure to take to account.

Which requires a different attack.  You are essentially saying that I'm right here.

Quote
Now trolling about locks is just ridiculous!

It's an analogy just like the dozens you've been making.

legendary
Activity: 1218
Merit: 1000
You insist to talk (troll) about hypothetical attacks whereas this measure prevents existing and ongoing attacks.
Yes... and if your scan can read it telepathically can get the wallet even if you store in the brain...   Roll Eyes

BTW, in an average used system the OS built-in "find" takes ages to actually "find" something...
Pages:
Jump to: