Pages:
Author

Topic: Time to upgrade your security - page 2. (Read 3296 times)

legendary
Activity: 1246
Merit: 1016
Strength in numbers
January 23, 2013, 07:47:33 PM
#20
Government is the largest security risk to Bitcoin. If some government shuts down Mt. Gox, for example, the value of BTC will evaporate overnight.

No, that one exchange is not what's pushing most of $200M worth of stored value.
hero member
Activity: 637
Merit: 502
January 23, 2013, 05:37:09 PM
#19
6. make a few copies of your address list. secure at least one copy in your home safe, safety deposit box, etc. I've got a copy behind a family photo in my office... not a compelling target for a thief.

If you keep unencrypted paper copies of your private keys you should not write Bitcoin in bold on it. This is just security by obscurity but for 98% of people this is just a random string of numbers.
legendary
Activity: 2282
Merit: 1050
Monero Core Team
January 23, 2013, 05:18:10 PM
#18
My solution only use GNU/Linux for Bitcoin and do not use Microsoft Windows. By the way while you only are at it only use GNU/Linux for online banking, PayPal, online credit card purchases etc.

Seriously Windows malware does not know what to do when it encounters the GNU and the Penguin.

Linux is definitely safter in many regards, but it is unavoidable to use windows sometimes, espeically I need to ssh in my Linux machine using my windows machine for may practical reasons, I am worring a keylogger/admin rights hole make the attacker get my linux password and remote in as I do, thus do anything they please.

Good point. I would add that logging into my GNU/Linux server(s) over ssh as something I would not wish to do from Microsoft Windows especially when a significant portion of one's livelihood is dependent on the server(s) not being compromised.
full member
Activity: 154
Merit: 100
January 23, 2013, 05:07:40 PM
#17
My solution only use GNU/Linux for Bitcoin and do not use Microsoft Windows. By the way while you only are at it only use GNU/Linux for online banking, PayPal, online credit card purchases etc.

Seriously Windows malware does not know what to do when it encounters the GNU and the Penguin.

Linux is definitely safter in many regards, but it is unavoidable to use windows sometimes, espeically I need to ssh in my Linux machine using my windows machine for may practical reasons, I am worring a keylogger/admin rights hole make the attacker get my linux password and remote in as I do, thus do anything they please.
legendary
Activity: 2282
Merit: 1050
Monero Core Team
January 23, 2013, 05:01:57 PM
#16
My solution only use GNU/Linux for Bitcoin and do not use Microsoft Windows. By the way while you only are at it only use GNU/Linux for online banking, PayPal, online credit card purchases etc.

Seriously Windows malware does not know what to do when it encounters the GNU and the Penguin.
full member
Activity: 154
Merit: 100
January 23, 2013, 04:45:29 PM
#15

Wow, tons of thanks, this is what I have been looking for!

Now I started using bitcoins, I realized - keylogger/Torojian can defy most security measures for your severs by reading inputs from your client machine and log the output. so any passphrases, secret key, password "wall" will be breached on the road.

I'd rather have a security token running a totally controlled environment, providing one time password I need to use for each logon. (iPhone's strict control by only loading signed application actually make them safer in this regards, though they are doing this totally for their own benefit)
legendary
Activity: 1008
Merit: 1000
January 23, 2013, 04:37:54 PM
#14
I'm surprised by how few people advocate for the offline (i.e., air-gapped) brainwallet. *shrugs* Each to his own I guess.
full member
Activity: 136
Merit: 100
January 23, 2013, 04:22:17 PM
#13
Untill armory is updated to a malicious version, Dunndunn Dunnnn.
Lol. But now, who out there feels that default bitcoin encrypted wallets are at risk?  Surely this security "time to update" revolves mostly around things like webaccounts like our OTC names, or mt.gox accounts

You could say the same thing about Bitcoin-Qt. But, not really, because both are open source.

A simple keylogger defeats encrypted wallets, so yes, I feel they are at risk. Which is why I use offline wallets for the large majority of my coins.



Keylogger is single biggest side channel attack hard to totoally avoid, it is time for bitcoin client utilize two factor authentication, and the second factor should be one time password, (based on time like RSA token or Google authenticator.

Also, I hope linux sshd could begin to use two-factor login as well.
You can, with pam module - http://www.howtogeek.com/121650/how-to-secure-ssh-with-google-authenticators-two-factor-authentication/
sr. member
Activity: 430
Merit: 250
January 23, 2013, 04:04:21 PM
#12
Untill armory is updated to a malicious version, Dunndunn Dunnnn.
Lol. But now, who out there feels that default bitcoin encrypted wallets are at risk?  Surely this security "time to update" revolves mostly around things like webaccounts like our OTC names, or mt.gox accounts

You could say the same thing about Bitcoin-Qt. But, not really, because both are open source.

A simple keylogger defeats encrypted wallets, so yes, I feel they are at risk. Which is why I use offline wallets for the large majority of my coins.



Keylogger is single biggest side channel attack hard to totoally avoid, it is time for bitcoin client utilize two factor authentication, and the second factor should be one time password, (based on time like RSA token or Google authenticator.
It already exists, it's called multisig, it's just not very user-friendly yet.
hero member
Activity: 767
Merit: 500
full member
Activity: 154
Merit: 100
January 23, 2013, 03:54:45 PM
#10
Untill armory is updated to a malicious version, Dunndunn Dunnnn.
Lol. But now, who out there feels that default bitcoin encrypted wallets are at risk?  Surely this security "time to update" revolves mostly around things like webaccounts like our OTC names, or mt.gox accounts

You could say the same thing about Bitcoin-Qt. But, not really, because both are open source.

A simple keylogger defeats encrypted wallets, so yes, I feel they are at risk. Which is why I use offline wallets for the large majority of my coins.



Keylogger is single biggest side channel attack hard to totoally avoid, it is time for bitcoin client utilize two factor authentication, and the second factor should be one time password, (based on time like RSA token or Google authenticator.

Also, I hope linux sshd could begin to use two-factor login as well.
legendary
Activity: 3066
Merit: 1147
The revolution will be monetized!
January 23, 2013, 03:33:16 PM
#9
Government is the largest security risk to Bitcoin. If some government shuts down Mt. Gox, for example, the value of BTC will evaporate overnight.
I used to think that. But I'm not so sure anymore. It would hurt prices, but I would continue to use them. Besides, by government you only mean the local authority. Bitcoin is global and in the hands of people. "shutting it down" may be as effective as shutting down music sharing has been.
full member
Activity: 144
Merit: 101
January 23, 2013, 03:28:47 PM
#8
Government is the largest security risk to Bitcoin. If some government shuts down Mt. Gox, for example, the value of BTC will evaporate overnight.
full member
Activity: 210
Merit: 100
January 23, 2013, 03:25:18 PM
#7
Yup. I definitely agree with wormbog.

Bitcoins may be digital, but there's nothing better than to keep the keys on a paper wallet.
hero member
Activity: 561
Merit: 500
January 23, 2013, 03:16:13 PM
#6
Folks, for real bitcoin security, offline computers and lots of backups of wallet.dat are not good enough. You need to go back to the basics. Paper copies of matched public and private keys.

1. go to bitaddress.org
2. under the Paper Wallet tab, generate and print a page w/ 10 sets of keys
3. transfer the bulk of your holdings to the public key addresses, divided 10% to each key
4. set up an account on blockchain.info
5. import the public keys as watch-only keys. Now you keep your eye on the BTC but no-one can touch it
6. make a few copies of your address list. secure at least one copy in your home safe, safety deposit box, etc. I've got a copy behind a family photo in my office... not a compelling target for a thief.
7. send a copy of the address list to your parents or a friend you can trust to store with their valuables.

If you need to spend some of those coins, import one of the private keys into bitcoind or blockchain.info (or mtgox, or wherever) and spend away.

If you collect some new coins you want to protect, send them to the public addresses on your list for safekeeping.
legendary
Activity: 2408
Merit: 1121
January 23, 2013, 02:59:59 PM
#5
I would at a minimum, set up an air-gapped computer that only contains your cold storage wallet. Seeing how netbooks and other small devices are really cheap, it would be good insurance against someone trying to nab your bitcoins. Especially if you follow the practices that only allow signed transactions to be spent on the network from that machine.
legendary
Activity: 1428
Merit: 1001
Okey Dokey Lokey
January 23, 2013, 02:48:27 PM
#4
I think as long as your not the low hanging fruit you have some protection.
Like the two hikers. One takes off his hiking boots and puts on tennis shoes. The other asks "why no boots?, You may need ankle support." The first hiker replies that he wants to be able to run fast in case of bears. "Well, even in tennis shoes you will never outrun the bear," said the other.  "I don't have to outrun the bear, just you." he replied.

Its how hacking works!, Aim for the weakest target, Then the next, And so on untill its too hard to hack.
Holliday has a point tho, I may want to setup an offline wallet... Think my flashdrive is good enough?
legendary
Activity: 3066
Merit: 1147
The revolution will be monetized!
January 23, 2013, 01:57:38 PM
#3
I think as long as your not the low hanging fruit you have some protection.
Like the two hikers. One takes off his hiking boots and puts on tennis shoes. The other asks "why no boots?, You may need ankle support." The first hiker replies that he wants to be able to run fast in case of bears. "Well, even in tennis shoes you will never outrun the bear," said the other.  "I don't have to outrun the bear, just you." he replied.
legendary
Activity: 1428
Merit: 1001
Okey Dokey Lokey
January 23, 2013, 01:27:54 PM
#2
Untill armory is updated to a malicious version, Dunndunn Dunnnn.
Lol. But now, who out there feels that default bitcoin encrypted wallets are at risk?  Surely this security "time to update" revolves mostly around things like webaccounts like our OTC names, or mt.gox accounts
legendary
Activity: 3066
Merit: 1147
The revolution will be monetized!
January 23, 2013, 01:06:27 PM
#1
Prices are up again and risk should also be rising. For those who remember the crash from last year, these are scary times. Many users use the same standard of protection for their BTC as their face book account. Since bitcoins are money, and big money brings out the serious criminals, you will need o be prepared for a surge in hacktivity.

There are lots of threads here about keeping your bitwealth safe, you can choose for yourself. But why not make today the day you back up your wallet and clean out any scraps of old wallets. Or change your password from "god" to something robust.

Just sayin.
Pages:
Jump to: