Pages:
Author

Topic: "Vault 7" (Wikileaks) Discussion. Best Practices for Us? (Read 1248 times)

legendary
Activity: 3206
Merit: 1069
nothing bigger than the ssl bug remember the heartbleed? it was said to be in there since many years and no one notice it until 2015 i believe

the world is full of hackers that will use whatever tool they need to scam innocent, they also make their own malware that can not be detected by antivirus and similar

and then we have win 10 which is already a risky environment, holding big amount of coin this OS can open the door for future stealing without the user noticing
hero member
Activity: 770
Merit: 629
We live in a scary world, where we have zero control over our lives. ^grrrrrrrr^   

Since the advent of states, about 5000 years ago, we never had.  But only rarely we realized this.  And the few people realizing it were then "enemies of the state" (witches, communists, terrorists, .... name them, each epoch has its favourite enemy of state name).
legendary
Activity: 3458
Merit: 1960
Leading Crypto Sports Betting & Casino Platform
I wonder how closely "Cloudbleed" and these "Vault 7" exploits are linked with each other. We have had two major security issues within a couple of weeks. This is not good for 3rd party systems linked to Bitcoin. The Open source systems would be fine, because these systems are constantly under Peer review and holes will be identified quickly, but most of these systems runs on hardware with built in proprietary software in the firmware that may be exploited.

We live in a scary world, where we have zero control over our lives. ^grrrrrrrr^   
hero member
Activity: 490
Merit: 500
Windows should die and linux should be sold on all customer level computers since Trump has become president it just shows how over the last 8 years under the "Obama customer care" he has provided to the United States of America and how he has stolen everybody's privacy in the form of email/phone calls/geo cached locations having all be logged of every citizen of the U.S.A under the name of so called "National Security" for the greatest nation of the civilized world!
hero member
Activity: 758
Merit: 606
After reviewing this and considering that even Linux has substantial exploits, I believe this release of documents screams to make sure you have a hardware wallet.  You do NOT have to break the blockchain IF you can exploit the operating system and watch what the user is doing.  A good hardware wallet never reveals keys, true PINS, etc... even to the operating system it is connected to.  Only a full break of BTC would render a quality hardware wallet as ineffective.  All other solutions that ever connect online in any way could be suspect.  This is not a scare tactic, just a very logical extension of what today's leak of info suggests.  While older archive paper wallets are secure, the question now becomes how do you someday spend/move those coins?  It is likely the two computer model - hot and cold - wallets would still hold up, hopefully.  I can't know the extent of these exploits yet.
hero member
Activity: 770
Merit: 629
The real problem now is not that a handful of professionals in the CIA had these tools... it's that the tools are out in the wild. Anyone could have them, or be in the process of getting them. Simply knowing the sorts of things that can successfully be done may be enough to inspire other hackers to recreate tools with the same functionality.

I think this is positive.  If these weapons are out there, they will eventually also be used against government targets.  As such, there won't be a desire any more by government to keep leaky hardware and software: they've lost their competitive edge that way, and are now part of the victims.  So they will not hamper a cure any more.
It would be fantastic if horrible things happened to the government by their own tools in the hands of enemies.  It would be fantastic if the government felt powerless in the face of their own tools.  Then they will stop pushing for holes in the system (and maybe refrain from developing even more stuff that will eventually be used against them).

The NSA and the CIA have been on the wrong leg all these years (no wonder, they are government agencies).  In stead of being on the defensive side, and helping the population, companies and so on, to develop secure, tight systems, they have been lobbying for holes everywhere, so that they could develop their offensive capacity.  But now they are themselves full of holes, and the enemies have their weapons ; and they have equipped their citizens also with equipment full of holes, open to the attacks by their own tools in the hands of enemies.   They have rendered the government, and the entire population and economy, fully vulnerable to foreign attacks, with tax money.  

hero member
Activity: 560
Merit: 502
Pls there should be no such thing as "our enemy" in Bitcoin World pls. We should be smarter than politicians. Jeez


That's true, I don't agree with OP putting this here, he should have moved it to politics and society section. They cannot hack our blockchain because of decentralization, that I can guarantee but other forms of governmental manipulations well it's up in their hands.
Decentralization is one factor. There is possibility of backdoor hidden somewhere in the code.
I expect that Bitcoin's code was checked very thoroughly, but so they said about many unbreakable security projects before.
Most recent example is backdoor within CloudFlare anti DDOS protection service.
legendary
Activity: 1708
Merit: 1035
...

I see at least two tangible dangers that would worry me:

1)  That any BTC that we "own" in web wallets could be stolen reasonably easy (with info from our own computers)

2)  Keystroke loggers..., which to me seem to be perhaps the greatest danger.  They could get our passwords...


Yep, as ebliever just wrote above, these tools are now out there "in the wild".  No telling who and what malicious users will try to inflict on us.

Maybe this is OT if you wanted to stick to bitcoin, but the news that they were developing hacking tools to assassinate people by accelerating and steering their cars off the road scares me rather more than any financial risks. Or perhaps because in the wrong hands it will become both a financial risk and a risk to our lives. Imagine if hackers perform a few of these incidents at random, then start calling anyone (like those "Hello, I'm from Microsoft and you have a virus" phone calls) to claim that they've hacked your vehicle and will steer you into a lamppost at 80 MPH unless you pay them a bitcoin ransom. :-(

And people used to laugh when they saw my laptop camera is covered in tape with black sharpie marker over it.
legendary
Activity: 2912
Merit: 1852
...

I see at least two tangible dangers that would worry me:

1)  That any BTC that we "own" in web wallets could be stolen reasonably easy (with info from our own computers)

2)  Keystroke loggers..., which to me seem to be perhaps the greatest danger.  They could get our passwords...


Yep, as ebliever just wrote above, these tools are now out there "in the wild".  No telling who and what malicious users will try to inflict on us.
legendary
Activity: 1708
Merit: 1035
I'd warn all Bitcoin users to refrain from using online wallets because, no matter how trustworthy, it seems the government may be able to do what ever they'd like.
Especially seeing as how the government is in almost 20 trillion dollars of debt, I wouldn't be surprised if sooner or later the government tried to steal all our 401ks and retirement/education savings. And, if that's not enough, they may steal from companies like PayPal and perhaps will attempt to take from Bitcoin. After all, there are billions of dollars worth of Bitcoins.


The real problem now is not that a handful of professionals in the CIA had these tools... it's that the tools are out in the wild. Anyone could have them, or be in the process of getting them. Simply knowing the sorts of things that can successfully be done may be enough to inspire other hackers to recreate tools with the same functionality.

That's the real risk I see to online wallets and anything else protected with a password (encryption notwithstanding, if you've read the news).

I can allay your fears on one point - don't worry about the government crassly stealing your funds. So long as they can simply inflate the dollar (or other centrally managed currency), there is absolutely no need for them to stoop to such a level even in a crisis. It would only be counterproductive for them to do so, when they can simply invisibly pilfer the value of everyone's funds everywhere by issuing more fiat.
UDC
member
Activity: 83
Merit: 10
https://UDC.world
That's true, I don't agree with OP putting this here, he should have moved it to politics and society section. They cannot hack our blockchain because of decentralization, that I can guarantee but other forms of governmental manipulations well it's up in their hands.

they just need to hack the major miners though, since what matters is the hash rate
hero member
Activity: 690
Merit: 505
Cryptorials.io
Pls there should be no such thing as "our enemy" in Bitcoin World pls. We should be smarter than politicians. Jeez


That's true, I don't agree with OP putting this here, he should have moved it to politics and society section. They cannot hack our blockchain because of decentralization, that I can guarantee but other forms of governmental manipulations well it's up in their hands.

But perhaps there is potential for your coins to be stolen. One of the main parts of this latest revelation from Wikileaks is not just that the CIA is doing this, but that they lost control of all the hacking tools they collected and built which then fell into other hands - potentially the hands of criminals.
sr. member
Activity: 756
Merit: 253
Pls there should be no such thing as "our enemy" in Bitcoin World pls. We should be smarter than politicians. Jeez


That's true, I don't agree with OP putting this here, he should have moved it to politics and society section. They cannot hack our blockchain because of decentralization, that I can guarantee but other forms of governmental manipulations well it's up in their hands.
legendary
Activity: 1218
Merit: 1003
I would love to know how much time and effort they have spent on trying to crack bitcoin.
Can you imagine if they had leaked that they had a back door into Bitcoin? I would expect a $900 drop if that happened!

I guess that Bitcoin wasn't mentioned is a good thing, they haven't cracked it yet.
Ucy
sr. member
Activity: 2576
Merit: 401
Pls there should be no such thing as "our enemy" in Bitcoin World pls. We should be smarter than politicians. Jeez
hero member
Activity: 690
Merit: 505
Cryptorials.io
Use a device with no closed source software, because that's where they hide the 'backdoors'. That includes all the firmware, drivers etc as well as the OS.

Check these guys out: https://minifree.org/
full member
Activity: 222
Merit: 101
Obviously this is troubling, perhaps especially to non-programmers like me.

The problem exists for programmers too, because most don't have time to audit every bit of software they run. An example was the HeartBleed bug. It just takes a bit of thinking on how to manage data securely. Where possible use standalone devices. For example, Bitcoin Trezor is very unlikely to be compromised because it doesn't even have an operating system. It's custom programmed and the interface is small and limited, so it won't get viruses even when plugged in.

So for example, a good practice is using a laptop running off a Linux USB stick and connecting to the internet at a public place, like Starbucks. The idea isn't running Linux because it's guaranteed secure, it's running it because you can easily start a new session every time you power up. Identifying information, such as sites visited, cookies, etc. are not saved, and your connection isn't linked to your real world identity.
legendary
Activity: 1512
Merit: 1009
Best practices are using exactly whatever security methods we've been using so far. There's no practical way of protecting ourselves from unknown exploits...

The fact that our government does this is truly scary and will hopefully come to an end.

Beyond scary... I don't think this will end in our lifetimes.

I'd warn all Bitcoin users to refrain from using online wallets because, no matter how trustworthy, it seems the government may be able to do what ever they'd like.

These wallets would get drained by hackers before anything else, I don't think the government is a issue or a threat here.

- believing their caring for the common good

Indeed, experience tells us that governments only tend to their needs.

need photoshop.

Didn't understand the reference, but I guess this is it. Maybe the CIA wants to "vault" the whole world who uses IT... Cheesy
legendary
Activity: 1512
Merit: 1011
need photoshop.

hero member
Activity: 490
Merit: 500
Saw this available on a torrent site yesterday and it was password protected until March 6, yesterday when it would be revealed to open the 7zip file.
Pages:
Jump to: