Topic: "Vault 7" (Wikileaks) Discussion. Best Practices for Us? (Read 1248 times)

nothing bigger than the ssl bug remember the heartbleed? it was said to be in there since many years and no one notice it until 2015 i believe

the world is full of hackers that will use whatever tool they need to scam innocent, they also make their own malware that can not be detected by antivirus and similar

and then we have win 10 which is already a risky environment, holding big amount of coin this OS can open the door for future stealing without the user noticing

Since the advent of states, about 5000 years ago, we never had.  But only rarely we realized this.  And the few people realizing it were then "enemies of the state" (witches, communists, terrorists, .... name them, each epoch has its favourite enemy of state name).

I wonder how closely "Cloudbleed" and these "Vault 7" exploits are linked with each other. We have had two major security issues within a couple of weeks. This is not good for 3rd party systems linked to Bitcoin. The Open source systems would be fine, because these systems are constantly under Peer review and holes will be identified quickly, but most of these systems runs on hardware with built in proprietary software in the firmware that may be exploited.

We live in a scary world, where we have zero control over our lives. ^grrrrrrrr^   

Windows should die and linux should be sold on all customer level computers since Trump has become president it just shows how over the last 8 years under the "Obama customer care" he has provided to the United States of America and how he has stolen everybody's privacy in the form of email/phone calls/geo cached locations having all be logged of every citizen of the U.S.A under the name of so called "National Security" for the greatest nation of the civilized world!

After reviewing this and considering that even Linux has substantial exploits, I believe this release of documents screams to make sure you have a hardware wallet.  You do NOT have to break the blockchain IF you can exploit the operating system and watch what the user is doing.  A good hardware wallet never reveals keys, true PINS, etc... even to the operating system it is connected to.  Only a full break of BTC would render a quality hardware wallet as ineffective.  All other solutions that ever connect online in any way could be suspect.  This is not a scare tactic, just a very logical extension of what today's leak of info suggests.  While older archive paper wallets are secure, the question now becomes how do you someday spend/move those coins?  It is likely the two computer model - hot and cold - wallets would still hold up, hopefully.  I can't know the extent of these exploits yet.

I think this is positive.  If these weapons are out there, they will eventually also be used against government targets.  As such, there won't be a desire any more by government to keep leaky hardware and software: they've lost their competitive edge that way, and are now part of the victims.  So they will not hamper a cure any more.
It would be fantastic if horrible things happened to the government by their own tools in the hands of enemies.  It would be fantastic if the government felt powerless in the face of their own tools.  Then they will stop pushing for holes in the system (and maybe refrain from developing even more stuff that will eventually be used against them).

The NSA and the CIA have been on the wrong leg all these years (no wonder, they are government agencies).  In stead of being on the defensive side, and helping the population, companies and so on, to develop secure, tight systems, they have been lobbying for holes everywhere, so that they could develop their offensive capacity.  But now they are themselves full of holes, and the enemies have their weapons ; and they have equipped their citizens also with equipment full of holes, open to the attacks by their own tools in the hands of enemies.   They have rendered the government, and the entire population and economy, fully vulnerable to foreign attacks, with tax money.  

Decentralization is one factor. There is possibility of backdoor hidden somewhere in the code.
I expect that Bitcoin's code was checked very thoroughly, but so they said about many unbreakable security projects before.
Most recent example is backdoor within CloudFlare anti DDOS protection service.

Maybe this is OT if you wanted to stick to bitcoin, but the news that they were developing hacking tools to assassinate people by accelerating and steering their cars off the road scares me rather more than any financial risks. Or perhaps because in the wrong hands it will become both a financial risk and a risk to our lives. Imagine if hackers perform a few of these incidents at random, then start calling anyone (like those "Hello, I'm from Microsoft and you have a virus" phone calls) to claim that they've hacked your vehicle and will steer you into a lamppost at 80 MPH unless you pay them a bitcoin ransom. :-(

And people used to laugh when they saw my laptop camera is covered in tape with black sharpie marker over it.

...

I see at least two tangible dangers that would worry me:

1)  That any BTC that we "own" in web wallets could be stolen reasonably easy (with info from our own computers)

2)  Keystroke loggers..., which to me seem to be perhaps the greatest danger.  They could get our passwords...


Yep, as ebliever just wrote above, these tools are now out there "in the wild".  No telling who and what malicious users will try to inflict on us.

The real problem now is not that a handful of professionals in the CIA had these tools... it's that the tools are out in the wild. Anyone could have them, or be in the process of getting them. Simply knowing the sorts of things that can successfully be done may be enough to inspire other hackers to recreate tools with the same functionality.

That's the real risk I see to online wallets and anything else protected with a password (encryption notwithstanding, if you've read the news).

I can allay your fears on one point - don't worry about the government crassly stealing your funds. So long as they can simply inflate the dollar (or other centrally managed currency), there is absolutely no need for them to stoop to such a level even in a crisis. It would only be counterproductive for them to do so, when they can simply invisibly pilfer the value of everyone's funds everywhere by issuing more fiat.

they just need to hack the major miners though, since what matters is the hash rate

But perhaps there is potential for your coins to be stolen. One of the main parts of this latest revelation from Wikileaks is not just that the CIA is doing this, but that they lost control of all the hacking tools they collected and built which then fell into other hands - potentially the hands of criminals.

That's true, I don't agree with OP putting this here, he should have moved it to politics and society section. They cannot hack our blockchain because of decentralization, that I can guarantee but other forms of governmental manipulations well it's up in their hands.

I would love to know how much time and effort they have spent on trying to crack bitcoin.
Can you imagine if they had leaked that they had a back door into Bitcoin? I would expect a $900 drop if that happened!

I guess that Bitcoin wasn't mentioned is a good thing, they haven't cracked it yet.

Pls there should be no such thing as "our enemy" in Bitcoin World pls. We should be smarter than politicians. Jeez

Use a device with no closed source software, because that's where they hide the 'backdoors'. That includes all the firmware, drivers etc as well as the OS.

Check these guys out: https://minifree.org/

The problem exists for programmers too, because most don't have time to audit every bit of software they run. An example was the HeartBleed bug. It just takes a bit of thinking on how to manage data securely. Where possible use standalone devices. For example, Bitcoin Trezor is very unlikely to be compromised because it doesn't even have an operating system. It's custom programmed and the interface is small and limited, so it won't get viruses even when plugged in.

So for example, a good practice is using a laptop running off a Linux USB stick and connecting to the internet at a public place, like Starbucks. The idea isn't running Linux because it's guaranteed secure, it's running it because you can easily start a new session every time you power up. Identifying information, such as sites visited, cookies, etc. are not saved, and your connection isn't linked to your real world identity.

Best practices are using exactly whatever security methods we've been using so far. There's no practical way of protecting ourselves from unknown exploits...


Beyond scary... I don't think this will end in our lifetimes.


These wallets would get drained by hackers before anything else, I don't think the government is a issue or a threat here.


Indeed, experience tells us that governments only tend to their needs.


Didn't understand the reference, but I guess this is it. Maybe the CIA wants to "vault" the whole world who uses IT...

need photoshop.

Saw this available on a torrent site yesterday and it was password protected until March 6, yesterday when it would be revealed to open the 7zip file.