And I really fear the possibility that a couple lines of code placed in an upcoming "critical update" from Microsoft, placed by a rogue contractor or something like that, will be the largest wallet-stealing event ever. (or an update that has the same end result occurring on Android, etc.).
Your avatar and post, coupled together, is scaring me.
Heh. That avatar is just a rock formation on Mars.
And I really fear the possibility that a couple lines of code placed in an upcoming "critical update" from Microsoft, placed by a rogue contractor or something like that, will be the largest wallet-stealing event ever. (or an update that has the same end result occurring on Android, etc.).
Are you saying that all that's needed is a couple lines of code to stop one from receiving any type of information on the net that's not an accredited source, e.g., peer-to-peer transmissions?
There are a huge security vulnerabilities that have not been employed to-date, but Windows automatic updates is probably the largest. There technically could already be code running on your computers, installed during the last Windows update cycle, just waiting for the right time when it will copy wallet.dat if one exists up to systems under the hacker's control. Is that likely? I would think Microsoft would have better controls on what goes into updates and this won't happen. But that's the key. It isn't under your control, it is under Microsoft's control.
And I'm not picking on Microsoft, ... Apple has access to this vector, as does Ubuntu (which isn't 100% open source, and even open source doesn't mean there's no rogue participant), and even Samsung and Google as well (for when they send out new releases of Andoid).
If the wallet.dat is encrypted, that makes such an attack much harder (would also require keylogging or other approach that would be discovered well before significant losses occurred, I'ld bet.)
But my point is that I don't know that Bitcoin is ready for a "mission accomplished" banner just yet.
