|
Title: Dangers in using USB Stick to get signed transactions offline? Post by: adaseb on December 16, 2016, 12:21:00 PM Was doing some reading about "BadUSB" and have a hard time finding out exactly how it works.
Does it need to be some infected firmware USB stick that you bought from a 3rd party or can it be a regular brand new USB Stick from a retail store which gets infected if your computer has some virus. There was one guy who had like 4 CDROMs and he burned the unsigned transaction on a CD-Writer, put in the CD-Reader on the offline computer and burned the signed transaction with the CD-Writer, and later on with the online computer put it back into the CD-Reader to get the transaction broadcasted. This seems a little tedious to me. Any safer methods on getting the transactions signed or is this "BadUSB" just something that rarely happens with Bitcoin? Title: Re: Dangers in using USB Stick to get signed transactions offline? Post by: Coin-Keeper on December 16, 2016, 06:50:31 PM We have had several (many) threads chasing the answer to this question. My opinion is that if you are using Linux you would be much safer than using Windows where the USB issue is concerned. You will want to make certain that auto play isn't on when you insert the USB. That is a simple setting, but make sure YOU start anything on the USB and NO auto start of stuff. I haven't heard of any "in the wild" Linux users that have ever fallen prey to this exploit. Still, it is possible. Some will argue Q codes are safer, but then again many in the know will tell you its also vulnerable with the same low percentage of risk on pure Linux stuff. I ran Electrum for a few years using USB and cold wallet, which I felt was pretty darn safe. I just got tired of going back and forth between computers so I ended up starting to use a hardware wallet. The convenience was well worth the small expense because my volume more than justifies it, at least to myself. Like you mentioned on the CDRs. Unless I was doing a super large wallet like once or twice year I wouldn't want to keep juggling optical media due to the hassle. In fairness you have to know that I only use full Linux and never Windows. You will find members here that may disagree and we are free to make our own choices. We must also be willing to live with the outcome of the choices. Hope you make the best one for YOUR needs.
Title: Re: Dangers in using USB Stick to get signed transactions offline? Post by: pooya87 on December 18, 2016, 05:12:43 AM Was doing some reading about "BadUSB" and have a hard time finding out exactly how it works. Does it need to be some infected firmware USB stick that you bought from a 3rd party or can it be a regular brand new USB Stick from a retail store which gets infected if your computer has some virus. There was one guy who had like 4 CDROMs and he burned the unsigned transaction on a CD-Writer, put in the CD-Reader on the offline computer and burned the signed transaction with the CD-Writer, and later on with the online computer put it back into the CD-Reader to get the transaction broadcasted. This seems a little tedious to me. Any safer methods on getting the transactions signed or is this "BadUSB" just something that rarely happens with Bitcoin? i have never heard of bad USB which has a malicious firmware! if you have any link i would love to read more about it thought. and as for that method i think it is an overkill and he is not really doing anything extra to make it safer. the best way to have an "air tight" system for signing transactions is an offline linux which you never attach anything to it. and for the transactions you only use QR codes and your camera to scan them. check this out: https://susestudio.com/a/kp8B3G/ciyam-safe her is the person who made it: https://bitcointalk.org/index.php?action=profile;u=44572 |