|
Title: Google PATCHES critical Android crypto flaw used in $5,700 Bitcoin heist Post by: millsdmb on August 15, 2013, 02:36:51 AM Thought I'd share
http://arstechnica.com/security/2013/08/google-confirms-critical-android-crypto-flaw-used-in-5700-bitcoin-heist/ Title: Re: Google confirms critical Android crypto flaw used in $5,700 Bitcoin heist Post by: Chef Ramsay on August 15, 2013, 03:58:30 AM A friend of mine lost his 5 coins by having this android app and now he's spooked. Told him to play it safe and get a trezor for his computer.
Title: Re: Google confirms critical Android crypto flaw used in $5,700 Bitcoin heist Post by: marcus_of_augustus on August 15, 2013, 06:12:15 AM google "crypto flaw" or google nsa back-door?
... guess we'll never know, they got laws for lying about stuff like that. Title: Re: Google confirms critical Android crypto flaw used in $5,700 Bitcoin heist Post by: Kouye on August 15, 2013, 02:32:14 PM Quote Symantec researchers said in their blog post. "Since transactions are public on the Bitcoin network, attackers scanned the transaction block chain looking for these particular transactions to retrieve the private key and transfer funds from the Bitcoin wallet without the owner’s consent." I wasn't aware Symantec was interested in bitcoin... There are actually a lot of related posts in their blogs. :o Here is the one the (http://www.symantec.com/connect/blogs/android-cryptographic-issue-may-affect-hundreds-thousands-apps) article mentions. Title: Re: Google PATCHES critical Android crypto flaw used in $5,700 Bitcoin heist Post by: millsdmb on August 15, 2013, 07:53:55 PM Thought I'd share UPDATED: they say it's patched.http://arstechnica.com/security/2013/08/google-confirms-critical-android-crypto-flaw-used-in-5700-bitcoin-heist/ http://biztechreport.co.uk/2013/08/google-fixes-android-bitcoin-theft-vulnerability/ Title: Re: Google PATCHES critical Android crypto flaw used in $5,700 Bitcoin heist Post by: threeip on August 15, 2013, 08:51:09 PM Don't store coins on your phone etc etc
My Android wallet is safe, it moved my 0.007BTC for me... Title: Re: Google PATCHES critical Android crypto flaw used in $5,700 Bitcoin heist Post by: marcus_of_augustus on August 15, 2013, 10:10:18 PM I'm wondering what commonly used code on Android has been accessing this "flawed" RNG ... e.g. TSL connections, banking apps?
Title: Re: Google PATCHES critical Android crypto flaw used in $5,700 Bitcoin heist Post by: Carlton Banks on August 15, 2013, 10:37:04 PM I'm wondering what commonly used code on Android has been accessing this "flawed" RNG ... e.g. TSL connections, banking apps? Browser based SSL and TLS are apparently unaffected, only apps that access this specific (legacy) Apache crypto library have the problem, which presumably extends to apps other than the Bitcoin wallet coterie Title: Re: Google confirms critical Android crypto flaw used in $5,700 Bitcoin heist Post by: notme on August 15, 2013, 10:42:49 PM A friend of mine lost his 5 coins by having this android app and now he's spooked. Told him to play it safe and get a trezor for his computer. Any idea when Trezor will be released? I can't find a date anywhere. Title: Re: Google confirms critical Android crypto flaw used in $5,700 Bitcoin heist Post by: threeip on August 15, 2013, 10:44:35 PM A friend of mine lost his 5 coins by having this android app and now he's spooked. Told him to play it safe and get a trezor for his computer. Any idea when Trezor will be released? I can't find a date anywhere. http://www.bitcointrezor.com/eshop/ Delivery est. October/November 2013 |