Bitcoin Forum

...Bitcoin unaffected.

http://www.nytimes.com/2015/02/15/world/bank-hackers-steal-millions-via-malware.html?_r=1


When this happens with in the bitcoin economy, expect plenty of negative press... when it happens to traditional banks(as it happens all the time) expect a few articles and little to no criticism. When it happens to a bitcoin exchange, only the users are affected, when it happens to banks expect them to band together with corrupt states and not disclose who was effected and expect them all to be "insured" and "compensated" and everyone will be forced to pay. No CEO's will lose their jobs and no banks will fail due to weak security as they are all too big to fail and their poor security will be paid by you whether you know it or not.

Why arent we hearing more about this? It's pretty sad :/

The article is missing a critical fact. What operating system were the banks that were victimized running? My guess is that the operating system that was infected with malware was some version of Microsoft Windows. In this case the issue is no different than the many Bitcoin users who have had their Bitcoins stolen because the used the same operating system.

The real issue here is not Bitcoin vs fiat but rather the choice of Microsoft Windows over GNU/Linux that has made the banks victims in this case for the very same reason that many Bitcoin users have also been victimized

Because it only gives headlines if its bitcoin related to make it look unsafe.

Linux is more secure than windows typically , but your assumptions are dangerously wrong as all OS variants are effected...

http://threatpost.com/versatility-of-zeus-framework-encourages-criminal-innovation/106638


http://securelist.com/blog/research/67962/the-penquin-turla-2/



There is no silver bullet. Good security is difficult and complex.

It is about risk mitigation pure and simple. Yes there exist a few proof of concept GNU/Linux malware. Now compare this with the literally millions of Windows malware in the wild. I do not claim that GNU/Linux is immune to malware but the risk factor is lower by many orders of magnitude.

O and has Turla actually been found infecting systems in the wild? According to the article quoted above apparently not

Some of the largest hacks in Bitcoin history have all involved services running on Linux.  Security is a mindset not an OS.  MtGox, BitStamp, Coinflor, MyBitcoin, Bitcoinica, Slush Pool, the Bitcoin faucet (the original), etc.  What did they all have in common?  They all ran on Linux and they were all robbed blind.

At least 2 of those were probably fake hacks where the owner ran away with large piles of digital money.
Your point about "Security is a mindset" is very valid.

I agree that Linux tends to be more secure than windows, but you are giving them too much credit.

http://arstechnica.com/security/2014/12/powerful-highly-stealthy-linux-trojan-may-have-infected-victims-for-years/

http://blog.norsecorp.com/2015/02/10/new-linux-backdoor-trojan-includes-sophisticated-payload/

Sure but they have more often than not involved poor password security, overall poor server security and not OS specific malware. Yes of course security is a mind set but it begins with picking the right OS. The types of attacks that targeted the banks and many hacking attacks involve planting malware on Windows desktop computers that is then used the steal credentials. These stolen credentials may actually be used to attack, a GNU/Linux server, but even in this case the fault lies with Microsoft Windows. This is possible not only due to both the design of Windows but also because of how Windows is marketed particularly to consumers. The latter is what makes possible the massive fertile ground of vulnerable Windows computers that allows Windows malware to breed. How many Windows computers are sold to consumers that treat security as an up sell? The economic incentives in propriety software distribution actually encourage the end user to seek the Internet for gratis alternatives. They also make it easy to install software on Windows, while forcing users and administrators to have to seek software from all over the Internet. I have seen very experienced Windows administrators get fooled into installing malware. The alternative to this malware cesspool that is provided by Apple and Microsoft is an Orwellian lockdown where only applications approved by big brother can run. This leads to yet another problem since it encourages users to break the security of the OS wide open to get the freedom they deserve.

Now compare this with GNU/Linux where users and administrators are provided with a trusted software repository with 99% of the software most users will need is available gratis. Getting software to run from outside the trusted repository is possible but nerdy. It invloves in many cases compiling the software from the source code. Even if an executable is available and it matches the right distribution it still involves manually changing a set of permissions on the executable file. So Joe novice tries to install a malware executable on GNU/Linux. The most likely result is that he gets an obscure error and contacts technical support who promptly sets him right.

Security is not just about the user or the OS, it is also about the entire ecosystem.

Edit: GNU/Linux is about source compatibility since it is designed for FLOSS. Microsoft Windows is about binary compatibility since it is designed for propriety software. Malware does not spread very well if it has to be compiled by hand.

I wonder if Hong Kong will consider banning fiat now  ::)

If this were to be btc, all the negative news will start to pour in to make it look real bad. And talk about being fair

One way of Bitcoin being more secure than fiat. Bank transfer requires you to key in information while connected to the internet. In Bitcoin, you can sign a raw TX on a offline computer and broadcast it on another online computer. If you use proper security procedures in Bitcoin, the chances of hack would be close to zero(Unless a bug in the wallet code is found).

I don't see how this could even remotely be good news for bitcoin. Banks cover such losses so their costumes lose nothing. It's ridiculously easy for a newbie to lose his bitcoins if he doesn't take proper steps to secure his wallet. I've been a bitcoin supporter for two years, I've yet to see a way that makes 'bank grade' security for storing bitcoin accessible to the average user.

My bet is XP, even though the official support stopped last year, still plenty of business's are using xp

and so we are more alert and wear a pretty good security  :)

If this was btc, we would already be banned by now

BTC will never be banned.. It might lose its value though..

Bitcoin cannot be banned due to the fact that it is decentralised. The whole internet would have to be shutdown to block Bitcoin. It would be unlikely such a big hack would happen to Bitcoin as the encryption is relatively secure enough for at least another 10-20years.

BTC can never be banned :-/
It's the point you know

Can we link this every time some rag post a comment from a govt official warning about the dangers of bitcoin security.

of course it could be banned these people are the boogeymen. Could the ban stick (see prohibition).
More than likely the govs are looking on a way to capitalize, as all politicians and bankers are crooks..
and this is looking like a sweet way to finance whatever discreetely

This is the myth that we need to educate all people about. FDIC insurance ultimately is amortized across all clients/citizens. Everyone ultimately pays for all these losses through service fees, deductibles, inflation, merchant processing fees raising the cost of all goods and services, ect..

Banks and governments are sophisticated grifters who have managed to fool everyone into thinking that using credit cards actually is secure and gives customers up to 1% "cash back" for spending or that inflation is only 2-3% a year.



There are plenty of solutions which are as secure or more so than bank security for bitcoin: https://bitcointalk.org/index.php?topic=858604.0

Circle, Xapo. The insurance they offer isn't government backed. But if that government happens to be, say, Iceland, it actually may be better.

BAN DOLLARS! Now you see how dangerous that is!  :'(

Still, are they as accessible to the average user as registering a bank account and depositing?

For the most part, no ... and that is what everyone is working on. Most hardware wallets are easy to setup but not for the average user, they just wants something that is secure and works right out of the gate. I believe the first step towards greater usability that will be released shortly is  -
https://mycelium.com/bitcoincard

This hardware wallet doesn't depend upon a laptop and can be used as a standalone hardware wallet that just works for targeted for under 80 dollars.

When Standalone hardware wallets start being sold for under 50 usd , fit on a keychain, and are nfc compatible than expect much greater adoption to occur.

This is sad news :(
whether the employees is not installed anti-virus or ect? i think there are many site to for scan site and file like virustotal.com for example.

Hackers tyrant ::)

this is just the beginning.

Here it is on the front page of today's NYT.

https://i.imgur.com/Sq5UBId.jpg

Someone steals from a bank and no one bats an eye, someone loses a few bitcoin and everybody loses their minds,

It's on the front page, but it's rather small on my opinion.

Not big deal for govs/bank clan, they will just print more cotton pieces and cover loss. When you got hack for Bitcoins noone cant make new coins just like that.

this time is when we see that everything is susceptible to be hacked

It is a rather simple concept that repeats itself through history and the raison d'être of bitcoin. When you let someone else control your money they will either steal it themselves or have it stolen through gross incompetence.

Decentralization makes it more difficult to attack as there are many targets with small payoffs. If you don't control your private keys you don't own the money and are merely hoping the third party will be so kind as to return your funds you gave them.

https://bitcointalk.org/index.php?topic=858604.0

With fiat, you never own any of it, as they are simply debt contracts that states allow you to temporarily use if you behave.

One should always combine physical and digital security. Doing this will make the inherent costs of hacking more expensive than the rewards and thus you can be reasonably sure your funds are safe.