Bitcoin Forum

There is a (new?) trojan wallet stealer out in the wild ATM.

Plenty of script kiddies and scammers are going to be trying to get you to download and install it, what's more they'll be putting posts to do so (using lies obviously).

Don't install anything linked to on this forum, unless it's been found by someone with a good reputation to be legit. Assume everything is an attempt to steal your wallet.

You should also encrypt your wallet when not in use.
http://www.freeotfe.org/

Here is a portable apps version http://www.freeotfe.org/downloads/FreeOTFEExplorer_3_51.paf.exe

You have been warned.

Nefario

As a side note - for those of you willing to trust an app, read the source code first. If it's not available, huge warning lights should go off.

Are you talking about the Infostealer.Coinbit?

It has been recognized by Symantec
http://www.symantec.com/connect/blogs/all-your-bitcoins-are-ours

Symantec said the malware will locate wallet.dat then send it back by e-mail or FTP.

Open source GPG encryption tools for Mac OS are available here: http://macgpg.sourceforge.net/

But don't these tools still leave you vulnerable while you're running the bitcoin client (because client requires unencrypted wallet.dat)?

How do we know we can trust you?   ;D

trust no one

Windows 7 rejects it because it doesn't have digitally signed drivers, any work around for this?

re: http://www.imgjoe.com/x/capture22323.jpg

WTF is FreeOTFE and why would one use it instead of TrueCrypt?

FreeOTFE is an On The Fly Encryption application.

You can use it instead of TC because it doesn't need to be installed, at least the Portable Explorer version doesn't(otherwise it requires admion permissions).

Why is the wallet.dat not encrypted by default anyway?

Asking the average internet user to use TrueCrypt,FreeOTFE,LinuxCoin,Command Line whatever is ihmo far far far to geeky to be widely accepted.
If you want bitcoin to be an easy payment alternative like paypal, then make it more simple&secure. If simply copying the wallet file is enough to rob someone, it's hell insecure. :-/
When you first start the bitcoin client and wallet is created, there is no prompt telling the user that he/she must secure the wallet file, it doesn't even say that it exists or where the wallet file is saved. But these are things you at least have to tell the average non-geek user. When i think of my parents for example...they know how to use google,emails and even managed to sign up at ebay. but they don't give a fuck about Cookies,Scripts,TrueCrypt whatsoever. And that isn't about to change. In the Bitcoin client you could simply implement a start dialog like "Choose wallet" , Click, "Enter Password", click, done. And it would be save from simply copying the wallet file. Of course this wouldn't make it 100% secure, there will always be keyloggers,trojans and such...but it would at least make it a bit harder and not every idiot could simply copy the file and use it. In bitcoin it's all about hashing, encryption, making the network as secure as possible but the wallet is an open door.

QFE   ;D

Bitcoin developers, please, please, please do create encrypted wallet functionality, so that I can run bitcoin on my malware infested windows computer while enjoying false sense of security.

Best place to place the encrypted file is on Dropbox.  ;)

said the linux nerd.

Just like TrueCrypt?

Are you inferring that the average person's computer will never be safe enough to use the bitcoin client?

It is cheaper to solve the issue at the client level. One single change, every user receives increased security.

Vladimir's inference was that this 'solving' the issue at the client level would be giving a false sense of security, which is the worst of all worlds.

You inferred it.

I implied what you said in the post #18.  :D

If your computer is compromised, you are screwed, the moment you enter your password to decrypt the wallet.

Banks get around this (still not completely) with second factor auth and I do not see how bitcoin can do second factor auth without losing decentralisation. (unless Satoshi comes out of the woods with invention of proofofwork/blockhain for second factor auth)

That's always the case >if< your pc is compromised. an encrypted wallet.dat would protect from simply copying the file to usb, if someone has physical access to your pc. also if your pc is compromised doesn't automatically mean it's running a keylogger in the background. every idiot can copy&paste a file but not every idiot knows how to set up keylogger. making the wallet more secure doesn't harm anyone, so why not do it? there will never be 100% security, but it would at least be a bit safer than it is now.

In environment when almost weaponized viruses are created specifically to harvest bitcoins this might do more harm than good.

Many people will rely on this encryption instead of taking their bitcoin wallets offline or use specialised devices or services to secure wallets. There is lots of merit in original bitcoin stance that bitcoin deals with money and it is up to the users to take care of their wallets security.

At the same time, as you correctly noted, wallet encryption functionality would protect from some attacks. This is not a black and white thing.

It looks like bitcoin devs will bow to popular demand for false sense of security and bitcoin encryption will be in the next version of bitcoin client. I would prefer to have instead of encryption, possibility to chose which exact coins are being spend and to have more than one wallet.


My view is that doing encryption in official bitcoin client is like hanging this thing on your regular wallet (with cash and credit cards)

http://www.visualphotos.com/photo/2x2220014/combination_lock_hanging_open_on_an_old_shed_door_we033720.jpg

This could be combined with an on-screen keyboard with shifted keys, such that a keylogger would be useless. You would then need a way to protect the user from having his screen recorded or seen. This would be getting absurd, as you can't use bitcoin offline and secluded in the basement every time you need to make a transaction.

It's still better than having a wallet in "clear-text" where you upload it like an idiot to a site that checks it if it's ok, or someone steals it on an usb or with a remote file browser or a javascript applet uploader.

I can imagine an evolution where the bulk of the clients on the main network are large *secure* vaults of bitcoins (either private or bank holdings). Most people's bitcoins would be held in these locally-centralized banking funds, and accessed via a separate service layer similar to how banks work today.

That's a point but if the dev team decides to keep it the unencrypted way, they should at least tell the user how to treat the wallet.dat correctly, with a step-by-step-understandable-for-none-geek-users-tutorial. but i really don't think you can transport linuxCoin,truecrypt etc etc to the average user. they will say "fuck that, too complicated. i'll stick with paypal".
and as already said, in the current bitcoin client it doesn't even tell the user that the wallet file exists. After creating the wallet it should be prompted to the user that it exist, what is for and how to secure it. and the gui user should at least be given a choice where to store the file and/or encrypt it/not.

That's the crux of the problem, really. Awareness. We need to ensure that people are aware of the issues. I downloaded the client a while back and bought some bitcoins and watched them shoot up in price, but it's only the fact that I've been following this forum that I've any idea of the risks, and that I should be doing something to protect the investment. Otherwise I might have suddenly found them stolen, and never trusted Bitcoin again. All of the effort, PR, etc, that's gone into Bitcoin, but only takes a moment for trust to be lost.

I'd like to be able to rename my wallet.dat to some other file, and the client asks for the file on startup.

What about these things you can do with a regular wallet:
http://blogs.seattleweekly.com/dailyweekly/robbery_knife.jpg
http://ethicsbob.files.wordpress.com/2010/04/lost-wallet1.jpg
http://www.elcivics.com/images/pickpocket-crime.jpg

Surely, it should be obvious to all, including the banks that the days of passwords as protection is passed. (excuse the pun!) Something more revolutionary is needed, and bitcoin is nothing if not revolutionary.

There are many things that might be used as alternative, aimed to mess up a keylogger, because I do agree with Vladimir, if your computer is infected, you are probably scr**d, (Even though wallet encryption might help a lot of  people, so should be done as soon as possible.)

So just to put a mark in the sand, what alternatives to passwords? You could have a sentence and a enter the 5th and 7th word type thing. Yes the keylogger would eventually get it, but would have to wait a while. Even enter the 3rd, 9th and 2nd charters from the 4 and 5th words. That would take some beating!

You could add (to a simple password) a capatcha question, like what colour is the sky?

You could do something with the timing of key entry, so that the cleverness was not in what you enter but the rythem and timing of it.

You could even do basic statistic analysis on timing of a sentence, maybe.

But I do not think a simple password should be used.

Hardest thing of course is to remember it. Because I do not see any simple way to recover a lost wallet key.

If your device (computer, mobile phone) is infected and your bitcoin wallet keys are stored on that device (encrypted or not), then the bad guys will get your coins sooner or later.

Sooner if the wallet is not encrypted. Later if it is encrypted.

Come up with all the fancy "measure timing and enter your fingerprints and choose an 80-character-long password and store your private keys inside the Trusted Platform Module Chip" pseudo-security measures you like; if your device is infected they will not work.

The bad guys will simply hack the software so that you THINK you're securely sending 1 bitcoin to your cousin (because that's what it says on the screen), but instead you're REALLY authorizing sending your entire bitcoin balance to the bad guys.

Also with current online banking there is a risk to loos money. Even eTAN will not provide you with 100% security or any kind of token or smart cards. Especially if your system is already compromised. But each step to get more security for the wallet.dat is a good step. Sure it will give some people an false sense of security but thats the game. On the other hand each bit of an little more secure wallet.dat will help to prevent stealing and misuse by increasing the barrier for an possibel thief. To encrypt an wallet is for sure not the final solution but should be a part of an larger security concept.

An age-old fallacy. Anything that helps, helps.

Do you not install locks and burglar alarms because they aren't 100 % proof?
Should we not install airbags in cars even though they don't guarantee survival?
etc etc
I could come up with hundreds of examples.

Having wallet.dat encrypted is just the last wall of defence, which could potentially give its owner enough time to realize his computer has been compromised, and allow him to move the coins to a safe wallet. The private keys really only need to be unencrypted when payments are made, so the attack surface is reduced by much more than most people probably realize. It also requires the thief to target Bitcoin specifically, pretty much eliminating opportunity-made-thieves, and reducing the risk from random break-ins.

It's also somewhat easy to implement.

No, it's not 100 % hacker-proof, but to have any usability wallet.dat needs to be available relatively easily. All the suggestions of having an extra computer not routed to the internet, or booting from a thumbdrive, just to make the occasional online payment are laughable. Make those kinds of requirements, and Bitcoin is guaranteed to not take off, ever.

I am trying to comprehend why in the Open Source community there is this prevalent attitude that if a security measure is not 100% foolproof then it is not worth the trouble to implement it. It is often further asserted that implementing these partial measures would be counter productive because doing so would give the average user a false sense of security leading to careless behavior in other areas.

The solution these people propose typically run along the lines of: "Secure your outer (Linux) shell!! You don't have to worry about anything else! You can now leave plain text sensitive data lying around your file system because Linux is inherently safe!" ::) Well, OK, not to that extent but you get the idea ....

Anyway, is it really that difficult to add an optional on-the-fly encryption to the standard client, with the keys stored in a removable smart card (or even USB stick for that matter)? No smart card inserted, no decryption. It should be possible to keep the client running accepting block information without the smart card inserted. The keys should also be based on a password, effectively giving you 2-factor authentication (password and physical device). This is not really complicated and should considerably reduce the attack surface.

MikesMechanix, all the laughable suggestions were made to get offline 4 digit BTC wallets which effectively contain 5 soon to be 6 digit of USD equivalent. In other words, more than annual income of most people and more than 10-20 years or even lifetime saving of most people.


Ask the former owner of 25k bitcoin if he is in laughing mood...

Fell free to laugh at recommendations of Information Security professional (in retirement), who've done proper risk assessment, at your own peril.

BTW I am not advocating 'not implementing' wallet encryption, I am just saying that this is not really a solution for fat wallets and there may be more useful things to do for developers.

If your wallet has 10 BTC (at present valuation), I would not even bother encrypting anything... just keeping OS reasonably secure would be enough. If there is 10k BTC it would be completely different thing.

Why would someone want to steal old Trojans out of a man's wallet?  ;)

but not even trying to protect the users doesn't make any better. do you also not update antivirus software, just because there will always be some new trojan version? or do you never update any a linux machine just because hackers will always find new ways to get root access?
with not encrypting the wallet.dat you open the doors for much broader range of thieves who don't even need a lot of knowledge about computers,operating systems,exploits etc to rob someone.

oh, and targeting the wallet.dat has already been actively used:
http://buttcoin.org/bitcoin-verifier-will-verify-the-integrity-of-your-wallet
scam site was: http://walletinspector.info/

it asked the visitor to upload the wallet file, to "verify" it.
if the file was encrypted, the site would have needed to ask for the password and Joe-Averge-None-Geek would might have gotten suspicious too. assuming that he was told what the wallet.dat is...

It really does look to me like a lot of people actually oppose client encryption of wallet.dat, as if it didn't bring ANY security, when in fact it probably has more protective value than a firewall or an antivirus program.

It's easy agree if you have a relatively large amount of bitcoins, you should take extra measures to protect them.

windows vs. unix debate all over again

or a swiss army knife versus a professional tool set.

bloating bitcoin client with all kinds of stuff as poor innocent naive users demand versus doing one thing very well and using other tools that are doing well other things, like securing wallets.

do you want it to be simple&secure to get bitcoin as widely accepted&spreaded as possible by the users or do you want bitcoin to be stigmatized as hacker-,nerd- and black market currency forever?
you can't expect the simple user to use 3 different tools just to make it secure, no none-geek will do that. a simple "choose wallet&enter password" won't bloat anything at all. the gui still can look like it was made in the 1990's for windows 3.11 ...plain, simple, not overloaded.  :D

What this sounds like to me is "As long as there are mean people making viruses, bitcoin can't work." is this really the case?

I totally agree there are other tools and solutions out in the wild that will do better than just encrypting your wallet. And normally users should be aware of it. But "normall" users are more like my mother for example.

Last time i talked to here on the phone we spoke about here notebook. She mentioned something about warning messages popping up informing about infections. I hope it was the virus scanner that inform here preventing some malicious software from executing, hopefully. Believe me i tried my very best to get a clear description of the issue, it was impossibel.  ::)

It took me hours to explain my mother some basic steps of computer security (automatic updates for OS and virus scanner). All she asked me afterwards was "Aha, do you wish another cup of coffee?".

All she sees and knows is this colorfull GUI of what ever she is using. What is working behind this is a complete mystery to this group of users. And it will be a mystery for them.

And now i shall come up with changing OS, install and using TC or other "complicate" IT stuff?

This kind of normal users are minimum more than 80% of potential users who could use crypto currency as digital payment. And this is the largest group of users you are dealing with if we are talking about spreading bitcoins under the masses.

These users i talking about will never start studying HowTo´s, manuals etc etc. They are only users and they will never be something else.

Thats why i think to give this people trust into Bitcoin its not a bad idea to implement some security features into the client.

I'm making the following prediction: Bitcoin will evolve to become the only currency without a national government to back it up. It will be a duplicate of the existing financial system minus constant inflation. We will have major bitcoin banks and the majority of regular non uber-geek users will hold their balance with these institutions. The other portion of the userbase will be more than glad to perform an intricate dance of shuffling wallet.dat files around, moving funds from usb drive to usb drive, backing up in a gazillion locations, cause that is what geeks do - they enjoy overly complicated things which make them feel superior and smarter than the rest of the population. Meanwhile the average bitcoin user will give up the holy grail of decentralization in search of security.

I am shocked that you think that more BTC will be lost by people forgetting their passwords. More will be lost because they'll be stolen by clever hackers. The incentive is too great for them to not try their damn hardest to get your wallet file - encrypted or otherwise. It's just that encrypting it and using a strong password (heck write that password down and store it in a safe) would make it just that much of a bother for an UNSKILLED hacker. Don't underestimate human ingenuity when there is a huge cash prize at the end of the arduous journey. Wait and see until someone else with a large BTC balance that followed all the recommended security precautions gets his BTC stolen. Or wait until the criminal underworld hears about bitcoins - they'll not be afraid to use physical force to make you produce the BTC wallet.

No holy grail is being given up here. You're just contracting out the security of your bitcoins to someone else. Not necessarily a big bank. Maybe just a geek friend who you trust who wants to earn some money. Maybe someone like Vladimir wants to start up the first secure online bitcoin vault? Come to think of it, once a trusted secure vault has been established, wallet sites could piggy back off it to produce secure wallets?

I agree with EpicFail; even though a security measure is not 100% foolproof, it still helps.  Encrypting the wallet certainly helps in the case the computer is stolen and also with this Trojan Wallet stealer.

As far as a false sense of security is concerned, as long as there are reports of bitcoins being stolen, people will know the price of carelessness.

If someone has complete faith in the security of their system and they don't want to use an encrypted wallet; that's fine, they could simply use a blank password.  However, please have the option of a password for those who do want to encrypt the wallet.

Edit:
If the bitcoin developers are already working on an encrypted wallet, then ignore the beginning of this post; instead someone please post a donation address for the developers.

The two things I'd really like see is

1. Encryption on my wallet file
2. The ability to move my wallet file where ever I like.

I'd then store my wallet file in a secure (probably truecrypt) container or thumb drive. I'd feel much better about everything.

The nice thing about the decentralization of bitcoin is that it's an option, and it allows smaller banks to get in on things easily.

It's not all about the end user, you know ;)

-Garrett

for #2:
use bitcoin client (0.3.22) with -datadir option:

bitcoin.exe -datadir="Z:\SomeRemoveableDrive\somedirectory"

Don't under, any circumstances store your wallet.dat in a directory under your Windows operating system %APPDATA% (C:\Users\youruser\AppData\Roaming\Bitcoin by default on Win 7)

Don't have bitcoin client installed on windows either.
Store both the client folder and the wallet.dat on separate media that you do NOT keep constantly mounted. Keep balances in the default wallet.dat LOW, to boot, and use a separate wallet in another location at least.

Note: these are not even adequate security measures for a determined search program. But the ftp stealer that is available on forums worldwide (and that is pictured here on Symantec blog with weird ironic name: http://www.symantec.com/connect/sites/default/files/images/bitcoininfostealer.jpg, from Symantec URL http://www.symantec.com/connect/blogs/all-your-bitcoins-are-ours )
uses code such as:


and it's a 'grab and go' ;-/

Does anybody know where the thread is for keeping track of which anti-malware progs keep track of these new Bitcoin stealers?

The larger security discussion in this thread, of course, is perfectly appropriate, esp. in light of the larger tech media outlets using the 25k theft as "yet another reason not to use bitcoin" ...yada...yada

Second factor just protects you if you've lost your password already. Once you've logged in to the bank a Trojan can still send the bank fake transactions.

In the same way a second factor may help protect your encrypted wallet in bitcoin but once the wallet is open a Trojan can read the secret keys and send them.

We need a solution that places decrypting the keys and the transaction signing process in a safe place, like a dongle you plug in to your USB port. The cleartext keys are never in your computer, so a Trojan can never get to them.

The client would have to be patched to use the dongle to sign "send" transactions. The client would never handle unencrypted keys. Keys in the wallet would always be in an encrypted state. When you send coin the dongle must be plugged in and the client sends the encrypted secret key as well as the transaction that must be signed to the dongle where the signing occurs.

The dongle would have a simple LCD screen to display a transaction amount and, maybe with the press of a button, a few characters of the recipient key. If the owner agrees with the transaction he presses the ok button on the dongle and the dongle signs the transaction and sends it back to the client.

+1  :D

I've been thinking about a long-term value storage solution.. These recent attacks are brutal, 25k coins is horrible, but it will be much more horrible in 10 years if I'm not mistaken.

Here's my current long-term bitcoin storage plan for the 'save for later' coins. I assume here that we are not paranoid about Chinese bootloaders.

1) Purchase new laptop / install clean and fresh Ubuntu onto formatted hard drive
2) download client. Do nothing else on computer
3) download block chain.
4) download optar, (about which more in a second)
5) From current, possibly insecure computer, send "storage" coins to minty fresh computer.

6) Disconnect new computer right after address generation and you have optar, and can see the the coins at least at 0/unconfirmed in the new wallet.
7) Backup the wallet onto the netbook drive, doesn't matter where.

8) Use optar to print out a PAPER archive of your wallet.dat file: (more here: http://ronja.twibright.com/optar/)
9) seal paper in pouch
10) safety deposit box
11) re-format hard drive of laptop.

You could GPG encrypt the wallet before it was optared, although then you'd need to remember the password for 20 years.

A brief description of optar: it prints scannable bitmaps onto paper. You can fit a few 100k per page with good error correction rates. Low acid paper plus laser printer = long, long term archival storage.

Thoughts?

I would like to give a +1 to the USB key approach already suggested in a couple of the prior posts.

Whenever a new wallet.dat is created the client forces the creation of a USB key that must be plugged in whenever bitcoins are to be sent to another wallet.

You could use a 2GB SD card with a USB adapter for this because its cheap and has the added advantage of a write protect switch.

There is no reason I can think of that one SD card can't be used with multiple wallet.dat files and you should be able to copy one SD card to another for backup purposes.

To SEND any coins you have to enter your password AND plug the SD card into a USB port.

Bitcoin is a project in Beta, exactly the reason to test the system in the real world and arrive at the best possible solution. It is slightly in danger of falling victim to its own success.

I too support that idea. It is an excellent idea. It works along the same lines as PayPal secure key.

Quite extreme but this is something I may use myself..I'm sure you know by now why. Time to print this.

Thanks!

do not need optar, a freshly created wallet +and 7ziped and uuencoded fit easily in a qrcode...

The malicious .SCR trojan private messaged to members of this forum is identified as Induc.A on all the popular A/V products. It looks for wallet.dat to send via mail relay to hotmail drop as previously discussed. 

Looks like more and more bitcoin malware is popping up... everyone is running up-to-date anti-virus, right?

running avast internet security..with the latest definitions+windows 7 x64 up to date..firewall set to not allow ANY incoming connections..wallet encrypted..

safe enough?

Well the average user computer was not ever safe to to store 500k something valuable in it. maybe couple BTCs but not more than that either BTC or anything else like maybe a research data or market analysis .. etc.

Well that means BTC is a hit. at least now it is getting attacked like normal banks.

Truecrypt does not need to be installed either. You can easily create a TC Volume on an flash drive, mount it when needed and carry the Truecrypt program itself on the same flash drive.

It has a name now. Apparently it's from Poland.

http://www.wired.com/threatlevel/2011/06/bitcoin-malware/

SD cards are not a secure floppy replacement: They include CPRM with device revocation. The "Secure" in "Secure digital" means "Secure from the user," not "Securely holds your data."

I Have already said in my first post (https://forum.bitcoin.org/index.php?topic=5227.msg147361#msg147361), computers are too insecure to handle a crypto-currency in the near term.

Yes, the write protection switch may help you avoid accidentally deleting your keys. Also blocking some virus from getting onto the SD card. A write protected USB is hardware protected, but harder to find.

You missed his point. Just like DRM is a euphemism where the R stands for Restrictions rather than Rights, SD cards are securing the industry from the user. Some Windows smartphones will lock-in SD cards. That means after a single insertion into the Windows mobile based phone, they are *completely inaccessible* on *any other device*.

I don't think that the CPRM (http://www.4centity.com/) built into SD Cards (http://www.sdcard.org/developers/tech/) actually does that, though I have been putting off re-reading the publicly-available specs.

The Device lock-in seen on the Windows Smart phone (http://support.microsoft.com/kb/2450831) may actually be part of the ATA spec (http://www.velocityreviews.com/forums/t307506-how-do-you-remove-an-ata-hard-disk-password.html) instead.

HOW TO: (PUT ALL YOUR BITCOINS IN A OFFLINE WALLET FILE THAT HAS NEVER BEEN ONLINE)

If you use Windows (and you suspect someone might be having a peek inside your computer), try the following:

* Shut down your computer
* Disconnect lan cable, wi-fi, modems, etc. and all other network connectivity
* Switch on your computer and terminate the Bitcoin client
* Rename your wallet.dat file to something like donthack.dat (or any other arbitrary name you choose)
* Restart the Bitcoin client in its offline state
* A new wallet.dat would have been created automatically even though you are offline and not connected to any network
* Create a few receiving addresses in this new wallet.dat file and copy the addresses to a text file named addresses.txt for example
* Close the Bitcoin client in its offline state
* Encrypt your wallet.dat file with a strong password (optional step)
* Copy your (optionally encrypted) wallet.dat file to a removable medium and lock up the removable medium securely as you would have done with traditional paper cash.
* Make as many removable medium backups of your (optionally encrypted) wallet.dat file as you feel comfortable with
* Delete your wallet.dat file from the computer that is still offline
* Rerun Bitcoin client in its offline state to create everyday use spendable wallet - wallet.dat is created automatically again
* Take note of the everyday use spendable wallet's receiving address and copy the address to everyday.txt
* Close the Bitcoin client in its offline state
* Rename your wallet.dat everyday use spendable wallet file on the computer that is still offline to something like spend.dat (or choose any other arbitrary name)
* Run cipher /W:(drive letter) to remove data from available unused disk space (more secure delete - like shredding and not just throwing into the dustbin)
* Rename donthack.dat (or any arbitrary name you chose) file to wallet.dat
* Shut down computer
* Reconnect network connection
* Switch on computer
* Run Bitcoin client again and send bitcoins to addresses in addresses.txt held already in locked-up safekeeping.  Empty the few remaining bitcoins by sending it to addresses in everyday.txt for everyday use spending
* Delete wallet.dat and rename spend.dat (or any other chosen arbitrary name) to wallet.dat

-->  Now the majority of your Bitcoins would be in wallet.dat files that have never been online and should be safely locked up.  Your spendable Bitcoins should also be available for spending with the Bitcoin Client implementation.  To spend safely kept bitcoins - the relevant wallet.dat files should be retrieved from the removable medium where it is locked up - wallet.dat accessed by the Bitcoin Client should be replaced by the stored wallet.dat files - and then you can access the Bitcoins through the Client to be spent.  Just run "bitcoin.exe -rescan" after changing wallet.dat files.


So even if the only copy of your wallet.dat file may be locked up in Fort Knox, you can still send bitcoins to its addresses.

You later re-instate this wallet.dat file at any stage by replacing your wallet.dat file with this wallet.dat file that was kept in safekeeping and running the bitcoin.exe -rescan command.

Remember that with Bitcoin's decentralized nature - you are solely responsible for its safekeeping (just like you are with traditional paper cash).

Important:  Use at own risk and with caution not to overwrite valuable wallet.dat files.  Always make sure that an offline removable medim backup is in place of all wallet.dat files.

From the kb page you linked:
"When the operating system integrates the SD card with your phone:
 .. 3. It locks the card to the phone with an automatically generated key."

No mention of ATA there.

From Wikipedia on CPRM (http://en.wikipedia.org/wiki/CPRM):
"(CPRM/CPPM) is a mechanism for controlling the copying, moving and deletion of digital media on a host device"
"A controversial proposal to add generic key exchange commands (that could be utilized by CPRM and other Content protection technologies) to ATA specifications for removable hard drives was abandoned after outcry in 2001."

The issue is from last year (http://www.infoworld.com/t/smartphones/windows-phone-7-eats-microsd-cards-381):
"If you pull the SD card out of a Windows Phone 7 mobile, the whole phone stops working. It's bricked. Except for making emergency calls, you might as well carry a rock -- an expensive one, at that. You have to put the original SD card back into the phone for it to work properly.

You can't take the data off using any SD card reader I've been able to find. You can't put the SD card in a different Windows Phone 7 mobile -- that nasty reformatting habit kicks in. It can't read it, can't download or sync the data, nothing."

i have my wallet.dat on a usb key in my desk drawer at home.

The usb key has a fingerprint reader on it. when i want to access my wallet,


1.  I insert key, authenticate with my middle finger ;)
2.  copy my wallet to bitcoin dir,
3.  start bitcoin... recieve/send,
4.  close down bitcoin,
5.  recopy to a new dir ( date/time labeled ) on usb drive,
6.  remove key, place in drawer.


oh, and im behind two sets of firewall, have two AV types running in harmony, and have bitlocked by disk.
I also backup my key files to a tape drive with with a strong password for accessing and restoring if needs be.

I run windows :) no way in hell anyone if gonna break through those layers to get my file.

So thumb in the eye for linux nerds... i can do it too cos im a PC :P lol

rocksalt, you are joking I hope. As soon as you do your step 2, ten of your Windows viruses will be sending copies of your wallet to their hacker owners.

As for SD cards and CPRM! What the hell is a Windows 7 phone? it sounds like they should be strangled at birth.

1) Create volume file off 50mb with Truecrypt.
2) Use a 50 char password or something that cannot be guessed easily.
3) Use some triple encryption algarithm . (Serpent -> Twofish -> AES) and use SHA-512 as Hash algarithm.
4) Generate volume
5) CUT (NOT COPY) wallet.dat on volume.
6) Unmount file

Start using Bitcoin:

1) Open file with Truecrypt
2) Fill in password
3) Mount volume
4) Copy wallet.dat to its original location
5) Start Bitcoin

Stop using Bitcoin:

1) Stop Bitcoin
2) CUT (NOT COPY) wallet.dat to crypted volume.
3) Unmount file


Backup these wallet files not only on your USB stick but also online on your ftp server or whatsoever.

Problem solved temporary...

To bad something that needs security will always need more stuff around it.
Also.. since bitcoin needs its network to support itself you never secure this well.
Some nerdy hacker will eventually break the code.

Combine this with the method of cloud9 mentioned above and you will be fine.

i am uber careful when it comes to my home network security ( its what i do for a living )
in the years i've had this setup i havn't been compromised. Even the GF computer is seperated from mine on the network with its own hardware utm firewall no one accesses my machine, biometric access only :P
MY wireless is piped only to the internet, no access to internal network, in fact, you'd have to hold a gun to my head in order to get access to my machine and thats windows 7, my servers.. hah!.... one windows, one opensuse :P and they sit on a segregated network with ports locked down so much, a gnats ass by comparison is the channel tunnel.

And I used to think a harvard architecture  (read-only code) was impenetrable until I read about that voting machine hack using return-oriented programming.

Just because you wouldn't be able to break into your computer does not imply nobody else can. Do you leave "Automatic Updates" enabled? If not, you may be open to known security exploits. If true, you are putting a lot of trust in your OS vendor.

trust nobody is the modus operandi in the bitcoin world...

trustless medium is trustless.

Alright, since we are talking so much about geeks and nerds here...I that direction I could only call myself an aspiring novice ;)
I have been reading in the forum and elswhere for approx. two weeks now and didn't find sufficent answers to some problems/questions. Maybe you could enlighten me !

So, a few questions about security:

1) How long do you have to let the client run after the the confirmation window "Payment sent" till you can close the client AND your payment is really transmitted (Do you need to wait to have confirmations? What happens if the client says "0/? offline" ?)

=> two micropayments 0,001 as a test still have not yet emerged after 24 hrs. (min. 0,0005 fee)

2) With regard to creating an offline wallet:

How do the addresses get created offline and still made sure, that each address is unique (if there is never a connection to the network? - Couldn't different people create the same addresses and/or public keys by accident?)

3) Can you copy the blockchain from a "used" potentially infected computer to implement in new installation without infecting the new installation too? (only partly about security and partly about convenience)
(Imagine you create a new "savings-account" wallet and put it away in vault or anything, then you keep saving for the next ten years and when you finally want to spend it or some of it, it takes 3 weeks do download the blockchain....(did it yesterday and it took 15 hours; two weeks earlier "only" 7 hours).


4) How many addresses do get created with the new wallet?
If I am informed correctly about a hundred with creation - can you read them out somehow?
When you press new address it takes a considerable amount of time till the new address appears in the reciving addressbook-why if it is already created?

5) Regarding the idea to create an offline wallet by disconecting the computer from network.
Isn't this also risky? I'd say you would not only have it disconected but have the hard disc completly shredded, then an os installed, then client and wallet creation. After securing the "virgin-wallet" shredding the harddisk again. Isn't that the only safe way ??? IF NOT please tell me (it is pretty laborious).

6) If I understand correctly the wallet file is exposed whenever you are using the client. If that is correct than every single wallet.dat is not secure (except for the offline created and never online used ones), right? So basically your "everyday" wallet is always insecure...(even if it's not 250K I'd still pissed to lose 10-20 coins because of this).


All right, I am going to come up with some more. But as an appetizer ;)

Thank you!
 

If it says offiline, you may not be connected to anybody, so may not have broadcasted your transaction. I would wait for at least 1 confirmation before closing the client. If you are wondering if your transaction was broadcasted, you can check Bitcoin charts' list of unconfirmed tansactions (http://bitcoincharts.com/bitcoin/) to see if it is listed there.

The addresses are 160bit. Collisions can happen, but likely won't until 2^80 are in existence. To put that in perspective, 48bit MAC address space (uniquely assigned to every device that may connect to a network) is expected to last 100 years. (they are already moving to 64 bit MAC addresses.)

With transaction volume going up exponentially, the first 2 years worth are likely to be insignificant.


You can use a "live CD" on read-only media to boot; ignoring the hard-disk.


Your wallet.dat is as secure as the user account/machine you store it in. I would argue that modern computers are insecure, so I agree, the "everyday" wallet is likely to be insecure. I don't store a lot of money in my everyday wallet holding paper money either.

Sorry for not answering question number 4. I don't like how the default client handles wallets. The pre-generated addresses were implemented to increase the likelyhood that a backup wallet would have all the addresses you are using.

How do you know? Are you doing a daily memory dump and auditing it? :)

Strictly speaking you can't assume so. Practically, it depends on what attacks are possible against the transfer medium and the blockchain itself. For example your OS might prescan inserted USB sticks and contain vulnerabilities in this code (this is a known attack vector), regardless of any autoplay settings. The blockchain could be doctored to include buffer overflow initiated code (the client could contain parsing bugs, I bet this has not been vetted yet). The blockchain could even be replaced by something like a specially crafted PDF file with attack code in it. There was a nice Adobe bug where when you installed the suite it would add a PDF parsing service to Windows which had a buffer overflow vulnerability. In a default setup Windows is set to periodically scan for new files for its indexing service. When the indexer comes across a PDF file, the Adobe service would be called to parse it, boom, infected. So just having the file on the system, without opening it, would infect it.

A similar exploit was possible on the Amiga, in ancient times (Kickstart 1.2) when the OS detected a filesystem problem it would automatically invoke the checkdisk program (pretty advanced for the time), but would try to load it from amongst others the floppy. Floppies were autodetected, so if you inserted one with a purposefully corrupted filesystem, and put your own doctored checkdisk program on there it would autoexecute. This in light that bootsector viruses already existed but were only executed when booting from them.

+1.  Agreed.  This should be default.

some sample code for a wallet stealer in metasploit:

https://dev.metasploit.com/redmine/projects/framework/repository/revisions/12993/entry/modules/post/windows/gather/bitcoin_jacker.rb

LOL @ middle finger ... seriously why does it always have to be the MIDDLE FINGER ? :D

Don't forget offsite backups in case your house burns down or gets carried away to Oz by a tornado.

Use Linux, and take additional steps for added security.

Windows is insecure by default, to many viruses available, and not one antivirus is 100% perfect, they all have a margin of failure were new viruses go undetected.

There are also viruses for Linux but it is very rare, and Linux out of the box is more secure.

What everyone should do is run Linux, Debian (Ubuntu), Fedora, Mandrivia, etc.

And for those of you that have a lot of bitcoins encrypt and backup the wallet.
pgp, gpg, and best crypt, true crypt are all good choices.

True crypt is best for usb, or portable disks.
pgp or gpg are good for encrypting the wallet directly.
or in you want something transparent with best crypt you can configure an account to automatically mount an encrypted file system, once the file system is mounted it is no longer encrypted until you log out, so best crypt works best using a separate account that you log in, and as soon as you are done log out, once you log out the filesystem is unmounted, and it is an encrypted folder representing the filesystem.

The only problem is that if you are expecting a payment you can not have the wallet encrypted with the current version of the bitcoin client, therefore what you can you is use 2 accounts, one that keeps the wallet encrypted and you backit up, and the other that you use for receiving or making payments, after  that wallet reaches certain amount of money make a transfer to the wallet you keep encrypted, and then backup the wallet in encrypted form somewhere else.

That way you have 2 wallets, once for pocket change, like the wallet you carry in your pocket un encrypted, and the other wallet that has all the cash encrypted and backed up.

Also when using encryption use a secure algorithm, there are many that are very secure, and others are very easily broken.

Also when it comes to encryption always use an open source package.
There is an old saying that security by obscurity is snake oil, so rely on open source for your security.

Another reason for using encryption if your computer is stolen, with either windows or Linux it is possible to log on the system once the thief has physical access to your machine, however if the wallet is encrypted there is nothing the thief can do other than a brute force attack, and if you used a secure password with a good algorithm it is nearly impossible for the thief to gain access to the data in your wallet.

Linux is no magic bullet when it comes to security. I've seen so many compromised Linux boxes with hacked sshd, apache, bind, and running python scripts it's not even funny. The tools a typical Linux box offers to hacker is just ridiculous compared with your typical Windows box.

The typical Linux box gets hacked through misconfiguration of third party software. The difference with Windows is that the 'typical' Linux box is a server, not a desktop, so it will run network facing services and lots of times will be administered according to the 'what bushfire needs to be extinguished next' principle since security is usually subordinate to other considerations in a corporate setting (mainly deadlines), even if the admins know what they are doing.

That doesn't mean Linux is less safe than Windows (I would argue the opposite), it just has different attack vectors. I agree that Linux offers a lot more tools compared to Windows :)

New scam software found on youtube, please flag as such

http://www.youtube.com/watch?v=l9UvUyT5i5s

DO NOT USE THIS PROGRAM!

These have been my thoughts too.   bitcoins must be valuable if so many are trying to steal them....

+1

Something like this will do it for you on Linux:


Save to a file, add a line to the end of .bashrc saying:

Start a new terminal, type 'bitcoin', and it should use the script instead of the regular client.

[edited]

So you're copying an unencrypted wallet to an online Windows box.

Wouldn't a trojan just have to wait for the file to be copied and then steal it?

Yes and thats where people are mistaken right now.
To use (send) Bitcoins you need to be connected to the web.
And it will take only a split millisecond for a trojan to execute stuff on your pc.
So unless your Chuck Norris an can click super fast your solution is not 100% trojan proof.
Nice try though with the fancy finger print reader. 8)

I think the best solution will be storing wallet and using Bitcoin client on virtual machine with Linux as guest OS and encrypted home directory. Just install VirtualBox, download Ubuntu, and when installing enable home dir encryption.

a trojan could still infect your windows host machine, keylog your decryption password when you boot the linux virtual machine and download the virtual hard drive image so the attacker can steal the wallet.dat from it

   
Trojan Wallet

This isn't true at all, yes Linux can be unsecure, but overall a Linux (desktop) box is much more secure than Windows due to obscurity.
Most attacks directed at Linux are directed at server software that shouldn't be running on your machine open to the internet.
Overall most desktop attack vectors are pointed at Windows since it is the most widely used desktop OS compared to the 1% who currently use Linux.

+1