|
Title: Bitadress.org safety concerns Post by: neutrinox on October 31, 2013, 05:35:10 PM Is there any good way to see if there has been any changes to the source code of Bitaddress.org in recent months/years?
You would think a website like that would be the ideal target for three letter agencies. For example, I notice they are loading external Javascript files from Googles servers.. Isn't external Javascript a very very bad thing to do on such a site? Basically it allows Google to insert whatever Javascript they want on the page, whenever they want... Which brings me to my last question: Is there a better, more simple way of generating paper wallets? Title: Re: Bitadress.org safety concerns Post by: flatfly on October 31, 2013, 05:54:51 PM You can take a look at NoBrainr (see signature!) and decide if you like it. It's only 20 lines of code and as transparent as it gets.
Title: Re: Bitadress.org safety concerns Post by: neutrinox on October 31, 2013, 05:56:46 PM Sounds good! I don't like then hundreds of lines I have to read at bitaddress. The more there is code --> the more there is potential danger.
Title: Re: Bitadress.org safety concerns Post by: greyhawk on October 31, 2013, 05:59:39 PM Your real name is Simon. You're a furry of the fox persuasion from Caracas Venezuela. You like listening to gothic rock / dark cabaret.
The three letter agencies are the least of your problem. Title: Re: Bitadress.org safety concerns Post by: neutrinox on October 31, 2013, 06:04:21 PM Nice guess but each point was way off :D
It's funny to face ridicule about such safety concerns especially in the post-Snowden world. It's also interesting to get Ad Hominems. What does it matter who I am if what I'm saying makes sense. So why don't you stick to the facts and try to defend the use of external javascript files? Title: Re: Bitadress.org safety concerns Post by: Remember remember the 5th of November on October 31, 2013, 06:08:56 PM Nice guess but each point was way off :D Yeah, it'd be worse if Rainden also released some disturbing information.It's funny to face ridicule about such safety concerns especially in the post-Snowden world. It's also interesting to get Ad Hominems. What does it matter who I am if what I'm saying makes sense. So why don't you stick to the facts and try to defend the use of external javascript files? Title: Re: Bitadress.org safety concerns Post by: neutrinox on October 31, 2013, 06:12:17 PM Yes, let's make a big joke about security. That's the way to go with Bitcoin.
The truth is, the code at bitaddress.org could be compromised at any moment and nobody would notice it. Feel free to assume NSA/FBI/CIA would not resort to such low forms of attack. I'd rather not assume anything. Not after learning about the methods they are using to protect the "interests" of US gov. Title: Re: Bitadress.org safety concerns Post by: Bitalo_Maciej on October 31, 2013, 06:19:25 PM You can look at project's GitHub commit history (https://github.com/pointbiz/bitaddress.org/commits/master). Git commits are guarded with SHA-256, so they can't be changed after a commit is made. For added security, you can use Git's diff functionality to actually see what changed between revisions.
Title: Re: Bitadress.org safety concerns Post by: Stephen Gornick on October 31, 2013, 07:03:49 PM For example, I notice they are loading external Javascript files from Googles servers.. Isn't external Javascript a very very bad thing to do on such a site? I had been using http://www.changedetection.com to monitor the site and then manually verify and post an OK on the BitAddress forum thread. Sure, that's not foolproof since if the site were compromised and spits out a compromised page let's say for 1 out of 10 requests, the chances are very low I'ld know for some time (i.e., a 10% chance of detecting it, 90% chance the attacker would get away with it -- for at least one day.) Here are the steps I follow: - http://bitcoin.stackexchange.com/a/9115/153 |