|
Title: Does running Bitcoin QT make you a target for hackers? Post by: go1111111 on November 01, 2013, 02:34:55 AM I don't fully understand the Bitcoin network, but wouldn't running QT leave you vulnerable to the below scenario? Step 1: I decide to become an evil hacker, so I learn how to hack. Step 2: I run a modified version of the QT client, which prints out a list of all the other nodes on the bitcoin network that are visible to me. Step 3: I take my big list of IP addresses, and using my logical skills I deduce that a lot of those IPs correspond to machines with bitcoin wallets on them. Step 4: I try to penetrate as many of the machines with those IPs as possible, install keyloggers on any that I can break into, and grab any wallets that I can find. Step 5: Profit? What's the flaw in my plan? Is step 4 just extremely hard? Title: Re: Does running Bitcoin QT make you a target for hackers? Post by: Elwar on November 01, 2013, 02:38:52 AM Logging into bitcointalk and allowing images to be viewed makes you a target for hackers.
Title: Re: Does running Bitcoin QT make you a target for hackers? Post by: go1111111 on November 01, 2013, 03:52:49 AM Logging into bitcointalk and allowing images to be viewed makes you a target for hackers. Ah, good point. Anyone know a good resource to get answers to the following questions then? (maybe a more security-focused forum) Assume you're given an IP, (1) the IP belongs to a windows 8 machine, the admin password is very simple, and remote desktop is enabled. How easy is it to break in? I assume it's just a matter of guessing passwords as fast as you can. Anyone know the practical limit to how many remote desktop password attempts a win8 machine will allow per unit of time? (2) If remote desktop is disabled, then it's very unlikely that even a dedicated hacker could get into your machine even if your admin password is super simple, right? I assume this is the kind of vulnerability that would make a huge news splash if found. Title: Re: Does running Bitcoin QT make you a target for hackers? Post by: adamstgBit on November 01, 2013, 04:05:39 AM Logging into bitcointalk and allowing images to be viewed makes you a target for hackers. Ah, good point. Anyone know a good resource to get answers to the following questions then? (maybe a more security-focused forum) Assume you're given an IP, (1) the IP belongs to a windows 8 machine, the admin password is very simple, and remote desktop is enabled. How easy is it to break in? I assume it's just a matter of guessing passwords as fast as you can. Anyone know the practical limit to how many remote desktop password attempts a win8 machine will allow per unit of time? (2) If remote desktop is disabled, then it's very unlikely that even a dedicated hacker could get into your machine even if your admin password is super simple, right? I assume this is the kind of vulnerability that would make a huge news splash if found. i'm not a hacker but i don't think guessing passwords is the way to go. best to make users install your trojan which gives you a back door to their computer. the trojan can read the wallet.dat file and report its contents, which can do a lot of damage if you did not encrypted your wallet with a strong password. if you just don't install shit off the web, disable java! and encrypted your wallet I would imagine hackers won't be able to get to you. Title: Re: Does running Bitcoin QT make you a target for hackers? Post by: Ecurb123 on November 01, 2013, 08:55:00 AM I think your logic is generally correct. That's why a lot of people will suggest keeping larger value wallets off-line.
I don't fully understand the Bitcoin network, but wouldn't running QT leave you vulnerable to the below scenario? Step 1: I decide to become an evil hacker, so I learn how to hack. Step 2: I run a modified version of the QT client, which prints out a list of all the other nodes on the bitcoin network that are visible to me. Step 3: I take my big list of IP addresses, and using my logical skills I deduce that a lot of those IPs correspond to machines with bitcoin wallets on them. Step 4: I try to penetrate as many of the machines with those IPs as possible, install keyloggers on any that I can break into, and grab any wallets that I can find. Step 5: Profit? What's the flaw in my plan? Is step 4 just extremely hard? Title: Re: Does running Bitcoin QT make you a target for hackers? Post by: Rannasha on November 01, 2013, 09:03:56 AM Logging into bitcointalk and allowing images to be viewed makes you a target for hackers. Ah, good point. Anyone know a good resource to get answers to the following questions then? (maybe a more security-focused forum) Assume you're given an IP, (1) the IP belongs to a windows 8 machine, the admin password is very simple, and remote desktop is enabled. How easy is it to break in? I assume it's just a matter of guessing passwords as fast as you can. Anyone know the practical limit to how many remote desktop password attempts a win8 machine will allow per unit of time? (2) If remote desktop is disabled, then it's very unlikely that even a dedicated hacker could get into your machine even if your admin password is super simple, right? I assume this is the kind of vulnerability that would make a huge news splash if found. Almost all consumer internet modems/routers use NAT and don't directly expose the connected computer(s) to the internet. The IP address that you obtain will lead you to a router, not a computer, and unless said router has some really glaring security holes, there won't be an easy way to get to the actual computer(s) behind the router. While in principle there is a potential security risk in having your IP address connected to bitcoin-related acitivities, in practice this risk is negligible compared to keyloggers, weak passwords, phishing, etc... Title: Re: Does running Bitcoin QT make you a target for hackers? Post by: Buffer Overflow on November 01, 2013, 09:04:56 AM Logging into bitcointalk and allowing images to be viewed makes you a target for hackers. Someone could place an image in an PM, when you open the message your IP would be revealed to be sender. Title: Re: Does running Bitcoin QT make you a target for hackers? Post by: go1111111 on November 01, 2013, 10:10:59 AM Judging by your logic, visiting random site could make you a target for hackers..sigh. Not quite. A hacker would rather gain access to the computer of someone who uses bitcoin than just a random Internet user. Rannasha: thanks for the description. Title: Re: Does running Bitcoin QT make you a target for hackers? Post by: DodoB on November 01, 2013, 10:18:47 AM Probably yes. the best solution is not to keep large amounts of bitcoin in a single computer.
Title: Re: Does running Bitcoin QT make you a target for hackers? Post by: ArticMine on November 01, 2013, 07:55:47 PM i'm not a hacker but i don't think guessing passwords is the way to go. best to make users install your trojan which gives you a back door to their computer. the trojan can read the wallet.dat file and report its contents, which can do a lot of damage if you did not encrypted your wallet with a strong password. if you just don't install shit off the web, disable java! and encrypted your wallet I would imagine hackers won't be able to get to you. The best anti hacker advice here, which is excellent by the way, is in the poster's avatar. Say no to Microsoft Windows and yes to GNU/Linux Title: Re: Does running Bitcoin QT make you a target for hackers? Post by: mb300sd on November 04, 2013, 06:44:07 AM Its pretty easy to notice someone guessing passwords at your remote desktop, set an account lockout after 3-10 incorrect attempts... depending on how often you try to log in drunk ;D
|