As soon as you connect to the net you increase the risk of being compromised. It's always possible there is a vulnerability in your IRC client, in the browser or one of its plugins you use for webchat, etc. You could be sent a document with a vulnerability, etc. A couple of years ago the average infection rate of an unpatched Windows machine simply connected directly to the net was less than a minute on average (i.e. if you installed a vanilla XP, you could get portscanned and compromised before you could even download and install service packs). This has improved somewhat but there is no shortage of attack vectors in auxiliary software.

Your wallet should ideally be on a dedicated machine with the minimum amount of software necessary installed which isn't connecting to the net at all except for bitcoin transfers, is behind a dedicated firewall with no other hosts connected to the segment. That still doesn't exclude compromise through a vulnerability in the client or Bitcoin network for example (the client will actually connect to IRC itself for bootstrapping and your IP address is announced to other participants).

If LulzSec was really involved and not just claiming a false victory then there is a chance you can apply to their hacker ethics, since it seems they are somewhat libertarian in motivation, attacking multinationals and governments. If they don't care about screwing over an innocent individual, someone who has arguably been supporting something that is similarly aligned they are a moral failure and will lose a lot of goodwill with the rest of the community. Make a good, well publicized plea they cannot avoid answering. Maybe they don't even know the full story. Maybe you can work out a compromise like having part of the balance donated to a charity (Wikileaks seems like a good one ).

There is no such thing as a fake coin, the network rejects any such attempts, including double spending.

For the receive only address, you need a an appropriate client that supports this. Assuming that you can for example specify the type of an address during creation and hash that into the address to make it immutable, how do you get coins out of a receive only address later?

It seems there must be a mechanism to allow this or change the type later, otherwise the receive only type would be the same as deleting coins. And if there is, then so can an attacker and the whole exercise seems fairly pointless.

This should probably go in the philosophy section but there is an issue with causality in your argument: you seem to be rejecting the acquisition of wealth by itself, excluding a possible incentive for which the acquisition of wealth is an inconsequential means to an end, thereby presuming that any application of such means is the result (or cause) of a distorted value system.

Try the FBI. I think there is a few thousand dollar limit above which they are obliged to take the case and they have a cybercrime unit. I think half a million qualifies If the attacker is abroad it might get more difficult, or it might turn it into a federal crime, expediting things. Maybe you should talk to a lawyer as well, just in case (e.g. what if Bitcoin is outlawed at some point, what if you give permission for your machine to be audited and they come across a copyrighted download or something).

The average desktop OS has a massive amount of unfixed vulnerabilities at any given moment. Apart from exceptional cases (academic proof projects, NASA hand audited code) there are several defects per 1000 lines of code in pretty much everything. Since your average OS consists of a few million lines of code, there is bound to be a massive amount of errors in everything. Most of these will not lead to a compromise, just instability, unexpected behaviour or cosmetic issues, and the ones which do might only lead to a remote compromise under very specific circumstances.

Regardless, there seem to be plenty of those, with the prototypical attack vector being anything that deals with external data. Currently that's primarily PDF, Flash and browsers doing a multitude of data parsing (html, xml, js, DOM, css, cookies, images, video, URL history, bookmarks, associated built in dbs etc.), third party plugins, with sometimes privileged access (e.g. direct GPU code execution for 3D/video acceleration).

Basic OS security is powerless against these. You need to fundamentally separate any such activity from your wallet. Just think of how Stuxnet managed to get to Iranian centrifuges. I doubt they were hanging off the net directly, but obviously they were not *fully* separated.

Can you specify how this would work?

Without a provably secure implementation this could fall into the same category as running the client in a VM, having a mouse driven password entry, running a virus scanner on the infection target etc.

Provably secure means mathematical proof, i.e. not just a mechanism that may (temporarily) make it harder for an attacker to accomplish a task, such as relying on the unfamiliarity of the attacker with the implementation.

Even the 2 factor token example I gave is not provably secure, there could be a vulnerability in the implementation of the token crypto, the bank's system could be hacked/social engineered, an attacker with physical access could guess the PIN before the token locks down, the user could store the token PIN written down next to the token and the user could be tricked/coerced to reveal his PIN.

It's also very one sided IMHO, I couldn't help thinking 'ponzi scheme!' while watching this. Bruce is almost exclusively focused on the (expected) appreciating value instead of utility and although Stefan mentions they're also going to talk about the downsides later on that never happens (don't you just hate when people state they'll come back to something later and they invariably don't?). Bruce also seems quite distracted in places, maybe he was watching the appreciation not happening?

We really need more balanced evangelism, the Bitcoin economy is helped a lot more by slowly and steadily growing with awareness of its weaknesses than by exponential hysteria causing a bubble that will wreck the whole thing when it comes crashing down.

Seems quite an obvious thing to do if you possess (potentially) great wealth. Fame and riches have their price, there are enough crazies and criminals who won't leave you be. Or groupies Or paparazzi. Or relatives, friends of relatives, random people on the street etc.

The above must play a role, though the impression given is that he is a very private person and there is nothing wrong with that.


Imagine he got declared a saint in a couple of hundred years

SELinux is open source, and has received some scrutiny Not everything government does is evil, neither is everyone in government evil (see Thomas Drake for example).

It's an extra layer of privilege separation but is unlikely to help significantly against your typical (spear)phishing attack. E.g. it may make it harder for an unprivileged local user or process to access system files, but will not help if the same user has the privilege to become root (e.g. occasional uses of sudo), without further configuration at least.

The tone is set by calling Bitcoin "a shadowy underground virtual currency"..

It also quotes one Donald Norman as 'Bitcoin spokesman'. The article they reference lists him as 'a spokesman for the The Bitcoin Consultancy, which offers advisory services for institutions interested in Bitcoin transactions', which is I guess a Bitcoin related business. Funny how much misinformation can be gained from circular reporting.

That's a misconception commonly propagated by Microsoft advocates. The fallacy lies in that since Linux has an open development model, bugs and security issues are quickly and widely published on purpose, while Microsoft often sits on these for months if not years, sometimes refusing to acknowledge them altogether (going as far as rolling patches secretly into other updates), i.e. you never hear about the majority. So the perception arises that Windows has few bugs, while Linux has a lot. Also, Linux is strictly speaking the kernel only, you are talking about distros with a lot of auxiliary software.

In reality open source sofware in general has less bugs and higher code quality due to many eyes looking at it and simple availability of the source code (even if you know there are bugs in Windows, you can't fix them and have to wait for MS). Do a search on Coverity and errors per line of code. I'm not talking about usability/UI design, there is some stupid sh*t going on in 'Linux' at any given time there


True, but the argument can be made that stupid users are more likely to use Windows than Linux


By that logic, Linux can in fact be more secure than Windows. Or at the very least, just as secure.

That's a good idea, but it doesn't help security if the network connected machine is compromised. The moment you copy over the wallet to send, it's compromised too. Also, you somehow have to be able to clean install the non-connected machine. If you do this by downloading an OS image, the download machine has to be clean to begin with etc. You can't really guarantee any of that, or expect the average user to do it.

A 'BTC bank' is one obvious solution, the question is whether you want to compromise the distributed idea by centralizing some aspects of it (similar to exchanges). I think the next big hero is whoever comes up with a decentralized version piggybacking off the existing blockchain network. Centralized versions could coexist of course, for if you want something like a 2 factor authentication method. A proper implementation could prevent unauthorized transactions from your wallet, even if your machine is compromised.

This is already in use: the bank generates a private/public keypair and puts the public key on a physical token (basically a little battery powered calculator), which is sent to you. When you first receive the token you must enter a pin code into it so noone else can use it after that (in other words the bank doesn't know it either). When you log in to the bank's site, you input the token's serial number so they know which private key to use. For every transaction the bank generates a code (hash) with this private key, which you input in your token, which generates a return code (hash) based on the key contained within the token. This code authenticates the transaction to the bank. Repeat for every transaction. The token switches off after a few seconds of inactivity, it can only be reactivated with your pin. The pin code can be 5 digits, the authentication codes 6, for example.

This means that a) the bank knows for sure who you are, because only your token has the correct key, and only you can activate your token (pin code) and b) a man in the middle will not be able to reuse your codes because every new transaction requires a new code. The entire transaction is encrypted via https for privacy and added security.

Of course this can still be circumvented by a dedicated attacker who has compromised your machine but only at the expense of major development investment (not only tailor make the attack for the particular website and keep up with any changes before user logs in again but also keep a double book of real and fake transactions to be presented to the user to avoid detection, at least long enough if you only care about one heist). This attack breaks down as soon as the user tries to access his balance from another, uncompromised host. Even this attack can be completely prevented by hashing the recipient address and amount into the authentication code to be put into the token. If an attacker tries to reroute payment the hash cannot match and is rejected.

The trick is doing this without a physical token and back end server (bank). The closest you could get is a separate smartphone app. But then you have the problem of protecting the smartphone (pin and key) in the face of attacks getting more and more prevalent there exactly because of this kind of use.

It was /.


And did they research/install it themselves? Maybe the kid, but they learn fast Meanwhile I'm still explaining left from right mouse button clicks to family above 50.

I'm just playing devil's advocate here but all of that could be factored into the plan as misinformation. And other supporters coming forward etc. The end result will have to speak for itself, but by then of course it could be too late.


That kind of numbers would have to be through an exchange and none of them have the liquidity currently, apart from any limiting rules (at $1000 a day it would take over 100 years).

Not exactly surprising, except the mandatory indoctrination course you have to follow if you want to sell again, which is simply staggering. The 'tutorial' euphemism is a nice touch too.

Noah's Ark?

Flug has a point. Satoshi's sandwich acquisition in itself could cause a mass panic. If you are looking at the extremes, having that much coin doesn't help in smoothing out bumps unless you sell some upfront, and I'm sure many are watching for the early blocks like hawks, even if they are in smaller lumps (like 65k or something, which is still major, already). On the other end of the spectrum, Satoshi, whoever he/she may be, does not need to be evil. He could bequeath his wealth to an heir and a few generations later there could be a dynasty of dictators. Or he could be, and the dynasty is planned. Maybe 'Satoshi' is a team of NYC bankers doing the same as they did in 1910, a carefully planned execution of cornering the market before it even exists. We simply don't know.

Then again, supposing Satoshi is a benevolent saint, there is nothing preventing the current elite from simply starting to use Bitcoin too and reestablishing their hegemony. I don't mean buying up real estate on the cheap (or at expense later). Rather, a certain kind of person will do the same kind of thing whatever tools he has at his disposal, and be equally successful at it, because the rest will let them, just as it is now. A turd always floats to the top, regardless. Bitcoin's given technical properties cannot change human nature.

Anyway, it's far more likely no mainstream merchants will ever adopt Bitcoin because of pressure from the established banking system, supported by the occasional FBI raid on anyone falling out of line, starting with the exchanges, perhaps supported by some technical attacks on e.g. the bootstrap IRC channels. I don't believe they will need anything like a 51% attack, but if so, pretty sure some agency can be tasked with putting together the appropriate ASIC farm.

So, it ends in a Mad Max style chainsaw fight?

That doesn't change much for the person who got ripped off, or possibly for the person who he is trying to rip off. Proof of original ownership doesn't preclude a willing transfer going sour, greed after the fact, or some kind of elaborate collusion scheme (target address owned by friendly) for example hoping to solicit sympathy coins, or if you're paranoid even as a recon exercise into the exchange and/or pools.

Also, what happens if Mt. Gox complies easily, freezes target accounts? Do they have the right/obligation to do so? If so, scammers will try to abuse *that*.

I'm sorry for your loss, but am dumbfounded by the nonchalance with which that kind of 'f*ck you' money is treated. For lots of people a sum that large would mean never having to work again (unless the fed manages to lower interest rates to zero of course).

I'm also very skeptical about 'following the money' (blockchain), every time there is a split or merge all in/outputs are 'infected', at some point making it impossible to follow, let alone prosecute to any meaningful conclusion (do you average your loss over every recipient?).

The only recourse would be to physically trace the perpetrator and get them to admit the theft. Which on the downside would put a dent into the pseudonymous image Bitcoin has.

None of this negates the possibility of a trojan already sitting on the networked machine intercepting everything.

Running from a USB stick is no guarantee either, an attacker who got access to your networked machine has various non-volatile attack avenues: such as BIOS rootkits: http://www.infoworld.com/d/security-central/hackers-find-new-place-hide-rootkits-252 - there is also working code for inserting modules into network card BIOS code (e.g. for disk password entry if your BIOS does not support it), this could easily be coopted as well.

Not many people are aware that BIOSes have a privileged execution mode (SMI/SMM) for running code in the background, used for low level hardware stuff (e.g. hw watchdogs), which is basiclly undetectable from within an OS running on top of it. It doesn't matter whether you use Windows or Linux (although for obvious reasons Windows is more likely to get compromised).

It's very likely Bitcoin specific malware is already out in the wild, perhaps as a module to an existing crimeware kit, perhaps something targeted. Virus scanners are useless in general since they work on the basis of guarding against infections that usually become known after the fact, and target masses, not spearhead phishing. And most of them have a somewhat poor detection rate even for generic attacks.

If you look at the 'Related information' section beneath:

"IMF boss calls for global currency
10 Feb 2011
Dominique Strauss-Kahn, head of the International Monetary Fund, thinks a new world currency would calm economic instability and curb the dollar's power"

and

"World Bank head calls for debate on new gold standard
8 Nov 2010
Robert Zoellick argues more co-operative monetary system would increase investor confidence and stimulate growth"

Oh the irony