 Show Posts
|
|
Pages: « 1 [2]
|
Although not entirely convinced are the hardware wallets really the safest way of storing bitcoins. They may be resistant to hackers/trojans etc, but you entirely rely on physical device which can be lost/stolen/destroyed (unless I'm missing something here).
As I understand it, the Trezor will let you write down the seed for the keys when they are generated, in case the wallet is lost/stolen/destroyed. A thief shouldn't be able to brute-force the PIN on the device for some time, giving the original owner time to regenerate the keys elsewhere and move the funds. |
|
|
|
They probably lost btc because they got infected by malicious software, but as far as I know, there is not a security flaw in IE...
I'm just going to leave this right here... http://www.securityfocus.com/bid/65551 |
|
|
|
Hello, I don't want to stir any panic but I recently downloaded Bitcoin-QT and Bitcoin Armory from legit sites. Bitcoin-QT finally completed downloadng the blockchain so when I open up Armory to start syncing the database, my anti-virus Avast system is showing a bunch of infections:
Infection: VBS:Bicololo-IU [Trj]
File: /Users/xxx/Library/Application Support/Armory/databases/leveldb_blkdata/025281.sst
Process: /Application/Armory.app/Content/MacOS/Python
So what is this? Has anyone seen it? This trojan looks pretty bad, is it a false positive? How did this happen?
It's a false positive, I've seen it before and investigated. And a VBS (Visual Basic Script) virus in an Armory .sst file wouldn't even make sense, it's not like Armory would be executing VB script it finds randomly in the blockchain. |
|
|
|
we're now actively looking for a new production facility that could guarantee a seamless production of plastic cases.
I'd be willing to buy the bare hardware no case. I suspect most people with access to a 3D printer would too. |
|
|
|
It's certainly a good idea to run with the least privilege possible, but the article isn't quite accurate. The report in question was speaking about Microsoft software exploit attempts being mitigated, not people just running malware they find posted on a web forum. Most modern malware has moved beyond requiring admin rights. The trojans install themselves to user-owned folders and persist via user-writable registry keys. For a wallet stealer, persistence isn't even required, and your wallet.dat file is lying right there in a user folder for the taking. It might need to persist if it uses a keylogger to capture your passphrase since it doesn't know when you will be typing/pasting that in, but as I mentioned, malware can persist post-reboot without needing admin rights. So even though the advice is good for some cases, in the case of running random programs posted to Bitcointalk, it won't help you at all. |
|
|
|
is Mac OS vulnerable as well?
Mac OS and Linux are definitely vulnerable as well - there are cross-platform Java RATs out there, at least one of which has been distributed in this very forum in order to steal people's wallets. You would be crazy to run anything anyone posted here except in a clean virtual machine, really. Even long-time members can have their accounts hijacked and could post a trojan. Antivirus is a crap-shoot, no better than 50% final detection rate of wallet stealers overall, and that number usually starts out in single digits for the first couple of weeks after a new trojan is released. |
|
|
|
It really wasn't him. My apologies.
Who stole your bitcoins then? |
|
|
|
I urge you to cease all arguments against me. This is ridiculous I have not stolen any bitcoins never. I never released any wallet software at all. I am not so educated to write even any software at all that do such a thing.
In another thread you said you had programming knowledge. You also have an account on hackforums.net. I'd say you easily have enough knowledge to download a RAT builder and use it to steal Bitcoins. It wouldn't make sense for another hacker to launder coins through your wallet, since that would open them up to be taken by you, a so-called innocent victim. Now, I'm not saying that you did it. But Occam's Razor is. |
|
|
|
Here's a tip, make sure you are using a very strong rpc password. I held around 4,500 vtc, then yesterday someone cracked my rpc password, and stole 3,000 vtc. Monitoring the blockchain I have noticed this has happened to multiple wallets. So don't let this happen to you too!
Why did you have your RPC port open to the world? And how do you know you were hacked via RPC? Wouldn't a wallet-stealing trojan be far more likely? And why didn't they steal all your VTC instead of just 3000? |
|
|
|
|
The long and short of it is this: there's no method you can use to authenticate yourself to a remote website via an infected computer that man-in-the-browser malware can't hijack en-route and use in order to pretend to be you. Instead you need to validate the integrity of your transactions on a separate device. That's what Cronto does for banks and that's what Trezor does for Bitcoin wallets.
|
|
|
|
|
This is no better than OTP 2FA; both are worthless if your machine is infected by man-in-the-browser (MitB) malware. If you haven't been following banking malware trends you may not be aware - thieves have been bypassing 2FA easily for quite some time. Transaction Integrity Verification (TIV) using an offline device is the only way to defeat theft by MitB malware.
|
|
|
|
Possible. But Not used the Wallet for over a Month, so not typed my Key(password) since 22/01/2014.
Was the wallet encrypted from day one? No chance of an forgotten unencrypted backup sitting in a Dropbox account? |
|
|
|
To repeat, I don't believe I was keylogged. Nothing else has been stolen such as other coins or paypal or bank stuff.
You could possibly attribute the lack of theft of other accounts to difficulty/risk to cash them out anonymously compared with Bitcoin I suppose. As far as your Mac security goes, do you use Little Snitch to watch for anomalous outbound connections? Most Mac malware would be revealed using that alone (for now). |
|
|
|
|
