|
I don't really get what your issue is.
If you don't need the software anymore, remove it.
If you might need, decide for yourself whether to keep or remove it.
Do you want to accomplish anything specific (e.g. remove all traces that the software ever was on your computer) ?
Because if the answer is no, it doesn't really matter. What is the concrete issue/question ?
|
|
|
|
[...] and that means they did not disclose CONTRACT TERMS were subject to change. I would say a flag for this case is more than justified.
I agree with this. Since they don't pay out their bounties in another currency, this is an obvious scam to me. We can't verify whether they really need to perform KYC to pay out their tokens. But if this is the case, payment in another currency is a must. The participants did their work, and deserve their payment. So, it is either a scam to pay less than they should or a scam to gather personal information. Or maybe both. IMO this deserves not only a type3 flag, but a type1 flag too. |
|
|
|
Please feel free to create a scammer flag against TerraGreen if you are affected, I'm sure you'll find huge approval by DT.
^ Someone of this thread who is affected, create a type3 flag and i will support it. |
|
|
|
|
Do you have any proof ?
If you have solid proof, you can create a flag against him (violating a contract). It will be supported.
|
|
|
|
|
Physical with receipts ? And where were they bought?
Or do you offer some carded crap which will be reverted and brings us into legal troubles ?
|
|
|
|
I still have no answer as to how my computer is being spied on and why only the LTCs have disappeared. I assume the only option: seed stolen by malware, which was not detected by antivirus and antispyware. is it possible? If so, then the money is less secure than in the bank or in gold. About hardware wallets and security: https://www.youtube.com/watch?time_continue=771&v=Y1OBIGslgGMAV's only detect very well known or very poorly coded malware. Anyone who slightly has a clue how to code properly, can create malware which is completely undetected by any AV. So.. definitely possible. Regarding the youtube video.. Besides multiple other requirements, an attacker needs physical access.. If i gain physical access to your credit card.. it is WAY easier for me to steal your money. Just take the credit card and use it. This is not the case with a hardware wallet. Even with multiple exploits it is more complicated than that. Therefore i don't really think your money is more secure in a bank... "Be your own bank" implies that you also have to deal with securing the funds. |
|
|
|
Is this wallet better or worst than nano ledger s? Is there a reason why anyone would use any wallet besides trezor or nano ledger?
Read the thread. Short summary: - It is just a brainwallet, and we all know how bad brainwallets are..
- It had tons of vulnerabilities (no clue about the current state, but wouldn't expect it to be better now)
- The company is doing shady stuff
- It is just a brainwallet.
I think you can answer the question, whether it is better or worse than a regular hardware wallet, yourself. P.s. Even a webwallet is more secure than this crap. |
|
|
|
1) Whoever has access to the xpub key can track your transactions
If OP is an intermediary, he already can track all transactions. If the seller only creates this particular wallet for selling stuff on his website, that's not an issue at all. 2) Whoever has access to the xpub key and to the private key of one of its derived addresses can derive the private keys of its other addresses as well
This only applies to unhardened derivation paths, but not to hardened ones. If OP simply uses a hardened derivation path (which is standard in most - if not all - wallets), this is not an issue either. Therefore.. OP.. what is the reason you think using the xpub is a bad idea ? |
|
|
|
So is it possible or not possible for someone in install malware/keylogger on this... then moment you connect laptop to it or tablet/phone to it... you get keylogged?
[.. ]is it possible for someone to put malware or firmware on it where the moment you receive the powerbank... then whenever you connect it to your laptop or tablet/phone... now your device is compromised. Thus any password manage you use or email you use when you type it in your laptop, is now compromised because that powerbank is compromised. Does that make sense in what im asking?
Yes. Anything which has a micro controller can be tampered with, either by reprogramming (doesn't work with all micro controller) or replacing it. That's by the way one reason (if you have sensitive data on your computer) why i would discourage from plugging in USB sticks from other people. They don't necessarily want to intentionally damage you.. but who knows how they are handling their ITsec.. USB sticks are the most prominent and most probable example of getting infected. Real micro controller tampering happens rarely, but is very well possible. But if you start to believe everyone wants to infect you (e.g. official powerbank seller, amazon, etc..), you might start getting a bit too paranoid. |
|
|
|
If I've got a memory card slot in my smartphone and I've stored/kept everything (almost everything related to crypto) and even installed my wallets in that memory card (by selecting it as default).
Holy shit.. that's a really bad idea. Any data stored on the SD card can be accessed by any application on your mobile. What you basically did is to circumvent security measurements of android which encapsulate storage from applications from each other. On the internal memory, an application can only access the data in their own folder. But every application has access to the external memory. You should never store sensitive information (which a wallet application definitely is) on an SD card. Always store it on the internal memory. One final question:
While destroying it, what should I take care of?
I mean, I don't want to get blasted off my phone while trying to destroy it. Also, which part should be mainly destroyed to end the possibility of fetching any sort of data from that piece if it ever gets to anybody's hands?
Well.. theoretically.. wipe the (encrypted) mobile and fill it with junk data. That's the easiest way. Then you are already safe, and don't need too much effort to destroy it physically. All you need to destroy are the memory chips. |
|
|
|
I cannot ask the sellers to change their receiveing address by themselves, after each sell, this makes no sense.. Imagine there are 3 sales within one minute for example.
Actually, you can. And it is the best way to accomplish what you are trying to do. If you are some kind of intermediary (without direct connection to the sellers server via an API etc.), you would request your seller to give you 10k addresses of them (generating them doesn't take more than a few seconds). Then each time a customer wants to buy something from seller X, you give them an unused address of seller X. Once you hand out this address, regard it as 'used'. Even if the buyer doesn't actually buy something. By giving each deal (customer Y buys from seller X) an unique address, it is way easier for everyone to check whether the transaction occurred and whether the amount is correct. Once the address pool is 'low' (e.g. < 1k addresses), you request another 10k addresses. However, if you as an intermediary are needed and don't want to regularly stay in contact with your sellers regarding addresses, using an xpub is probably the best option. At least if a lot of sales are happening and refilling address pool would have to be done quite often. Why exactly do you think it is not a 'good idea' for them to share their xpub with you ? |
|
|
|
Doesnt matter if the computer is airgapped if the passphrase is weak
What? This doesn't make sense. You could have the weakest passwords of all.. if no one gains access to the file, no one can actually even try a password. On an airgapped computer, no one is supposed to gain access to the files except for you. So no password is necessary. Even on a standard desktop computer you don't need any password if you can guarantee (which you can't btw, but speaking theoretically here) that no one will access it. What you rather should say is: "Doesn't matter whether the passphrase is weak if the computer is airgapped" That statement would be correct.. but would be absolutely unnecessary because no one claimed anything contradictory here. |
|
|
|
Please note that most crypto systems fail due to a flaw in the implementation rather than its formal specification. So for all intents and purposes, that: [...] own encryption implementation, or anything.. ...is pretty much as bad as that: Of course you have to use proven concepts / algorithms and not create your own crypto protocol  But i thought this was obvious. Just sayin'  I think we both have a different understand of the term 'implementation'. If i write python code which uses a well known libary to implement AES encryption before sending it via the internet and the server receives it and uses the same libary to decrypt it... that's my 'own' implementation (in my terms). This doesn't make it unsecure. I did not intend to talk about implementing the encryption process itself from scratch. But about implementing encryption at all (e.g. in an own small application). By the way.. if you follow the specification properly, your cipher text won't be vulnerable to attacks. Own implementation of the encryption process often leads to side effects which can be abused. But in a MITM scenario, those side effects (e.g. CPU time) won't have any effect and therefore won't be an attack surface at all. If you actually can read and actually can type, you should be able to create your own encryption algorithm (based on a given specification) without being vulnerable to MITM (only talking about MITM here). P.s. Note that AES is just an example. Pure AES is not suitable for this case (missing replay protection etc.) |
|
|
|
I cannot ask the seller to update his receiving address after each sell, that would be way too cumbersome.
Actually that's the way it is supposed to be. One should always create a new receiving address. For each transaction. This is done to increase the privacy and reduce the possible information leak (who sent how much to person X). Generating addresses is not a problem at all. That's basically just increasing a counter and doing some small calculation. Wallets do that automatically already. And so do most merchants. |
|
|
|
Don't use RPC in an untrusted network or build something around it (e.g. simple encryption).
Don't use RPC in an untrusted network. Period. Set up a VPN tunnel between your node and the client accessing the RPC interface, if you must. "Building something around it" may only provide you with a false sense of security rather than offering actual protection. I was referring to situations where the communications has to go via a network you are not in full control of (e.g. internet). If 2 server have to communicate with each other via the internet, not using it is not an option. 'Building something around it' can be using TLS certificates, VPN, own encryption implementation, or anything.. Of course you have to use proven concepts / algorithms and not create your own crypto protocol But i thought this was obvious. |
|
|
|
|
You know.. you could simply stop trusting 3rd parties and start storing the private keys yourself.
Security-wise you only get advantages when storing them on your device.
I don't see a good reason for not using a standard desktop-/mobile- wallet.
|
|
|
|
|
How exactly did you try it?
Did you do it the way i have mentioned ?
Please be more specific. We can't help you based on 'it does not work' statements.
|
|
|
|
If there is no private key, seed keys, there is no wallet access. It is sad, but it is true. Always be careful!
Read the OP properly before spamming: I have:
[...]
- bc1xx wallet's words phrase
Btw, there are no 'seed keys'. There is a seed, which is a long random number. But no 'seed keys'. So, instead of spamming your sig campaign, try to read the threads before replying in them. |
|
|
|
What exactly did you do? Did you give out your public key to receive a payment and it got send to your legacy address instead of your native segwit? If so, you can easily recover your funds. Simply take the private key, import it into a new wallet (e.g. new electrum wallet file), choose legacy as address type and profit. When pasting the private key, enter: |
|
|
|
|
1) XRP doesn't really have 'confirmations'. They are meaningless. XRP is completely centralized and controllable.
2) 'Success' is enough information for ripple transactions.
3) This belongs into the altcoin section. Click 'move topic' in the bottom left corner and move it into the appropriate sub.
|
|
|
|
|
Show Posts
