tyz
Legendary
Offline
Activity: 3360
Merit: 1533
|
|
May 02, 2015, 01:58:10 PM |
|
Hmm... it is really not probable.
Probably I am a little paranoid but every time I am creating a new bitcoin address I check first if it is among the first 10000 addresses. I even wrote a simple python script to check this
|
|
|
|
bennybong (OP)
|
|
May 02, 2015, 02:03:56 PM |
|
No one has access to my pc at all. I honestly can believe I've been hacked... all that trouble for 0.9btc? I've run scans with every tool out there... Nothing. This pc is hardly ever online, I don't ue it for browsing or anything. I'm stumped... and really pissed off.
|
|
|
|
tyz
Legendary
Offline
Activity: 3360
Merit: 1533
|
|
May 02, 2015, 02:15:49 PM |
|
@bennybong: If you reference to my post then you need to know that the computer does not need to be online in order to be unsecure. What I meant is completely independed from your wallet. Read this to get what I meant: https://bitcointalk.org/index.php?topic=354518.0
|
|
|
|
inBitweTrust
|
|
May 02, 2015, 02:17:27 PM |
|
No one has access to my pc at all. I honestly can believe I've been hacked... all that trouble for 0.9btc? I've run scans with every tool out there... Nothing. This pc is hardly ever online, I don't ue it for browsing or anything. I'm stumped... and really pissed off.
Anti- virus software isn't foolproof and cannot catch many types of infections. All it takes is one click on a link in a phishing email, one infected jump drive or external plugged in for a brief moment, visiting one page that has a 0 day exploit, 1 piece of infected pirated software or crack, or an insecure wireless AP. This is why you should never store what you cannot lose on a windows machine connected to a network or at least use a hardware wallet.
|
|
|
|
bennybong (OP)
|
|
May 02, 2015, 02:21:34 PM |
|
No one has access to my pc at all. I honestly can believe I've been hacked... all that trouble for 0.9btc? I've run scans with every tool out there... Nothing. This pc is hardly ever online, I don't ue it for browsing or anything. I'm stumped... and really pissed off.
Anti- virus software isn't foolproof and cannot catch many types of infections. All it takes is one click on a link in a phishing email, one infected jump drive or external plugged in for a brief moment, visiting one page that has a 0 day exploit, 1 piece of infected pirated software or crack, or an insecure wireless AP. This is why you should never store what you cannot lose on a windows machine connected to a network or at least use a hardware wallet. But 0-days? I only have a few new usb drives that I use... all that for 0.9 btc?
|
|
|
|
|
inBitweTrust
|
|
May 02, 2015, 02:26:20 PM |
|
But 0-days? I only have a few new usb drives that I use... all that for 0.9 btc?
The attacker is unlikely to know what your balance until it is taken or attacking many people at the same time. There are many 0day exploits in the wild and your computer if not properly patched with the latest flash/browser/OS patches can be vulnerable to older exploits as well. Even if you use WPA2 on your local router , if you live in an apartment building and a hacker lives next door and can see your hotspot they can perform a dictionary attack or bruteforce attack on your wifi password and than serve you up a malicious page with a 0 day exploit. He must be browsing this!
No necessarily as its a safe assumption you would be reading that with or without this thread. He is definitely and asshole though.
|
|
|
|
bennybong (OP)
|
|
May 02, 2015, 02:27:44 PM |
|
But 0-days? I only have a few new usb drives that I use... all that for 0.9 btc?
The attacker is unlikely to know what your balance until it is taken or attacking many people at the same time. There are many 0day exploits in the wild and your computer if not properly patched with the latest flash/browser/OS patches can be vulnerable to older exploits as well. Even if you use WPA2 on your local router , if you live in an apartment building and a hacker lives next door and can see your hotspot they can perform a dictionary attack or bruteforce attack on your wifi password and than serve you up a malicious page with a 0 day exploit. Yeah I am actually pretty hot on security and pentesting. Which is why I'm so confused!
|
|
|
|
|
tokeweed
Legendary
Offline
Activity: 4088
Merit: 1454
Life, Love and Laughter...
|
|
May 02, 2015, 02:31:24 PM |
|
But 0-days? I only have a few new usb drives that I use... all that for 0.9 btc?
The attacker is unlikely to know what your balance until it is taken or attacking many people at the same time. There are many 0day exploits in the wild and your computer if not properly patched with the latest flash/browser/OS patches can be vulnerable to older exploits as well. Even if you use WPA2 on your local router , if you live in an apartment building and a hacker lives next door and can see your hotspot they can perform a dictionary attack or bruteforce attack on your wifi password and than serve you up a malicious page with a 0 day exploit. Yeah I am actually pretty hot on security and pentesting. Which is why I'm so confused! Someone check with Electrum as well.
|
|
|
|
R |
▀▀▀▀▀▀▀██████▄▄ ████████████████ ▀▀▀▀█████▀▀▀█████ ████████▌███▐████ ▄▄▄▄█████▄▄▄█████ ████████████████ ▄▄▄▄▄▄▄██████▀▀ | LLBIT | | | 4,000+ GAMES███████████████████ ██████████▀▄▀▀▀████ ████████▀▄▀██░░░███ ██████▀▄███▄▀█▄▄▄██ ███▀▀▀▀▀▀█▀▀▀▀▀▀███ ██░░░░░░░░█░░░░░░██ ██▄░░░░░░░█░░░░░▄██ ███▄░░░░▄█▄▄▄▄▄████ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | █████████ ▀████████ ░░▀██████ ░░░░▀████ ░░░░░░███ ▄░░░░░███ ▀█▄▄▄████ ░░▀▀█████ ▀▀▀▀▀▀▀▀▀ | █████████ ░░░▀▀████ ██▄▄▀░███ █░░█▄░░██ ░████▀▀██ █░░█▀░░██ ██▀▀▄░███ ░░░▄▄████ ▀▀▀▀▀▀▀▀▀ |
| | | | | | .
| | | ▄▄████▄▄ ▀█▀▄▀▀▄▀█▀ ▄▄░░▄█░██░█▄░░▄▄ ▄▄█░▄▀█░▀█▄▄█▀░█▀▄░█▄▄ ▀▄█░███▄█▄▄█▄███░█▄▀ ▀▀█░░░▄▄▄▄░░░█▀▀ █░░██████░░█ █░░░░▀▀░░░░█ █▀▄▀▄▀▄▀▄▀▄█ ▄░█████▀▀█████░▄ ▄███████░██░███████▄ ▀▀██████▄▄██████▀▀ ▀▀████████▀▀ | . ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ░▀▄░▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄░▄▀ ███▀▄▀█████████████████▀▄▀ █████▀▄░▄▄▄▄▄███░▄▄▄▄▄▄▀ ███████▀▄▀██████░█▄▄▄▄▄▄▄▄ █████████▀▄▄░███▄▄▄▄▄▄░▄▀ ████████████░███████▀▄▀ ████████████░██▀▄▄▄▄▀ ████████████░▀▄▀ ████████████▄▀ ███████████▀ | ▄▄███████▄▄ ▄████▀▀▀▀▀▀▀████▄ ▄███▀▄▄███████▄▄▀███▄ ▄██▀▄█▀▀▀█████▀▀▀█▄▀██▄ ▄██▀▄███░░░▀████░███▄▀██▄ ███░████░░░░░▀██░████░███ ███░████░█▄░░░░▀░████░███ ███░████░███▄░░░░████░███ ▀██▄▀███░█████▄░░███▀▄██▀ ▀██▄▀█▄▄▄██████▄██▀▄██▀ ▀███▄▀▀███████▀▀▄███▀ ▀████▄▄▄▄▄▄▄████▀ ▀▀███████▀▀ | | OFFICIAL PARTNERSHIP SOUTHAMPTON FC FAZE CLAN SSC NAPOLI |
|
|
|
inBitweTrust
|
|
May 02, 2015, 02:34:25 PM |
|
Yeah I am actually pretty hot on security and pentesting. Which is why I'm so confused!
If you have any IT job or a job as a network administrator you are a much higher target for hackers and the NSA/FBI(remember many of them are corrupt as well) You should always assume that whatever you have in your primary computer that you install software on and browse the internet with can be instantly compromised. I find that this is a good thing to expose myself to with small amounts of bitcoin as it is a cheap way of telling me my computer is compromised(never happened yet) If you do not use cold storage than you need to at least use a hardware wallet. It doesn't matter that you are security conscientious as security is difficult to do right and all it takes is one mistake or one unlucky encounter.
|
|
|
|
AtheistAKASaneBrain
|
|
May 02, 2015, 02:36:23 PM |
|
Very weird, I would assume you maybe got infected by a trojan of some sorts. The way it went is strange, as you didn't input that address. Maybe your electrum installation is compromised?
|
|
|
|
frankenmint
Legendary
Offline
Activity: 1456
Merit: 1018
HoneybadgerOfMoney.com Weed4bitcoin.com
|
|
May 02, 2015, 02:41:01 PM |
|
But 0-days? I only have a few new usb drives that I use... all that for 0.9 btc?
The attacker is unlikely to know what your balance until it is taken or attacking many people at the same time. There are many 0day exploits in the wild and your computer if not properly patched with the latest flash/browser/OS patches can be vulnerable to older exploits as well. Even if you use WPA2 on your local router , if you live in an apartment building and a hacker lives next door and can see your hotspot they can perform a dictionary attack or bruteforce attack on your wifi password and than serve you up a malicious page with a 0 day exploit. Yeah I am actually pretty hot on security and pentesting. Which is why I'm so confused! Again, I'm going to go with the point of failure wasn't you, I would press that there is a failure point with the VPN. If someone has your info, they could just wait for you to confirm signing the transaction then send it immediately thereafter. I've read cases of botched tor exit nodes that pass fake blockchain.info credentials to users to log the credentials. was the btc cold for a while beforehand? why were you moving it to this address?
|
|
|
|
bennybong (OP)
|
|
May 02, 2015, 02:43:16 PM |
|
Yeah I am actually pretty hot on security and pentesting. Which is why I'm so confused!
If you have any IT job or a job as a network administrator you are a much higher target for hackers and the NSA/FBI(remember many of them are corrupt as well) You should always assume that whatever you have in your primary computer that you install software on and browse the internet with can be instantly compromised. I find that this is a good thing to expose myself to with small amounts of bitcoin as it is a cheap way of telling me my computer is compromised(never happened yet) If you do not use cold storage than you need to at least use a hardware wallet. It doesn't matter that you are security conscientious as security is difficult to do right and all it takes is one mistake or one unlucky encounter. Trust me. I'm on a boat, with a personal crappy old laptop. No one has been near this. My internet is 150kb/s tops and I hate it!
|
|
|
|
bennybong (OP)
|
|
May 02, 2015, 02:46:05 PM |
|
But 0-days? I only have a few new usb drives that I use... all that for 0.9 btc?
The attacker is unlikely to know what your balance until it is taken or attacking many people at the same time. There are many 0day exploits in the wild and your computer if not properly patched with the latest flash/browser/OS patches can be vulnerable to older exploits as well. Even if you use WPA2 on your local router , if you live in an apartment building and a hacker lives next door and can see your hotspot they can perform a dictionary attack or bruteforce attack on your wifi password and than serve you up a malicious page with a 0 day exploit. Yeah I am actually pretty hot on security and pentesting. Which is why I'm so confused! Again, I'm going to go with the point of failure wasn't you, I would press that there is a failure point with the VPN. If someone has your info, they could just wait for you to confirm signing the transaction then send it immediately thereafter. I've read cases of botched tor exit nodes that pass fake blockchain.info credentials to users to log the credentials. was the btc cold for a while beforehand? why were you moving it to this address? No it was fresh from localbitcoins. My VPN is iPedator which I trust
|
|
|
|
RocketSingh
Legendary
Offline
Activity: 1662
Merit: 1050
|
|
May 02, 2015, 02:52:51 PM |
|
Wow! Interesting share! Have you ever tried this site? I don't think its legit! I will try it right now and edit this post No. I have never tried. I'd be interested in your feedback as well...
|
|
|
|
inBitweTrust
|
|
May 02, 2015, 02:54:10 PM |
|
Trust me. I'm on a boat, with a personal crappy old laptop. No one has been near this. My internet is 150kb/s tops and I hate it!
Additionally, think about anyone else that has access or come in contact with your computer or any usb drive in the past. Additionally, since you are on a boat with a 150 kb/s connection that also brings 2 concerns to my mind : 1) you aren't keeping your windows box patched because of your extremely limited bandwidth. 2) You are using a wifi hotspot that is compromised. The fact that you are so incredulous that you have been compromised is a security concern in itself as their are so many ways to be compromised with the way you store bitcoins. At most you should be upset and slightly shocked that you were compromised but aware that you made some security shortcuts and need to do better in the future.
|
|
|
|
|
tokeweed
Legendary
Offline
Activity: 4088
Merit: 1454
Life, Love and Laughter...
|
|
May 02, 2015, 02:56:50 PM |
|
He's implying an Electrum vulnerability...?
|
|
|
|
R |
▀▀▀▀▀▀▀██████▄▄ ████████████████ ▀▀▀▀█████▀▀▀█████ ████████▌███▐████ ▄▄▄▄█████▄▄▄█████ ████████████████ ▄▄▄▄▄▄▄██████▀▀ | LLBIT | | | 4,000+ GAMES███████████████████ ██████████▀▄▀▀▀████ ████████▀▄▀██░░░███ ██████▀▄███▄▀█▄▄▄██ ███▀▀▀▀▀▀█▀▀▀▀▀▀███ ██░░░░░░░░█░░░░░░██ ██▄░░░░░░░█░░░░░▄██ ███▄░░░░▄█▄▄▄▄▄████ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | █████████ ▀████████ ░░▀██████ ░░░░▀████ ░░░░░░███ ▄░░░░░███ ▀█▄▄▄████ ░░▀▀█████ ▀▀▀▀▀▀▀▀▀ | █████████ ░░░▀▀████ ██▄▄▀░███ █░░█▄░░██ ░████▀▀██ █░░█▀░░██ ██▀▀▄░███ ░░░▄▄████ ▀▀▀▀▀▀▀▀▀ |
| | | | | | .
| | | ▄▄████▄▄ ▀█▀▄▀▀▄▀█▀ ▄▄░░▄█░██░█▄░░▄▄ ▄▄█░▄▀█░▀█▄▄█▀░█▀▄░█▄▄ ▀▄█░███▄█▄▄█▄███░█▄▀ ▀▀█░░░▄▄▄▄░░░█▀▀ █░░██████░░█ █░░░░▀▀░░░░█ █▀▄▀▄▀▄▀▄▀▄█ ▄░█████▀▀█████░▄ ▄███████░██░███████▄ ▀▀██████▄▄██████▀▀ ▀▀████████▀▀ | . ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ░▀▄░▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄░▄▀ ███▀▄▀█████████████████▀▄▀ █████▀▄░▄▄▄▄▄███░▄▄▄▄▄▄▀ ███████▀▄▀██████░█▄▄▄▄▄▄▄▄ █████████▀▄▄░███▄▄▄▄▄▄░▄▀ ████████████░███████▀▄▀ ████████████░██▀▄▄▄▄▀ ████████████░▀▄▀ ████████████▄▀ ███████████▀ | ▄▄███████▄▄ ▄████▀▀▀▀▀▀▀████▄ ▄███▀▄▄███████▄▄▀███▄ ▄██▀▄█▀▀▀█████▀▀▀█▄▀██▄ ▄██▀▄███░░░▀████░███▄▀██▄ ███░████░░░░░▀██░████░███ ███░████░█▄░░░░▀░████░███ ███░████░███▄░░░░████░███ ▀██▄▀███░█████▄░░███▀▄██▀ ▀██▄▀█▄▄▄██████▄██▀▄██▀ ▀███▄▀▀███████▀▀▄███▀ ▀████▄▄▄▄▄▄▄████▀ ▀▀███████▀▀ | | OFFICIAL PARTNERSHIP SOUTHAMPTON FC FAZE CLAN SSC NAPOLI |
|
|
|
bennybong (OP)
|
|
May 02, 2015, 02:57:27 PM |
|
Trust me. I'm on a boat, with a personal crappy old laptop. No one has been near this. My internet is 150kb/s tops and I hate it!
Additionally, think about anyone else that has access or come in contact with your computer or any usb drive in the past. Additionally, since you are on a boat with a 150 kb/s connection that also brings 2 concerns to my mind : 1) you aren't keeping your windows box patched because of your extremely limited bandwidth. 2) You are using a wifi hotspot that is compromised. The fact that you are so incredulous that you have been compromised is a security concern in itself as their are so many ways to be compromised with the way you store bitcoins. At most you should be upset and slightly shocked that you were compromised but aware that you made some security shortcuts and need to do better in the future. Windows is up to date, I don't think the hotspot is conpromised. It's a very good system, I know the owner of this place and I've talking with the IT to try and get me some more speed! and I use VPN anyway (which I had to pay for.
|
|
|
|
|