Malicious Bitcoin Address Rewrites

[DeathAndTaxes]

You can get entry level SSL certs for $40 or less these days.

The entry level certs are domain not entity verification and don't have the fancy "green address bar" but they do provide the same top level encrypted communication.

An example:   https://www.rapidssl.com

If someone can't afford $40 they shouldn't be working with financial data.

Hmm maybe we should offer SSL paid in BTC. 

[dissipate]

You can get entry level SSL certs for $40 or less these days.

The entry level certs are domain not entity verification and don't have the fancy "green address bar" but they do provide the same top level encrypted communication.

An example:   https://www.rapidssl.com

If someone can't afford $40 they shouldn't be working with financial data.

Hmm maybe we should offer SSL paid in BTC. 

That's what I thought. I've bought SSL certs before and it was around that price. As for buying SSL certs with Bitcoin, that would be cool but I don't think the sale could be anonymous since you have to provide some identifying info to get the cert.

[DannyHamilton]

. . . if your bank sends you sensitive information in emails or allows online banking without HTTPS, then there is something dreadfully wrong with their security and you should withdraw all your money immediately and take it somewhere else... before someone else does . . .

. . . Please re-read the original post. This question has nothing to do with modifying Bitcoin transactions, it is about modifying Bitcoin addresses as they appear on a webpage, before a transaction is made in order to trick users into sending coins to the attacker's address . . .

I'd say the same should be true about this second point as the first.

If someone sends you sensitive bitcoin information in email or allows online access to sensitive bitcoin information without HTTPS, then there is something dreadfully wrong with their security and you should refuse to do business with them and take your business elsewhere.

 

[BladeMcCool]

you could include extra stuff that wont be so easily sniffed like some text that restates the last few digits of the address, or say "digits 10-15 of the address should read 3d2Kv1" .. might help. maybe image of the address instead of the plain text too.

also, i'm thinking that anything browsed via Tor (even regular http web site viewed through an exit node) should be safe from that kind of attack as well, because the transport is all encrypted up until your machine receives and decrypts it. with that last example, i could see malicious routers in between the exit node and the actual website being a problem however.

and with the state eventually trying to "shut down" bitcoin, and internet freedom in general, you can bet that the number of "malicious routers" outside the Tor network will be steadily on the rise. Honestly I think everyone will be using VPN+Tor for pretty much everything within a few short years. The un-onioned web will just be too risky to play on for all but the most subservient slaves.

[benjamindees]

I've been thinking for a while now that it would be nice to have a little app that could be used for "reputation management" with Bitcoin.  It should integrate the -otc web of trust with pgp messaging and the ability to sign with Bitcoin keys.  Perhaps it could be integrated with websites as well, like Bitmit, and recognize self-signed SSL certs.  Basically just tie everything together, to give the average user a layer of identity services to use with Bitcoin.