paulie_w
|
|
September 29, 2012, 01:13:16 AM |
|
wow, 8000+ btc, that must hurt. sorry man!
|
|
|
|
BC12345
Newbie
Offline
Activity: 57
Merit: 0
|
|
September 29, 2012, 01:13:41 AM |
|
My humble advice:
- log off, go to bed, try to sleep and get your head clear
- tomorrow, try to figure out what happened.
|
|
|
|
Insu Dra
|
|
September 29, 2012, 01:30:48 AM |
|
agh sorry to hear ... Just wanted to repeat my self again, we need a easy to use Multi Sig implementation asap ... Funds like these do not belong on a one to one transaction address.
|
"drugs, guns, and gambling for anyone and everyone!"
|
|
|
kangasbros
|
|
September 29, 2012, 01:36:07 AM |
|
I'm sorry for the accident Care to share the details of your exact setup? I still didn't pick up what OS you were using etc.
|
|
|
|
BkkCoins
|
|
September 29, 2012, 01:37:09 AM Last edit: September 29, 2012, 02:32:35 AM by BkkCoins |
|
That ssh log message indicates they accessed using your public key. How on earth did they get that? Did you access from some other systems that they may have also got access to? This is pretty common. This means you need to check all other computers that previously you used to connect to your laptop. A public key is not more safe than a password if it's left laying around on various systems.
People often use a key for automated access (scripts etc). If you do that it should be for a different, limited user that can only do the very limited functions you intent to automate.
I don't understand it either, apparently they got first into my home machine (with password auth enabled), grabbed the private key for my work machine and logged in there. No idea as to how. Any possibility of physical access at home? Roommate, neighbor, wandering gypsy, anyone who has physical access can gain root without password and then access your key - unless you use encrypted home or an encrypted hard disk. Do you have remote access methods open at home, eg. VNC, or run a web server or other service? These are things that can get compromised. Java based web apps/servers seem to be open like swiss-cheese nowadays going by reading the news anyway. Even someone with brief access to your laptop could simply run ssh-copy-id to some remote server they control. That would give your key to their server for later re-access. I wouldn't fully believe this was a Russian user. It could just as easily be your next door neighbor using a proxy.Check whether an additional key has been added to your laptop's ~/.ssh/authorized_keys file. This could be done by anyone with even a few moments access to your laptop. Another thing I noticed - your sshd log msg indicates the user used sftp to login since it happened at the same exact same second as the ssh login. Hence, it wasn't a user logging in to the console and then choosing to use sftp. Have there been machines where you used sftp to view files? This uses ssh as a transport layer but you may have thought differently about how you connected since the client would not be console but Nautilus or any number of file browser apps.
|
|
|
|
|
Red Emerald
|
|
September 29, 2012, 02:21:15 AM |
|
Even someone with brief access to your laptop could simply run ssh-copy-id to some remote server they control.
ssh-copy-id transfers the public key. That is fine. Your public key can be public. It's the private key that you have to protect and often have encrypted. Stories like this make me want to change all my passwords and move to new hot wallets. This is why I keep my large stash in an offline Armory wallet.
|
|
|
|
BkkCoins
|
|
September 29, 2012, 02:33:52 AM |
|
Even someone with brief access to your laptop could simply run ssh-copy-id to some remote server they control.
ssh-copy-id transfers the public key. That is fine. Your public key can be public. It's the private key that you have to protect and often have encrypted. You're right - I got turn around. It's someone adding a public key to your authorized_keys file that you would need to be wary of.
|
|
|
|
GernMiester
|
|
September 29, 2012, 03:28:50 AM |
|
BTC is the most pathetic way to store money I have ever seen. PERIOD!!!!! It gets taken and you get told go to hell and I get yet another laugh... If you try and get my FIAT that is not in the bank, well, my gun(s) will change your mind or take your life. Simple as that...
|
|
|
|
BkkCoins
|
|
September 29, 2012, 04:06:19 AM |
|
BTC is the most pathetic way to store money I have ever seen. PERIOD!!!!! It gets taken and you get told go to hell and I get yet another laugh... If you try and get my FIAT that is not in the bank, well, my gun(s) will change your mind or take your life. Simple as that...
Yes, now print a paper wallet (key) and you can say exactly the same thing about Bitcoin.
|
|
|
|
caffeinewriter
|
|
September 29, 2012, 04:15:27 AM |
|
BTC is the most pathetic way to store money I have ever seen. PERIOD!!!!! It gets taken and you get told go to hell and I get yet another laugh... If you try and get my FIAT that is not in the bank, well, my gun(s) will change your mind or take your life. Simple as that...
Yes, now print a paper wallet (key) and you can say exactly the same thing about Bitcoin. +1 GernMiester, I respect your opinion and respectfully reject it and maintain my own.
|
|
|
|
squid
Member
Offline
Activity: 112
Merit: 10
|
|
September 29, 2012, 04:30:43 AM |
|
Separate money into multiple offline backup wallets. Everything in 1 pot is silly =/
Sorry about your loss.
|
|
|
|
BkkCoins
|
|
September 29, 2012, 05:02:46 AM |
|
BTC is the most pathetic way to store money I have ever seen. PERIOD!!!!! It gets taken and you get told go to hell and I get yet another laugh... If you try and get my FIAT that is not in the bank, well, my gun(s) will change your mind or take your life. Simple as that...
Ban this troll. By the way, they don't need to physically steal your FIAT to rob you, they simply print more. Indeed. They may do it slowly but it is surely. At 3%/year it'll take them, what, about 20 years to take half of it but guns in both hands and bars on the doors won't stop them. So far with Bitcoin, excepting a week when everyone went bananas last summer, you would very likely be much ahead, maybe even very much ahead.
|
|
|
|
cedivad
Legendary
Offline
Activity: 1176
Merit: 1001
|
|
September 29, 2012, 05:23:26 AM Last edit: September 29, 2012, 05:34:16 AM by cedivad |
|
Please explain us how the hell they got access to your private key.
|
My anger against what is wrong in the Bitcoin community is productive: Bitcointa.lk - Replace "Bitcointalk.org" with "Bitcointa.lk" in this url to see how this page looks like on a proper forum (Announcement Thread)Hashfast.org - Wiki for screwed customers
|
|
|
phillipsjk
Legendary
Offline
Activity: 1008
Merit: 1001
Let the chips fall where they may.
|
|
September 29, 2012, 05:53:22 AM |
|
I don't understand it either, apparently they got first into my home machine (with password auth enabled), grabbed the private key for my work machine and logged in there. No idea as to how.
Does you home machine password have more or less than 60 bits of information (10 character, letters, numbers ,symbols)? You may want to check the logs for failed login attempts. I think the lesson here (which I did not know) is that you are going to move to key-based authentication, you should do it everywhere at the same time. Do you log into you home machine from Public computers? is that why you were not using Key based authentication? Note: until recently, I was using password authentication with about 17 bits of information. Half my security was obscurity (two logins required with different usernames and passwords).
|
James' OpenPGP public key fingerprint: EB14 9E5B F80C 1F2D 3EBE 0A2F B3DE 81FF 7B9D 5160
|
|
|
nomnomnom
|
|
September 29, 2012, 08:08:15 AM |
|
I think after a disaster like this the only secure method is to reinstall all affected computers, make some images of the harddisk so you can still analyze what happend.
|
|
|
|
Insu Dra
|
|
September 29, 2012, 08:37:51 AM Last edit: September 29, 2012, 09:02:45 AM by Insu Dra |
|
If you still think you might have a rootkit, wipe your system clean. It's really the only surefire way to get rid of a rootkit.
I think after a disaster like this the only secure method is to reinstall all affected computers, make some images of the harddisk so you can still analyze what happend. +1, don't try to fix a os if you think it might have a root kit. Root kit cleaners are like anti virus software, they only clean what they know and recognize ....
|
"drugs, guns, and gambling for anyone and everyone!"
|
|
|
Jutarul
Donator
Legendary
Offline
Activity: 994
Merit: 1000
|
|
September 29, 2012, 08:54:44 AM |
|
Well, just to prove that even long time members are not secure from being stupid. My wallet has just been cleared out: At first I thought maybe it's just an old transaction that has only now been submitted, but I can't find any wallet of mine that owns those keys. I had my wallet encrypted, but this was apparently an old backup of my wallet that I must have stored somewhere. Any tips on what to do next? I'm still a bit fuzzy about the details. Can we blacklist those funds somehow? 8000 btc in a hotwallet... Was that necessary? Why didn't you consider cold storage?
|
|
|
|
Gyrsur
Legendary
Offline
Activity: 2856
Merit: 1520
Bitcoin Legal Tender Countries: 2 of 206
|
|
September 29, 2012, 09:07:04 AM |
|
Well, just to prove that even long time members are not secure from being stupid. My wallet has just been cleared out: At first I thought maybe it's just an old transaction that has only now been submitted, but I can't find any wallet of mine that owns those keys. I had my wallet encrypted, but this was apparently an old backup of my wallet that I must have stored somewhere. Any tips on what to do next? I'm still a bit fuzzy about the details. Can we blacklist those funds somehow? 8000 btc in a hotwallet... Was that necessary? Why didn't you consider cold storage? advise, advise, advise... it's to late to blame him! I'm looking forward to get clear instructions from here: Our Goals for 2013
So, what will we be doing in 2013 with the Bitcoin Foundation? We’ve set our eyes on accomplishing the following things:
Begin to pay Gavin’s salary and get him some budget for the core development team Run a payments-oriented Silicon Valley Bitcoin Conference in the spring (Bitcoin 2013) Publish a set of best practices for businesses transacting in Bitcoin, covering topics from accounting to physical and digital security Create an opt-in certification process for Bitcoin businesses
|
|
|
|
SuperHakka
|
|
September 29, 2012, 10:43:09 AM |
|
Really sorry for the OP. There's not much one can say to help the situation. These kind of problems have got to be sorted out before BTC hits the mainstream. I get the feeling that on the average, we are here are quite tech savvy compared to the the normal guy. But if a granny had her wallet.dat stolen and the tabloid newspapers get hold of it, that would be a serious blow to the credibility of bitcoin and might be irreversible.
|
'First they ignore you. Then they laugh at you. Then they attack you. Then you win.' - Mohandas Gandhi "Whenever I'm about to do something, I think, 'Would an idiot do this?' and if he would, I do not do that thing." - Dwight Schrute
|
|
|
|