Bitcoin Forum
October 23, 2017, 09:27:08 PM *
News: Latest stable version of Bitcoin Core: 0.15.0.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Poll
Question: Have you ever had coins stolen from your local (non-paper, non-brain, just standard) wallet?
Yes - 2 (2.5%)
No - 77 (97.5%)
Total Voters: 78

Pages: « 1 [2]  All
  Print  
Author Topic: How secure is Bitcoin-qt wallet?  (Read 3824 times)
nobbynobbynoob
Hero Member
*****
Offline Offline

Activity: 756


Annuit cœptis humanae libertas


View Profile WWW
October 17, 2012, 12:05:38 AM
 #21

Bitcoins stored in an encrypted wallet are as secure as credit card you use for online purchases from the same computer.

This.

Obviously, if you're infected with keylogging malware then stolen BTC are only one of a number of monster problems you may face.

Earn Free Bitcoins!   Earn bitcoin via BitcoinGet
BTC tip: 1PKkvuwC24Vqjv9odigXs1QVzE66jEJqmb (if <200 µBTC, please donate to charity)
LTC tip: LRqXaNdF79QHvhPpS5AZdEJZnLiNnAkJvq (if <Ł0,05, please donate to charity)
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1508794028
Hero Member
*
Offline Offline

Posts: 1508794028

View Profile Personal Message (Offline)

Ignore
1508794028
Reply with quote  #2

1508794028
Report to moderator
1508794028
Hero Member
*
Offline Offline

Posts: 1508794028

View Profile Personal Message (Offline)

Ignore
1508794028
Reply with quote  #2

1508794028
Report to moderator
MysteryMiner
Legendary
*
Offline Offline

Activity: 910



View Profile
October 17, 2012, 12:25:03 AM
 #22

Morons will need to pay someone else to handle their security just like they do now. And those of us who are competent enough to handle our own shit can save the fees by handling our own shit. Its that simple. The average Jackoff doesnt need to care about mining, just like he doesnt need to know how central banks create interest bearing garbage out of thin air and call it money, all he knows is that the grocery store wants a certain kind of money and his online drug dealer wants something else. He'll take whatever steps he needs to get the money of the kind his supplier of whatever goods wants and thats the end of it.

Exactly.

I removed virus for my living - the vast majority of end uses don't understand the basic operation of a computer, much less the concepts of networking, security. Most of them don't even understand how a program runs or have the ability to discern between real software and malware.

I have one customer who calls in about once a week to have the "FBI - moneypak" virus removed. He just won't stop going to some shady porn sites and "finally clicks yes" on a prompt asking him to install something because it won't let him off the site if he doesn't, I can't convince this customer to avoid the site or to simply rightclick close the browser stack when he gets that msg. But hey as long as he wants to keep paying me $100 a pop for 20 mins of work... whatever.

This sounds so similar to me! I also worked as a computer techie/repairman and all the time I removed malware. But the economic recession hit hard and now I can't make a living out of it. Instead I turned to dark side completely as it is more fun, more profit and I don't need to drive to work in unhandy times. And exploiting the stupidness of moronic users is a good relief.

1LEaxxAh1LKFUvDKYVhiMEVAHRM7K5o7cF
niko
Hero Member
*****
Offline Offline

Activity: 742


There is more to Bitcoin than bitcoins.


View Profile
October 17, 2012, 01:00:27 AM
 #23

Bitcoins stored in an encrypted wallet are as secure as credit card you use for online purchases from the same computer.

This.

Obviously, if you're infected with keylogging malware then stolen BTC are only one of a number of monster problems you may face.
I was wrong. My statement above is true on the user side, but credit card numbers can be compromised  once they leave the user's computer. Not a problem with bitcoins. 



They're there, in their room.
Your mining rig is on fire, yet you're very calm.
kwoody
Sr. Member
****
Offline Offline

Activity: 454


Technology and Women. Amazing.


View Profile
October 17, 2012, 09:39:51 AM
 #24

Bitcoin-Qt is highly exposed and susceptible to the PEBCAK Virus. (Problem Exists Between Chair And Keyboard)
SuperHakka
Full Member
***
Offline Offline

Activity: 196



View Profile
October 17, 2012, 10:46:48 AM
 #25

I noticed that 1 person has now said that they have had btc stolen from their local wallet. In the interests of the public good and generally being a helpful person, could that individual please come forward and tell us the general circumstances of how that happened? Sorry to that person who had btc stolen, I hope the criminal was caught in the end.

'First they ignore you. Then they laugh at you. Then they attack you. Then you win.' - Mohandas Gandhi
"Whenever I'm about to do something, I think, 'Would an idiot do this?' and if he would, I do not do that thing." - Dwight Schrute
knight22
Legendary
*
Offline Offline

Activity: 1358


--------------->¿?


View Profile
October 17, 2012, 03:39:13 PM
 #26

I noticed that 1 person has now said that they have had btc stolen from their local wallet. In the interests of the public good and generally being a helpful person, could that individual please come forward and tell us the general circumstances of how that happened? Sorry to that person who had btc stolen, I hope the criminal was caught in the end.

I strongly think that was a troll, that's why he didn't comment.

nobbynobbynoob
Hero Member
*****
Offline Offline

Activity: 756


Annuit cœptis humanae libertas


View Profile WWW
October 17, 2012, 06:27:03 PM
 #27

I noticed that 1 person has now said that they have had btc stolen from their local wallet. In the interests of the public good and generally being a helpful person, could that individual please come forward and tell us the general circumstances of how that happened? Sorry to that person who had btc stolen, I hope the criminal was caught in the end.

I strongly think that was a troll, that's why he didn't comment.

No, there was a serious thread about this. I think it was forum user Cdecker who claimed to have been robbed of about BTC9k that was taken from possibly an unprotected, unencrypted backup wallet.

Earn Free Bitcoins!   Earn bitcoin via BitcoinGet
BTC tip: 1PKkvuwC24Vqjv9odigXs1QVzE66jEJqmb (if <200 µBTC, please donate to charity)
LTC tip: LRqXaNdF79QHvhPpS5AZdEJZnLiNnAkJvq (if <Ł0,05, please donate to charity)
Este Nuno
Legendary
*
Offline Offline

Activity: 826


amarha


View Profile
October 18, 2012, 11:28:04 AM
 #28

And Cdecker could definitely be considered an expert user. Although maybe not in the area of security. But maybe he has expert level security knowledge but was just complacent and careless. Either way, I feel very bad for him and it is is a very unfortunate incident.

Last year it was widely reported that a user lost 25,000 BTC to a 'hacker'. I believe he posts, or used to post here on bitcointalk.

One interesting tidbit is that Cdecker was using Linux. I wonder if this is the first publicly reported case of theft of a Linux user.

Not that I'm trying to imply Linux distros are inherently safe 'out-of-the-box' or anything, but maybe a lot of people assume that they are immune just by installing the latest Ubuntu. I think it ended up being an issue with him using SSH though, so not directly a Linux issue.

Maybe using Linux is effectively safe though with regards to using a mainstream distro and bitcoin-qt? Not installing any additional packages, encrypting your wallet, and not having anything to do with remote access is good enough to keep secure, or not? I'd be interested to hear peoples opinions on that.
Akka
Legendary
*
Offline Offline

Activity: 1162



View Profile
October 18, 2012, 11:46:18 AM
 #29

This sounds so similar to me! I also worked as a computer techie/repairman and all the time I removed malware. But the economic recession hit hard and now I can't make a living out of it. Instead I turned to dark side completely as it is more fun, more profit and I don't need to drive to work in unhandy times. And exploiting the stupidness of moronic users is a good relief.

This is a joke isn't it?

You know that this is by nothing better than the common thug, forcing someone to give away his cash.

Just a different weakness of the person you exploit. That a thug exploits the weakness to defend yourself and a hacker exploits the weakness to setup proper security, still makes the action the same.

No, people stealing by using any kind of IT are even lower than the lowlifes robbing in the streets, because they have the ability to make a legal income.

I feel nothing but disdain for such people.


All previous versions of currency will no longer be supported as of this update
cypherdoc
Legendary
*
Offline Offline

Activity: 1764



View Profile
October 18, 2012, 02:26:17 PM
 #30

And Cdecker could definitely be considered an expert user. Although maybe not in the area of security. But maybe he has expert level security knowledge but was just complacent and careless. Either way, I feel very bad for him and it is is a very unfortunate incident.

Last year it was widely reported that a user lost 25,000 BTC to a 'hacker'. I believe he posts, or used to post here on bitcointalk.

One interesting tidbit is that Cdecker was using Linux. I wonder if this is the first publicly reported case of theft of a Linux user.

Not that I'm trying to imply Linux distros are inherently safe 'out-of-the-box' or anything, but maybe a lot of people assume that they are immune just by installing the latest Ubuntu. I think it ended up being an issue with him using SSH though, so not directly a Linux issue.

Maybe using Linux is effectively safe though with regards to using a mainstream distro and bitcoin-qt? Not installing any additional packages, encrypting your wallet, and not having anything to do with remote access is good enough to keep secure, or not? I'd be interested to hear peoples opinions on that.

great question.  on the Ubuntu forums they say that VNC and SSH attacks are the 2 most commonly reported hacker exploits.
SuperHakka
Full Member
***
Offline Offline

Activity: 196



View Profile
October 18, 2012, 03:20:53 PM
 #31

great question.  on the Ubuntu forums they say that VNC and SSH attacks are the 2 most commonly reported hacker exploits.
I thought that the SSH protocol had never been broken before. The only way that I have heard that an exploit can occur is if a weak password is brute-forced. Even this can be prevented with the correct iptables settings. I remember the CDecker thread. He never got back to say exactly how it happened I don't recall. I reaffirm that if bitcoin can't be secure in a moderately hostile environment, i.e. on 50%+ of the general public's computers, then it can't fly, especially as there are no chargebacks and no legal protections. It just takes one or two high profile cases (read old-age pensioners, struggling single parents) to come to press and bitcoin is over as far as mainstream goes. What to do?

'First they ignore you. Then they laugh at you. Then they attack you. Then you win.' - Mohandas Gandhi
"Whenever I'm about to do something, I think, 'Would an idiot do this?' and if he would, I do not do that thing." - Dwight Schrute
Este Nuno
Legendary
*
Offline Offline

Activity: 826


amarha


View Profile
October 18, 2012, 03:31:37 PM
 #32

Cold storage? Only keep what you need in a hot wallet I guess.

I agree though, it's a huge barrier to mainstream acceptance. 3rd party wallet providers are a good option, but when that goes wrong the problem is just multiplied by the amount of people who lose their money.

It's not an easy problem to solve, but this same problem exists in some form for all assets(security). Maybe in the future we can come up with solutions, but the problem is always going to be almost impossible if one wishes to maintain both anonymity and decentralization.
nobbynobbynoob
Hero Member
*****
Offline Offline

Activity: 756


Annuit cœptis humanae libertas


View Profile WWW
October 18, 2012, 03:39:49 PM
 #33

It's not an easy problem to solve, but this same problem exists in some form for all assets(security).

+1

Now if only we could extract a similar level of sanity from the MSM, then there'd be less reason to worry one's pants off about the bad publicity of a "ZOMG old grannyyyy robb'd of her preshus Bitcoinz by eeevil hakkurz" type story.

Earn Free Bitcoins!   Earn bitcoin via BitcoinGet
BTC tip: 1PKkvuwC24Vqjv9odigXs1QVzE66jEJqmb (if <200 µBTC, please donate to charity)
LTC tip: LRqXaNdF79QHvhPpS5AZdEJZnLiNnAkJvq (if <Ł0,05, please donate to charity)
flipperfish
Sr. Member
****
Offline Offline

Activity: 336


Dolphie Selfie


View Profile
October 18, 2012, 06:43:37 PM
 #34

Some kind of specialized hardware-signing device will bring the solution. While these are in the making, one can use offline signing as a reasonable alternative. A tradeoff between convenience and security can be made by using a hot-wallet.

With brainwallets / encrypted wallets I see the problem of forgetting the password, which is as bad as losing the coins to someone else. Because of this most people will write down their password somewhere and are thus attackable by traditional theft. Therefore we also need some kind of "dead-man-switch" transaction. This means, coins on a certain address will be sent automatically to some other address after a certain time. The keys for this second address can be written down, or told someone one wouldn't generally trust, but trusts enough to get one's coins in case one forgets the password. So as long as one can remember the password, the coins can be spent immediately AND are not availiable at the second address. Unfortunately, this approach is not feasible with the current protocol (but IMHO could be implemented without hard-fork).
franky1
Legendary
*
Offline Offline

Activity: 1834



View Profile
October 19, 2012, 02:54:40 AM
 #35



Exactly.

I removed virus for my living - the vast majority of end uses don't understand the basic operation of a computer, much less the concepts of networking, security. Most of them don't even understand how a program runs or have the ability to discern between real software and malware.

I have one customer who calls in about once a week to have the "FBI - moneypak" virus removed. He just won't stop going to some shady porn sites and "finally clicks yes" on a prompt asking him to install something because it won't let him off the site if he doesn't, I can't convince this customer to avoid the site or to simply rightclick close the browser stack when he gets that msg. But hey as long as he wants to keep paying me $100 a pop for 20 mins of work... whatever.

i too have had many people who have received this 'warning' they were young and old male and female.

its a facebook advert that prompts stuff like.
"someone has a crush on you click here to see who"
"new message click here"
"someone wants to share a photo"

u get the jist..
i seen it myself as one person gets it soo often they actually deemed me the culprit. so i went to their house and asked them to do their normal activities. sure enough they were drawn to the facebook advert.

many people in england now know it to be from facebook redirecting them off of facebook to stealth download of the fake warning.

it use to come up as a fake antivirus, but now its an FBI thing.

so not really linked to porn, as i myself once thought.

its up to you to inform your regular customer why they keep getting it and to stick to the standard facebook message, photos and friend buttons. or continue milking them dry, as i done as the moron deserved it

i too think the weakest part of the computer system is not the firewall.. but the user.

I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER.
Don't take any information given on this forum on face value. Please do your own due diligence & respect what is written here as both opinion & information gleaned from experience. If you wish to seek legal FACTUAL advice, then seek the guidance of a LEGAL specialist.
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!