DoomDumas
Legendary
Offline
Activity: 1002
Merit: 1000
Bitcoin
|
|
October 28, 2012, 02:35:52 AM |
|
From what I'm reading in this thread the computer of the OP was hacked with a keylogger or the OP was reusing a password from another site.
+1 Totally agree, and I'm pretty sure you dont have to download something the get infected with keyloguer on a Windows system ! That's quite sad.. but, why stopping mining if your minig rig is already setup and working at more than 1 BTC/day ? I'll say, better have 30+ BTC in a month than 0 forever !! Dont get pissed for that, I've lost 120+ BTC from not changing a very very poor password on a site I had those BTC.. I did'nt quit.. I've mined a lot more since then. And be sure, now my passwords are all more than 20 char, Lower/Upper/Number/Special... That's not keylogguer proof, but few times a year, I store some BTC on an offline wallet and start a new one with a new password.. I'm pretty sure things will get more user-friendly-and-safer by 2 years or so.. Bitcoin is still very young. What if you quit BTC, and give it a look back in to years to realize they are trading over 100 U$ each.. you may end up not having 3000+ U$ by not continuing to mine ! As you wish, was my 2 satoshi
|
|
|
|
aadje93 (OP)
|
|
October 28, 2012, 06:42:13 AM Last edit: October 28, 2012, 06:53:51 AM by aadje93 |
|
Thank you all for the responses . But i still think blockchain is not 100% foolproof when a "hijacked" backup of my wallet can ben just used on another wallet. Why backup then?... As seen by the logg nobody has entered my acount from a different IP or even browser I was pissed off, but i think i need to make a new wallet adress on my account, or a whole new wallet? As the attacker has the backup of month ago, why backup weekly etc. And how about making a wallet on a (windows) pc thats just only mining? Is that safe? I thought the online wallet was safe because the backup is done by them. Ill start mining again . But i am not sure where to send my coins to, as i dont thrust the client either because it failed sometime to start on a windows machine (not my pc, laptop in the beginning while trying out bitcoin client to mine solo and as a wallet after finding online wallets) edit, new acount made. And now ill just convert all to physical items (or steam games ) on lower amounts, now more saving up 100btc probarly. And if my dropbox is being hijacked, it could only be by facebook probarly because i had shared it on facebook to get some free MB for each referal. And why all the hassle if there are wallets with over 5k btc...
|
|
|
|
aadje93 (OP)
|
|
October 28, 2012, 06:56:33 AM |
|
God dammit!!
Made new acount with my yubikey as authenticator,
And now i cant even login to it!! (yubikey wrong) You can add your yubikey, but don't login with it.
Made new post to made this very clear!! DON'T CONNECT Mt GOX YUBI TO BLOCKCHAIN.INFO AT THE MOMENT!!
|
|
|
|
QuantumQrack
|
|
October 28, 2012, 07:34:06 AM |
|
The best security for all practical purposes is a master password you memorize that is used to open an encrypted password database such as keepass. I don't think two factor is necessary in the presence of one strong password that is unique and not used in conjunction with other online accounts.
|
|
|
|
Insu Dra
|
|
October 28, 2012, 09:21:55 AM Last edit: October 28, 2012, 11:33:58 AM by Insu Dra |
|
If that's the case then I really only need to worry about keyloggers getting my passphrase. But since I'm using Linux, the chances of that happening are close to nil, right?
There allot lower but not nil, I would still use a separate minimal install (os) to manage financial data. Even when you just buy stuff on line, don't fill out any forms with credit card or any other sensitive data on you main install (os). (logins excluded ofc, but then again I'm so paranoid I won't even register on a site with my every day os) Even if you or your anti virus notices it at some point chances are high that the data is already gone and just waiting for a buyer that will use it to empty your accounts.
|
"drugs, guns, and gambling for anyone and everyone!"
|
|
|
Justin00
Legendary
Offline
Activity: 910
Merit: 1000
★YoBit.Net★ 350+ Coins Exchange & Dice
|
|
October 28, 2012, 09:45:06 AM |
|
some of the keyloggers can grab the passwd when you control+v it from keepas. The best security for all practical purposes is a master password you memorize that is used to open an encrypted password database such as keepass. I don't think two factor is necessary in the presence of one strong password that is unique and not used in conjunction with other online accounts.
|
|
|
|
jl2012
Legendary
Offline
Activity: 1792
Merit: 1111
|
|
October 28, 2012, 09:48:03 AM |
|
This is just another example of a frustrated user of a complicated system that leaves in disgust because of his inability to use it properly. This isn’t the fault of the user it’s the fault of the training program. The one major difference I can see between open source systems and centrally controlled closed systems is the control of the information and user support. Both types of systems can deliver excellent quality but open source lacks a central point of instruction and authority over training for new users. This needs to change.
This ignores the root cause of the problem. It is not the user or lack of training. It is Microsoft Windows which is a propriety operating system. It is even unclear if the Yubikey (apparently incorrectly used) or the backup wallet was compromised. The reality here is that many new users will loose their bitcoins if they use Microsoft Windows as their Operating System. Two factor authentication can help but as this case sadly demonstrates it is not foolproof. At a very fundamental level a propriety operating system with over 90% market share worldwide is incompatible with bitcoin as the security of bitcoin is ultimately predicated on each individual user having complete control over their computing experience while propriety software is about the exact opposite. Be it Apple's walled garden or Microsoft's centralized control over people's computers the direction that propriety software has taken is very much about centralized control. For example with the recently released Windows 8 RT. Microsoft has complete control over which software is installed on a particular computer or device. Centralizing control over the training of new bitcoin users in order to accommodate Microsoft or Apple is simply not the answer. I use Windows and bitcoin without any problem. All of my coins are under cold storage and my mtgox account is secured by 2-factor authenication. There is noting wrong to use propriety OS. Linux looks safer simply because less people use it and it's not efficient to hack it for stealing coins. If a Linux user misuses the system (downloading warez or storing unencrypted wallet improperly), their coins will get stolen some day. By they way, I don't think mtgox and bitcoinica are running on Windows but both got hacked Yes one can secure Microsoft Windows, but it takes considerable effort and technical expertise. The average consumer's Microsoft Windows computer is more often than not infected with all sorts of rootkits and malware. It is far simpler in these situations to simply ditch Windows and use GNU/Linux. Cold storage can also provide a false sense of security because the moment one needs to move coins then one is exposed. GNU/Linux is way safer that Microsoft Windows when it comes to malware. There are many reasons that come down to the design of the OS, (it was designed form the ground up as a multi user OS, Windows was not), and the culture, (most GNU/Linux users download their software from trusted repositories, do not run as root, and have no motivation at all to download warez even if warez that actually runs natively on GNU/Linux even exists!). The entire Free Software / Open Source model of software development is far more secure since there is no opportunity for "security by obscurity". The latter is very popular with propriety software vendors. DRM for example is entirely based on security by obscurity. There is a lot wrong with using a propriety OS with bitcoin, particularly one that has over 90% market share since that creates a massive single point of failure for a very large portion of the bitcoin network. If a Microsoft Windows related attack were to hit the bitcoin network, bitcoin's chance of survival will likely rest with those of us who have chosen to run bitcoin nodes and mining on GNU/Linux. As for the MTGox and Bitcoinica hacks we are talking about servers being compromised because of less than optimal security procedures of the server administrators. This has nothing to do with the issue at hand here, namely malware on consumer computers. I don't think you really know how cold storage like Armory or Electrum works. The private will never expose to the internet. If mtgox or bitcoinica running on *inx could be hacked, your desktop computer with linux could be hacked too, if you have less than optimal security procedures. As I said, there is less malware on Linux just because there is lack of enough incentive to do it.
|
Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3 (Bitcoin ONLY) LRDGENPLYrcTRssGoZrsCT1hngaH3BVkM4 (LTC) PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
|
|
|
flatfly
Legendary
Offline
Activity: 1092
Merit: 1016
760930
|
|
October 28, 2012, 10:02:08 AM Last edit: October 28, 2012, 10:21:18 AM by flatfly |
|
Use a regular (non-admin) user account, disable Java applets and use any other browser than IE. -> Just these 3 simple things bring the risk of virus/trojan/keylogger infection very close to zero (Linux-like). Really, it's that simple.
I love Linux as much as the next geek, but I've been using Windows as my main OS for 10+ years (mostly due to some very specialized apps that only exist for Windows) and have never had an infection despite downloading tons of software, thanks to the above measures. I think many other knowledgeable Windows users can confirm this.
Also consider the fact that Satoshi himself (whom we can reasonably call a security god, can't we?) was using Windows to develop Bitcoin!
|
|
|
|
CIYAM
Legendary
Offline
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
|
|
October 28, 2012, 10:26:52 AM |
|
I love Linux as much as the next geek, but I've been using Windows as my main OS for 10+ years (mostly due to some very specialized apps that only exist for Windows) and have never had an infection despite downloading tons of software, thanks to the above measures. I think many other knowledgeable Windows users can confirm this.
I can confirm this (the only issue I've had in the last 10+ years was plugging in a friend's USB flash drive to find it was infected which luckily my AV software detected before anything bad actually happened). That being said it is certainly not as easy to protect a Windows install vs. a Linux one.
|
|
|
|
aadje93 (OP)
|
|
October 28, 2012, 01:46:31 PM |
|
Made new acount/wallet. No more dropbox backup for me. If you want to help me and give me some BTC to help me getting the 101btc again: 1FZb3GDLTstYECV9QKmaTJh3xPRZfRfuxz any donation is very appreciated .
|
|
|
|
Blazr
|
|
October 28, 2012, 01:49:04 PM |
|
Made new acount/wallet. No more dropbox backup for me. If you want to help me and give me some BTC to help me getting the 101btc again: 1FZb3GDLTstYECV9QKmaTJh3xPRZfRfuxz any donation is very appreciated . Make sure you use Google Authenticator or an actual YubiKey and not an MtGox one, until Blockchain.info support it correctly.
|
|
|
|
FLHippy
|
|
October 28, 2012, 02:05:38 PM Last edit: October 28, 2012, 06:29:42 PM by FLHippy |
|
Ill start mining again . But i am not sure where to send my coins to, as i dont thrust the client either because it failed sometime to start on a windows machine (not my pc, laptop in the beginning while trying out bitcoin client to mine solo and as a wallet after finding online wallets) What you should do for long term storage is a cold wallet. If you only need a few BTC in your account at block chain then transfer the rest to your cold wallet. You can do it right from blockchain.info and you can transfer the money back with the same wallet you normally use. If you need some help I can help you, it's quite simple you just send the money to your offline wallet. I am selling beautiful unfunded paper bitcoins which are perfect for this and fully compatable with blockchain.info's import tools. Its only 1.5 BTC for 10 of them. They are custom printed to your specifications. Here is a link..... BitcoinTalk link... https://bitcointalk.org/index.php?topic=120221.msg1294820#msg1294820BitMit Link with escrow... https://www.bitmit.net/en/trade/i/8717-beautiful-unfunded-paper-bitcoins-custom-printing-free-ship
|
|
|
|
kokojie
Legendary
Offline
Activity: 1806
Merit: 1003
|
|
October 28, 2012, 02:48:14 PM |
|
If you re-use passwords, getting hacked is just a matter of time, fucking yahoo stores password in plaintext, they just leaked 500k passwords, including my password, and my yahoo mail got hacked, but luckily I don't re-use passwords, so this had about zero effect on me, yahoo mail I stopped using a long time ago, only a few old contacts got virus/trojan sent to them.
First step to not get hacked, get Lastpass or some password manager, that defeats keyloggers and forces you to not re-use password.
|
btc: 15sFnThw58hiGHYXyUAasgfauifTEB1ZF6
|
|
|
giszmo
Legendary
Offline
Activity: 1862
Merit: 1105
WalletScrutiny.com
|
|
October 28, 2012, 04:40:12 PM |
|
Casascius provides hosted wallet security level. At least to the degree it is verifiable from outside. Please don't share the private keys of your life savings with anybody.
|
ɃɃWalletScrutiny.com | Is your wallet secure?(Methodology) WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value. | ɃɃ |
|
|
|
giszmo
Legendary
Offline
Activity: 1862
Merit: 1105
WalletScrutiny.com
|
|
October 28, 2012, 04:48:42 PM |
|
Perhaps that’s the solution then. Remove all need for understanding or training. Only release the client to the public on a proprietary devise.
That is not bitcoin at all. It is more like MintChip. http://mintchipchallenge.com/. Bitcoin is about putting the end user in control and for that one needs a Free Libre Open Source Software OS. I sincerely hope to have a dedicated – not proprietary – device for my bitcoins at some point. (From my bitcoinqt, bitcoinspinner (android), schildbach (android) and various hosted wallets I don't know if bitcoinqt (on my developer/gamer/everything linux laptop that I carry around) or spinner (on my developer android that I barely carry around and that has only work-related apps installed) is the safer place to put my money. Right now I have half on my laptop and half on cold storage and keyloggers scare me every time I type in my 12 char password. Backups have more like 35 chars passwords.)
|
ɃɃWalletScrutiny.com | Is your wallet secure?(Methodology) WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value. | ɃɃ |
|
|
|
GernMiester
|
|
October 28, 2012, 08:00:10 PM |
|
Another ID10T keeping coins on some website and losing them. It never ends HAHA. BTC , just what grandma needs.... HAHAHAHA
|
|
|
|
matthewh3
Legendary
Offline
Activity: 1372
Merit: 1003
|
|
October 28, 2012, 08:30:21 PM |
|
You could try - http://www.flexcoin.com/ - for your new savings wallet. As they offer to put your coins into cold storage for you.
|
|
|
|
kokojie
Legendary
Offline
Activity: 1806
Merit: 1003
|
|
October 28, 2012, 09:28:53 PM |
|
Another ID10T keeping coins on some website and losing them. It never ends HAHA. BTC , just what grandma needs.... HAHAHAHA
The problem is not keeping coins on website, blockchain.info is quite safe. The problem is re-use of passwords, simple passwords and not using a secure password manager like Lastpass.
|
btc: 15sFnThw58hiGHYXyUAasgfauifTEB1ZF6
|
|
|
chriswilmer
Legendary
Offline
Activity: 1008
Merit: 1000
|
|
February 17, 2013, 10:30:51 PM |
|
Hey everyone, just thought I would point out that despite Mt. Gox Yubikeys being disabled, they are still described as useable on Blockchain's tutorials: https://blockchain.info/wallet/yubikeyThis page should be updated. -Chris
|
|
|
|
ameer1367
Newbie
Offline
Activity: 45
Merit: 0
|
|
November 29, 2013, 01:03:21 AM |
|
old post. thought i might fresh it up. even mine was stolen and i had google auth.. so 2factor is still bullcrap. if you desktop is hajjacked your fucked. even if u have 10000 passwords
|
|
|
|
|