Bitcoin Forum
December 11, 2017, 08:18:07 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 »  All
  Print  
Author Topic: Time to upgrade your security  (Read 3058 times)
RodeoX
Legendary
*
Offline Offline

Activity: 2464


The revolution will be monetized!


View Profile
January 23, 2013, 06:06:27 PM
 #1

Prices are up again and risk should also be rising. For those who remember the crash from last year, these are scary times. Many users use the same standard of protection for their BTC as their face book account. Since bitcoins are money, and big money brings out the serious criminals, you will need o be prepared for a surge in hacktivity.

There are lots of threads here about keeping your bitwealth safe, you can choose for yourself. But why not make today the day you back up your wallet and clean out any scraps of old wallets. Or change your password from "god" to something robust.

Just sayin.

The gospel according to Satoshi - https://bitcoin.org/bitcoin.pdf

Free bitcoin in ICELAND - https://bitcointalk.org/index.php?topic=1610684
1512980287
Hero Member
*
Offline Offline

Posts: 1512980287

View Profile Personal Message (Offline)

Ignore
1512980287
Reply with quote  #2

1512980287
Report to moderator
1512980287
Hero Member
*
Offline Offline

Posts: 1512980287

View Profile Personal Message (Offline)

Ignore
1512980287
Reply with quote  #2

1512980287
Report to moderator
1512980287
Hero Member
*
Offline Offline

Posts: 1512980287

View Profile Personal Message (Offline)

Ignore
1512980287
Reply with quote  #2

1512980287
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1512980287
Hero Member
*
Offline Offline

Posts: 1512980287

View Profile Personal Message (Offline)

Ignore
1512980287
Reply with quote  #2

1512980287
Report to moderator
Fiyasko
Legendary
*
Offline Offline

Activity: 1428


Okey Dokey Lokey


View Profile
January 23, 2013, 06:27:54 PM
 #2

Untill armory is updated to a malicious version, Dunndunn Dunnnn.
Lol. But now, who out there feels that default bitcoin encrypted wallets are at risk?  Surely this security "time to update" revolves mostly around things like webaccounts like our OTC names, or mt.gox accounts

http://bitcoin-otc.com/viewratingdetail.php?nick=DingoRabiit&sign=ANY&type=RECV <-My Ratings
https://bitcointalk.org/index.php?topic=857670.0 GAWminers and associated things are not to be trusted, Especially the "mineral" exchange
RodeoX
Legendary
*
Offline Offline

Activity: 2464


The revolution will be monetized!


View Profile
January 23, 2013, 06:57:38 PM
 #3

I think as long as your not the low hanging fruit you have some protection.
Like the two hikers. One takes off his hiking boots and puts on tennis shoes. The other asks "why no boots?, You may need ankle support." The first hiker replies that he wants to be able to run fast in case of bears. "Well, even in tennis shoes you will never outrun the bear," said the other.  "I don't have to outrun the bear, just you." he replied.

The gospel according to Satoshi - https://bitcoin.org/bitcoin.pdf

Free bitcoin in ICELAND - https://bitcointalk.org/index.php?topic=1610684
Fiyasko
Legendary
*
Offline Offline

Activity: 1428


Okey Dokey Lokey


View Profile
January 23, 2013, 07:48:27 PM
 #4

I think as long as your not the low hanging fruit you have some protection.
Like the two hikers. One takes off his hiking boots and puts on tennis shoes. The other asks "why no boots?, You may need ankle support." The first hiker replies that he wants to be able to run fast in case of bears. "Well, even in tennis shoes you will never outrun the bear," said the other.  "I don't have to outrun the bear, just you." he replied.

Its how hacking works!, Aim for the weakest target, Then the next, And so on untill its too hard to hack.
Holliday has a point tho, I may want to setup an offline wallet... Think my flashdrive is good enough?

http://bitcoin-otc.com/viewratingdetail.php?nick=DingoRabiit&sign=ANY&type=RECV <-My Ratings
https://bitcointalk.org/index.php?topic=857670.0 GAWminers and associated things are not to be trusted, Especially the "mineral" exchange
TraderTimm
Legendary
*
Offline Offline

Activity: 2030



View Profile
January 23, 2013, 07:59:59 PM
 #5

I would at a minimum, set up an air-gapped computer that only contains your cold storage wallet. Seeing how netbooks and other small devices are really cheap, it would be good insurance against someone trying to nab your bitcoins. Especially if you follow the practices that only allow signed transactions to be spent on the network from that machine.

fortitudinem multis - catenum regit omnia
wormbog
Hero Member
*****
Offline Offline

Activity: 561



View Profile
January 23, 2013, 08:16:13 PM
 #6

Folks, for real bitcoin security, offline computers and lots of backups of wallet.dat are not good enough. You need to go back to the basics. Paper copies of matched public and private keys.

1. go to bitaddress.org
2. under the Paper Wallet tab, generate and print a page w/ 10 sets of keys
3. transfer the bulk of your holdings to the public key addresses, divided 10% to each key
4. set up an account on blockchain.info
5. import the public keys as watch-only keys. Now you keep your eye on the BTC but no-one can touch it
6. make a few copies of your address list. secure at least one copy in your home safe, safety deposit box, etc. I've got a copy behind a family photo in my office... not a compelling target for a thief.
7. send a copy of the address list to your parents or a friend you can trust to store with their valuables.

If you need to spend some of those coins, import one of the private keys into bitcoind or blockchain.info (or mtgox, or wherever) and spend away.

If you collect some new coins you want to protect, send them to the public addresses on your list for safekeeping.
Tacticat
Full Member
***
Offline Offline

Activity: 210



View Profile
January 23, 2013, 08:25:18 PM
 #7

Yup. I definitely agree with wormbog.

Bitcoins may be digital, but there's nothing better than to keep the keys on a paper wallet.

Tips and donations:

15nqQGfkgoxrBnsshD6vCuMWuz71MK51Ug
Anth0n
Full Member
***
Offline Offline

Activity: 144


View Profile
January 23, 2013, 08:28:47 PM
 #8

Government is the largest security risk to Bitcoin. If some government shuts down Mt. Gox, for example, the value of BTC will evaporate overnight.
RodeoX
Legendary
*
Offline Offline

Activity: 2464


The revolution will be monetized!


View Profile
January 23, 2013, 08:33:16 PM
 #9

Government is the largest security risk to Bitcoin. If some government shuts down Mt. Gox, for example, the value of BTC will evaporate overnight.
I used to think that. But I'm not so sure anymore. It would hurt prices, but I would continue to use them. Besides, by government you only mean the local authority. Bitcoin is global and in the hands of people. "shutting it down" may be as effective as shutting down music sharing has been.

The gospel according to Satoshi - https://bitcoin.org/bitcoin.pdf

Free bitcoin in ICELAND - https://bitcointalk.org/index.php?topic=1610684
twolifeinexile
Full Member
***
Offline Offline

Activity: 154



View Profile
January 23, 2013, 08:54:45 PM
 #10

Untill armory is updated to a malicious version, Dunndunn Dunnnn.
Lol. But now, who out there feels that default bitcoin encrypted wallets are at risk?  Surely this security "time to update" revolves mostly around things like webaccounts like our OTC names, or mt.gox accounts

You could say the same thing about Bitcoin-Qt. But, not really, because both are open source.

A simple keylogger defeats encrypted wallets, so yes, I feel they are at risk. Which is why I use offline wallets for the large majority of my coins.



Keylogger is single biggest side channel attack hard to totoally avoid, it is time for bitcoin client utilize two factor authentication, and the second factor should be one time password, (based on time like RSA token or Google authenticator.

Also, I hope linux sshd could begin to use two-factor login as well.
willphase
Hero Member
*****
Offline Offline

Activity: 770


View Profile
January 23, 2013, 09:03:47 PM
 #11

Also, I hope linux sshd could begin to use two-factor login as well.

http://www.howtogeek.com/121650/how-to-secure-ssh-with-google-authenticators-two-factor-authentication/

Will

prezbo
Sr. Member
****
Offline Offline

Activity: 430


View Profile
January 23, 2013, 09:04:21 PM
 #12

Untill armory is updated to a malicious version, Dunndunn Dunnnn.
Lol. But now, who out there feels that default bitcoin encrypted wallets are at risk?  Surely this security "time to update" revolves mostly around things like webaccounts like our OTC names, or mt.gox accounts

You could say the same thing about Bitcoin-Qt. But, not really, because both are open source.

A simple keylogger defeats encrypted wallets, so yes, I feel they are at risk. Which is why I use offline wallets for the large majority of my coins.



Keylogger is single biggest side channel attack hard to totoally avoid, it is time for bitcoin client utilize two factor authentication, and the second factor should be one time password, (based on time like RSA token or Google authenticator.
It already exists, it's called multisig, it's just not very user-friendly yet.
tpantlik
Full Member
***
Offline Offline

Activity: 136


View Profile
January 23, 2013, 09:22:17 PM
 #13

Untill armory is updated to a malicious version, Dunndunn Dunnnn.
Lol. But now, who out there feels that default bitcoin encrypted wallets are at risk?  Surely this security "time to update" revolves mostly around things like webaccounts like our OTC names, or mt.gox accounts

You could say the same thing about Bitcoin-Qt. But, not really, because both are open source.

A simple keylogger defeats encrypted wallets, so yes, I feel they are at risk. Which is why I use offline wallets for the large majority of my coins.



Keylogger is single biggest side channel attack hard to totoally avoid, it is time for bitcoin client utilize two factor authentication, and the second factor should be one time password, (based on time like RSA token or Google authenticator.

Also, I hope linux sshd could begin to use two-factor login as well.
You can, with pam module - http://www.howtogeek.com/121650/how-to-secure-ssh-with-google-authenticators-two-factor-authentication/

Gods sent us a powerful tool - cryptography - to fight with those who are trying to exploit us. USE IT!!
chriswilmer
Legendary
*
Offline Offline

Activity: 1008


View Profile WWW
January 23, 2013, 09:37:54 PM
 #14

I'm surprised by how few people advocate for the offline (i.e., air-gapped) brainwallet. *shrugs* Each to his own I guess.
twolifeinexile
Full Member
***
Offline Offline

Activity: 154



View Profile
January 23, 2013, 09:45:29 PM
 #15


Wow, tons of thanks, this is what I have been looking for!

Now I started using bitcoins, I realized - keylogger/Torojian can defy most security measures for your severs by reading inputs from your client machine and log the output. so any passphrases, secret key, password "wall" will be breached on the road.

I'd rather have a security token running a totally controlled environment, providing one time password I need to use for each logon. (iPhone's strict control by only loading signed application actually make them safer in this regards, though they are doing this totally for their own benefit)
ArticMine
Legendary
*
Offline Offline

Activity: 2086


Monero Core Team


View Profile
January 23, 2013, 10:01:57 PM
 #16

My solution only use GNU/Linux for Bitcoin and do not use Microsoft Windows. By the way while you only are at it only use GNU/Linux for online banking, PayPal, online credit card purchases etc.

Seriously Windows malware does not know what to do when it encounters the GNU and the Penguin.

Concerned that blockchain bloat will lead to centralization? Storing less than 4 GB of data once required the budget of a superpower and a warehouse full of punched cards. https://upload.wikimedia.org/wikipedia/commons/8/87/IBM_card_storage.NARA.jpg https://en.wikipedia.org/wiki/Punched_card
twolifeinexile
Full Member
***
Offline Offline

Activity: 154



View Profile
January 23, 2013, 10:07:40 PM
 #17

My solution only use GNU/Linux for Bitcoin and do not use Microsoft Windows. By the way while you only are at it only use GNU/Linux for online banking, PayPal, online credit card purchases etc.

Seriously Windows malware does not know what to do when it encounters the GNU and the Penguin.

Linux is definitely safter in many regards, but it is unavoidable to use windows sometimes, espeically I need to ssh in my Linux machine using my windows machine for may practical reasons, I am worring a keylogger/admin rights hole make the attacker get my linux password and remote in as I do, thus do anything they please.
ArticMine
Legendary
*
Offline Offline

Activity: 2086


Monero Core Team


View Profile
January 23, 2013, 10:18:10 PM
 #18

My solution only use GNU/Linux for Bitcoin and do not use Microsoft Windows. By the way while you only are at it only use GNU/Linux for online banking, PayPal, online credit card purchases etc.

Seriously Windows malware does not know what to do when it encounters the GNU and the Penguin.

Linux is definitely safter in many regards, but it is unavoidable to use windows sometimes, espeically I need to ssh in my Linux machine using my windows machine for may practical reasons, I am worring a keylogger/admin rights hole make the attacker get my linux password and remote in as I do, thus do anything they please.

Good point. I would add that logging into my GNU/Linux server(s) over ssh as something I would not wish to do from Microsoft Windows especially when a significant portion of one's livelihood is dependent on the server(s) not being compromised.

Concerned that blockchain bloat will lead to centralization? Storing less than 4 GB of data once required the budget of a superpower and a warehouse full of punched cards. https://upload.wikimedia.org/wikipedia/commons/8/87/IBM_card_storage.NARA.jpg https://en.wikipedia.org/wiki/Punched_card
dunand
Hero Member
*****
Offline Offline

Activity: 642



View Profile
January 23, 2013, 10:37:09 PM
 #19

6. make a few copies of your address list. secure at least one copy in your home safe, safety deposit box, etc. I've got a copy behind a family photo in my office... not a compelling target for a thief.

If you keep unencrypted paper copies of your private keys you should not write Bitcoin in bold on it. This is just security by obscurity but for 98% of people this is just a random string of numbers.
FreeMoney
Legendary
*
Offline Offline

Activity: 1246


Strength in numbers


View Profile WWW
January 24, 2013, 12:47:33 AM
 #20

Government is the largest security risk to Bitcoin. If some government shuts down Mt. Gox, for example, the value of BTC will evaporate overnight.

No, that one exchange is not what's pushing most of $200M worth of stored value.

Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!