bcearl (OP)
|
|
June 11, 2011, 04:19:25 PM |
|
so the same goes for the encrypted USB stick. when its plugged into the host and unencrypted, its wide open?
Yes. A program can just ask for files and the system will decrypt them automatically.
|
Misspelling protects against dictionary attacks NOT
|
|
|
xlcus
Legendary
Offline
Activity: 966
Merit: 1009
|
|
June 11, 2011, 04:21:31 PM |
|
Use a separate user account for your bitcoin/wallet. Then (assuming your main user account doesn't have administrator privileges), any wallet stealing processes you may encounter won't be able to access the wallet.
|
|
|
|
Jaime Frontero
|
|
June 11, 2011, 04:23:51 PM |
|
Use a separate user account for your bitcoin/wallet. Then (assuming your main user account doesn't have administrator privileges), any wallet stealing processes you may encounter won't be able to access the wallet.
that would be the first line of defense - that (especially pre-7) windows users have surrendered by default: not running as admin.
|
|
|
|
gene
|
|
June 11, 2011, 04:29:46 PM |
|
from http://kerneltrap.org/OpenBSD/Virtualization_Security> Virtualization seems to have a lot of security benefits.
You've been smoking something really mind altering, and I think you should share it.
x86 virtualization is about basically placing another nearly full kernel, full of new bugs, on top of a nasty x86 architecture which barely has correct page protection. Then running your operating system on the other side of this brand new pile of shit.
You are absolutely deluded, if not stupid, if you think that a worldwide collection of software engineers who can't write operating systems or applications without security holes, can then turn around and suddenly write virtualization layers without security holes.
You've seen something on the shelf, and it has all sorts of pretty colours, and you've bought it.
That's all x86 virtualization is.
The author was Theo de Raadt, (from the OpenBSD project)
|
*processing payment* *error 404 : funds not found* Do you want to complain on the forum just to fall for another scam a few days later? | YES | YES |
|
|
|
bcearl (OP)
|
|
June 11, 2011, 04:34:45 PM |
|
Use a separate user account for your bitcoin/wallet. Then (assuming your main user account doesn't have administrator privileges), any wallet stealing processes you may encounter won't be able to access the wallet.
that would be the first line of defense - that (especially pre-7) windows users have surrendered by default: not running as admin. Yes, but a VM is only a bad solution, a BSD system with a Windows guest wouldn't work for most users. The only solution is a small isolated computer. Actually that computer could write transactions offline to a file, and the online-computer uses the transaction file only. Then no counterfeiting is possible.
|
Misspelling protects against dictionary attacks NOT
|
|
|
Jaime Frontero
|
|
June 11, 2011, 04:40:04 PM |
|
Use a separate user account for your bitcoin/wallet. Then (assuming your main user account doesn't have administrator privileges), any wallet stealing processes you may encounter won't be able to access the wallet.
that would be the first line of defense - that (especially pre-7) windows users have surrendered by default: not running as admin. Yes, but a VM is only a bad solution, a BSD system with a Windows guest wouldn't work for most users. The only solution is a small isolated computer. Actually that computer could write transactions offline to a file, and the online-computer uses the transaction file only. Then no counterfeiting is possible. yes. isolation. there are more ways to achieve that than taking yourself off the network, though. i've given some recent thought to how malware is propagated. it's targeted to OSs and browsers. i wonder how much effort has been spent on writing the stuff for operating systems like... oh... Plan9?
|
|
|
|
cypherdoc
Legendary
Offline
Activity: 1764
Merit: 1002
|
|
June 11, 2011, 04:48:32 PM |
|
Use a separate user account for your bitcoin/wallet. Then (assuming your main user account doesn't have administrator privileges), any wallet stealing processes you may encounter won't be able to access the wallet.
that would be the first line of defense - that (especially pre-7) windows users have surrendered by default: not running as admin. Yes, but a VM is only a bad solution, a BSD system with a Windows guest wouldn't work for most users. The only solution is a small isolated computer. Actually that computer could write transactions offline to a file, and the online-computer uses the transaction file only. Then no counterfeiting is possible. yes. isolation. there are more ways to achieve that than taking yourself off the network, though. i've given some recent thought to how malware is propagated. it's targeted to OSs and browsers. i wonder how much effort has been spent on writing the stuff for operating systems like... oh... Plan9? so not much via email or downloads?
|
|
|
|
cypherdoc
Legendary
Offline
Activity: 1764
Merit: 1002
|
|
June 11, 2011, 04:50:31 PM |
|
as i asked above, wouldn't confining your browsing to the VM go a long way to protecting your wallet on the host?
|
|
|
|
Jaime Frontero
|
|
June 11, 2011, 04:57:41 PM |
|
Use a separate user account for your bitcoin/wallet. Then (assuming your main user account doesn't have administrator privileges), any wallet stealing processes you may encounter won't be able to access the wallet.
that would be the first line of defense - that (especially pre-7) windows users have surrendered by default: not running as admin. Yes, but a VM is only a bad solution, a BSD system with a Windows guest wouldn't work for most users. The only solution is a small isolated computer. Actually that computer could write transactions offline to a file, and the online-computer uses the transaction file only. Then no counterfeiting is possible. yes. isolation. there are more ways to achieve that than taking yourself off the network, though. i've given some recent thought to how malware is propagated. it's targeted to OSs and browsers. i wonder how much effort has been spent on writing the stuff for operating systems like... oh... Plan9? so not much via email or downloads? not really. i've opened (as an experiment) emails and downloads targeted to windows machines on linux machines. no effect (although - for example - gmail targeted malware won't care about you OS). the stuff using java and even python doesn't do much if you don't have those installed. standard browser lockdown procedures are pretty effective, even on windows machines, given a little forethought. a while ago, just for giggles, i installed 6 windows VMs, opened them all and networked them together. i went and found some malware, let it infect them all, and watched it bounce around...
|
|
|
|
bcearl (OP)
|
|
June 11, 2011, 04:58:35 PM |
|
Use a separate user account for your bitcoin/wallet. Then (assuming your main user account doesn't have administrator privileges), any wallet stealing processes you may encounter won't be able to access the wallet.
that would be the first line of defense - that (especially pre-7) windows users have surrendered by default: not running as admin. Yes, but a VM is only a bad solution, a BSD system with a Windows guest wouldn't work for most users. The only solution is a small isolated computer. Actually that computer could write transactions offline to a file, and the online-computer uses the transaction file only. Then no counterfeiting is possible. yes. isolation. there are more ways to achieve that than taking yourself off the network, though. i've given some recent thought to how malware is propagated. it's targeted to OSs and browsers. i wonder how much effort has been spent on writing the stuff for operating systems like... oh... Plan9? That's not the point. It's not security to just say "nobody attacks me".
|
Misspelling protects against dictionary attacks NOT
|
|
|
kokojie
Legendary
Offline
Activity: 1806
Merit: 1003
|
|
June 11, 2011, 05:07:31 PM |
|
NOT TRUE, a VM can be set up to be completely isolated from the host If you set up a guest VM on a host computer, the programs in the guest VM can not (easily) attack the host computer.
But in the other direction, it is not true. Programs on the host machine can just manipulate the guest VM, e.g. just modify the disk image file.
Thus, a guest machine for bitcoin does not make sense at all (at least when the intended goal is protection).
But a hint may help: A wallet file does not have to be online to receive money. You can just create a wallet on a offline computer and use the addresses. Only if you want to spend money from that wallet, it has to be taken to an online machine.
|
btc: 15sFnThw58hiGHYXyUAasgfauifTEB1ZF6
|
|
|
Jaime Frontero
|
|
June 11, 2011, 05:08:30 PM |
|
That's not the point. It's not security to just say "nobody attacks me".
actually, in any rigorous security evaluation, that comes first. it's put this way: "who wants to steal or destroy what i want to protect? and how good are they?" how much money should one spend to defend the average, small website that sells $10 widgets and takes PayPal? is the uberhacker of the russian steppes going to give you even a look? no. you don't have anything worth his time - so you really don't need to defend against him. for that website, you need to defend against the average 22 year old hacker living in his parents' basement. ...a not terribly expensive proposition.
|
|
|
|
cypherdoc
Legendary
Offline
Activity: 1764
Merit: 1002
|
|
June 11, 2011, 05:09:42 PM |
|
Use a separate user account for your bitcoin/wallet. Then (assuming your main user account doesn't have administrator privileges), any wallet stealing processes you may encounter won't be able to access the wallet.
that would be the first line of defense - that (especially pre-7) windows users have surrendered by default: not running as admin. Yes, but a VM is only a bad solution, a BSD system with a Windows guest wouldn't work for most users. The only solution is a small isolated computer. Actually that computer could write transactions offline to a file, and the online-computer uses the transaction file only. Then no counterfeiting is possible. yes. isolation. there are more ways to achieve that than taking yourself off the network, though. i've given some recent thought to how malware is propagated. it's targeted to OSs and browsers. i wonder how much effort has been spent on writing the stuff for operating systems like... oh... Plan9? That's not the point. It's not security to just say "nobody attacks me". are the block chain files interchangeable btwn OS's like the wallet?
|
|
|
|
bcearl (OP)
|
|
June 11, 2011, 05:58:46 PM |
|
are the block chain files interchangeable btwn OS's like the wallet?
Yes. That's what the P2P network is for. It distributes the block chain.
|
Misspelling protects against dictionary attacks NOT
|
|
|
AaronM
|
|
June 11, 2011, 06:12:22 PM |
|
as i asked above, wouldn't confining your browsing to the VM go a long way to protecting your wallet on the host?
Yes, it would help. I would use a VM that doesn't try to do fancy optimization like using hardware virtualization or x86-to-x86 translation. A simple, "pure" VM has less opportunities for its programmers to screw up and introduce security holes. Maybe QEmu?Do as little as possible outside of a VM, and have Bitcoin running either outside all VMs or in a separate VM from your browsing/email/whatever. Also, see my thread about Qubes: http://forum.bitcoin.org/index.php?topic=11837.0;topicseen
|
Spare some BTC for a biology student? 1DZcEUEo9rX7LQWcYzVR6Btqj2sMqRznbB
|
|
|
bcearl (OP)
|
|
June 11, 2011, 06:14:20 PM |
|
as i asked above, wouldn't confining your browsing to the VM go a long way to protecting your wallet on the host?
Yes, it would help. I would use a VM that doesn't try to do fancy optimization like using hardware virtualization or x86-to-x86 translation. A simple, "pure" VM has less opportunities for its programmers to screw up and introduce security holes. Maybe QEmu?Do as little as possible outside of a VM, and have Bitcoin running either outside all VMs or in a separate VM from your browsing/email/whatever. Also, see my thread about Qubes: http://forum.bitcoin.org/index.php?topic=11837.0;topicseenYou seem to be talking about emulators as opposed to VMs. That's even more waste, and emulation software is even more likely to have vulnerabilities than hardware virtualization.
|
Misspelling protects against dictionary attacks NOT
|
|
|
mcdett
|
|
June 11, 2011, 06:47:07 PM |
|
When people write trojans, viruses, etc. they largely do it for profit (the good ones anyway). They deveop their program to go after the the largest market possible. Most of the people partaking in bitcoin are running it on Windows XP/7 or Mac. Many are running the core systems (mining operations, information infrastructure) on linux and BSD.
The threat agents will develop the first round of bitcoin specif software focusing on a Windows XP system utilizing a pre-existing attack vector (un-patched SMB or IE zero day vulns).
You must take a risk based aproach to how you hold your btc:
1 - Thrift account (no more than 200usd exposure) - Windows XP with standard bitcoin software. Password protect your login and make sure your running some decent anti-virus
2 - Easy access large account (no more than 10,000usd of exposure) - VMware image of Ubuntu JeOS with OS based full disk encyption. Has no services running (if it's running apache you fail) and a stable release of bitcoind. Connect this only to known trusted nodes when needing to spend coins.
3 - Hard access mother account (all those secret coins generated the first year) - Every possible disk that ever held a private key is suspect. Almost all of those should have been wiped with random data 5 times. <-- before doing that account key pairs should be replicated to 3 tpyes of medium (dvdrw, flash drive, usb ext. hd) and each of these medium would be placed at separate bank security deposit boxes.
my 00.02 btc
|
|
|
|
|
cypherdoc
Legendary
Offline
Activity: 1764
Merit: 1002
|
|
June 11, 2011, 08:07:28 PM |
|
well, it seems to me the whole premise of this thread is to refute what you've done.
|
|
|
|
matt.collier
Member
Offline
Activity: 105
Merit: 10
|
|
June 11, 2011, 09:02:22 PM |
|
Just want to make sure that no one else does what I've done so that malware will never be written to target my bitcoin.
|
|
|
|
|