battmann
Full Member
Offline
Activity: 182
Merit: 100
I am a student of programming and design.
|
|
March 11, 2013, 05:25:19 AM |
|
This just happened to a friend of mine too, a substantial amount of bitcoins lost from an instawallet account a few hours after sending them there. The only device used to access instawallet was an iphone that he had control over at all times between first accessing the account and the theft, so there is only two possibilities here: - There is an iphone wallet stealer trojan or similar in the wild.
- Instawallet was hacked or the theft was internal.
My advice is to not use this kind of service, use something where only you can control the private keys to eliminate one risk factor. If you need to use instawallet or similar services, send the coin somewhere more secure as fast as possible. There is another possibility: was he possibly using a wifi network? It is incredibly easy to hack routers using WEP/WPA/most wifi encryption algorithms to intercept information. In fact this is one of the most widely used, and easiest, ways to steal personal info. Please people never use WEP(cracked in 1997, considered exceptionally compromised, yet is still widely used).
Try to use WPA2 or a direct connection while sending passwords over any network. If you aren't sure; do not use it! It is worth the annoyance. You do not want to risk using a wifi network that is not properly encrypted. Stay safe, and keep updated on the latest security issues Your friendly online battmann.
|
|
|
|
fcmatt
Legendary
Offline
Activity: 2072
Merit: 1001
|
|
March 11, 2013, 05:36:12 AM |
|
This just happened to a friend of mine too, a substantial amount of bitcoins lost from an instawallet account a few hours after sending them there. The only device used to access instawallet was an iphone that he had control over at all times between first accessing the account and the theft, so there is only two possibilities here: - There is an iphone wallet stealer trojan or similar in the wild.
- Instawallet was hacked or the theft was internal.
My advice is to not use this kind of service, use something where only you can control the private keys to eliminate one risk factor. If you need to use instawallet or similar services, send the coin somewhere more secure as fast as possible. There is another possibility: was he possibly using a wifi network? It is incredibly easy to hack routers using WEP/WPA/most wifi encryption algorithms to intercept information. In fact this is one of the most widely used, and easiest, ways to steal personal info. Please people never use WEP(cracked in 1997, considered exceptionally compromised, yet is still widely used).
Try to use WPA2 or a direct connection while sending passwords over any network. If you aren't sure; do not use it! It is worth the annoyance. You do not want to risk using a wifi network that is not properly encrypted. Stay safe, and keep updated on the latest security issues Your friendly online battmann. I highly doubt a bitcoin attacker just happened to be listening on wifi and wanted to steal bitcoins. Plus the website prob used ssl. Why not just say Apple stole them? That is about as likely.
|
|
|
|
battmann
Full Member
Offline
Activity: 182
Merit: 100
I am a student of programming and design.
|
|
March 11, 2013, 05:45:56 AM |
|
This just happened to a friend of mine too, a substantial amount of bitcoins lost from an instawallet account a few hours after sending them there. The only device used to access instawallet was an iphone that he had control over at all times between first accessing the account and the theft, so there is only two possibilities here: - There is an iphone wallet stealer trojan or similar in the wild.
- Instawallet was hacked or the theft was internal.
My advice is to not use this kind of service, use something where only you can control the private keys to eliminate one risk factor. If you need to use instawallet or similar services, send the coin somewhere more secure as fast as possible. There is another possibility: was he possibly using a wifi network? It is incredibly easy to hack routers using WEP/WPA/most wifi encryption algorithms to intercept information. In fact this is one of the most widely used, and easiest, ways to steal personal info. Please people never use WEP(cracked in 1997, considered exceptionally compromised, yet is still widely used).
Try to use WPA2 or a direct connection while sending passwords over any network. If you aren't sure; do not use it! It is worth the annoyance. You do not want to risk using a wifi network that is not properly encrypted. Stay safe, and keep updated on the latest security issues Your friendly online battmann. I highly doubt a bitcoin attacker just happened to be listening on wifi and wanted to steal bitcoins. Why not just say Apple stole them? That is about as likely. Lol what? You're joking right? The possibility of stealing personal info by wifi cracking is very possible. Especially if someone geeky and close to the victim knew about his stash; heck even just a random wardriver doing what he does best is more plausible than a well known company (that encourages opening a police case to settle particularly annoying customers claims) stealing from their customers.
|
|
|
|
fcmatt
Legendary
Offline
Activity: 2072
Merit: 1001
|
|
March 11, 2013, 05:50:31 AM |
|
This just happened to a friend of mine too, a substantial amount of bitcoins lost from an instawallet account a few hours after sending them there. The only device used to access instawallet was an iphone that he had control over at all times between first accessing the account and the theft, so there is only two possibilities here: - There is an iphone wallet stealer trojan or similar in the wild.
- Instawallet was hacked or the theft was internal.
My advice is to not use this kind of service, use something where only you can control the private keys to eliminate one risk factor. If you need to use instawallet or similar services, send the coin somewhere more secure as fast as possible. There is another possibility: was he possibly using a wifi network? It is incredibly easy to hack routers using WEP/WPA/most wifi encryption algorithms to intercept information. In fact this is one of the most widely used, and easiest, ways to steal personal info. Please people never use WEP(cracked in 1997, considered exceptionally compromised, yet is still widely used).
Try to use WPA2 or a direct connection while sending passwords over any network. If you aren't sure; do not use it! It is worth the annoyance. You do not want to risk using a wifi network that is not properly encrypted. Stay safe, and keep updated on the latest security issues Your friendly online battmann. I highly doubt a bitcoin attacker just happened to be listening on wifi and wanted to steal bitcoins. Why not just say Apple stole them? That is about as likely. Lol what? You're joking right? The possibility of stealing personal info by wifi cracking is very possible. Especially if someone geeky and close to the victim knew about his stash; heck even just a random wardriver doing what he does best is more plausible than a well known company (that encourages opening a police case to settle particularly annoying customers claims) stealing from their customers. I edited my post as you were typing. The site prob also used ssl. But wecan dream up many hypothetical ways to get owned and sniffing over wifi is near the bottom of the list to me. Hell, he might have been using att network. They stole the coinz!
|
|
|
|
battmann
Full Member
Offline
Activity: 182
Merit: 100
I am a student of programming and design.
|
|
March 11, 2013, 06:02:50 AM |
|
Oh, and I dislike Instawallet. I wouldn't use their services ever; I did once, was quite disappointed, and immediately switched to a different service. I just want people to know that unless you educate yourselves on security issues you are open to easy discovery/attack by wardrivers, and other 'hackers' of any sort. Oh, I also hate The Big Bang Theory. Fuck that show. @mattypoo yeah I noticed your edit, and I don't think you understand how wardriving works. I don't really care to educate you on the ins and outs of the subject; but a good wardriver isn't 'sniffing' just one ssl encrypted site. People use the same password for other sites too Just...understand that some people are more creative than you. Just because you think you're safe doesn't mean you are; at all. There is nothing common about common sense.
|
|
|
|
molecular
Donator
Legendary
Offline
Activity: 2772
Merit: 1019
|
|
March 11, 2013, 06:11:22 AM |
|
I hadn't looked at instawallet before.
So the wallet url is the password?
More then likely someone at this provider just scans proxy logs or put some monitor script?
wtf. That's like humongeously stupid... instawallet. Or am I not getting something?
|
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
davout
Legendary
Offline
Activity: 1372
Merit: 1008
1davout
|
|
March 11, 2013, 09:33:03 AM |
|
This just happened to a friend of mine too, a substantial amount of bitcoins lost from an instawallet account a few hours after sending them there. The only device used to access instawallet was an iphone that he had control over at all times between first accessing the account and the theft, so there is only two possibilities here: - There is an iphone wallet stealer trojan or similar in the wild.
- Instawallet was hacked or the theft was internal.
My advice is to not use this kind of service, use something where only you can control the private keys to eliminate one risk factor. If you need to use instawallet or similar services, send the coin somewhere more secure as fast as possible. There are numerous possibilities, unfortunately and AFAIK, nobody notified the support about this problem. And without any way to identify the wallet there is obviously no way for me to investigate. Let's have a look at the facts before starting to guess. People debating about the security of wifi forget that the traffic is SSL-encrypted anyway. wtf. That's like humongeously stupid... instawallet. Or am I not getting something?
I'll add as a kind reminder that SSL sits on top of TCP but under HTTP, meaning that the secret URL is never sent in clear over the internet.
|
|
|
|
battmann
Full Member
Offline
Activity: 182
Merit: 100
I am a student of programming and design.
|
|
March 11, 2013, 10:53:39 AM |
|
This just happened to a friend of mine too, a substantial amount of bitcoins lost from an instawallet account a few hours after sending them there. The only device used to access instawallet was an iphone that he had control over at all times between first accessing the account and the theft, so there is only two possibilities here: - There is an iphone wallet stealer trojan or similar in the wild.
- Instawallet was hacked or the theft was internal.
My advice is to not use this kind of service, use something where only you can control the private keys to eliminate one risk factor. If you need to use instawallet or similar services, send the coin somewhere more secure as fast as possible. There are numerous possibilities, unfortunately and AFAIK, nobody notified the support about this problem. And without any way to identify the wallet there is obviously no way for me to investigate. Let's have a look at the facts before starting to guess. People debating about the security of wifi forget that the traffic is SSL-encrypted anyway. wtf. That's like humongeously stupid... instawallet. Or am I not getting something?
I'll add as a kind reminder that SSL sits on top of TCP but under HTTP, meaning that the secret URL is never sent in clear over the internet. Please don't forget what about ssl encryption: *snip* @mattypoo yeah I noticed your edit, and I don't think you understand how wardriving works. I don't really care to educate you on the ins and outs of the subject; but a good wardriver isn't 'sniffing' just one ssl encrypted site. People use the same password for other sites too Just...understand that some people are more creative than you. Just because you think you're safe doesn't mean you are; at all. There is nothing common about common sense. Never doubt the stupidity of people. Just because a direct route of information is ssl encrypted does not mean every place he could have sent relevant information is encrypted as well. Information gathering is key to an operation, and if the reward is high enough plenty of these 'hackers' would spend enough time to not only gather info from unencrypted data, but also try to get a keylogger or any other type of malicious software onto the victims computer. If the reward is high enough, the difficulty doesn't matter; It is only a matter of time. Is it the easiest possibility? No, so occam's razor applied you might find that it is a simple case of misplaced coins from a fallible human being. Just please don't think the use of one ssl encrypted site means much to a dedicated wardriver. Trust me; it doesn't.
|
|
|
|
Scrat Acorns
|
|
March 11, 2013, 12:04:09 PM Last edit: March 11, 2013, 12:23:09 PM by Scrat Acorns |
|
On chrome, if you paste a URL in the bar (or look it up by typing its first letters) it will be prefetched. So the following can happen: you paste your non-https instawallet URL in your bar with the intent of changing it to https, but it's already too late since it has been sent in cleartext by the prefetch mechanism.
|
|
|
|
greyhawk
|
|
March 11, 2013, 12:06:26 PM |
|
Wait wait wait what? Davout, you bought instawallet? Why would you burden yourself with such a customer service nightmare?
|
|
|
|
Raoul Duke
aka psy
Legendary
Offline
Activity: 1358
Merit: 1002
|
|
March 11, 2013, 12:15:49 PM |
|
Wait wait wait what? Davout, you bought instawallet? Why would you burden yourself with such a customer service nightmare?
Because it was going to close down if his company hadn't bought it, if my memory doesn't fail me.
|
|
|
|
greyhawk
|
|
March 11, 2013, 12:17:19 PM |
|
Wait wait wait what? Davout, you bought instawallet? Why would you burden yourself with such a customer service nightmare?
Because it was going to close down if his company hadn't bought it. Good riddance, I'd say.
|
|
|
|
davout
Legendary
Offline
Activity: 1372
Merit: 1008
1davout
|
|
March 11, 2013, 12:45:04 PM |
|
On chrome, if you paste a URL in the bar (or look it up by typing its first letters) it will be prefetched. So the following can happen: you paste your non-https instawallet URL in your bar with the intent of changing it to https, but it's already too late since it has been sent in cleartext by the prefetch mechanism.
Well, that also goes if anyone tries to access the https wallet directly through http. If you access the base URL with http it will redirect you first to the https version before redirecting you to a wallet. Wait wait wait what? Davout, you bought instawallet? Why would you burden yourself with such a customer service nightmare?
Because I love customers Also psy is right, the previous owner wanted to sell it, it wasn't going to close though, other buyers were interested.
|
|
|
|
greyhawk
|
|
March 11, 2013, 12:49:13 PM |
|
Because I love customers Sounds like some kinda weird fetish thing.
|
|
|
|
trainhappy
Member
Offline
Activity: 66
Merit: 10
|
|
March 11, 2013, 01:49:13 PM |
|
I can confirm that instawallet.com is down, won't respond to ping, and won't load. It also appears that its host instahost.net is also offline, ns1.instahost.net and ns2.instahost.net don't respond to ping. Maybe the host for instawallet.com is having issues? My guess would be server issues, but well see.
|
|
|
|
davout
Legendary
Offline
Activity: 1372
Merit: 1008
1davout
|
|
March 11, 2013, 01:54:07 PM |
|
I can confirm that instawallet.com is down, won't respond to ping, and won't load. It also appears that its host instahost.net is also offline, ns1.instahost.net and ns2.instahost.net don't respond to ping. Maybe the host for instawallet.com is having issues? My guess would be server issues, but well see.
Instawallet works fine. Have you been recently pounding hard on the API ? On Bitcoin-Central's API ? Have you been running vulnerability scanners against either of these ? Because if that's the case you'll automatically end up with your IP blacklisted in iptables.
|
|
|
|
riX
|
|
March 11, 2013, 02:19:54 PM |
|
Ok, an update:
The guy I was referring to did not use wifi when logging in to instawallet at the time the site was accessed to get the qr-code and bitcoins were transferred there, since that event took place in my car. He could of course have checked in between that and the time the bitcoins disappeared.
Yeah, it's a possibility that he first tried to connect via http and then got redirected to https, then it could have been someone at the mobile provider.
I sent him a link to this thread, and got a reply that "it somehow sorted itself out, not sure how", so this indicates that maybe the error was between the chair and keyboard this time (or chair and phone).
davout, if you're interested and want to look into it I could PM you the tx info.
|
|
|
|
Raoul Duke
aka psy
Legendary
Offline
Activity: 1358
Merit: 1002
|
|
March 11, 2013, 02:25:17 PM |
|
I can confirm that instawallet.com is down, won't respond to ping, and won't load. It also appears that its host instahost.net is also offline, ns1.instahost.net and ns2.instahost.net don't respond to ping. Maybe the host for instawallet.com is having issues? My guess would be server issues, but well see.
Instawallet works fine. Have you been recently pounding hard on the API ? On Bitcoin-Central's API ? Have you been running vulnerability scanners against either of these ? Because if that's the case you'll automatically end up with your IP blacklisted in iptables. He's pinging instawallet .comShouldn't it be instawallet .org? Because instawallet .com also doesn't resolve here, but instawallet .org does work. Damn, davout... don't you recognize your own domain name and nameservers?
|
|
|
|
davout
Legendary
Offline
Activity: 1372
Merit: 1008
1davout
|
|
March 11, 2013, 02:34:04 PM |
|
He's pinging instawallet.com Shouldn't it be instawallet.org?
Because instawallet.com also doesn't resolve here, but instawallet.org does work.
Damn, davout... don't you recognize your own domain name and nameservers?
Whoops
|
|
|
|
greyhawk
|
|
March 11, 2013, 02:57:26 PM |
|
BRB, building instawallet clone on .com address for phishing attack.
|
|
|
|
|