molecular
Donator
Legendary
Offline
Activity: 2772
Merit: 1019
|
|
April 02, 2013, 11:04:38 PM |
|
In short "Keep your private keys private". Rule number ONE in Bitcoin land.
You're storing BitcoinSpinner users private keys in plaintext on their phones. How is this helping them to keep their private keys private?
|
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
dooglus
Legendary
Offline
Activity: 2940
Merit: 1333
|
|
April 03, 2013, 01:54:41 AM |
|
Thanks dooglus. Mine was off.
Yes, I think chromium has all it's "spying for google" features disabled by default.
|
Just-Dice | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | Play or Invest | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | 1% House Edge |
|
|
|
splat44
|
|
April 03, 2013, 02:29:25 AM |
|
If bitcoin-central.net has an update, I'm sure instawallet will come down the line! Usually this one is very safe! either way the lesson will be "trust no one to hold your coins".
Seconded Apparently every new batch of Bitcoiners will need to learn this valuable lesson. If you aren't the sole controller of your private keys, you don't have any bitcoins. Take whatever steps necessary to be the sole controller of your private keys people! In short "Keep your private keys private". Rule number ONE in Bitcoin land. bitcoin-central.net has updated its message Still no mention of instawallet
|
|
|
|
Joost
Member
Offline
Activity: 68
Merit: 10
|
|
April 03, 2013, 07:29:41 AM |
|
So do we think it is only affecting chrome users or is this just speculation?
Aside from that there is no news is there?
You would be surprised how many people got Google as their home page and type URLs in the page's search box instead of the browser's URL bar... When you're using Chrome as your browser, (on the default settings) there is no difference between the two. None.
|
|
|
|
MysteryMiner
Legendary
Offline
Activity: 1512
Merit: 1049
Death to enemies!
|
|
April 03, 2013, 01:05:50 PM |
|
For first Instawallet URL hack I think the Google Chrome is to blame. I never used Chrome outside VMWare test environment and I recommend anyone not to install Google Chrome on any computer for this privacy reason. If there is any technical need when Chrome is preferred over Firefox, then use SRWare Iron that have all bad things deleted. The use of URL as a private key is not a big security problem because SSL also encrypts the URL and prevents anyone from seeing it, including Tor exit nodes, FBI, etc. As long as the browser history are safe and not compromised, the URL is safe.
I have no idea about second hack. If it is true that the servers are suspected to be compromised, then it might take some time to install new operating system on new hardware, test and secure the setup before it is launched public again.
|
bc1q59y5jp2rrwgxuekc8kjk6s8k2es73uawprre4j
|
|
|
steelboy
|
|
April 03, 2013, 01:20:15 PM |
|
For first Instawallet URL hack I think the Google Chrome is to blame. I never used Chrome outside VMWare test environment and I recommend anyone not to install Google Chrome on any computer for this privacy reason. If there is any technical need when Chrome is preferred over Firefox, then use SRWare Iron that have all bad things deleted. The use of URL as a private key is not a big security problem because SSL also encrypts the URL and prevents anyone from seeing it, including Tor exit nodes, FBI, etc. As long as the browser history are safe and not compromised, the URL is safe.
I have no idea about second hack. If it is true that the servers are suspected to be compromised, then it might take some time to install new operating system on new hardware, test and secure the setup before it is launched public again.
So you think if I have used only Firefox in safe mode then it should be all good?
|
|
|
|
MPOE-PR
|
|
April 03, 2013, 01:20:38 PM |
|
In short "Keep your private keys private". Rule number ONE in Bitcoin land.
You're storing BitcoinSpinner users private keys in plaintext on their phones. How is this helping them to keep their private keys private? Ouch.
|
|
|
|
Kotcha
Newbie
Offline
Activity: 14
Merit: 0
|
|
April 03, 2013, 01:27:08 PM |
|
What is the likelihood of us seeing our coins again guys? Getting worried about the severe lack of communication
|
|
|
|
steelboy
|
|
April 03, 2013, 01:30:13 PM |
|
What is the likelihood of us seeing our coins again guys? Getting worried about the severe lack of communication
No idea. I switch from positive to negative feelings nonstop. Driving me crazy. :/ One thing for sure though. If it turns out all right I am taking some profits and flying to a beach for a holiday. (Not before I finally get armory working though )
|
|
|
|
Joost
Member
Offline
Activity: 68
Merit: 10
|
|
April 03, 2013, 01:31:40 PM |
|
What is the likelihood of us seeing our coins again guys? Getting worried about the severe lack of communication
The lack of communication is definitely disturbing.. I can only assume they havn't got any time for communicating as they've got the entire team working round the clock on this thing, but a little memo every few hours would have been great. Their predicted 48 hours are nearly running out.. I had hoped to see them back online by now.
|
|
|
|
Kotcha
Newbie
Offline
Activity: 14
Merit: 0
|
|
April 03, 2013, 01:42:09 PM |
|
I feel your pain steelboy. Kicking myself for not keeping them somewhere more secure, definitely a lesson learnt but hopefully not the hard way! Yeah the communication has been apalling, and has probably tarnished the company a great deal - it looks like some people have lost A LOT of money, they deserve some sort of explanation. The fact that funds have been moved to this 'Instawallet Cold Storage' address is quite reassuring, unless it's an inside job and they are just stalling
|
|
|
|
twolifeinexile
|
|
April 03, 2013, 01:42:12 PM |
|
What is the likelihood of us seeing our coins again guys? Getting worried about the severe lack of communication
The lack of communication is definitely disturbing.. I can only assume they havn't got any time for communicating as they've got the entire team working round the clock on this thing, but a little memo every few hours would have been great. Their predicted 48 hours are nearly running out.. I had hoped to see them back online by now. Anyone have a private communication channel to them? Could anyone trying to get some info on this, customers/users are deserve to know the current status of the affair.
|
|
|
|
Joost
Member
Offline
Activity: 68
Merit: 10
|
|
April 03, 2013, 01:50:27 PM |
|
That's odd. The font used on https://bitcoin-central.net/ and https://paytunia.com/ are different. You'd think they'd just point to the same HTML file.. Oddly enough, Instawallet still displays the old downtime message. I can only hope this is an indication of priorities
|
|
|
|
steelboy
|
|
April 03, 2013, 01:55:30 PM |
|
I feel your pain steelboy. Kicking myself for not keeping them somewhere more secure, definitely a lesson learnt but hopefully not the hard way! Yeah the communication has been apalling, and has probably tarnished the company a great deal - it looks like some people have lost A LOT of money, they deserve some sort of explanation. The fact that funds have been moved to this 'Instawallet Cold Storage' address is quite reassuring, unless it's an inside job and they are just stalling Cheers mate. Hope you're not in as much as me. The stalling thing is an option I suppose I just feel that as the owners are known there will be a lot of people ready to kick off if it has gone.
|
|
|
|
MysteryMiner
Legendary
Offline
Activity: 1512
Merit: 1049
Death to enemies!
|
|
April 03, 2013, 02:30:16 PM |
|
So you think if I have used only Firefox in safe mode then it should be all good?
Yes. Firefox don't leak URLs unless some malicious add-on or antivirus/firewall does it. And the safe mode for Firefox are not meant to be "safer" mode of operation. It is only for troubleshooting purposes if some add-on or plugin causes it to crash. The URL leak is not Instawallet fault, I found another service who still have exactly same problems. I did not manage to find any coins in there but it is only matter of time. At least I will work back the coins that have gone with Instastealwallet. If I'm going to run away with 4000 coins I will not post message that I will be back. I will post something like this: "Na nana nana I got Your coins and You will not see them again, na na nanaana!" together with picture of Eric Cartman.
|
bc1q59y5jp2rrwgxuekc8kjk6s8k2es73uawprre4j
|
|
|
hous
Member
Offline
Activity: 98
Merit: 10
|
|
April 03, 2013, 02:34:00 PM |
|
how many coins you got in there steelboy?
I got 30 in there the price was @ $103 each
now there $130 lol
crazy shit i hope get them back !!!!
|
|
|
|
steelboy
|
|
April 03, 2013, 02:35:55 PM |
|
A lot more than that. Didnt realise how unsafe they were and i just started to realise before Easter that i needed to do something about it. Started a thread to get some advice about the armory and setting it up, even bought an offline asus on friday ready to get it sorted this week. Oh well....let's see.
|
|
|
|
hous
Member
Offline
Activity: 98
Merit: 10
|
|
April 03, 2013, 02:51:17 PM |
|
yea not a good place to hold them mate. i was only using it as transporter not a wallet to hold. i hope you and every1 else gets them back. I am leaving my computer at work today otherwise i am up all night waiting to hear something. My opinon is they had a problem they managed to keep everyones coins safe now there going to profit from it before it goes back live!!
cheers
|
|
|
|
Joost
Member
Offline
Activity: 68
Merit: 10
|
|
April 03, 2013, 02:51:51 PM |
|
I got 30 in there the price was @ $103 each
now there $130 lol
At least you had BTC in there before the steep rise this morning
|
|
|
|
steelboy
|
|
April 03, 2013, 02:59:01 PM |
|
yea not a good place to hold them mate. i was only using it as transporter not a wallet to hold. i hope you and every1 else gets them back. I am leaving my computer at work today otherwise i am up all night waiting to hear something. My opinon is they had a problem they managed to keep everyones coins safe now there going to profit from it before it goes back live!!
cheers
How do you think they can profit from it?
|
|
|
|
|