Bitcoin Forum
December 05, 2016, 04:46:00 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 [21] 22 23 24 25 26 27 28 29 30 31 32 »
  Print  
Author Topic: I just got hacked - any help is welcome! (25,000 BTC stolen)  (Read 343312 times)
Capitan
Member
**
Offline Offline

Activity: 112


View Profile
June 17, 2011, 03:16:35 AM
 #401

I do know basics of how a computer works, but that doesn't make me a security expert. I don't want to become a security expert, and I don't want to spend hundreds of hours learning about security. In an ideal world I would, because yes, that is an interesting topic, but as it turns out I have other things to spend my time on.

Not everyone can be an expert in security. That's an unrealistic request. It would be nice if we had people who knew security giving out useful, actionable advice rather than "that sucks. learn real security. compare the hashes of all your .exe's by hand".

I guess I'm still frustrated because I don't know what mistakes the OP made (besides using Windows in the first place), and therefore I don't know if I'm making the same ones too.
1480913160
Hero Member
*
Offline Offline

Posts: 1480913160

View Profile Personal Message (Offline)

Ignore
1480913160
Reply with quote  #2

1480913160
Report to moderator
1480913160
Hero Member
*
Offline Offline

Posts: 1480913160

View Profile Personal Message (Offline)

Ignore
1480913160
Reply with quote  #2

1480913160
Report to moderator
1480913160
Hero Member
*
Offline Offline

Posts: 1480913160

View Profile Personal Message (Offline)

Ignore
1480913160
Reply with quote  #2

1480913160
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Nescio
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 17, 2011, 03:20:36 AM
 #402

A VM truecrypt that uses an on-screen keyboard that is randomly scrambled with each startup.  User clicks in his passcode.  Keylogger fails, mouse recording fails, screen capture does not fail.

Speech to text?  Soundcard sniffer?

If LogMeIn, VNC or remote desktop can do all of that, so can malware. A scrambled mouse driven keyboard is no protection against a screenshot + mouse capture, or delta based screengrabs a la remote desktop. Audio + webcam are routinely used for spying, whether in the form of anti-theft (Prey) or highschool scandal where teachers were watching the kids at home like a soap.

Of course I agree that the base attack will most likely be limited, but a simple screengrab with a large enough balance visible will be plenty of reason to upgrade the kit with more sophisticated modules.

It's always good to assume the worst in security, so you cannot depend on a compromise that only installs a DDoS module, especially if Bitcoin becomes prevalent.
Nescio
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 17, 2011, 03:22:32 AM
 #403

I think the safest and most paranoid idea I've head so far is to physically print your private keys. I am even tempted to print them on a freaking gold plate!

That's awesome, "My Bitcoin is backed by gold! Have at that you fiat based currency!" Grin
allinvain
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 17, 2011, 04:00:46 AM
 #404

I think the safest and most paranoid idea I've head so far is to physically print your private keys. I am even tempted to print them on a freaking gold plate!

That's awesome, "My Bitcoin is backed by gold! Have at that you fiat based currency!" Grin

Technically there is no reason why bitcoins (realistically only a portion of them) can't be backed by gold, but that would kill the whole decentralized thing bitcoin has going for itself.

Anonymous
Guest

June 17, 2011, 04:05:54 AM
 #405

Not really. Bitcoins are technically already backed by Gold. You can buy Gold with it. Ahaha.
allinvain
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 17, 2011, 04:08:46 AM
 #406

Not really. Bitcoins are technically already backed by Gold. You can buy Gold with it. Ahaha.

Question is when shit hits the fan which would you rather hold, bitcoins or gold?

So you know of an online store where you can buy gold coins with bitcons?


rezin777
Full Member
***
Offline Offline

Activity: 154


View Profile
June 17, 2011, 04:12:27 AM
 #407

Not really. Bitcoins are technically already backed by Gold. You can buy Gold with it. Ahaha.

Question is when shit hits the fan which would you rather hold, bitcoins or gold?

So you know of an online store where you can buy gold coins with bitcons?

Shit hits the fan? How much shit?

Anyway. Beans. Bullets. Bullion. Bitcoins.

I think Bitcoins could survive teotwawki better than most currencies. As long as there is still an internet that is. Plus they are highly portable!
Nescio
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 17, 2011, 04:35:36 AM
 #408

Actually, i meant VNCing to the VM from a laptop.
VNCing from the same comp would have no sense as the keyloggers/screen capture/mouse movements capture would kill it.

Right. But if you use VNC from a different machine, why not just run your VM there? Or vanilla Bitcoin? Since you are assuming that that machine is and remains clean, otherwise using VNC from there is just as pointless. It would even increase security since you seem to assume the original VM/VNC host could be compromised.

The "separate minimal machine for Bitcoin only" is of course superior to everything.

Definitely, if you have a sizable wallet it's worth it. If Bitcoin really takes off there will be businesses around this putting something on a cheap device, maybe smartphone.
TraderTimm
Legendary
*
Offline Offline

Activity: 1652



View Profile
June 17, 2011, 04:55:20 AM
 #409

Can we let this thread die?

Really.

Unless you enjoy the press picking up on someone's lack of personal security and inferring bitcoin is at fault.

fortitudinem multis - catenum regit omnia
imperi
Full Member
***
Offline Offline

Activity: 196


View Profile
June 17, 2011, 04:57:29 AM
 #410

Can we let this thread die?

Really.

Unless you enjoy the press picking up on someone's lack of personal security and inferring bitcoin is at fault.


The press really eat up this forum. I bet there's reporters hovering over this place just waiting for something juicy to write about, usually negatively.
SgtSpike
Legendary
*
Offline Offline

Activity: 1344



View Profile
June 17, 2011, 06:19:44 AM
 #411

Can we let this thread die?

Really.

Unless you enjoy the press picking up on someone's lack of personal security and inferring bitcoin is at fault.

Why are you so intent on letting the thread die?  There's still discussion going on within it, which is the whole point of a forum.
unemployed
Member
**
Offline Offline

Activity: 70


Try out Bitcoin Tool v1.1 - over 220 installs


View Profile WWW
June 17, 2011, 07:09:42 AM
 #412

Well, if OP instead of just hoarding money, would have sometimes tippped poor developers, maybe he would have no problems today. Implementing encrypted wallet isn't rocket science, it's just matter of time invested.
It's a lesson for all early miners. Avarice brings bad karma.

Bitcoin Tool - browser extension for Firefox, Chrome and Internet Explorer
141HiFa6pek3uM32LpRe3gXraETV1fViWC
http://i.imgur.com/4OT19.png    <- Bitcoin Tool recognizes bitcoin addresses on websites, and links them to blockexplorer.
Bind
Sr. Member
****
Offline Offline

Activity: 252

DO NOT ACCEPT PAYPAL FOR BTC YOU WILL GET BURNED


View Profile
June 17, 2011, 07:29:15 AM
 #413

I do know basics of how a computer works, but that doesn't make me a security expert. I don't want to become a security expert, and I don't want to spend hundreds of hours learning about security. In an ideal world I would, because yes, that is an interesting topic, but as it turns out I have other things to spend my time on.

Not everyone can be an expert in security. That's an unrealistic request. It would be nice if we had people who knew security giving out useful, actionable advice rather than "that sucks. learn real security. compare the hashes of all your .exe's by hand".

I guess I'm still frustrated because I don't know what mistakes the OP made (besides using Windows in the first place), and therefore I don't know if I'm making the same ones too.

can you read a web page and follow very simple instructions to protect your wallet, allowing other experts to advise you who already did the work ?

if not, then cash in your bitcoins, delete the client, and continue using fiat currrency from central banks, because no one can help you.

Who protects the other personal wealth in your home ?

you do.

protecting the assets in your home is not bitcoins responsibility.


"... He is no fool who parts with that which he cannot keep, when he is sure to be recompensed with that which he cannot lose ..."

"... history disseminated to the masses is written by those who win battles and wars and murder their heroes ..."


1Dr3ig3EoBnPWq8JZrRTi8Hfp53Kj
unk
Member
**
Offline Offline

Activity: 84


View Profile
June 17, 2011, 07:50:09 AM
 #414

Who protects the other personal wealth in your home ?

you do.

even if you believe this (though it sounds like an untenably strong view of property rights - stronger than those of any legal system in existence), many people would want to choose tools that help them protect their 'wealth' rather than encourage theft.

there are many things bitcoin could do better in this respect. for example, the block chain could easily record commitments that prevent spending beyond a certain amount from an address in an certain time. why force end users to set up complex and potentially fragile 'savings' wallets when bitcoin could simply support a voluntary declaration, recorded in the block chain, that transfers beyond some particular fraction of the wealth of an address (or some fixed amount) in a particular period are invalid? surely some people would want to use a feature like that, and it would be relatively straightforward to implement.

there are other possibilities. for example, users can record commitments using nLockTime in the block chain as a sort of 'forced savings', though at present that probably wouldn't help much with security unless the user could ensure unique possession of the target address in the future. other script-based mechanisms can aid security as well. but there's no reason bitcoin can't improve in this regard, and i'll criticize yet again the remarkable complacency, cultural conservatism, and fear of change that's been on exhibit in these forums for well over a year now. (i've seen it in literally no other open-source project i've ever worked on, and it's remarkably dysfunctional.) 'personal responsibility' is a pretty silly mantra from the perspective of a systems designer.
TraderTimm
Legendary
*
Offline Offline

Activity: 1652



View Profile
June 17, 2011, 07:54:02 AM
 #415

Can we let this thread die?

Really.

Unless you enjoy the press picking up on someone's lack of personal security and inferring bitcoin is at fault.

Why are you so intent on letting the thread die?  There's still discussion going on within it, which is the whole point of a forum.

Absolutely.

Moderator, MODERATOR! I say good sir, could we sticky this so people see it upon their first viewing of bitcoin.org's forums? I believe it will leave a lasting impression of much goodwill.

Losing bitcoin is the first things people should see on a forum such as this. Huzzah, sir!

fortitudinem multis - catenum regit omnia
unk
Member
**
Offline Offline

Activity: 84


View Profile
June 17, 2011, 08:00:03 AM
 #416

Quote
Why are you so intent on letting the thread die?  There's still discussion going on within it, which is the whole point of a forum.

Absolutely.

Moderator, MODERATOR! I say good sir, could we sticky this so people see it upon their first viewing of bitcoin.org's forums? I believe it will leave a lasting impression of much goodwill.

Losing bitcoin is the first things people should see on a forum such as this. Huzzah, sir!

you seem to think that the purpose of the forums is to market the currently prominent block chain to potentially unsuspecting buyers. that would be an unfortunate view, and it's not one to which we all subscribe.
Bind
Sr. Member
****
Offline Offline

Activity: 252

DO NOT ACCEPT PAYPAL FOR BTC YOU WILL GET BURNED


View Profile
June 17, 2011, 08:34:35 AM
 #417

Who protects the other personal wealth in your home ?

you do.

even if you believe this (though it sounds like an untenably strong view of property rights - stronger than those of any legal system in existence), many people would want to choose tools that help them protect their 'wealth' rather than encourage theft.

there are many things bitcoin could do better in this respect. for example, the block chain could easily record commitments that prevent spending beyond a certain amount from an address in an certain time. why force end users to set up complex and potentially fragile 'savings' wallets when bitcoin could simply support a voluntary declaration, recorded in the block chain, that transfers beyond some particular fraction of the wealth of an address (or some fixed amount) in a particular period are invalid? surely some people would want to use a feature like that, and it would be relatively straightforward to implement.

there are other possibilities. for example, users can record commitments using nLockTime in the block chain as a sort of 'forced savings', though at present that probably wouldn't help much with security unless the user could ensure unique possession of the target address in the future. other script-based mechanisms can aid security as well. but there's no reason bitcoin can't improve in this regard, and i'll criticize yet again the remarkable complacency, cultural conservatism, and fear of change that's been on exhibit in these forums for well over a year now. (i've seen it in literally no other open-source project i've ever worked on, and it's remarkably dysfunctional.) 'personal responsibility' is a pretty silly mantra from the perspective of a systems designer.

You are correct that it is a strong view of property rights. I am not a socialist. I do not believe in a pure mob-rule democracy, which is indespensible to socialism, and redistribution of wealth. I believe in un-a-lien-able birth rights that can never be taken away. I believe it is my responsibility to protect my rights, my property, and my wealth which I have collected and paid for with my blood, sweat, and tears. I believe I have the right to donate and share my wealth, just as firmly as I believe that I have the right not to. I do not believe that is stronger than any legal system in existence.

I have never disagreed with a software design more protecting of the BTC wallet, but it does not exist, and i do not believe bitcoin holds any responsibility to create one. They have everything you need in their documentation and wiki to help you protect your wallet. To say they do, is to say the central banks holds the responsibility to protect the cash in your home. Same goes for all other posessions and wealth in the home.

So the onus is on the user to protect their home, property, wealth, and bitcoin wallet.

Those are the facts. That is reality.

Just because you feel it should be different does not negate that fact that it isnt different, and bitcoin holds absolutely no responsibility in that regard.

Yes, personal responsibility. Its all about personal responsibility.

That means you are responsible for yourself and what you own. Sure the police can investigate and possibly catch the perpetrators, but they do not prevent the theft as exemplified by the OP.

I protect what I have earned ... with deadly force if necessary. Part of that protection is prevention so force, deadly or otherwise, is hopefully never required to begin with. I dont leave $25k laying out in the open for someone to steal.

I don't believe anyone else has the responsibility to protect what is mine unless I enter into contract with them to protect it.

I must congratulate bitcoin for putting that protection information on their website to help you protect your wallet. They had no responsibility to do that either.

Problem is few take personal responsibility seriously. They dont research. They dont read. They need instant gratification and steam in head first without any understanding, even when all the information they need is right on the screen in front of them. Then they blame someone else for their own failures.

It is unfortunate, but the only one to blame is the one in the mirror.

"... He is no fool who parts with that which he cannot keep, when he is sure to be recompensed with that which he cannot lose ..."

"... history disseminated to the masses is written by those who win battles and wars and murder their heroes ..."


1Dr3ig3EoBnPWq8JZrRTi8Hfp53Kj
unk
Member
**
Offline Offline

Activity: 84


View Profile
June 17, 2011, 08:47:58 AM
 #418

You are correct that it is a strong view of property rights. I am not a socialist. I do not believe in a pure mob-rule democracy, which is indespensible to socialism, and redistribution of wealth. I believe in un-a-lien-able birth rights that can never be taken away. I believe it is my responsibility to protect my rights, my property, and my wealth which I have collected and paid for with my blood, sweat, and tears. I believe I have the right to donate and share my wealth, just as firmly as I believe that I have the right not to. I do not believe that is stronger than any legal system in existence.

right, my point is that this sort of extremism still doesn't matter; you ought to agree with practical suggestions for bitcoin regardless, or at least provide a reason they wouldn't improve the product.

(at least, that's true unless your political philosophy is so extreme that you actually want there to be strife caused by the product because it promotes a kind of social darwinism. the way many people in this forum talk, you'd think they'd like the idea of harsh legal rules that cause suffering even, hypothetically, if resources weren't scarce and there weren't a need for their capitalistic allocation in the first place. it's as if the mechanism in response to scarce resources is accepted as a moral primitive on faith as a positive thing in its own right. that is a bizarre political philosophy held by almost nobody except those with unstudied intuitions on the matter, but i'd rather not debate political philosophy in detail here; it's exceedingly frustrating to do so.)

in any event, i'm not talking about impressing jeff garzik or gavin andresen into service to add a feature i like; i'm giving them a suggestion that would help many end users. i'd code it myself, but the coding is not difficult, nor is it the main barrier to adoption; it would require a somewhat coordinated decision because it could lead to disagreements among clients about valid transactions in future. that is not, of course, a weighty reason against its adoption in the present.
MeSarah
Full Member
***
Offline Offline

Activity: 154


View Profile
June 17, 2011, 08:55:01 AM
 #419

Im sceptical of the OP's claims. The glairing waving red flag for me is that he hasnt filed a police report. Who looses $500k and doesnt run to the police? I think that a police report being filed and the OP providing the name of the detective would provide some credibility. With the detectives name a reputable journalist would be able to confirm a police report being filed.

With recent hoaxs I am inclined to think that this is a hoax.

http://www.youtube.com/watch?v=mTTwcCVajAc

60 GH/s BFL Single SC - Pre-Order Yours Today!
`````` Only $1299.99 - butterflylabs.com ``````
allinvain
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 17, 2011, 09:01:11 AM
 #420

Im sceptical of the OP's claims. The glairing waving red flag for me is that he hasnt filed a police report. Who looses $500k and doesnt run to the police? I think that a police report being filed and the OP providing the name of the detective would provide some credibility. With the detectives name a reputable journalist would be able to confirm a police report being filed.

With recent hoaxs I am inclined to think that this is a hoax.

http://www.youtube.com/watch?v=mTTwcCVajAc

Why do you assume that I have not?

Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 [21] 22 23 24 25 26 27 28 29 30 31 32 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!