Bitcoin Forum
December 04, 2016, 02:21:55 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: What to do if your computer is compromised  (Read 1773 times)
Astrohacker
Full Member
***
Offline Offline

Activity: 156



View Profile WWW
June 14, 2011, 03:20:56 AM
 #1

After reading the disturbing tale of 25,000 stolen BTC ( http://forum.bitcoin.org/index.php?topic=16457.0 ), I have decided now is the time to make 100% sure my data (including bitcoins) are secure.

So here are my suggestions on how to secure your stuff. I am not security expert, so input is appreciated.

Assume your computer is compromised. Get a new, uncompromised computer with a safe internet connection (where you can be sure no one is changing your unencrypted internet data). On the new computer, create a new encrypted password file using a password manager like KeePass with a long, complicated password. This is the only password, besides the user password to your computer, that you will have to memorize. In your password manager, create new, unique, complicated passwords for every single account you have. Do not bother memorizing any of these passwords... that is what the password manager is for.

Next, assume all data stored on disk will eventually be compromised by someone. Thus, use tools like encfs or truecrypt to encrypt all data on disk. For each encrypted volume, use a different password, saved in your password manager.

For bitcoins, transfer all bitcoins out of your old wallets into new wallets. Otherwise, the money can be stolen at any time if someone has the old unencrypted wallets. Make sure the new wallets are never written to disk unencrypted; they should only ever existed on disk in encrypted form.

If you have private/public key pairs, you will need new ones.

Only place encrypted data into data storage tools like Dropbox, wuala, or tarsnap. Personally, I wouldn't ever trust a data storage service that they encrypt your data. Assume your data is compromised, and encrypt it before using their services.

You have no choice but to assume your computer is not compromised during daily use, or your passwords, and thus all your data, will be stolen. If you ever suspect that your computer has been compromised, then follow the procedure listed here. Change all passwords, rencrypted all data, and create new data (bitcoin wallets and private keys) if necessary.
1480861315
Hero Member
*
Offline Offline

Posts: 1480861315

View Profile Personal Message (Offline)

Ignore
1480861315
Reply with quote  #2

1480861315
Report to moderator
1480861315
Hero Member
*
Offline Offline

Posts: 1480861315

View Profile Personal Message (Offline)

Ignore
1480861315
Reply with quote  #2

1480861315
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480861315
Hero Member
*
Offline Offline

Posts: 1480861315

View Profile Personal Message (Offline)

Ignore
1480861315
Reply with quote  #2

1480861315
Report to moderator
1480861315
Hero Member
*
Offline Offline

Posts: 1480861315

View Profile Personal Message (Offline)

Ignore
1480861315
Reply with quote  #2

1480861315
Report to moderator
bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
June 14, 2011, 05:24:44 AM
 #2

There is nothing you can do but total reinstall. And you really have to let stuff go to be sure that you don't carry the infection to the new system. That's a sacrifice - but it should never happen anyway.

Misspelling protects against dictionary attacks NOT
Jaime Frontero
Full Member
***
Offline Offline

Activity: 126


View Profile
June 14, 2011, 05:28:17 AM
 #3

as long as it isn't preggers.

i don't have the time to raise a litter of PDAs.
Dude65535
Full Member
***
Offline Offline

Activity: 126


View Profile
June 14, 2011, 05:32:34 AM
 #4

If you have a lot of money in bitcoin you should really consider dedicating a machine for a secure wallet. A cheap netbook, preferably small enough to fit in a safe, or a cheap desktop system.

1DCj8ZwGZXQqQhgv6eUEnWgsxo8BTMj3mT
swusc2
Sr. Member
****
Offline Offline

Activity: 306


Do your part for Bitcoin!


View Profile
June 14, 2011, 05:43:46 AM
 #5

There is a thread on how to secure your wallet. You can put it on a usb device, passkey encrypt it, delete the data from User/Roaming/Bitcoin, and direct your Bitcoin client to your encrypted files when you load it. Check the guides.

Impress your friends! Buy a bitcoin keychain!
http://forum.bitcoin.org/index.php?topic=30799.0
bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
June 14, 2011, 05:55:26 AM
 #6

I think you should definitely have a machine that has Linux on it. Not because it is more secure, it isn't. But you get a pretty secure system with a lot useful built-in tools to achieve security. You could also have that with some fancy enterprise version of Windows, but with the Windows versions most people have you have to deal with a lot of external tools and take care about security yourself.
For example you should always prefer your system's built-in disk encryption, because this is meant to protect your data. You can do a similar setup with TrueCrypt, but then you have to know exactly how you avoid each of the many mistakes. That's pretty hard. Just installing TrueCrypt doesn't do the job.
Another advantage of Linux is that you are not dependend on running software from the web. You find most thing in the distribution's repository, and over this way it is secured via cryptography that you don't get manipulated program versions.

Misspelling protects against dictionary attacks NOT
Stephen Gornick
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 14, 2011, 06:11:27 AM
 #7

If you have a lot of money in bitcoin you should really consider dedicating a machine for a secure wallet. A cheap netbook, preferably small enough to fit in a safe, or a cheap desktop system.

  Issue 271, Ability to sign transactions offline, would be quite useful for keeping that machine permanently disconnected.  A standalone airgap system for use as a "savings" wallet.
  - http://github.com/bitcoin/bitcoin/issues/271

Dude65535
Full Member
***
Offline Offline

Activity: 126


View Profile
June 14, 2011, 06:15:30 AM
 #8

I think of it more as a bitcoin vault rather than a savings wallet.

1DCj8ZwGZXQqQhgv6eUEnWgsxo8BTMj3mT
interfect
Full Member
***
Offline Offline

Activity: 139


View Profile
June 14, 2011, 06:52:05 AM
 #9


  Issue 271, Ability to sign transactions offline, would be quite useful for keeping that machine permanently disconnected.  A standalone airgap system for use as a "savings" wallet.
  - http://github.com/bitcoin/bitcoin/issues/271

An air gap would be awesome. No automated trojan or bored teenager is going to get past it. You'd be safe from the two major dangers of the Internet.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!