|
Nefario (OP)
|
 |
June 17, 2011, 06:20:27 AM |
|
There is a (new?) trojan wallet stealer out in the wild ATM. Plenty of script kiddies and scammers are going to be trying to get you to download and install it, what's more they'll be putting posts to do so (using lies obviously). Don't install anything linked to on this forum, unless it's been found by someone with a good reputation to be legit. Assume everything is an attempt to steal your wallet. You should also encrypt your wallet when not in use. http://www.freeotfe.org/Here is a portable apps version http://www.freeotfe.org/downloads/FreeOTFEExplorer_3_51.paf.exeYou have been warned. Nefario |
PGP key id at pgp.mit.edu 0xA68F4B7C To get help and support for GLBSE please email support@glbse.com |
|
|
|
Garrett Burgwardt
|
 |
June 17, 2011, 06:28:30 AM |
|
As a side note - for those of you willing to trust an app, read the source code first. If it's not available, huge warning lights should go off.
|
|
|
|
|
|
|
dana.powers
Newbie
 Offline
Activity: 21
Merit: 0
|
|
June 17, 2011, 06:40:43 AM |
|
Open source GPG encryption tools for Mac OS are available here: http://macgpg.sourceforge.net/But don't these tools still leave you vulnerable while you're running the bitcoin client (because client requires unencrypted wallet.dat)? |
|
|
|
|
|
bitcoinminer
|
|
June 17, 2011, 06:41:26 AM |
|
There is a (new?) trojan wallet stealer out in the wild ATM. Plenty of script kiddies and scammers are going to be trying to get you to download and install it, what's more they'll be putting posts to do so (using lies obviously). Don't install anything linked to on this forum, unless it's been found by someone with a good reputation to be legit. Assume everything is an attempt to steal your wallet. You should also encrypt your wallet when not in use. http://www.freeotfe.org/Here is a portable apps version http://www.freeotfe.org/downloads/FreeOTFEExplorer_3_51.paf.exeYou have been warned. Nefario How do we know we can trust you?  |
Be fearful when others are greedy, and greedy when others are fearful.
-Warren Buffett
|
|
|
|
Nefario (OP)
|
|
June 17, 2011, 07:19:40 AM |
|
There is a (new?) trojan wallet stealer out in the wild ATM. Plenty of script kiddies and scammers are going to be trying to get you to download and install it, what's more they'll be putting posts to do so (using lies obviously). Don't install anything linked to on this forum, unless it's been found by someone with a good reputation to be legit. Assume everything is an attempt to steal your wallet. You should also encrypt your wallet when not in use. http://www.freeotfe.org/Here is a portable apps version http://www.freeotfe.org/downloads/FreeOTFEExplorer_3_51.paf.exeYou have been warned. Nefario How do we know we can trust you? trust no one |
PGP key id at pgp.mit.edu 0xA68F4B7C To get help and support for GLBSE please email support@glbse.com |
|
|
MrAnderson
Member
Offline
Activity: 81
Merit: 10
|
|
June 17, 2011, 08:43:18 AM |
|
There is a (new?) trojan wallet stealer out in the wild ATM. Plenty of script kiddies and scammers are going to be trying to get you to download and install it, what's more they'll be putting posts to do so (using lies obviously). Don't install anything linked to on this forum, unless it's been found by someone with a good reputation to be legit. Assume everything is an attempt to steal your wallet. You should also encrypt your wallet when not in use. http://www.freeotfe.org/Here is a portable apps version http://www.freeotfe.org/downloads/FreeOTFEExplorer_3_51.paf.exeYou have been warned. Nefario Windows 7 rejects it because it doesn't have digitally signed drivers, any work around for this? re: http://www.imgjoe.com/x/capture22323.jpg |
>>> 1BcfL1QAZsxtpd92YYsbvDyih45mwA9xSo << Willing to endure the cringe-worthy Australian stereotypes for donations. I'll wrestle a crocodile, show you my knife, throw shrimp on the BBQ, F**k your wife.  |
|
|
|
foo
|
|
June 17, 2011, 08:55:40 AM |
|
WTF is FreeOTFE and why would one use it instead of TrueCrypt?
|
I know this because Tyler knows this.
|
|
|
|
Nefario (OP)
|
|
June 17, 2011, 09:26:06 AM |
|
WTF is FreeOTFE and why would one use it instead of TrueCrypt?
FreeOTFE is an On The Fly Encryption application. You can use it instead of TC because it doesn't need to be installed, at least the Portable Explorer version doesn't(otherwise it requires admion permissions). |
PGP key id at pgp.mit.edu 0xA68F4B7C To get help and support for GLBSE please email support@glbse.com |
|
|
LeFBI
Member
Offline
Activity: 98
Merit: 10
|
|
June 17, 2011, 09:36:52 AM |
|
Why is the wallet.dat not encrypted by default anyway?
Asking the average internet user to use TrueCrypt,FreeOTFE,LinuxCoin,Command Line whatever is ihmo far far far to geeky to be widely accepted.
If you want bitcoin to be an easy payment alternative like paypal, then make it more simple&secure. If simply copying the wallet file is enough to rob someone, it's hell insecure. :-/
When you first start the bitcoin client and wallet is created, there is no prompt telling the user that he/she must secure the wallet file, it doesn't even say that it exists or where the wallet file is saved. But these are things you at least have to tell the average non-geek user. When i think of my parents for example...they know how to use google,emails and even managed to sign up at ebay. but they don't give a fuck about Cookies,Scripts,TrueCrypt whatsoever. And that isn't about to change. In the Bitcoin client you could simply implement a start dialog like "Choose wallet" , Click, "Enter Password", click, done. And it would be save from simply copying the wallet file. Of course this wouldn't make it 100% secure, there will always be keyloggers,trojans and such...but it would at least make it a bit harder and not every idiot could simply copy the file and use it. In bitcoin it's all about hashing, encryption, making the network as secure as possible but the wallet is an open door.
|
|
|
|
|
doomy
Newbie
Offline
Activity: 28
Merit: 0
|
|
June 17, 2011, 09:44:44 AM |
|
WTF is FreeOTFE and why would one use it instead of TrueCrypt?
QFE |
|
|
|
|
|
Vladimir
|
|
June 17, 2011, 09:48:55 AM |
|
Bitcoin developers, please, please, please do create encrypted wallet functionality, so that I can run bitcoin on my malware infested windows computer while enjoying false sense of security.
|
-
|
|
|
doomy
Newbie
Offline
Activity: 28
Merit: 0
|
|
June 17, 2011, 09:52:42 AM |
|
Best place to place the encrypted file is on Dropbox.  |
|
|
|
|
LeFBI
Member
Offline
Activity: 98
Merit: 10
|
|
June 17, 2011, 09:57:34 AM |
|
so that I can run bitcoin on my malware infested windows computer while enjoying false sense of security. said the linux nerd. |
|
|
|
|
BombaUcigasa
Legendary
Offline
Activity: 1442
Merit: 1005
|
|
June 17, 2011, 10:00:30 AM |
|
WTF is FreeOTFE and why would one use it instead of TrueCrypt?
You can use it instead of TC because it doesn't need to be installed, at least the Portable Explorer version doesn't(otherwise it requires admion permissions). Just like TrueCrypt? |
|
|
|
|
|
flug
|
|
June 17, 2011, 10:00:44 AM |
|
Bitcoin developers, please, please, please do create encrypted wallet functionality, so that I can run bitcoin on my malware infested windows computer while enjoying false sense of security.
Are you inferring that the average person's computer will never be safe enough to use the bitcoin client? |
|
|
|
|
BombaUcigasa
Legendary
Offline
Activity: 1442
Merit: 1005
|
|
June 17, 2011, 10:01:34 AM |
|
Bitcoin developers, please, please, please do create encrypted wallet functionality, so that I can run bitcoin on my malware infested windows computer while enjoying false sense of security.
Are you inferring that the average person's computer will never be safe enough to use the bitcoin client? It is cheaper to solve the issue at the client level. One single change, every user receives increased security. |
|
|
|
|
|
flug
|
|
June 17, 2011, 10:10:50 AM |
|
Bitcoin developers, please, please, please do create encrypted wallet functionality, so that I can run bitcoin on my malware infested windows computer while enjoying false sense of security.
Are you inferring that the average person's computer will never be safe enough to use the bitcoin client? It is cheaper to solve the issue at the client level. One single change, every user receives increased security. Vladimir's inference was that this 'solving' the issue at the client level would be giving a false sense of security, which is the worst of all worlds. |
|
|
|
|
|
Vladimir
|
|
June 17, 2011, 10:12:54 AM |
|
Bitcoin developers, please, please, please do create encrypted wallet functionality, so that I can run bitcoin on my malware infested windows computer while enjoying false sense of security.
Are you inferring that the average person's computer will never be safe enough to use the bitcoin client? You inferred it. I implied what you said in the post #18.  If your computer is compromised, you are screwed, the moment you enter your password to decrypt the wallet. Banks get around this (still not completely) with second factor auth and I do not see how bitcoin can do second factor auth without losing decentralisation. (unless Satoshi comes out of the woods with invention of proofofwork/blockhain for second factor auth) |
-
|
|
|
LeFBI
Member
Offline
Activity: 98
Merit: 10
|
|
June 17, 2011, 10:31:59 AM |
|
If your computer is compromised, you are screwed, the moment you enter your password to decrypt the wallet.
That's always the case >if< your pc is compromised. an encrypted wallet.dat would protect from simply copying the file to usb, if someone has physical access to your pc. also if your pc is compromised doesn't automatically mean it's running a keylogger in the background. every idiot can copy&paste a file but not every idiot knows how to set up keylogger. making the wallet more secure doesn't harm anyone, so why not do it? there will never be 100% security, but it would at least be a bit safer than it is now. |
|
|
|
|
|
