Bitcoin Forum
December 02, 2016, 10:31:06 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 [7] 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 »
  Print  
Author Topic: Trojan Wallet stealer be careful  (Read 47046 times)
mazmorbid
Newbie
*
Offline Offline

Activity: 14


View Profile
July 03, 2011, 11:42:13 AM
 #121

Is it safer to use something like "My Bitcoin"  Huh
1480717866
Hero Member
*
Offline Offline

Posts: 1480717866

View Profile Personal Message (Offline)

Ignore
1480717866
Reply with quote  #2

1480717866
Report to moderator
1480717866
Hero Member
*
Offline Offline

Posts: 1480717866

View Profile Personal Message (Offline)

Ignore
1480717866
Reply with quote  #2

1480717866
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480717866
Hero Member
*
Offline Offline

Posts: 1480717866

View Profile Personal Message (Offline)

Ignore
1480717866
Reply with quote  #2

1480717866
Report to moderator
mjmvisser
Jr. Member
*
Offline Offline

Activity: 58


View Profile
July 03, 2011, 10:26:46 PM
 #122

Unfortunately Windows is a popular target for phishing/trojans because it is widely used, is known for having many security holes, and encourages users to run as "Administrator" at all times. Using Mac or Linux will make you less of a target. You can still secure a Windows machine, see here for more details: https://en.bitcoin.it/wiki/Securing_your_wallet#Windows
Arlangode
Newbie
*
Offline Offline

Activity: 18


View Profile
July 04, 2011, 10:56:08 AM
 #123

Is there a bitcoin client for the good old C64?
 Cheesy

Edit:

Considering the amount of 5 1/4" floppy disks for downloading and saving the whole story.
[Please insert Disk  Nr. 592345 and press RETURN to continue...]

Join my pool @  huge.triplemining.com
1MLyg5WVFSMifFjkrZiyGW2nw
Newbie
*
Offline Offline

Activity: 28


View Profile
July 04, 2011, 07:01:32 PM
 #124

Is it safer to use something like "My Bitcoin"  Huh

No, because if you have a trojan it could steal your password as well.

Is there a bitcoin client for the good old C64?
 Cheesy

More important: How many MHash/sec can it do?  Cheesy Cheesy Cheesy

oops, username was cut off
1MLyg5WVFSMifFjkrZiyGW2nw7WnsU8AZ4
theshackfam
Newbie
*
Offline Offline

Activity: 5


View Profile
July 04, 2011, 09:03:57 PM
 #125

There will always be problem with "things".. I want bitcoin to stay untracable.  Bitcoin isn't God's currency.. there will always be problems, however we have to work collectively to "fuckup" whatever and whomever is trying to destroy our cyber economy.  I propose anyone who can hack, or "good at computers" should join forces and destroy this threat.  This is the closest thing we have to freedom!

Amen!
shakezillaMT
Newbie
*
Offline Offline

Activity: 5


View Profile
July 05, 2011, 03:01:32 AM
 #126

Thanks for the info. I've gone ahead and changed all passwords on all mining sites to be different as well.
andrewpaul
Newbie
*
Offline Offline

Activity: 1



View Profile
July 05, 2011, 01:11:15 PM
 #127

when you execute a program that contains a Password stealing Trojan horse on your ..... Internet and be careful of any suspicious scripts from mistrustful web sites.
boomerang
Newbie
*
Offline Offline

Activity: 9


View Profile
July 05, 2011, 04:26:19 PM
 #128

thanks for the warning mate

1K9FpusT6UrGm4LngZ5oZ97b5QJV5nyUYz
zenmetsu
Newbie
*
Offline Offline

Activity: 11



View Profile
July 06, 2011, 05:28:11 AM
 #129

If you are ultra paranoid, there are many non-bitcoin related guides out there on how to set up an encrypted filesystem.  At a minimum, you should be running linux to make yourself less of a target.  I'm not bashing on Windows, but personally I feel that it is easier to secure a linux box.

You should encrypt your home directory and use an encrypted swap as well.  I avoid encrypting my entire filesystem due to performance concerns.  swap may be a bit overkill, but you never know for sure how the client is going to work unless you look into the source. 

Ideally you would use an encrypted thumbdrive (4GB or larger for the database files) mounted to ~/.bitcoin or wherever your bitcoin client sets up its data, then shut down the client and remove the thumbdrive when not in use.  You can use a smaller drive and symlink just the wallet.dat file if you want.   I chose to keep the DB there so that I can use clients on different computers and just haul the thumbdrive around with minimal block-synching required.


Although I am a Gentoo user, I found this to be an excellent link detailing how to set up an encrypted thumbdrive on ubuntu: http://www.packtpub.com/article/securely-encrypt-removable-media-with-ubuntu
 
Perform the steps here to secure your wallet in Windows/Mac/Linux.  The linux instructions also cover encrypting your home directory and swap:
https://en.bitcoin.it/wiki/Securing_your_wallet

I cannot stress enough how important it is to create a separate user for bitcoin and avoid browsing/emailing with this user.

Be safe, be smart... and most of all, be a pain in the ass to the hackers.  Smiley
joepie91
Sr. Member
****
Offline Offline

Activity: 294


View Profile
July 06, 2011, 10:03:39 AM
 #130

If you are ultra paranoid, there are many non-bitcoin related guides out there on how to set up an encrypted filesystem.  At a minimum, you should be running linux to make yourself less of a target.  I'm not bashing on Windows, but personally I feel that it is easier to secure a linux box.

You should encrypt your home directory and use an encrypted swap as well.  I avoid encrypting my entire filesystem due to performance concerns.  swap may be a bit overkill, but you never know for sure how the client is going to work unless you look into the source. 

Ideally you would use an encrypted thumbdrive (4GB or larger for the database files) mounted to ~/.bitcoin or wherever your bitcoin client sets up its data, then shut down the client and remove the thumbdrive when not in use.  You can use a smaller drive and symlink just the wallet.dat file if you want.   I chose to keep the DB there so that I can use clients on different computers and just haul the thumbdrive around with minimal block-synching required.


Although I am a Gentoo user, I found this to be an excellent link detailing how to set up an encrypted thumbdrive on ubuntu: http://www.packtpub.com/article/securely-encrypt-removable-media-with-ubuntu
 
Perform the steps here to secure your wallet in Windows/Mac/Linux.  The linux instructions also cover encrypting your home directory and swap:
https://en.bitcoin.it/wiki/Securing_your_wallet

I cannot stress enough how important it is to create a separate user for bitcoin and avoid browsing/emailing with this user.

Be safe, be smart... and most of all, be a pain in the ass to the hackers.  Smiley
This is the vital line in your post. If you can access it, so can a piece of malware.

The solution? Make sure that you are not even able to access it yourself, at any time you may be picking up malware.

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
Airwhale
Full Member
***
Offline Offline

Activity: 221


View Profile
July 07, 2011, 12:19:37 AM
 #131

 Is there an integrated add-on for bit-wallet that encrypts your wallet?  Seems like this could be a handy thing to distribute with the bitwalet client itself.
JaTochNietDan
Newbie
*
Offline Offline

Activity: 27


View Profile WWW
July 07, 2011, 02:58:51 AM
 #132

If you have more than 1000 Bitcoins in your wallet:

1. get yourself a low cost netbook.
2. Install not bloated linux (like archlinux) or FreeBSD or OpenBSD (in order of growing paranoia).
   - make sure that the above is done with ecrypted partitions and swap (plenty of guides on the net).
   - make sure that the above is done while offline as much as possible (for truly paranoid ones).
   - make sure that you do not not even configure wireless hardware, let alone using it
   - physically plug in Ethernet cable when you need connectivity for a minute or so
3. Install bitcoin client, generate a bunch of bitcoin addresses (current account)
4. Over time transfer in small amounts your funds from your existing client to the addresses created in step 3
5. Keep this used exclusively as bitcoin client and nothing else, plug in Ethernet cable when you need to transfer money.
6. Keep this hardware wallet safe.
7. Creating a bitcoin savings account and making secure backups is still need to be done as described in multiply guides elsewhere.

P.S. Do not forget your passwords.






Is all of that really needed? Seriously? I mean what do you think they are going to do to if you don't install any malicious software or run software that hasn't been updated, or an OS that hasn't been updated for that matter.

Although the paranoia is understandable, if I had that many BitCoins in my account with the current exchange rate, I'd probably be extremely cautious too.

Also I saw another post that I forgot to quote about not having an anti-virus program and still never getting a virus, and people were saying I doubt it? How do you think viruses are aquired? Most of the time it's through blatent user error, such as running some random Java applet on a website, or not having your PDF reader updated, or turning off Windows Updates! Maybe you get attacked by the one in a million buffer overflow exploits before they are patched quickly enough, but aren't you running Windows 7 which has protection against it? Smiley

The best potential anti-virus is the person using the computer! Come on people, you just don't get exploited by clicking a link any more, we're well past the IE6 times! Smiley

I will make an important point though for people who aren't as paranoid but do want to keep themselves free of malicious software, simply keep everything updated and really limit what you download software-wise. Make sure Windows Updates are on, turning them off is a deathwish. Also on another note, try not to use many addons on browsers, addons are a bigger source of holes than the browsers themselves, one of the most commonly attacked one is Adobe PDF reader plugin, where you can literally get exploited just by browsing to a PDF on your browser, I'd avoid those kind of addons completely.
joepie91
Sr. Member
****
Offline Offline

Activity: 294


View Profile
July 07, 2011, 10:20:03 AM
 #133

If you have more than 1000 Bitcoins in your wallet:

1. get yourself a low cost netbook.
2. Install not bloated linux (like archlinux) or FreeBSD or OpenBSD (in order of growing paranoia).
   - make sure that the above is done with ecrypted partitions and swap (plenty of guides on the net).
   - make sure that the above is done while offline as much as possible (for truly paranoid ones).
   - make sure that you do not not even configure wireless hardware, let alone using it
   - physically plug in Ethernet cable when you need connectivity for a minute or so
3. Install bitcoin client, generate a bunch of bitcoin addresses (current account)
4. Over time transfer in small amounts your funds from your existing client to the addresses created in step 3
5. Keep this used exclusively as bitcoin client and nothing else, plug in Ethernet cable when you need to transfer money.
6. Keep this hardware wallet safe.
7. Creating a bitcoin savings account and making secure backups is still need to be done as described in multiply guides elsewhere.

P.S. Do not forget your passwords.






Is all of that really needed? Seriously?
Would you keep $16,000 lying on your dinner table, instead of buying a dedicated safe or keeping it in a bank?
Quote
I mean what do you think they are going to do to if you don't install any malicious software or run software that hasn't been updated, or an OS that hasn't been updated for that matter.
Ever heard of 0days?
Quote
Also I saw another post that I forgot to quote about not having an anti-virus program and still never getting a virus, and people were saying I doubt it? How do you think viruses are aquired? Most of the time it's through blatent user error, such as running some random Java applet on a website, or not having your PDF reader updated, or turning off Windows Updates! Maybe you get attacked by the one in a million buffer overflow exploits before they are patched quickly enough, but aren't you running Windows 7 which has protection against it? Smiley
No. Very often viruses are acquired through exploiting 0day vulnerabilities, using for example driveby exploit kits on websites. You don't need to click anything, you don't need to give permission for anything, you just have to open a webpage. That can be a random newspaper whose site has been broken into. Or did you really think all 'virus creators' were still kids in their parents basement?
Quote
The best potential anti-virus is the person using the computer! Come on people, you just don't get exploited by clicking a link any more, we're well past the IE6 times! Smiley
See above, blatant bullshit.
Quote
I will make an important point though for people who aren't as paranoid but do want to keep themselves free of malicious software, simply keep everything updated and really limit what you download software-wise. Make sure Windows Updates are on, turning them off is a deathwish.
Windows Update also likes to install software that transmits data about your computer and certain use of it to Microsoft. Without consent. Funny how spyware also comes in through the Windows Update feature, huh?
Quote
Also on another note, try not to use many addons on browsers, addons are a bigger source of holes than the browsers themselves, one of the most commonly attacked one is Adobe PDF reader plugin, where you can literally get exploited just by browsing to a PDF on your browser, I'd avoid those kind of addons completely.
The Adobe PDF reader plugin is not exploited, Adobe PDF Reader itself is exploited. Not to mention that you can usually not just remove the Adobe Reader plugin from your browser after you installed Reader. On that note, get a better PDF reader like Foxit PDF Reader (also free).

You are very much underestimating how vulnerable many systems are, and how easy it is to catch something bad without ever executing anything you downloaded yourself. Stop blaming the users and look at the systems first.

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
JaTochNietDan
Newbie
*
Offline Offline

Activity: 27


View Profile WWW
July 07, 2011, 12:39:49 PM
 #134

If you have more than 1000 Bitcoins in your wallet:

1. get yourself a low cost netbook.
2. Install not bloated linux (like archlinux) or FreeBSD or OpenBSD (in order of growing paranoia).
   - make sure that the above is done with ecrypted partitions and swap (plenty of guides on the net).
   - make sure that the above is done while offline as much as possible (for truly paranoid ones).
   - make sure that you do not not even configure wireless hardware, let alone using it
   - physically plug in Ethernet cable when you need connectivity for a minute or so
3. Install bitcoin client, generate a bunch of bitcoin addresses (current account)
4. Over time transfer in small amounts your funds from your existing client to the addresses created in step 3
5. Keep this used exclusively as bitcoin client and nothing else, plug in Ethernet cable when you need to transfer money.
6. Keep this hardware wallet safe.
7. Creating a bitcoin savings account and making secure backups is still need to be done as described in multiply guides elsewhere.

P.S. Do not forget your passwords.






Is all of that really needed? Seriously?
Would you keep $16,000 lying on your dinner table, instead of buying a dedicated safe or keeping it in a bank?
Quote
I mean what do you think they are going to do to if you don't install any malicious software or run software that hasn't been updated, or an OS that hasn't been updated for that matter.
Ever heard of 0days?
Quote
Also I saw another post that I forgot to quote about not having an anti-virus program and still never getting a virus, and people were saying I doubt it? How do you think viruses are aquired? Most of the time it's through blatent user error, such as running some random Java applet on a website, or not having your PDF reader updated, or turning off Windows Updates! Maybe you get attacked by the one in a million buffer overflow exploits before they are patched quickly enough, but aren't you running Windows 7 which has protection against it? Smiley
No. Very often viruses are acquired through exploiting 0day vulnerabilities, using for example driveby exploit kits on websites. You don't need to click anything, you don't need to give permission for anything, you just have to open a webpage. That can be a random newspaper whose site has been broken into. Or did you really think all 'virus creators' were still kids in their parents basement?
Quote
The best potential anti-virus is the person using the computer! Come on people, you just don't get exploited by clicking a link any more, we're well past the IE6 times! Smiley
See above, blatant bullshit.
Quote
I will make an important point though for people who aren't as paranoid but do want to keep themselves free of malicious software, simply keep everything updated and really limit what you download software-wise. Make sure Windows Updates are on, turning them off is a deathwish.
Windows Update also likes to install software that transmits data about your computer and certain use of it to Microsoft. Without consent. Funny how spyware also comes in through the Windows Update feature, huh?
Quote
Also on another note, try not to use many addons on browsers, addons are a bigger source of holes than the browsers themselves, one of the most commonly attacked one is Adobe PDF reader plugin, where you can literally get exploited just by browsing to a PDF on your browser, I'd avoid those kind of addons completely.
The Adobe PDF reader plugin is not exploited, Adobe PDF Reader itself is exploited. Not to mention that you can usually not just remove the Adobe Reader plugin from your browser after you installed Reader. On that note, get a better PDF reader like Foxit PDF Reader (also free).

You are very much underestimating how vulnerable many systems are, and how easy it is to catch something bad without ever executing anything you downloaded yourself. Stop blaming the users and look at the systems first.

Of course I know about 0day exploits, the odds of you getting hit by one of those is very low. What kind of websites do you hang around in order to get hit by a 0day exploit? I don't really want to know, insecure websites maybe or else some black market websites that are suspicious in the first place. What are the odds you visit a large compromised website with a 0day exploit before either the website is fixed or your program has been updated?

Also I'm aware of the fact it's not the plugin that is exploited, but it is the main source of where people get exploited by it, because they click on a link to a malicious PDF file without even thinking about it, or even noticing that the link is to a PDF file. Also you can remove the plugin just fine after installing it. Also you're assuming that I use Adobe PDF Reader, when in fact you are incorrect, I use Foxit PDF Reader and have been for several years.

Please spare me your conspiracy theories about Microsoft, they aren't giving you spyware like you said.

Oh and in future when talking to me, please don't use such disgraceful language, I'm treating you with respect, I expect the same in return, even if you disagree with me. We're all adults here, so start acting like one by having a mature conversation rather than blatently attacking me verbally. If you do not start doing that, I will not respond to you again.
joepie91
Sr. Member
****
Offline Offline

Activity: 294


View Profile
July 07, 2011, 01:16:20 PM
 #135

-snip-

Of course I know about 0day exploits, the odds of you getting hit by one of those is very low. What kind of websites do you hang around in order to get hit by a 0day exploit? I don't really want to know, insecure websites maybe or else some black market websites that are suspicious in the first place. What are the odds you visit a large compromised website with a 0day exploit before either the website is fixed or your program has been updated?
Those odds are actually pretty large.
http://www.zdnet.com/blog/security/major-online-ad-site-hacked-serving-up-exploit-cocktail/4885
http://www.zdnet.com/blog/security/businessweek-site-hacked-serving-drive-by-exploits/1902
And those are just two massive-scale examples, that I found in 5 minutes of Googling.

Quote
Also I'm aware of the fact it's not the plugin that is exploited, but it is the main source of where people get exploited by it, because they click on a link to a malicious PDF file without even thinking about it, or even noticing that the link is to a PDF file. Also you can remove the plugin just fine after installing it. Also you're assuming that I use Adobe PDF Reader, when in fact you are incorrect, I use Foxit PDF Reader and have been for several years.
You mentioned Adobe PDF Reader in your own post. And do you honestly think that removing the PDF reader plugin is easy enough for the majority of people to do it? How many people do you think are even aware of the capability to remove it?

Quote
Please spare me your conspiracy theories about Microsoft, they aren't giving you spyware like you said.
It's not a 'conspiracy theory'. There have been multiple articles that detailed Windows updates that were sending back more information than they reasonably should (http://www.theregister.co.uk/2003/02/28/windows_update_keeps_tabs/ , http://irregulartimes.com/index.php/archives/2010/10/22/important-windows-update-microsoft-privacy-bing-bar/). I have in fact seen two updates in the update list myself in the past few years, that explicitly mentioned the information they would be sending back... which was way more information than was reasonable for a system update (these were not even security patches, but 'enhancements'). Not to mention the WGA tool and the dubious privacy consequences it has (http://www.theregister.co.uk/2007/03/09/ms_wga_phones_home/ , http://www.computerworld.com/s/article/9001540/Microsoft_faces_class_action_suit_over_WGA_tool?nlid=38&source=NLT_SEC). And yes, the WGA tool was automatically installed through Windows Update.

Quote
Oh and in future when talking to me, please don't use such disgraceful language, I'm treating you with respect, I expect the same in return, even if you disagree with me. We're all adults here, so start acting like one by having a mature conversation rather than blatently attacking me verbally. If you do not start doing that, I will not respond to you again.
And what disgraceful language would that be?

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
JaTochNietDan
Newbie
*
Offline Offline

Activity: 27


View Profile WWW
July 07, 2011, 01:28:04 PM
 #136

-snip-

Of course I know about 0day exploits, the odds of you getting hit by one of those is very low. What kind of websites do you hang around in order to get hit by a 0day exploit? I don't really want to know, insecure websites maybe or else some black market websites that are suspicious in the first place. What are the odds you visit a large compromised website with a 0day exploit before either the website is fixed or your program has been updated?
Those odds are actually pretty large.
http://www.zdnet.com/blog/security/major-online-ad-site-hacked-serving-up-exploit-cocktail/4885
http://www.zdnet.com/blog/security/businessweek-site-hacked-serving-drive-by-exploits/1902
And those are just two massive-scale examples, that I found in 5 minutes of Googling.

Quote
Also I'm aware of the fact it's not the plugin that is exploited, but it is the main source of where people get exploited by it, because they click on a link to a malicious PDF file without even thinking about it, or even noticing that the link is to a PDF file. Also you can remove the plugin just fine after installing it. Also you're assuming that I use Adobe PDF Reader, when in fact you are incorrect, I use Foxit PDF Reader and have been for several years.
You mentioned Adobe PDF Reader in your own post. And do you honestly think that removing the PDF reader plugin is easy enough for the majority of people to do it? How many people do you think are even aware of the capability to remove it?

Quote
Please spare me your conspiracy theories about Microsoft, they aren't giving you spyware like you said.
It's not a 'conspiracy theory'. There have been multiple articles that detailed Windows updates that were sending back more information than they reasonably should (http://www.theregister.co.uk/2003/02/28/windows_update_keeps_tabs/ , http://irregulartimes.com/index.php/archives/2010/10/22/important-windows-update-microsoft-privacy-bing-bar/). I have in fact seen two updates in the update list myself in the past few years, that explicitly mentioned the information they would be sending back... which was way more information than was reasonable for a system update (these were not even security patches, but 'enhancements'). Not to mention the WGA tool and the dubious privacy consequences it has (http://www.theregister.co.uk/2007/03/09/ms_wga_phones_home/ , http://www.computerworld.com/s/article/9001540/Microsoft_faces_class_action_suit_over_WGA_tool?nlid=38&source=NLT_SEC). And yes, the WGA tool was automatically installed through Windows Update.

Quote
Oh and in future when talking to me, please don't use such disgraceful language, I'm treating you with respect, I expect the same in return, even if you disagree with me. We're all adults here, so start acting like one by having a mature conversation rather than blatently attacking me verbally. If you do not start doing that, I will not respond to you again.
And what disgraceful language would that be?

I can see why you may be paranoid, but the way you're talking, it's like you're saying that just because your connected to the internet and using a web-browser you're going to get a virus, but it's just not true. It's giving people a false paranoia of how easy it is to get a virus, when really for most people who are PC savvy and not stupid, it isn't that easy to get yourself infected with something malicious. I've never gotten a virus in the several years of using this PC, I use a light-weight but powerful anti-virus of course, but that's not the point. I simply don't do the things that most people get infected by which are:

  • Download random software
  • Pirate software
  • Turn off automatic updates on everything
  • Give permissions to Java applets (or run Java at all)
  • Hang around on black-market websites or other websites with a malicious userbase

Although if I was keeping a large amount of BitCoins, I would probably secure it in a savings account which I have the all important wallet for stored in an encrypted key, just to be secure. Although there's no reason to start making everyone panic and think that they're just going to get exploited out of nowhere, there are steps you can take to prevent the chances of you ever getting a virus, some of which are common sense, some maybe not.

I've gotten viruses many years ago in a few different ways when I was still new to computing, but after learning how software exploitation works and what viruses are and so on...I've never gotten anything as far as I can tell. Of course you could say that I've been infected and I simply do not know, but if I have been, then they've done nothing with the vast amount of accounts I have and information I store on here.
joepie91
Sr. Member
****
Offline Offline

Activity: 294


View Profile
July 07, 2011, 01:45:02 PM
 #137

-snip-

Of course I know about 0day exploits, the odds of you getting hit by one of those is very low. What kind of websites do you hang around in order to get hit by a 0day exploit? I don't really want to know, insecure websites maybe or else some black market websites that are suspicious in the first place. What are the odds you visit a large compromised website with a 0day exploit before either the website is fixed or your program has been updated?
Those odds are actually pretty large.
http://www.zdnet.com/blog/security/major-online-ad-site-hacked-serving-up-exploit-cocktail/4885
http://www.zdnet.com/blog/security/businessweek-site-hacked-serving-drive-by-exploits/1902
And those are just two massive-scale examples, that I found in 5 minutes of Googling.

Quote
Also I'm aware of the fact it's not the plugin that is exploited, but it is the main source of where people get exploited by it, because they click on a link to a malicious PDF file without even thinking about it, or even noticing that the link is to a PDF file. Also you can remove the plugin just fine after installing it. Also you're assuming that I use Adobe PDF Reader, when in fact you are incorrect, I use Foxit PDF Reader and have been for several years.
You mentioned Adobe PDF Reader in your own post. And do you honestly think that removing the PDF reader plugin is easy enough for the majority of people to do it? How many people do you think are even aware of the capability to remove it?

Quote
Please spare me your conspiracy theories about Microsoft, they aren't giving you spyware like you said.
It's not a 'conspiracy theory'. There have been multiple articles that detailed Windows updates that were sending back more information than they reasonably should (http://www.theregister.co.uk/2003/02/28/windows_update_keeps_tabs/ , http://irregulartimes.com/index.php/archives/2010/10/22/important-windows-update-microsoft-privacy-bing-bar/). I have in fact seen two updates in the update list myself in the past few years, that explicitly mentioned the information they would be sending back... which was way more information than was reasonable for a system update (these were not even security patches, but 'enhancements'). Not to mention the WGA tool and the dubious privacy consequences it has (http://www.theregister.co.uk/2007/03/09/ms_wga_phones_home/ , http://www.computerworld.com/s/article/9001540/Microsoft_faces_class_action_suit_over_WGA_tool?nlid=38&source=NLT_SEC). And yes, the WGA tool was automatically installed through Windows Update.

Quote
Oh and in future when talking to me, please don't use such disgraceful language, I'm treating you with respect, I expect the same in return, even if you disagree with me. We're all adults here, so start acting like one by having a mature conversation rather than blatently attacking me verbally. If you do not start doing that, I will not respond to you again.
And what disgraceful language would that be?

I can see why you may be paranoid, but the way you're talking, it's like you're saying that just because your connected to the internet and using a web-browser you're going to get a virus, but it's just not true. It's giving people a false paranoia of how easy it is to get a virus, when really for most people who are PC savvy and not stupid, it isn't that easy to get yourself infected with something malicious. I've never gotten a virus in the several years of using this PC, I use a light-weight but powerful anti-virus of course, but that's not the point. I simply don't do the things that most people get infected by which are:

  • Download random software
  • Pirate software
  • Turn off automatic updates on everything
  • Give permissions to Java applets (or run Java at all)
  • Hang around on black-market websites or other websites with a malicious userbase

Although if I was keeping a large amount of BitCoins, I would probably secure it in a savings account which I have the all important wallet for stored in an encrypted key, just to be secure. Although there's no reason to start making everyone panic and think that they're just going to get exploited out of nowhere, there are steps you can take to prevent the chances of you ever getting a virus, some of which are common sense, some maybe not.

I've gotten viruses many years ago in a few different ways when I was still new to computing, but after learning how software exploitation works and what viruses are and so on...I've never gotten anything as far as I can tell. Of course you could say that I've been infected and I simply do not know, but if I have been, then they've done nothing with the vast amount of accounts I have and information I store on here.
And there you are hitting the crucial point. The vast majority of computer users is not tech-savvy. If we want Bitcoin to really succeed, it will have to be accessible and secure to a lot of people who are not tech-savvy. Knowing how software exploitation works should simply not be a requirement for using Bitcoin.

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
JaTochNietDan
Newbie
*
Offline Offline

Activity: 27


View Profile WWW
July 07, 2011, 01:53:35 PM
 #138

-snip-

Of course I know about 0day exploits, the odds of you getting hit by one of those is very low. What kind of websites do you hang around in order to get hit by a 0day exploit? I don't really want to know, insecure websites maybe or else some black market websites that are suspicious in the first place. What are the odds you visit a large compromised website with a 0day exploit before either the website is fixed or your program has been updated?
Those odds are actually pretty large.
http://www.zdnet.com/blog/security/major-online-ad-site-hacked-serving-up-exploit-cocktail/4885
http://www.zdnet.com/blog/security/businessweek-site-hacked-serving-drive-by-exploits/1902
And those are just two massive-scale examples, that I found in 5 minutes of Googling.

Quote
Also I'm aware of the fact it's not the plugin that is exploited, but it is the main source of where people get exploited by it, because they click on a link to a malicious PDF file without even thinking about it, or even noticing that the link is to a PDF file. Also you can remove the plugin just fine after installing it. Also you're assuming that I use Adobe PDF Reader, when in fact you are incorrect, I use Foxit PDF Reader and have been for several years.
You mentioned Adobe PDF Reader in your own post. And do you honestly think that removing the PDF reader plugin is easy enough for the majority of people to do it? How many people do you think are even aware of the capability to remove it?

Quote
Please spare me your conspiracy theories about Microsoft, they aren't giving you spyware like you said.
It's not a 'conspiracy theory'. There have been multiple articles that detailed Windows updates that were sending back more information than they reasonably should (http://www.theregister.co.uk/2003/02/28/windows_update_keeps_tabs/ , http://irregulartimes.com/index.php/archives/2010/10/22/important-windows-update-microsoft-privacy-bing-bar/). I have in fact seen two updates in the update list myself in the past few years, that explicitly mentioned the information they would be sending back... which was way more information than was reasonable for a system update (these were not even security patches, but 'enhancements'). Not to mention the WGA tool and the dubious privacy consequences it has (http://www.theregister.co.uk/2007/03/09/ms_wga_phones_home/ , http://www.computerworld.com/s/article/9001540/Microsoft_faces_class_action_suit_over_WGA_tool?nlid=38&source=NLT_SEC). And yes, the WGA tool was automatically installed through Windows Update.

Quote
Oh and in future when talking to me, please don't use such disgraceful language, I'm treating you with respect, I expect the same in return, even if you disagree with me. We're all adults here, so start acting like one by having a mature conversation rather than blatently attacking me verbally. If you do not start doing that, I will not respond to you again.
And what disgraceful language would that be?

I can see why you may be paranoid, but the way you're talking, it's like you're saying that just because your connected to the internet and using a web-browser you're going to get a virus, but it's just not true. It's giving people a false paranoia of how easy it is to get a virus, when really for most people who are PC savvy and not stupid, it isn't that easy to get yourself infected with something malicious. I've never gotten a virus in the several years of using this PC, I use a light-weight but powerful anti-virus of course, but that's not the point. I simply don't do the things that most people get infected by which are:

  • Download random software
  • Pirate software
  • Turn off automatic updates on everything
  • Give permissions to Java applets (or run Java at all)
  • Hang around on black-market websites or other websites with a malicious userbase

Although if I was keeping a large amount of BitCoins, I would probably secure it in a savings account which I have the all important wallet for stored in an encrypted key, just to be secure. Although there's no reason to start making everyone panic and think that they're just going to get exploited out of nowhere, there are steps you can take to prevent the chances of you ever getting a virus, some of which are common sense, some maybe not.

I've gotten viruses many years ago in a few different ways when I was still new to computing, but after learning how software exploitation works and what viruses are and so on...I've never gotten anything as far as I can tell. Of course you could say that I've been infected and I simply do not know, but if I have been, then they've done nothing with the vast amount of accounts I have and information I store on here.
And there you are hitting the crucial point. The vast majority of computer users is not tech-savvy. If we want Bitcoin to really succeed, it will have to be accessible and secure to a lot of people who are not tech-savvy. Knowing how software exploitation works should simply not be a requirement for using Bitcoin.

I agree with you there.
G3n3r0
Newbie
*
Offline Offline

Activity: 6


View Profile
July 08, 2011, 02:17:01 AM
 #139

Hmmm, what if the link provided above is the trojan?  Grin
I thought that exact same thing!
anden12
Newbie
*
Offline Offline

Activity: 8


View Profile
July 10, 2011, 11:05:23 AM
 #140

Even tech-savvy guys can do mistakes when it comes to security. Or take risk they shouldn't.
Pages: « 1 2 3 4 5 6 [7] 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!