twobits
|
|
June 17, 2011, 01:20:14 PM |
|
If you have more than 1000 Bitcoins in your wallet:
1. get yourself a low cost netbook. 2. Install not bloated linux (like archlinux) or FreeBSD or OpenBSD (in order of growing paranoia).
Damn, I used NetBSD, time to reformat! I was wondering though, how well would a cheap android tablet work? They seem even cheaper then netbooks these days, but no idea yet how secure they are, nor even if you can run bitcoin on them.
|
█████ █████ ███████ █████ ███ █████████████ █████ ██ █████████████████ █████ █ ██████ ██████ █████ ████ ████ █████████████ █████ ████ █████████████ █████ ████ █████████████ █████ ████ █████ █████ █████ █ ██████ ███████ █████ ██ ███████████ █████ █████ ███ █████████ ████ █████ █████ ███████ ██ | | | ███ ███ ███ ███ ███ ███ ███ ███ ███ | | | | | | ███ ███ ███ ███ ███ ███ ███ ███ ███ | | ►WhitePaper ►One-Pager | ███ ███ ███ ███ ███ ███ ███ ███ ███ | | | | ███ ███ ███ ███ ███ ███ ███ ███ ███ | | ███ ███ ███ ███ ███ ███ ███ ███ ███ | █████ █████ ███████ █████ ███ █████████████ █████ ██ █████████████████ █████ █ ██████ ██████ █████ ████ ████ █████████████ █████ ████ █████████████ █████ ████ █████████████ █████ ████ █████ █████ █████ █ ██████ ███████ █████ ██ ███████████ █████ █████ ███ █████████ ████ █████ █████ ███████ ██ |
|
|
|
|
disposablecode
Newbie
Offline
Activity: 2
Merit: 0
|
|
June 17, 2011, 02:25:28 PM |
|
Greetings,
I believe the simplest approach to mitigate risks associated with contracting trojans would to only engage in BitCoin transactions from the security of a VMWARE image that's sole purpose is for just that.
What do you all think?
|
|
|
|
mr-sk
Member
Offline
Activity: 117
Merit: 10
|
|
June 17, 2011, 03:12:06 PM |
|
The thing about this trojan is that it looks in the default dir for the wallet.dat file. It doesn't do an exhaustive search of the filesystem. So a simple fix is to not install the bitcoin client in the default location.
|
Telegram
|
|
|
peedee
Newbie
Offline
Activity: 28
Merit: 0
|
|
June 17, 2011, 03:27:37 PM |
|
The thing about this trojan is that it looks in the default dir for the wallet.dat file. It doesn't do an exhaustive search of the filesystem. So a simple fix is to not install the bitcoin client in the default location.
By the time your were typing that it will have probably evolved to something more smart and will keep doing so.
|
|
|
|
mr-sk
Member
Offline
Activity: 117
Merit: 10
|
|
June 17, 2011, 05:08:35 PM |
|
Possibly, but it needs a propagation method and a new C&C server or destination address since that's been blocked. Its an arms race I agree.
Keep your wallet encrypted and only decrypt for transactions, use TrueCrypt.
|
Telegram
|
|
|
Desu
Newbie
Offline
Activity: 28
Merit: 0
|
|
June 17, 2011, 05:15:28 PM |
|
If there is fear of hack through a computer source, put a savings wallet it on a usb only decrypt it when needed.
|
|
|
|
Coolty
Newbie
Offline
Activity: 17
Merit: 0
|
|
June 17, 2011, 05:18:05 PM |
|
It only makes sense that a trojan specializing in this would pop up.
|
|
|
|
Quantus
Legendary
Offline
Activity: 883
Merit: 1005
|
|
June 17, 2011, 06:10:57 PM |
|
can you put an encrypted file inside another encrypted file?
|
(I am a 1MB block supporter who thinks all users should be using Full-Node clients) Avoid the XT shills, they only want to destroy bitcoin, their hubris and greed will destroy us. Know your adversary https://www.youtube.com/watch?v=BKorP55Aqvg
|
|
|
Desu
Newbie
Offline
Activity: 28
Merit: 0
|
|
June 17, 2011, 06:13:25 PM |
|
can you put an encrypted file inside another encrypted file? I once asked if you can zip a bunch of zip files. Lol
|
|
|
|
im3w1l
|
|
June 17, 2011, 06:35:14 PM |
|
I have a simpler method than the netbook one, almost as safe. Make yourself a lot of wallets, with a fixed amount per wallet. Whenever you need to buy something, unencrypt the first wallet, send btc. Then proceed with the others. In this way, you can only lose one wallets worth. Another advantage, which of course could also be gotten by with multiple addresses in a single wallet, is that your holdings wont stand out in block explorer (could potentially make you a target)
|
|
|
|
|
Run BTC
Newbie
Offline
Activity: 5
Merit: 0
|
|
June 17, 2011, 08:58:52 PM |
|
Be sure to check out http://www.bitprotection.info - wallet backup 100 percent coverage protection ... you can encrypt all day but once you loose it there is noway of getting the value of your BTC back until now ... Bookmarked. Thanks for the heads-up.
|
|
|
|
bsd
Newbie
Offline
Activity: 34
Merit: 0
|
|
June 18, 2011, 12:17:25 AM |
|
I'm loving all the talk here about BSD. FreeBSD ftw. OpenCL mining on GPUs isn't supported in FreeBSD though
|
|
|
|
Seiks
Newbie
Offline
Activity: 3
Merit: 0
|
|
June 18, 2011, 02:41:43 AM |
|
Yeah... It bothers me not being able to mine opencl on GPU in freebsd :/
|
|
|
|
Saint Cad
Newbie
Offline
Activity: 14
Merit: 0
|
|
June 18, 2011, 03:21:32 AM |
|
Within an hour after downloading the client, Spyware Doctor found a trojan on my computer. Coincidence?
|
|
|
|
Tech-Boy
Newbie
Offline
Activity: 6
Merit: 0
|
|
June 18, 2011, 04:05:46 AM |
|
Wow 25kbtc Wow
|
|
|
|
kuloch
Member
Offline
Activity: 70
Merit: 10
|
|
June 18, 2011, 05:04:38 AM |
|
mmmmm, would've been helpful to describe the trojan scam.
You can read it here. https://forum.bitcoin.org/index.php?topic=16457.0As a Newbie, I can't post on that thread. So, here's my thought on the subject. If Bitcoins are a set of digital Alpha/numerric characters for each Bitcoin, then each REAL transaction should add the sellers 'input' characters to the code that verify that the seller ACTUALLY sold them to a Specific buyer, who know has them in his Account/s. They need to be traceable, that way. So, stealing them would not add any verifiable characters to each Bitcoin, which should render them worthless to the thief, but still holding their value for the owner they were 'stolen' from. IF he was SMART enough to keep them backed-up, then he'd still have his version of the digital docs, that have his code attached to them, NO? No. Part of the point of BitCoin is that everything is completely traceable. Check out blockexplorer.com. The "seller" does provide a uniquely identifiable piece of information with every transaction. That is your digital signature, which only the account's owner can create. However, the issue with wallet-stealing is that the private key used (in tandem with the public key or address) to create that digital signature is compromised, making the original account owner no longer the only account owner. E.g., if you tell me your private key, I now own your account just as much as you do, for all intents and purposes.
|
|
|
|
chicki
Newbie
Offline
Activity: 3
Merit: 0
|
|
June 18, 2011, 06:32:36 AM |
|
Sigh. Always a pickpocket in the crowd.
|
|
|
|
apflux
Newbie
Offline
Activity: 6
Merit: 0
|
|
June 18, 2011, 08:10:36 AM |
|
In fact encryption is useless if you enter your password with your keyboard. If your computer gets compromised by a trojan it can read your password with a keylogger. Part of the point of BitCoin is that everything is completely traceable. Check out blockexplorer.com. The "seller" does provide a uniquely identifiable piece of information with every transaction. That is your digital signature, which only the account's owner can create. However, the issue with wallet-stealing is that the private key used (in tandem with the public key or address) to create that digital signature is compromised, making the original account owner no longer the only account owner.
I wonder if it is possible to store my bitcoin private key on smart card.
|
|
|
|
joepie91
|
|
June 18, 2011, 09:54:54 AM |
|
Possibly, but it needs a propagation method and a new C&C server or destination address since that's been blocked. Its an arms race I agree.
Keep your wallet encrypted and only decrypt for transactions, use TrueCrypt.
These stealers typically get run once (bound to a legit application) and then exit and never run again. They only need to steal your wallet once. So no C&C is involved.
|
Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
|
|
|
|