Bitcoin Forum
December 14, 2017, 07:23:35 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Bitadress.org safety concerns  (Read 788 times)
neutrinox
Full Member
***
Offline Offline

Activity: 182

1MCKW9AkWj3aopC1aPegcZEf2fYNrhUQVf


View Profile WWW
October 31, 2013, 05:35:10 PM
 #1

Is there any good way to see if there has been any changes to the source code of Bitaddress.org in recent months/years?

You would think a website like that would be the ideal target for three letter agencies. For example, I notice they are loading external Javascript files from Googles servers.. Isn't external Javascript a very very bad thing to do on such a site? Basically it allows Google to insert whatever Javascript they want on the page, whenever they want...

Which brings me to my last question:

Is there a better, more simple way of generating paper wallets?
1513236215
Hero Member
*
Offline Offline

Posts: 1513236215

View Profile Personal Message (Offline)

Ignore
1513236215
Reply with quote  #2

1513236215
Report to moderator
1513236215
Hero Member
*
Offline Offline

Posts: 1513236215

View Profile Personal Message (Offline)

Ignore
1513236215
Reply with quote  #2

1513236215
Report to moderator
1513236215
Hero Member
*
Offline Offline

Posts: 1513236215

View Profile Personal Message (Offline)

Ignore
1513236215
Reply with quote  #2

1513236215
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513236215
Hero Member
*
Offline Offline

Posts: 1513236215

View Profile Personal Message (Offline)

Ignore
1513236215
Reply with quote  #2

1513236215
Report to moderator
1513236215
Hero Member
*
Offline Offline

Posts: 1513236215

View Profile Personal Message (Offline)

Ignore
1513236215
Reply with quote  #2

1513236215
Report to moderator
flatfly
Legendary
*
Offline Offline

Activity: 1008


View Profile
October 31, 2013, 05:54:51 PM
 #2

You can take a look at NoBrainr (see signature!) and decide if you like it. It's only 20 lines of code and as transparent as it gets.

1111127SpvabYpoeDoiz5L7QPkfiSh2Q. Only donate if you have a reason to.
neutrinox
Full Member
***
Offline Offline

Activity: 182

1MCKW9AkWj3aopC1aPegcZEf2fYNrhUQVf


View Profile WWW
October 31, 2013, 05:56:46 PM
 #3

Sounds good! I don't like then hundreds of lines I have to read at bitaddress. The more there is code --> the more there is potential danger.
greyhawk
Hero Member
*****
Offline Offline

Activity: 924


View Profile
October 31, 2013, 05:59:39 PM
 #4

Your real name is Simon. You're a furry of the fox persuasion from Caracas Venezuela. You like listening to gothic rock / dark cabaret.

The three letter agencies are the least of your problem.
neutrinox
Full Member
***
Offline Offline

Activity: 182

1MCKW9AkWj3aopC1aPegcZEf2fYNrhUQVf


View Profile WWW
October 31, 2013, 06:04:21 PM
 #5

Nice guess but each point was way off Cheesy

It's funny to face ridicule about such safety concerns especially in the post-Snowden world.

It's also interesting to get Ad Hominems. What does it matter who I am if what I'm saying makes sense. So why don't you stick to the facts and try to defend the use of external javascript files?
Remember remember the 5th of November
Legendary
*
Offline Offline

Activity: 1610

Reverse engineer from time to time


View Profile
October 31, 2013, 06:08:56 PM
 #6

Nice guess but each point was way off Cheesy

It's funny to face ridicule about such safety concerns especially in the post-Snowden world.

It's also interesting to get Ad Hominems. What does it matter who I am if what I'm saying makes sense. So why don't you stick to the facts and try to defend the use of external javascript files?
Yeah, it'd be worse if Rainden also released some disturbing information.

BTC:1AiCRMxgf1ptVQwx6hDuKMu4f7F27QmJC2
neutrinox
Full Member
***
Offline Offline

Activity: 182

1MCKW9AkWj3aopC1aPegcZEf2fYNrhUQVf


View Profile WWW
October 31, 2013, 06:12:17 PM
 #7

Yes, let's make a big joke about security. That's the way to go with Bitcoin.

The truth is, the code at bitaddress.org could be compromised at any moment and nobody would notice it.

Feel free to assume NSA/FBI/CIA would not resort to such low forms of attack. I'd rather not assume anything. Not after learning about the methods they are using to protect the "interests" of US gov.
Bitalo_Maciej
Member
**
Offline Offline

Activity: 80


Lead developer


View Profile WWW
October 31, 2013, 06:19:25 PM
 #8

You can look at project's GitHub commit history. Git commits are guarded with SHA-256, so they can't be changed after a commit is made. For added security, you can use Git's diff functionality to actually see what changed between revisions.

Web wallets get hacked all the time. Computer wallets get hacked all the time as well.
Solution? Hybrid P2SH wallets - safer than your online and offline wallets combined. Check it out, store and trade your Bitcoins with ease of mind!
Stephen Gornick
Legendary
*
Offline Offline

Activity: 2338


✪ NEXCHANGE | BTC, LTC, ETH & DOGE ✪


View Profile
October 31, 2013, 07:03:49 PM
 #9

For example, I notice they are loading external Javascript files from Googles servers.. Isn't external Javascript a very very bad thing to do on such a site?

I had been using http://www.changedetection.com to monitor the site and then manually verify and post an OK on the BitAddress forum thread.   Sure, that's not foolproof since if the site were compromised and spits out a compromised page let's say for 1 out of 10 requests, the chances are very low I'ld know for some time (i.e., a 10% chance of detecting it, 90% chance the attacker would get away with it -- for at least one day.)

Here are the steps I follow:
 - http://bitcoin.stackexchange.com/a/9115/153

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!