Bitcoin Forum
October 23, 2017, 02:52:07 AM *
News: Latest stable version of Bitcoin Core: 0.15.0.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Does running Bitcoin QT make you a target for hackers?  (Read 1368 times)
go1111111
Full Member
***
Offline Offline

Activity: 182


View Profile
November 01, 2013, 02:34:55 AM
 #1


I don't fully understand the Bitcoin network, but wouldn't running QT leave you vulnerable to the below scenario?

Step 1: I decide to become an evil hacker, so I learn how to hack.
Step 2: I run a modified version of the QT client, which prints out a list of all the other nodes on the bitcoin network that are visible to me.
Step 3: I take my big list of IP addresses, and using my logical skills I deduce that a lot of those IPs correspond to machines with bitcoin wallets on them.
Step 4: I try to penetrate as many of the machines with those IPs as possible, install keyloggers on any that I can break into, and grab any wallets that I can find.
Step 5: Profit?

What's the flaw in my plan? Is step 4 just extremely hard?

 

1508727127
Hero Member
*
Offline Offline

Posts: 1508727127

View Profile Personal Message (Offline)

Ignore
1508727127
Reply with quote  #2

1508727127
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Elwar
Legendary
*
Online Online

Activity: 2254


www.bitpools.com


View Profile WWW
November 01, 2013, 02:38:52 AM
 #2

Logging into bitcointalk and allowing images to be viewed makes you a target for hackers.

http://www.bitpools.com
Pool your bitcoins with others. Vote on solutions using the Bitcoin blockchain. Keep your bitcoins in your cold storage until you find a solution you like.
Links and Reviews of useful every day places to spend bitcoins: https://bitcointalk.org/index.php?topic=943143.0
go1111111
Full Member
***
Offline Offline

Activity: 182


View Profile
November 01, 2013, 03:52:49 AM
 #3

Logging into bitcointalk and allowing images to be viewed makes you a target for hackers.

Ah, good point.

Anyone know a good resource to get answers to the following questions then? (maybe a more security-focused forum)

Assume you're given an IP,

(1) the IP belongs to a windows 8 machine, the admin password is very simple, and remote desktop is enabled. How easy is it to break in? I assume it's just a matter of guessing passwords as fast as you can. Anyone know the practical limit to how many remote desktop password attempts a win8 machine will allow per unit of time?
(2) If remote desktop is disabled, then it's very unlikely that even a dedicated hacker could get into your machine even if your admin password is super simple, right? I assume this is the kind of vulnerability that would make a huge news splash if found.

adamstgBit
Legendary
*
Offline Offline

Activity: 1904


Trusted Bitcoiner


View Profile WWW
November 01, 2013, 04:05:39 AM
 #4

Logging into bitcointalk and allowing images to be viewed makes you a target for hackers.

Ah, good point.

Anyone know a good resource to get answers to the following questions then? (maybe a more security-focused forum)

Assume you're given an IP,

(1) the IP belongs to a windows 8 machine, the admin password is very simple, and remote desktop is enabled. How easy is it to break in? I assume it's just a matter of guessing passwords as fast as you can. Anyone know the practical limit to how many remote desktop password attempts a win8 machine will allow per unit of time?
(2) If remote desktop is disabled, then it's very unlikely that even a dedicated hacker could get into your machine even if your admin password is super simple, right? I assume this is the kind of vulnerability that would make a huge news splash if found.



i'm not a hacker but i don't think guessing passwords is the way to go.

best to make users install your trojan which gives you a back door to their computer. the trojan can read the wallet.dat file and report its contents, which can do a lot of damage if you did not encrypted your wallet with a strong password.


if you just don't install shit off the web,
disable java!
and encrypted your wallet

I would imagine hackers won't be able to get to you.

Ecurb123
Full Member
***
Offline Offline

Activity: 182


View Profile
November 01, 2013, 08:55:00 AM
 #5

I think your logic is generally correct. That's why a lot of people will suggest keeping larger value wallets off-line.



I don't fully understand the Bitcoin network, but wouldn't running QT leave you vulnerable to the below scenario?

Step 1: I decide to become an evil hacker, so I learn how to hack.
Step 2: I run a modified version of the QT client, which prints out a list of all the other nodes on the bitcoin network that are visible to me.
Step 3: I take my big list of IP addresses, and using my logical skills I deduce that a lot of those IPs correspond to machines with bitcoin wallets on them.
Step 4: I try to penetrate as many of the machines with those IPs as possible, install keyloggers on any that I can break into, and grab any wallets that I can find.
Step 5: Profit?

What's the flaw in my plan? Is step 4 just extremely hard?

 


Rannasha
Hero Member
*****
Offline Offline

Activity: 728


View Profile
November 01, 2013, 09:03:56 AM
 #6

Logging into bitcointalk and allowing images to be viewed makes you a target for hackers.

Ah, good point.

Anyone know a good resource to get answers to the following questions then? (maybe a more security-focused forum)

Assume you're given an IP,

(1) the IP belongs to a windows 8 machine, the admin password is very simple, and remote desktop is enabled. How easy is it to break in? I assume it's just a matter of guessing passwords as fast as you can. Anyone know the practical limit to how many remote desktop password attempts a win8 machine will allow per unit of time?
(2) If remote desktop is disabled, then it's very unlikely that even a dedicated hacker could get into your machine even if your admin password is super simple, right? I assume this is the kind of vulnerability that would make a huge news splash if found.

Almost all consumer internet modems/routers use NAT and don't directly expose the connected computer(s) to the internet. The IP address that you obtain will lead you to a router, not a computer, and unless said router has some really glaring security holes, there won't be an easy way to get to the actual computer(s) behind the router.

While in principle there is a potential security risk in having your IP address connected to bitcoin-related acitivities, in practice this risk is negligible compared to keyloggers, weak passwords, phishing, etc...
Buffer Overflow
Legendary
*
Offline Offline

Activity: 1652



View Profile
November 01, 2013, 09:04:56 AM
 #7

Logging into bitcointalk and allowing images to be viewed makes you a target for hackers.

Someone could place an image in an PM, when you open the message your IP would be revealed to be sender.

go1111111
Full Member
***
Offline Offline

Activity: 182


View Profile
November 01, 2013, 10:10:59 AM
 #8

Judging by your logic, visiting random site could make you a target for hackers..sigh.

Not quite. A hacker would rather gain access to the computer of someone who uses bitcoin than just a random Internet user.


Rannasha: thanks for the description.
DodoB
Hero Member
*****
Offline Offline

Activity: 504


View Profile
November 01, 2013, 10:18:47 AM
 #9

Probably yes. the best solution is not to keep large amounts of bitcoin in a single computer.
ArticMine
Legendary
*
Offline Offline

Activity: 2058


Monero Core Team


View Profile
November 01, 2013, 07:55:47 PM
 #10


i'm not a hacker but i don't think guessing passwords is the way to go.

best to make users install your trojan which gives you a back door to their computer. the trojan can read the wallet.dat file and report its contents, which can do a lot of damage if you did not encrypted your wallet with a strong password.


if you just don't install shit off the web,
disable java!
and encrypted your wallet

I would imagine hackers won't be able to get to you.

The best anti hacker advice here, which is excellent by the way, is in the poster's avatar. Say no to Microsoft Windows and yes to GNU/Linux

Concerned that blockchain bloat will lead to centralization? Storing less than 4 GB of data once required the budget of a superpower and a warehouse full of punched cards. https://upload.wikimedia.org/wikipedia/commons/8/87/IBM_card_storage.NARA.jpg https://en.wikipedia.org/wiki/Punched_card
mb300sd
Legendary
*
Offline Offline

Activity: 1260

Drunk Posts


View Profile WWW
November 04, 2013, 06:44:07 AM
 #11

Its pretty easy to notice someone guessing passwords at your remote desktop, set an account lockout after 3-10 incorrect attempts... depending on how often you try to log in drunk Grin

1D7FJWRzeKa4SLmTznd3JpeNU13L1ErEco
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!