go1111111 (OP)
|
|
November 01, 2013, 02:34:55 AM |
|
I don't fully understand the Bitcoin network, but wouldn't running QT leave you vulnerable to the below scenario?
Step 1: I decide to become an evil hacker, so I learn how to hack. Step 2: I run a modified version of the QT client, which prints out a list of all the other nodes on the bitcoin network that are visible to me. Step 3: I take my big list of IP addresses, and using my logical skills I deduce that a lot of those IPs correspond to machines with bitcoin wallets on them. Step 4: I try to penetrate as many of the machines with those IPs as possible, install keyloggers on any that I can break into, and grab any wallets that I can find. Step 5: Profit?
What's the flaw in my plan? Is step 4 just extremely hard?
|
|
|
|
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
Elwar
Legendary
Offline
Activity: 3598
Merit: 2386
Viva Ut Vivas
|
|
November 01, 2013, 02:38:52 AM |
|
Logging into bitcointalk and allowing images to be viewed makes you a target for hackers.
|
First seastead company actually selling sea homes: Ocean Builders https://ocean.builders Of course we accept bitcoin.
|
|
|
go1111111 (OP)
|
|
November 01, 2013, 03:52:49 AM |
|
Logging into bitcointalk and allowing images to be viewed makes you a target for hackers.
Ah, good point. Anyone know a good resource to get answers to the following questions then? (maybe a more security-focused forum) Assume you're given an IP, (1) the IP belongs to a windows 8 machine, the admin password is very simple, and remote desktop is enabled. How easy is it to break in? I assume it's just a matter of guessing passwords as fast as you can. Anyone know the practical limit to how many remote desktop password attempts a win8 machine will allow per unit of time? (2) If remote desktop is disabled, then it's very unlikely that even a dedicated hacker could get into your machine even if your admin password is super simple, right? I assume this is the kind of vulnerability that would make a huge news splash if found.
|
|
|
|
adamstgBit
Legendary
Offline
Activity: 1904
Merit: 1037
Trusted Bitcoiner
|
|
November 01, 2013, 04:05:39 AM |
|
Logging into bitcointalk and allowing images to be viewed makes you a target for hackers.
Ah, good point. Anyone know a good resource to get answers to the following questions then? (maybe a more security-focused forum) Assume you're given an IP, (1) the IP belongs to a windows 8 machine, the admin password is very simple, and remote desktop is enabled. How easy is it to break in? I assume it's just a matter of guessing passwords as fast as you can. Anyone know the practical limit to how many remote desktop password attempts a win8 machine will allow per unit of time? (2) If remote desktop is disabled, then it's very unlikely that even a dedicated hacker could get into your machine even if your admin password is super simple, right? I assume this is the kind of vulnerability that would make a huge news splash if found. i'm not a hacker but i don't think guessing passwords is the way to go. best to make users install your trojan which gives you a back door to their computer. the trojan can read the wallet.dat file and report its contents, which can do a lot of damage if you did not encrypted your wallet with a strong password. if you just don't install shit off the web, disable java! and encrypted your wallet I would imagine hackers won't be able to get to you.
|
|
|
|
Ecurb123
|
|
November 01, 2013, 08:55:00 AM |
|
I think your logic is generally correct. That's why a lot of people will suggest keeping larger value wallets off-line. I don't fully understand the Bitcoin network, but wouldn't running QT leave you vulnerable to the below scenario?
Step 1: I decide to become an evil hacker, so I learn how to hack. Step 2: I run a modified version of the QT client, which prints out a list of all the other nodes on the bitcoin network that are visible to me. Step 3: I take my big list of IP addresses, and using my logical skills I deduce that a lot of those IPs correspond to machines with bitcoin wallets on them. Step 4: I try to penetrate as many of the machines with those IPs as possible, install keyloggers on any that I can break into, and grab any wallets that I can find. Step 5: Profit?
What's the flaw in my plan? Is step 4 just extremely hard?
|
|
|
|
Rannasha
|
|
November 01, 2013, 09:03:56 AM |
|
Logging into bitcointalk and allowing images to be viewed makes you a target for hackers.
Ah, good point. Anyone know a good resource to get answers to the following questions then? (maybe a more security-focused forum) Assume you're given an IP, (1) the IP belongs to a windows 8 machine, the admin password is very simple, and remote desktop is enabled. How easy is it to break in? I assume it's just a matter of guessing passwords as fast as you can. Anyone know the practical limit to how many remote desktop password attempts a win8 machine will allow per unit of time? (2) If remote desktop is disabled, then it's very unlikely that even a dedicated hacker could get into your machine even if your admin password is super simple, right? I assume this is the kind of vulnerability that would make a huge news splash if found. Almost all consumer internet modems/routers use NAT and don't directly expose the connected computer(s) to the internet. The IP address that you obtain will lead you to a router, not a computer, and unless said router has some really glaring security holes, there won't be an easy way to get to the actual computer(s) behind the router. While in principle there is a potential security risk in having your IP address connected to bitcoin-related acitivities, in practice this risk is negligible compared to keyloggers, weak passwords, phishing, etc...
|
|
|
|
Buffer Overflow
Legendary
Offline
Activity: 1652
Merit: 1015
|
|
November 01, 2013, 09:04:56 AM |
|
Logging into bitcointalk and allowing images to be viewed makes you a target for hackers.
Someone could place an image in an PM, when you open the message your IP would be revealed to be sender.
|
|
|
|
go1111111 (OP)
|
|
November 01, 2013, 10:10:59 AM |
|
Judging by your logic, visiting random site could make you a target for hackers..sigh.
Not quite. A hacker would rather gain access to the computer of someone who uses bitcoin than just a random Internet user. Rannasha: thanks for the description.
|
|
|
|
DodoB
|
|
November 01, 2013, 10:18:47 AM |
|
Probably yes. the best solution is not to keep large amounts of bitcoin in a single computer.
|
|
|
|
ArticMine
Legendary
Offline
Activity: 2282
Merit: 1050
Monero Core Team
|
|
November 01, 2013, 07:55:47 PM |
|
i'm not a hacker but i don't think guessing passwords is the way to go.
best to make users install your trojan which gives you a back door to their computer. the trojan can read the wallet.dat file and report its contents, which can do a lot of damage if you did not encrypted your wallet with a strong password.
if you just don't install shit off the web, disable java! and encrypted your wallet
I would imagine hackers won't be able to get to you.
The best anti hacker advice here, which is excellent by the way, is in the poster's avatar. Say no to Microsoft Windows and yes to GNU/Linux
|
|
|
|
mb300sd
Legendary
Offline
Activity: 1260
Merit: 1000
Drunk Posts
|
|
November 04, 2013, 06:44:07 AM |
|
Its pretty easy to notice someone guessing passwords at your remote desktop, set an account lockout after 3-10 incorrect attempts... depending on how often you try to log in drunk
|
1D7FJWRzeKa4SLmTznd3JpeNU13L1ErEco
|
|
|
|