Luckybit
|
|
November 15, 2013, 01:31:39 AM |
|
Advanced persistent threats can exist in any and every one of our computer systems. At any time a government can flip a switch and force us to pay some tax in Bitcoins?
No, they cannot. And... Have you been hit by a ransomware before? Do you know anyone who have been? Quit being paranoid. Ransomware did exist, still exist, and will exist. With no more power than they had before, provided you have a safe backup of your wallet. So you're telling me that if each Bitcoin is worth $1 million dollars ransomware or other sophisticated malware and spyware wont be developed to target Bitcoin users? This isn't paranoia it's common sense. Governments may or may not have hit any of us already with advanced persistent threats. Do you think they'll tell us? http://en.wikipedia.org/wiki/GhostNet
|
|
|
|
p2pbucks
|
|
November 15, 2013, 01:34:22 AM |
|
Foundation should be dismissed right now ! They are Bitcoin Destroyers!
|
|
|
|
playtin
Full Member
Offline
Activity: 201
Merit: 101
https://playt.in
|
|
November 15, 2013, 01:34:56 AM |
|
Developments like this redlist thing played a big role for us in our decision to add a wallet and off-chain transactions to our service. Especially off-chain transactions can help to fight such nonsense. https://bitcointalk.org/index.php?topic=333350.0
|
|
|
|
Kouye
Sr. Member
Offline
Activity: 336
Merit: 250
Cuddling, censored, unicorn-shaped troll.
|
|
November 15, 2013, 01:44:37 AM |
|
So you're telling me that if each Bitcoin is worth $1 million dollars ransomware or other sophisticated malware and spyware wont be developed to target Bitcoin users? This isn't paranoia it's common sense. Governments may or may not have hit any of us already with advanced persistent threats. Do you think they'll tell us?
You're a persistent one. I'm just telling you that ransomware will not magically become more efficient than it is now just because people acknowledge bitcoin being worth more than murrikan dollar. Ransomware today is a pain. Ransomware tomorrow will be a pain. Ransomware won't be more dangerous tomorrow than it is today. Your coins are safe as long as you have a backup+strong passphrase or cold wallets. Just smile and go to sleep.
|
[OVER] RIDDLES 2nd edition --- this was claimed. Look out for 3rd edition! I won't ever ask for a loan nor offer any escrow service. If I do, please consider my account as hacked.
|
|
|
Ipsum
Member
Offline
Activity: 62
Merit: 10
|
|
November 15, 2013, 01:53:33 AM |
|
So it's a very serious problem which I think people on this forum are underestimating. Cryptolocker could destroy Bitcoin just like the blacklist can.
Mike's core concern, based on the thread on the Foundation forums, is that Cryptolocker is a serious problem, and because it's such a demonically simple way to extort cash from people, it's going to become a huge problem. There will be many, many copycats soon, and you get enough non-techies getting ripped off and having their first experience with bitcoin this way, and suddenly govs around the world become very hostile to bitcoin (vs barely caring about it, and figuring out how they feel about it as is the case now). And then (or perhaps before), you can kiss any hope of business acceptance of bitcoin (something we all dream of, I'd imagine, so that we can transact in bitcoin without having to resort to exchanges) goodbye. Mike's example is Tor, which is a network that failed to clean up the abuse that goes through it, resulting in all sorts of networks and sites now banning access from Tor exit nodes, drastically reducing the ability of someone to use Tor to normally use the internet. The same thing can happen with bitcoin, and as someone who does want to be able to transact in bitcion someday, failing to look at ways to isolate bad actors from the bitcoin network is a mistake. I don't think -anybody- at the Foundation is happy about even having to have this discussion. But the discussion has to happen, because Cryptolocker is a real issue that's going to become a lot bigger soon. There are very few vectors of attack against Cryptolocker (and inevitable copycats), whereas stuff like Silk Road is almost guaranteed to fail long-term due to the huge number of vectors for law enforcement to use against it. Unfortunately, one of those very few vectors usable against Cryptolocker is bitcoin. I think it's unlikely the Foundation will end up making coin redlisting/tainting/blacklisting/whatever an official policy they try to push, but the idea that we shouldn't even be having the discussion is crazy. The process at arriving at a solution for problems usually involves many dead ends and dark caves before you find the route to the top of the mountain.
|
|
|
|
Ytterbium
|
|
November 15, 2013, 01:57:11 AM |
|
This doesn't even make any sense. Coins already carry "taint", you can see where they come from. If someone wants to publish a list of transactions they don't like, they're obviously free to do that. I could setup a website with my own "redlist" today. What problem is this even supposed to solve?
The problem of course, is who maintains this list? The bitcoin foundation? every government in the world? If I'm in Iran do I have to apply the US government's redlist? What happens when the US government tries to use the redlist to help stop the Iranian nuclear program, is some Iranian nuclear scientist supposed to reject his own paycheck?
It does illustrate the importance of keeping mining decentralized, though. If there are a few central, major mines in the world, they'll have an incentive not to mine blocks with 'redlisted' addresses, and on top of that they can even refuse to mine off blocks with redlisted addresses in a government-coordinated 51% attack.
|
|
|
|
drawingthesun
Legendary
Offline
Activity: 1176
Merit: 1015
|
|
November 15, 2013, 02:00:18 AM |
|
The only solution is to fast forward development of CoinJoin/ZeroCoin type systems.
If Mikes/US Governments lists all work based on tracking coins ("taint analyses") then now moving towards a fully anonymous Bitcoin is the only way to go.
I argued almost a year ago (different account I think) that the future must be Bitcoin with some built in anonymous capability otherwise evils like coin tracking will emerge.
Already if you make a payment you risk the merchant discovering your a millionaire and risk life and limb (In this way Bitcoin can be less private than a normal bank account, at least my local IGA has no idea what my bank balance is)
The solution is to make it commonplace to anonymize almost every transaction or set of transactions by default. This will stop NSA tracking, the redlist and people discovering your networth.
|
|
|
|
tvbcof
Legendary
Offline
Activity: 4704
Merit: 1276
|
|
November 15, 2013, 02:02:13 AM |
|
... Hearn posted the following message to the legal section of the members-only foundation forum: ...
This was exactly my biggest concern when the idea of the foundation was initially floated, and I stated it. Fungus grows in the dark. As it happened, the level of opacity is far worse than I even dreamed it might be. In order to protect my own ass I need to understand the way things are progressing and I'm not going to buy a seat at the foundation just to do this because I feel that they are not acting in the best interests of what I'd like to see Bitcoin become.
|
sig spam anywhere and self-moderated threads on the pol&soc board are for losers.
|
|
|
Kouye
Sr. Member
Offline
Activity: 336
Merit: 250
Cuddling, censored, unicorn-shaped troll.
|
|
November 15, 2013, 02:02:39 AM |
|
Mike's core concern, based on the thread on the Foundation forums, is that Cryptolocker is a serious problem, and because it's such a demonically simple way to extort cash from people, it's going to become a huge problem. There will be many, many copycats soon, and you get enough non-techies getting ripped off and having their first experience with bitcoin this way, and suddenly govs around the world become very hostile to bitcoin[...]
Ransomwares are as old as internet. They've always been around, and they have no more power than they had before bitcoin. And even if you are right, Ipsum, can you PLEASE explain to me how redlisting coins would help fighting CryptoLocker copycats ? I think it's unlikely the Foundation will end up making coin redlisting/tainting/blacklisting/whatever an official policy
That's a relief. I guess.
|
[OVER] RIDDLES 2nd edition --- this was claimed. Look out for 3rd edition! I won't ever ask for a loan nor offer any escrow service. If I do, please consider my account as hacked.
|
|
|
Wary
|
|
November 15, 2013, 02:03:22 AM |
|
Its easy to redlist someone/something, but its a career ending move to clear the wrong person. Good point!
|
Fairplay medal of dnaleor's trading simulator.
|
|
|
Ytterbium
|
|
November 15, 2013, 02:05:41 AM |
|
Mike's core concern, based on the thread on the Foundation forums, is that Cryptolocker is a serious problem, and because it's such a demonically simple way to extort cash from people, it's going to become a huge problem. There will be many, many copycats soon, and you get enough non-techies getting ripped off and having their first experience with bitcoin this way, and suddenly govs around the world become very hostile to bitcoin (vs barely caring about it, and figuring out how they feel about it as is the case now). And then (or perhaps before), you can kiss any hope of business acceptance of bitcoin (something we all dream of, I'd imagine, so that we can transact in bitcoin without having to resort to exchanges) goodbye.
Here's a thought - why don't people keep their virus definition files up to date? Microsoft deserves a huge amount of blame for leaving their OSes unprotected for such an incredibly long time, but windows 8 actually does include Microsoft Security Essentials for free. Anyway, how many people have actually gotten the cryptlocker virus? I think it's pretty unlikely that this will be anything more then a fringe thing affecting people who probably don't have any valuable files anyway, because they don't even know how to use their computer. A virus writer will have to be extremely selective in targeting people if they don't want their virus to end up in virus definition, which in turn means not very many people will be effected. If they try to spread it all over the place it'll end up blocked everywhere, which in turn, again, means no one gets it. DPR tried to have people whacked for bitcoin, and this stupid virus is what people are worried about "ruining bitcoin"?
|
|
|
|
Peter R
Legendary
Offline
Activity: 1162
Merit: 1007
|
|
November 15, 2013, 02:10:39 AM |
|
So it's a very serious problem which I think people on this forum are underestimating. Cryptolocker could destroy Bitcoin just like the blacklist can.
Mike's core concern, based on the thread on the Foundation forums, is that Cryptolocker is a serious problem, and because it's such a demonically simple way to extort cash from people, it's going to become a huge problem. There will be many, many copycats soon, and you get enough non-techies getting ripped off and having their first experience with bitcoin this way, and suddenly govs around the world become very hostile to bitcoin (vs barely caring about it, and figuring out how they feel about it as is the case now). And then (or perhaps before), you can kiss any hope of business acceptance of bitcoin (something we all dream of, I'd imagine, so that we can transact in bitcoin without having to resort to exchanges) goodbye. CryptoLocker is forcing people to rethink their computer security. In our post-Snowden world, I believe this is a long-term good thing, despite the harm and frustration it is causing people in the short term. I actually met one of the victims, BTW. A late-60's women from Vancouver trying to buy coins from the Robocoin ATM: https://bitcointalk.org/index.php?topic=330720What she didn't like about bitcoin was the difficulty she had in buying one. I thought it was interesting that in her mind cryptolocker was "evil Russian hackers" and bitcoin was just some unrelated thing she could buy from the ATM.
|
|
|
|
Kouye
Sr. Member
Offline
Activity: 336
Merit: 250
Cuddling, censored, unicorn-shaped troll.
|
|
November 15, 2013, 02:13:51 AM |
|
CryptoLocker is forcing people to rethink their computer security.
no, No, NO, NO. Ransomware have existed before most bictoiners were born. This is very, very old news.
|
[OVER] RIDDLES 2nd edition --- this was claimed. Look out for 3rd edition! I won't ever ask for a loan nor offer any escrow service. If I do, please consider my account as hacked.
|
|
|
millsdmb
|
|
November 15, 2013, 02:16:38 AM Last edit: November 15, 2013, 02:27:39 AM by millsdmb |
|
This is just the beginning. Satoshi would be ashamed.
its so sad too, because Satoshi reached out to Mike to get him more involved (as I understand it). Now he appears to be looking to effectively kill the whole thing. Q: I'm not technically savvy, but wouldn't the solution be CryptoLocker counter-measures on client computers? A: (Mike's own words) "That's certainly a solution yes, but unfortunately it's sort of like saying the solution to burglary is having locks ondoors and windows, so we don't need the police." And this guy is important for bitcoin? SMDH. (edit: source: https://jumpshare.com/v/FCGnW40vMhG8ETE8i57h?b=rJU3YwFcBYWUD5X0bbqR)
|
|
|
|
Peter R
Legendary
Offline
Activity: 1162
Merit: 1007
|
|
November 15, 2013, 02:18:22 AM |
|
CryptoLocker is forcing people to rethink their computer security.
no, No, NO, NO. Ransomware have existed before most bictoiners were born. This is old news. So if you or someone you know was a victim of cryptolocker, you wouldn't rethink your computer security? I know the old lady and I both re-thought our computer security ( https://bitcointalk.org/index.php?topic=330720) The fact that cryptolocker was not the first instance of ransomware does not make my statement false. Haha: CryptoLocker: not the first, just the best.
|
|
|
|
Kouye
Sr. Member
Offline
Activity: 336
Merit: 250
Cuddling, censored, unicorn-shaped troll.
|
|
November 15, 2013, 02:21:32 AM |
|
The fact that cryptolocker was not the first instance of ransomware does not make my statement false.
It does not, indeed. If you agree explaining to me how redlisting coins would help, and how bitcoin make you more vulnerable to ransomware... I'll tell you a nice story called Reveton.
|
[OVER] RIDDLES 2nd edition --- this was claimed. Look out for 3rd edition! I won't ever ask for a loan nor offer any escrow service. If I do, please consider my account as hacked.
|
|
|
Peter R
Legendary
Offline
Activity: 1162
Merit: 1007
|
|
November 15, 2013, 02:27:09 AM |
|
The fact that cryptolocker was not the first instance of ransomware does not make my statement false.
It does not, indeed. If you agree explaining to me how redlisting coins would help, and how bitcoin make you more vulnerable to ransomware... I'll tell you a nice story called Reveton. What I said had nothing to do with red-listing coins! I was just pointing out two things: 1. That after meeting a CryptoLocker victim in person, I could tell that they did not relate bitcoin to CryptoLocker. She thought the virus was "evil Russian hackers" and that bitcoins were these things she could buy from the Robocoin ATM in downtown Vancouver. 2. That CryptoLocker, in a twisted sense, may actually be teaching mankind an important lesson in computer security. I think any change to bitcoin based on "CryptoLocker" would be unwise ridiculous. I think any change to bitcoin based on "CryptoLocker" would be unwise ridiculous. I think any change to bitcoin based on "CryptoLocker" would be unwise ridiculous Bitcoin is great as is.
|
|
|
|
justusranvier
Legendary
Offline
Activity: 1400
Merit: 1013
|
|
November 15, 2013, 02:34:03 AM |
|
I don't think -anybody- at the Foundation is happy about even having to have this discussion. But the discussion has to happen, because Cryptolocker is a real issue that's going to become a lot bigger soon. There are very few vectors of attack against Cryptolocker (and inevitable copycats), whereas stuff like Silk Road is almost guaranteed to fail long-term due to the huge number of vectors for law enforcement to use against it. Unfortunately, one of those very few vectors usable against Cryptolocker is bitcoin. Cryptolocker is not Bitcoin's issue any more than it's Ford's issue if a bank robber drives off in one of models. If somebody should be thrown under the bus here it should be Microsoft for being unable or unwilling to build secure operating systems. Anyone who says they are worried about Cryptolocker's effect on Bitcoin adoption is lying. By every objective measure: transaction rate, blockchain.info wallets, frequency of conferences, exchange rate, etc, growth is exponential and shows not the slightest sign of being negatively affected by Cryptolocker. This idea of a Cryptolocker backlash is a fake problem used to scare the community into accepting a compromise that's against their best interests. These plans have been in the works for years, as evidenced on this very forum, and the proponents have just been waiting for a suitable excuse the put their plans into effect.
|
|
|
|
Luckybit
|
|
November 15, 2013, 02:36:36 AM |
|
So you're telling me that if each Bitcoin is worth $1 million dollars ransomware or other sophisticated malware and spyware wont be developed to target Bitcoin users? This isn't paranoia it's common sense. Governments may or may not have hit any of us already with advanced persistent threats. Do you think they'll tell us?
You're a persistent one. I'm just telling you that ransomware will not magically become more efficient than it is now just because people acknowledge bitcoin being worth more than murrikan dollar. Ransomware today is a pain. Ransomware tomorrow will be a pain. Ransomware won't be more dangerous tomorrow than it is today. Your coins are safe as long as you have a backup+strong passphrase or cold wallets. Just smile and go to sleep. I think Keyhotee is part of the solution to some of these problems. Look at this: https://www.youtube.com/watch?feature=player_detailpage&v=3pZaTdEtK-8The other idea I heard which was very good was the Bitcoin identity protocol. Both of those ideas need to be implemented immediately. And I don't assume my coins are safe enough. I don't trust hardware or software but at this point we have to because this is all we have. Bitcoins are not currently worth enough money for sophisticated and targeted attacks and I don't have a lot of Bitcoins anyway to be worth attacking. But some people have 1000 coins or 10,000 coins and they'll be in danger today. In the future people having just a few coins will have to worry about being cyber robbed. No it's not easy to defend yourself against extortion or identity theft. It's almost impossible to be sure your computer is malware/spyware free and if a government wants to spy they can see everything. We can only do the best we can with our software implementations and use stuff like raspberry pi for hardware. Paranoia is actually necessary to defend valuable information which is why we typically pay experts to do it.
|
|
|
|
Peter R
Legendary
Offline
Activity: 1162
Merit: 1007
|
|
November 15, 2013, 02:38:21 AM |
|
If somebody should be thrown under the bus here it should be Microsoft for being unable or unwilling to build secure operating systems.
+1 The problem is 50% Microsoft and 50% people not being as careful as they should.
|
|
|
|
|