Bitcoin Forum
December 08, 2016, 02:24:29 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 ... 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 [112] 113 114 115 »
  Print  
Author Topic: Trust No One  (Read 143106 times)
braxx
Sr. Member
****
Offline Offline

Activity: 392


View Profile
December 27, 2013, 10:57:08 PM
 #2221

tnx 4 the advise
1481163869
Hero Member
*
Offline Offline

Posts: 1481163869

View Profile Personal Message (Offline)

Ignore
1481163869
Reply with quote  #2

1481163869
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481163869
Hero Member
*
Offline Offline

Posts: 1481163869

View Profile Personal Message (Offline)

Ignore
1481163869
Reply with quote  #2

1481163869
Report to moderator
1481163869
Hero Member
*
Offline Offline

Posts: 1481163869

View Profile Personal Message (Offline)

Ignore
1481163869
Reply with quote  #2

1481163869
Report to moderator
Forcecast
Newbie
*
Offline Offline

Activity: 27


View Profile
December 27, 2013, 11:30:53 PM
 #2222

Just so you know: http://bitcoinscammers.com/
bennylou
Newbie
*
Offline Offline

Activity: 4


View Profile
December 27, 2013, 11:52:23 PM
 #2223

Thanks for the advice..
Meuh6879
Legendary
*
Offline Offline

Activity: 1092



View Profile
December 28, 2013, 12:14:57 AM
 #2224

to react about the first post ... it's right, the only way to keep is bitcoin is the "bitcoin-QT" application with the 15Go of associate blockchain folder.

i use only android app with nothing more like 100 Euros (200mBTC).

French ... but not so much   ---===---   P2P ... it's people at the end   ---===---   P2Pool (10,9 GH/s).
Comment miner des bitcoins ? Un tutoriel est là : https://bitcointalk.org/index.php?topic=1114415.0
Bitcoin change everything ... an explain of this fact : https://www.youtube.com/watch?v=joITmEr4SjY
singood
Newbie
*
Offline Offline

Activity: 2


View Profile
December 28, 2013, 01:44:44 AM
 #2225

Disagree, the scenario you outlined is far more unlikely than a memorable password being hacked.  Also still limits the suspects to people who could theoretically gain access to the passwords.

Perhaps, but it really depends on how the person chooses to generate his/her password. If the person is naive enough to use the same password or the same passphrase or same method always, then obviously he/she's going to be screwed. But the same person is also likely to be equally naive with physical security. In the end, the weakest link is still the user.


Quote
Even if you do simple letter substitution, the password should still be over 13 characters for any amount of security from rainbow tables. Very difficult to remember for the average person.

A password should always be long and safer if the code salts the password hash properly. The average person won't be able to remember a random sequence of letters, but a passphrase like "This is my password for getting into the bitcoin bank" and using "Timpfgitbb" is probably much easier. Of course the risk is again, a naive user might just end up using the same passphrase and effectively reducing it to a 2 letter password since only the last few letters would ever change.

Quote
Also- Micro screenshot loggers take images of the surrounding area of a mouse click.  Rarely do you have to worry about your entire screen being recorded since live recording of your screen would drag most computers down enough for the average person to be concerned anyways.  Even if they take an image of the entire screen with every mouse click, a simple solution would be to make the secure keyboard randomize positions with every entry.  Another level of complexity would be to have the keyboard scroll so only a line of characters was visible to click on at a time, so you could not use a process of elimination.

Only the last suggestion would be useful IMO because if the logger screenshots just the active window (or even a reasonably wide area such as 200px instead of just a few pixels around the cursor), it would be able to see the entire keyboard. Randomizing that on every click doesn't help since every click gets the logger a new picture with all the keys except the one you used.

The problem with the scroller is that the average users may get rapidly annoyed with it and give up using the system or find ways to get around it if they have to deal with it daily. That's what make users put password stick-it  on office monitors in places where they implement draconian password policies such as minimum 10 letters, no reusing of last 12 passwords, no similar passwords, new password every 2 weeks or 30 log ins.

Quote
As for firewalls, I'm most concerned with methods that don't involve configuration of your computer, since more secure wallets and merchanting programs 'out of the box' will assist in widespread adoption

Frankly speaking if the user's system isn't secured in the first place against information leak, nothing we do can be considered secured. Just the initial entry of the password during registration, or even receiving a generated password in the email, could be the time of the leak, rendering whatever physical measures or random onscreen keyboard useless.

sibilant_doge
Member
**
Offline Offline

Activity: 112


View Profile
December 28, 2013, 01:48:58 AM
 #2226

So, just out of curiosity what does encrypting my wallet do? because when I have the program open I can seem to send and receive as I please. Does it encrypt against outside tapping? What does it do against someone remote accessing my computer?
dbradley
Newbie
*
Offline Offline

Activity: 13


View Profile
December 28, 2013, 03:52:06 AM
 #2227

This is the sort of paranoia we need more of around here!

In this case, a less trusted forum member (me) was leveraging the trust of someone who was much more trusted. Michael Hendrix met all my requirements for how to choose someone to trust if you must (listed above), except obviously he had no insurance himself. In that forum thread I was telling the people placing bets that they don't need to trust me if they trust him, since he was holding my bond.

We could have been in cahoots, but there wouldn't be any point to doing that. Michael already has a lot of trust - he doesn't need my help to scam people if he decides he wants to do so.
infinitybo
Newbie
*
Offline Offline

Activity: 28


View Profile
December 28, 2013, 02:46:08 PM
 #2228

@Sibilant_doge It's alright to be curious anyways encrypting your wallet is a good security practice.

 ✰ If You Risk Nothing, You Risk Everything | PrimeDice.com | The New Way To Roll |  (https://PrimeDice.com) *Thread* (https://bitcointalk.org/index.php?topic=208986.0)
dbradley
Newbie
*
Offline Offline

Activity: 13


View Profile
December 28, 2013, 07:11:41 PM
 #2229

Some really good advice - and much appreciated!
Anyone have any thoughts on Mpex and the trustworthiness of the person who runs it?
CoinCidental
Legendary
*
Offline Offline

Activity: 924


View Profile
December 28, 2013, 07:23:51 PM
 #2230

Some really good advice - and much appreciated!
Anyone have any thoughts on Mpex and the trustworthiness of the person who runs it?

Trust No One
infinitybo
Newbie
*
Offline Offline

Activity: 28


View Profile
December 29, 2013, 03:02:41 PM
 #2231

@Dbradley Definitely something to say about because we'll give you the best advice here and that's good !

 ✰ If You Risk Nothing, You Risk Everything | PrimeDice.com | The New Way To Roll |  (https://PrimeDice.com) *Thread* (https://bitcointalk.org/index.php?topic=208986.0)
chindit
Newbie
*
Offline Offline

Activity: 22


View Profile
January 01, 2014, 03:38:45 AM
 #2232

Seriously. Don't trust the exchanges, don't trust online wallet services, don't trust your anti-virus software, and don't trust anybody online.

If you absolutely must trust someone with your bitcoins, for the love, choose carefully!

  • Do you know their full name?
  • Do you know where they are located?
  • Have they demonstrated trustworthiness in the past?
  • Are they asking you to trust them? (red flag)
  • Do they have insurance?

Insurance? Impossible, you say. Not so!

When I needed people to trust me to hold bitcoins for a contest, I deposited 50 bitcoins as a bond with a well-respected forum member, so that even if I did something stupid and lost people's money, they would still be reimbursed. You can read about it here: http://bitcointalk.org/index.php?topic=10008.0

Consider carefully who you will trust. With bitcoins, elaborate scams may be profitable. For instance, someone may develop trust for their user name over many months with small transactions on this forum, then take advantage of that trust to make off with a lot of money. Such a scam would only be worth doing on this forum. No other forum in the world would be worth the effort.

If you want someone to hold your bitcoins for you, there are NO online services that have the transparency and security to make me comfortable using them for storing bitcoins for more than a short time in small amounts. The only way to do it is like I did - choose someone whom you believe to be trustworthy, and approach them. If they approach you, or in any way say or insinuate that they are a trustworthy person to hold your coins, STAY AWAY.

If you are thinking that I might not be trustworthy, since I am writing this post about the issue, you are approaching the appropriate level of paranoia.

If you want to store your bitcoins with maximum security, there are lots of resources about how to do it, such as this: https://en.bitcoin.it/wiki/Securing_your_wallet

Here's my summary:

1. Put all your coins in a new wallet that has never connected to the network
2. Encrypt that wallet with the maximum security you can find, using the most secure password you can keep track of
3. Delete the plaintext wallet, and distribute the encrypted wallet to every piece of physical media you own, store it online, and send it to several people you trust

Don't think you can generate and remember a secure enough password? Create a super-long password, and store clues to help you remember it. For instance, your password clue file might say:

My standard password + My throwaway password (backwards, all caps) + &#$%@ + First two sentences of first paragraph of page 19 of my favorite book (include all capitalization and punctuation) + My wife's mother's middle name + My son's favorite superhero + My favorite number times 8734 + food my wife hates (backwards, all caps) + 9-digit number stored with my paper will + 10-character password stored in my safety deposit box + . . . .

You can go on in this way to create as long a password as you want. Store this password clue file with your encrypted wallet, and optionally encrypt both with a simple standard password to keep out snoopers.

In this way, not only can you recover your coins from your "savings account" at a later date, if you get hit by a chicken truck tomorrow and die, your loved ones can probably piece together your password and recover the coins too (better make sure you trust them, and that between them they have or can get the answers to those clues).

I recommend that you practice your wallet encryption and recovery a few times with a small number of coins, until you are very comfortable with the process before you try it with the bulk of your savings.

And remember, this is how most bitcoins services get started:

https://lh3.googleusercontent.com/-lgm4poF3JWE/TgsHwby-BlI/AAAAAAAADwQ/twan94HT6p4/020.jpg

Comic from: http://bitcointalk.org/index.php?topic=13903.0
We are really pissing the bankers off. (rothschild, rockerfckrs, bush,  morgans etc.). Do you really think that they will give up their unearned paradise without a fight? They "own" the banks, who "own" the politicians who control your culture & your existence. Cryptocoin is a threat to them but they are laughing 'cos they have the n.s.a, mi5 & 6 introducing new cryptocoins to confuse & confound the movement! It's not just a few greedy geeks who are introducing dogshitcoin , catshit coin & gulliblecoin. "No". It's the very people who we are trying to avoid. Please beware of new cryptocoins they are a "trap" because these sick'os will not allow the real ones to succeed. Your community is under attack!!!! Luv U guys....Happy new year. !
seftonde
Newbie
*
Offline Offline

Activity: 17


View Profile
January 10, 2014, 04:10:40 AM
 #2233

dacoinminster:

I read your original post on paranoia.  Although you wrote it a few years ago it is wonderful.  I am the head of information security for a major facility and I wish I could ingrain some of your thoughts in my user community!  Very well done, sir (or madam).

I've been messing with computers, programming, information security and such since the last 70's.  I've just recently gotten into the crypto world after casually following bitcoin for the past few years (and I wish I'd started mining it back a few years ago!).  I turned my macbook pro into an impromptu miner (CPU) and picked up a few litecoin and dogecoin.  I got worried about my CPU temps peaking out at 100 C, especially since this is my primary tool for my hobby of publishing children's iOS software, which I 've been doing since the iPhone was released.  I did buy four bitcoin at $220 USD in November 2013 and am pleased at myself given the current price.  Smiley

So, off to the local store I headed, bought the cheapest windows tower I could find, a beefed up power supply, a high end video card and now I'm at 400 kHz, headed to 1Mhs hopefully when my next card comes in and I'm hooked!

Trying to learn as much as I can about this field, and realizing I may be profiting in the process (but not counting on that).

Looking forward to learning and having fun!

Daniel

Jonsteri
Newbie
*
Offline Offline

Activity: 1


View Profile
January 11, 2014, 01:17:33 AM
 #2234

Thanks for the great info.

How do you guys feel about group buys here in the forums ?
I don't feel comfortable sending a bitcoin to a person i don't know although it seems legit and .35 btc for 30 ghash seems like a good deal
GetVisaCoin
Member
**
Offline Offline

Activity: 104


View Profile
January 11, 2014, 01:59:21 AM
 #2235

Yes, trust no one! Look at all the scams going on at the moment. It's very damaging to the crypto movement to have all this scamming going on. I plan to offer a bounty to catch Visacoin. If he gets away with his scam there will be more. If he is caught and suffers the consequences of his actions, then the community will have sent a message.

[GVC]GetVisaCoin :: Born for Retribution--Send a message to scammers--You will be exposed and punished!!!
zanzibar
Sr. Member
****
Offline Offline

Activity: 334


View Profile
January 13, 2014, 04:56:03 PM
 #2236

Don't even trust your parents, I mean, are they really your parents?
suzannekennedy
Newbie
*
Offline Offline

Activity: 2


View Profile
January 15, 2014, 07:54:11 PM
 #2237

Hi all, maybe I'm a little late into this thread. I've read a good deal of it, but not all 113 pages of it. Just wanted to insert an idea that I had while reading.

In building trust when it comes to transactions between unknown people.

Why do we need to trust someone? Couldn't there be a piece of software that could handle it for us?

Say I want to trade my 1 BTC for 2,000,000 DOGE to PERSONX.
There could be software that handles the transaction, the 2 of us first allocate what the overall transaction will be (my 1 BTC for PERSONX's 2,000,000 DOGE).
Then we agree on our RISK FACTOR, say .01 BTC , then the program will make many small transactions over the next 24 hours. So, instead of making 1 transaction of 1 BTC for 2,000,000 DOGE it makes 100 transactions over a longer period (as fast as it can be verified, depending on the volume and the risk factor) of .01 BTC for 20,000 DOGE.

The program would choose one person on the first transaction to go first, but it would take turns making each person go first every other micro-transaction. If the first transaction (or any subsequent transaction) never happens then the program stops any further transactions.

People can trade at whatever RISK FACTOR they are comfortable with, knowing that the most they can lose is the RISK FACTOR that they choose. You could make a high volume transaction with a very low risk, but the downside would be that the transaction would take a little longer.

Of course this brings up the issue of trusting the program itself, but if the source code is available I don't see any reason to trust it any less than any other wallet software.
gigalink
Newbie
*
Offline Offline

Activity: 2


View Profile
January 16, 2014, 07:59:35 PM
 #2238

Hi bitcoiners -- first poster here.

Since we're talking trust here, I wanted to recount my brief experience purchasing BTC via USD through Localbitcoins.com about a week ago (my first foray into the currency).  I found a seller with a stellar reputation, did a cash deposit to their bank account, and, *presto*, the Localbitcoins escrow system worked flawlessly!  This seemed so much easier and safer than doing an in-person transaction, which some people may have had issues with (based upon what I've read in other forums).  I was not unhappy to pay their 1% fee for this service.

I'm not here to plug the site, only to let people know that I had a good experience.  YMMV, of course.

Cheerio.
Bitech
Newbie
*
Offline Offline

Activity: 1


View Profile
January 18, 2014, 02:41:31 AM
 #2239

Transactions should be divided up into small increments to reduce the risk of losing money.

Say I wanted to trade in $50 worth of BTC for $50, but instead of exchanging it all at once I would do it in 10 small transactions of $5 each. So one by one I make the $5 exchanges, check to see if a transaction is completed, then I move on to the next $5, and then the next until I exchanged all $50 worth of BTC.

That way if the service ends up scamming me I would only lose $5 worth of BTC instead of all $50 of it, then I would mark the service as untrustworthy and take the $45 left of BTC I have left and try another service.

If this is possible to do within a reasonable amount of time then it's a good way to risk only a fraction of the amount you're exchanging.
MaTeZZ
Newbie
*
Offline Offline

Activity: 9

DOGE supporter


View Profile
January 20, 2014, 05:37:56 AM
 #2240

Well talking trust and Mt. Gox
On September 2013 I have initiated a withdrawal of $400 to my bank account via wire transfer.

Its January 2014 and still no $$.... Angry

Always the same answer from Mt. Gox support:

Quote
James Support, Oct 25 16:12 (JST):

Hello,

Thank you for the email. Due to volumes of withdrawals and backlogs there are delay in processing the withdrawals. We are working to clear the backlogs. Sorry for the inconvenience caused. We would not be able to provide ETA at the moment.

We would sure track on the withdrawal and update you once processed. We appreciate your patience and understanding till then.

Best regards,

Mt.Gox Team

Pages: « 1 ... 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 [112] 113 114 115 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!