Bitcoin Forum
December 08, 2016, 02:34:07 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 [3] 4 »  All
  Print  
Author Topic: A simple application to backup your wallet in Dropbox and Gmail [scam]  (Read 13955 times)
kiba
Legendary
*
Offline Offline

Activity: 980


View Profile
February 19, 2011, 07:39:10 PM
 #41

Well, the sole reason I wasn’t suspicious is simple: As this thread already had some posts I thought, it would’ve come out if the "application" is malicious. I was wrong to put my trust in this, obviously.

I simply didn't bite.

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481164447
Hero Member
*
Offline Offline

Posts: 1481164447

View Profile Personal Message (Offline)

Ignore
1481164447
Reply with quote  #2

1481164447
Report to moderator
mico
Jr. Member
*
Offline Offline

Activity: 58


View Profile WWW
February 19, 2011, 08:46:33 PM
 #42

Those russians if they were russians are making bad reputation for us - lzsaver is trying to investigate it in our russian sub-forum. That is sad how many scammers are from russia (such as Nerd and his bitcointrade.biz and others). Karma will punish you, russian scammers!

bitcoinex
Sr. Member
****
Offline Offline

Activity: 350


probiwon.com


View Profile WWW
February 19, 2011, 09:58:00 PM
 #43

That is sad how many scammers are from russia (such as Nerd and his bitcointrade.biz and others).

This is because work time of the russian programmers are cheap.

New bitcoin lottery: probiwon.com
- Может, ты ещё и в Невидимую Руку Рынка веруешь? - Зачем же веровать в то, что можно наблюдать непосредственно?
Bruce Wagner
Sr. Member
****
Offline Offline

Activity: 336


View Profile
February 19, 2011, 10:01:37 PM
 #44

The internet, as a whole, is a dangerous place for novices and the non-technical.  It's really impossible to come up with a full-proof system to protect every user from themselves.

On the otherhand, even knowledgeable and wise users can be tricked.

Lessons Learned:

(1)   Be a bit Suspicious...  especially if many people have not reported success in using something.

(2)   Don't be the first to try something new --- especially when Bitcoin (i.e. money) is involved!
 
Anonymous
Guest

February 20, 2011, 01:03:23 AM
 #45

Sadly I think this is going to become common. It's just too easy, especially if the forum was even larger and had many unknowing and unsuspecting individuals.
Could we somehow enforce rules on links to downloadable material? Create a team willing to somehow test new downloads before they are allowed on the forum? How do you protect people when the users are not as advanced in computers as 95% of the users here currently?

I sense a new business model.


I think you are right.

ribuck
Donator
Legendary
*
Offline Offline

Activity: 826


View Profile
February 20, 2011, 10:04:29 AM
 #46

Create a team willing to somehow test new downloads before they are allowed on the forum?
It's pretty hard to test a closed-source application. It might work perfectly, but might contain code that changes its behavior at some future date.

You can test more thoroughly by disassembling the binary and working out what it does, but that's seriously time-consuming and wouldn't be practical for apps like this one.

As it happens, this one did (accidentally) include the source code. So a business could have charged a fee to certify it as safe or unsafe.
kiba
Legendary
*
Offline Offline

Activity: 980


View Profile
February 20, 2011, 02:37:19 PM
 #47


As it happens, this one did (accidentally) include the source code. So a business could have charged a fee to certify it as safe or unsafe.

A security firm would just flat out refuse to review closed source software.

ribuck
Donator
Legendary
*
Offline Offline

Activity: 826


View Profile
February 20, 2011, 04:48:54 PM
 #48

A security firm would just flat out refuse to review closed source software.
Security firms review closed source software all the time (e.g. viruses), but it involves reverse engineering, takes a huge amount of time, and costs a lot of money.

For most people it won't be possible to avoid running at least some closed source software that has access to wallet.dat. Even on Linux, few people are running a "whiter than white" distribution. Most people have at least some closed source drivers and codecs on their system.

Effectively securing wallet.dat is really difficult for the non-technical Bitcoin user.
stakhanov
Full Member
***
Offline Offline

Activity: 175


View Profile
February 20, 2011, 08:34:00 PM
 #49

I think one of the lessons there is that wallet.dat should really be encrypted by default, and unlocked with a password when starting the bitcoin client. It's still not bullet proof, but it would make it a lot harder to just steal your wallet with a simple malware app.
BitterTea
Sr. Member
****
Offline Offline

Activity: 294



View Profile
February 20, 2011, 09:26:17 PM
 #50

I am working on an app that will transparently keep multiple wallets in encrypted form until they are "opened" (extracted to the Bitcoin data directory). It also handles removable drives by storing the volume name of the drive your wallet is on. When the volume is inserted, a notification is created and the wallet is available for selection. Two things - it's Windows only, and you'll have to have a GPG keyring.

I'm just cleaning things up right now, I've open sourced any of my projects and am feeling a little self conscious about my code. I'll make a post here once it is available for download.
bitcoinex
Sr. Member
****
Offline Offline

Activity: 350


probiwon.com


View Profile WWW
February 21, 2011, 09:18:26 PM
 #51

I think one of the lessons there is that wallet.dat should really be encrypted by default, and unlocked with a password when starting the bitcoin client. It's still not bullet proof, but it would make it a lot harder to just steal your wallet with a simple malware app.

https://www.bitcoin.org/smf/index.php?topic=1852.0

New bitcoin lottery: probiwon.com
- Может, ты ещё и в Невидимую Руку Рынка веруешь? - Зачем же веровать в то, что можно наблюдать непосредственно?
BitterTea
Sr. Member
****
Offline Offline

Activity: 294



View Profile
February 22, 2011, 11:59:19 PM
 #52

Hey, just a heads up, I've released WalletBuddy, an application (for Windows, .Net 4.0 required) that runs in the systray and securely stores, manages, and backs up multiple wallets. Please feel free to look over the code and let me know if you have any questions.

http://bitcointalk.org/index.php?topic=3735.msg52972
we6jbo
Jr. Member
*
Offline Offline

Activity: 42



View Profile WWW
February 24, 2011, 01:07:11 AM
 #53

In another thread I was reading that since this attack, the developer of his program was, shall I put, worried that nobody would use another 3rd party program here. At least that was my interpretation of what he said. That got me thinking that we're all computer savvy and most of us have security in mind but what about other projects such as Tor which facilities a similar P2P concept as Bitcoin and yet because their project is a lot older than Bitcoin and they have gathered a lot of users with various levels of computer experience, an attack on Bitcoin might might likely happen on Tors site and the program the the attacker writes might idle away on a Tor's computer until the user of Tor decides to try out Bitcoin.

dishwara
Legendary
*
Offline Offline

Activity: 1372

Truth may get delay, but NEVER fails


View Profile
February 24, 2011, 06:41:47 AM
 #54

This only backs up the wallet, correct? I'm assuming it cannot copy while the bitcoin program is running, but I don't know how bitcoin uses the wallet file and if it locks it or not. Could you let me know?

This looks to be what I have been looking for.
just create .bat file (for windows 7, in xp other path to wallet.dat):
Code:
@echo off
:start
xcopy.exe "C:\Users\%username%\AppData\Roaming\Bitcoin\wallet.dat" "C:\%Dropbox_folder%\" /y
sleep 1800
goto start
and do not trust third-party programs

when i run this i got this error
C:\Users\Administrator\Desktop>sleep 1800
'sleep' is not recognized as an internal or external command,
operable program or batch file.

How to solve it?
Also is there any way to do incremental backup (I mean n+1 files)?
BitterTea
Sr. Member
****
Offline Offline

Activity: 294



View Profile
February 24, 2011, 06:49:58 AM
 #55

Also is there any way to do incremental backup (I mean n+1 files)?

WalletBuddy will do that, but I need someone to check my source code first. Smiley
stakhanov
Full Member
***
Offline Offline

Activity: 175


View Profile
February 24, 2011, 07:03:02 AM
 #56

Hey, just a heads up, I've released WalletBuddy, an application (for Windows, .Net 4.0 required)

Why this choice? It means a lot of people (at least here) won't be able to use your app. I would have been interested...

In the long run, I still think it should be included by default in the mainstream client. If we want to see widespread bitcoin adoption, we have to make the default setting as secure as possible.
BitterTea
Sr. Member
****
Offline Offline

Activity: 294



View Profile
February 24, 2011, 07:13:43 AM
 #57

Why this choice? It means a lot of people (at least here) won't be able to use your app. I would have been interested...

In the long run, I still think it should be included by default in the mainstream client. If we want to see widespread bitcoin adoption, we have to make the default setting as secure as possible.

I know, but I'm familiar with the .NET framework and wanted this for myself. It was only after I started building it that I decided to release it. I wonder...

Hmm, it looks like Mono is .NET 4.0 compatible except WPF and some other things which I'm not using. I'm going to test it with their compatibility tool, and then I'll update my thread.

edit... I just need to replace my use of WqlEventQuery to detect drive changes. I should be able to just can periodically instead. Then, I think it should work using Mono 2.8 on Linux.
we6jbo
Jr. Member
*
Offline Offline

Activity: 42



View Profile WWW
February 24, 2011, 07:54:20 AM
 #58

This only backs up the wallet, correct? I'm assuming it cannot copy while the bitcoin program is running, but I don't know how bitcoin uses the wallet file and if it locks it or not. Could you let me know?

This looks to be what I have been looking for.
just create .bat file (for windows 7, in xp other path to wallet.dat):
Code:
@echo off
:start
xcopy.exe "C:\Users\%username%\AppData\Roaming\Bitcoin\wallet.dat" "C:\%Dropbox_folder%\" /y
sleep 1800
goto start
and do not trust third-party programs

when i run this i got this error
C:\Users\Administrator\Desktop>sleep 1800
'sleep' is not recognized as an internal or external command,
operable program or batch file.

How to solve it?
Also is there any way to do incremental backup (I mean n+1 files)?

The command might be delay or pause. Alternatively I believe windows comes with a built in crontab type tool in the lower right hand corner. It's been a long time since I've used windows.

theymos
Administrator
Legendary
*
Offline Offline

Activity: 2492


View Profile
February 24, 2011, 01:18:20 PM
 #59

When i run this i got this error
C:\Users\Administrator\Desktop>sleep 1800
'sleep' is not recognized as an internal or external command,
operable program or batch file.

How to solve it?

Replace "sleep" with "timeout". (This only works with Vista and later.)

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
grondilu
Legendary
*
Offline Offline

Activity: 1134


View Profile
February 24, 2011, 01:24:34 PM
 #60


I'd like to show off my own bash script:

Code:
#!/bin/bash

name=grondilu
sftp_address=grondilu@somewhere.fr
email=grondilu@nospam.fr
bluetoothaddr="00:XX:YY:ZZ:UU:TT"

private="$HOME/Private"
backup="wallet-$(date +%s).dat"

error() {
    echo $1 returned error code $2
    rm -f $private/"$backup"{,.gpg}
    exit $2
}

if
    echo -n "making backup file..."
    bitcoind backupwallet "$private/$backup"
    r=$? ; ((r != 0))
then error bitcoind $r
elif
    echo ok
    cd $private
    echo -n "encrypting..."
    gpg -e -r $name "$backup"
    r=$? ; ((r != 0))
then error gpg $r
elif
    echo ok
    rm "$backup"
    echo -n "copying to distant server..."
    scp "$backup.gpg" $sftp_address:
    r=$? ; ((r != 0))
then error scp $r
elif
    echo ok
    echo -n "adding to distant archive..."
    ssh $sftp_address <<< "tar rf wallet-backup.tar $backup.gpg && rm $backup.gpg"
    r=$? ; ((r != 0))
then error ssh $r
elif
    echo ok
    echo -n "copying to smartphone..."
    obexftp -b "$bluetoothaddr" -c /Data/backups -p "$backup.gpg"
    r=$? ; ((r != 0))
then error obexftp $r
elif
    echo ok
    echo -n "sending backup via email..."
    mutt $email -s backup -a $backup.gpg < /dev/null
    r=$? ; ((r != 0))
then error mutt $r
else
    echo ok
    rm "$backup.gpg"
fi


Pages: « 1 2 [3] 4 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!