A simple application to backup your wallet in Dropbox and Gmail [scam]

[kiba]

Well, the sole reason I wasn’t suspicious is simple: As this thread already had some posts I thought, it would’ve come out if the "application" is malicious. I was wrong to put my trust in this, obviously.

I simply didn't bite.

[mico]

Those russians if they were russians are making bad reputation for us - lzsaver is trying to investigate it in our russian sub-forum. That is sad how many scammers are from russia (such as Nerd and his bitcointrade.biz and others). Karma will punish you, russian scammers!

[bitcoinex]

That is sad how many scammers are from russia (such as Nerd and his bitcointrade.biz and others).

This is because work time of the russian programmers are cheap.

[Bruce Wagner]

The internet, as a whole, is a dangerous place for novices and the non-technical.  It's really impossible to come up with a full-proof system to protect every user from themselves.

On the otherhand, even knowledgeable and wise users can be tricked.

Lessons Learned:

(1)   Be a bit Suspicious...  especially if many people have not reported success in using something.

(2)   Don't be the first to try something new --- especially when Bitcoin (i.e. money) is involved!
 

[Anonymous]

Sadly I think this is going to become common. It's just too easy, especially if the forum was even larger and had many unknowing and unsuspecting individuals.
Could we somehow enforce rules on links to downloadable material? Create a team willing to somehow test new downloads before they are allowed on the forum? How do you protect people when the users are not as advanced in computers as 95% of the users here currently?

I sense a new business model.

I think you are right.

[ribuck]

Create a team willing to somehow test new downloads before they are allowed on the forum?

It's pretty hard to test a closed-source application. It might work perfectly, but might contain code that changes its behavior at some future date.

You can test more thoroughly by disassembling the binary and working out what it does, but that's seriously time-consuming and wouldn't be practical for apps like this one.

As it happens, this one did (accidentally) include the source code. So a business could have charged a fee to certify it as safe or unsafe.

[kiba]

As it happens, this one did (accidentally) include the source code. So a business could have charged a fee to certify it as safe or unsafe.

A security firm would just flat out refuse to review closed source software.

[ribuck]

A security firm would just flat out refuse to review closed source software.

Security firms review closed source software all the time (e.g. viruses), but it involves reverse engineering, takes a huge amount of time, and costs a lot of money.

For most people it won't be possible to avoid running at least some closed source software that has access to wallet.dat. Even on Linux, few people are running a "whiter than white" distribution. Most people have at least some closed source drivers and codecs on their system.

Effectively securing wallet.dat is really difficult for the non-technical Bitcoin user.

[stakhanov]

I think one of the lessons there is that wallet.dat should really be encrypted by default, and unlocked with a password when starting the bitcoin client. It's still not bullet proof, but it would make it a lot harder to just steal your wallet with a simple malware app.

[BitterTea]

I am working on an app that will transparently keep multiple wallets in encrypted form until they are "opened" (extracted to the Bitcoin data directory). It also handles removable drives by storing the volume name of the drive your wallet is on. When the volume is inserted, a notification is created and the wallet is available for selection. Two things - it's Windows only, and you'll have to have a GPG keyring.

I'm just cleaning things up right now, I've open sourced any of my projects and am feeling a little self conscious about my code. I'll make a post here once it is available for download.

[bitcoinex]

I think one of the lessons there is that wallet.dat should really be encrypted by default, and unlocked with a password when starting the bitcoin client. It's still not bullet proof, but it would make it a lot harder to just steal your wallet with a simple malware app.

https://www.bitcoin.org/smf/index.php?topic=1852.0

[BitterTea]

Hey, just a heads up, I've released WalletBuddy, an application (for Windows, .Net 4.0 required) that runs in the systray and securely stores, manages, and backs up multiple wallets. Please feel free to look over the code and let me know if you have any questions.

http://bitcointalk.org/index.php?topic=3735.msg52972

[we6jbo]

In another thread I was reading that since this attack, the developer of his program was, shall I put, worried that nobody would use another 3rd party program here. At least that was my interpretation of what he said. That got me thinking that we're all computer savvy and most of us have security in mind but what about other projects such as Tor which facilities a similar P2P concept as Bitcoin and yet because their project is a lot older than Bitcoin and they have gathered a lot of users with various levels of computer experience, an attack on Bitcoin might might likely happen on Tors site and the program the the attacker writes might idle away on a Tor's computer until the user of Tor decides to try out Bitcoin.

[dishwara]

This only backs up the wallet, correct? I'm assuming it cannot copy while the bitcoin program is running, but I don't know how bitcoin uses the wallet file and if it locks it or not. Could you let me know?

This looks to be what I have been looking for.

just create .bat file (for windows 7, in xp other path to wallet.dat):

Code:

@echo off
:start
xcopy.exe "C:\Users\%username%\AppData\Roaming\Bitcoin\wallet.dat" "C:\%Dropbox_folder%\" /y
sleep 1800
goto start

and do not trust third-party programs

when i run this i got this error
C:\Users\Administrator\Desktop>sleep 1800
'sleep' is not recognized as an internal or external command,
operable program or batch file.

How to solve it?
Also is there any way to do incremental backup (I mean n+1 files)?

[BitterTea]

Also is there any way to do incremental backup (I mean n+1 files)?

WalletBuddy will do that, but I need someone to check my source code first.

[stakhanov]

Hey, just a heads up, I've released WalletBuddy, an application (for Windows, .Net 4.0 required)

Why this choice? It means a lot of people (at least here) won't be able to use your app. I would have been interested...

In the long run, I still think it should be included by default in the mainstream client. If we want to see widespread bitcoin adoption, we have to make the default setting as secure as possible.

[BitterTea]

Why this choice? It means a lot of people (at least here) won't be able to use your app. I would have been interested...

In the long run, I still think it should be included by default in the mainstream client. If we want to see widespread bitcoin adoption, we have to make the default setting as secure as possible.

I know, but I'm familiar with the .NET framework and wanted this for myself. It was only after I started building it that I decided to release it. I wonder...

Hmm, it looks like Mono is .NET 4.0 compatible except WPF and some other things which I'm not using. I'm going to test it with their compatibility tool, and then I'll update my thread.

edit... I just need to replace my use of WqlEventQuery to detect drive changes. I should be able to just can periodically instead. Then, I think it should work using Mono 2.8 on Linux.

[we6jbo]

This only backs up the wallet, correct? I'm assuming it cannot copy while the bitcoin program is running, but I don't know how bitcoin uses the wallet file and if it locks it or not. Could you let me know?

This looks to be what I have been looking for.

just create .bat file (for windows 7, in xp other path to wallet.dat):

Code:

@echo off
:start
xcopy.exe "C:\Users\%username%\AppData\Roaming\Bitcoin\wallet.dat" "C:\%Dropbox_folder%\" /y
sleep 1800
goto start

and do not trust third-party programs

when i run this i got this error
C:\Users\Administrator\Desktop>sleep 1800
'sleep' is not recognized as an internal or external command,
operable program or batch file.

How to solve it?
Also is there any way to do incremental backup (I mean n+1 files)?

The command might be delay or pause. Alternatively I believe windows comes with a built in crontab type tool in the lower right hand corner. It's been a long time since I've used windows.

[theymos]

When i run this i got this error
C:\Users\Administrator\Desktop>sleep 1800
'sleep' is not recognized as an internal or external command,
operable program or batch file.

How to solve it?

Replace "sleep" with "timeout". (This only works with Vista and later.)

[grondilu]

I'd like to show off my own bash script:

Code:

#!/bin/bash

name=grondilu
sftp_address=grondilu@somewhere.fr
email=grondilu@nospam.fr
bluetoothaddr="00:XX:YY:ZZ:UU:TT"

private="$HOME/Private"
backup="wallet-$(date +%s).dat"

error() {
    echo $1 returned error code $2
    rm -f $private/"$backup"{,.gpg}
    exit $2
}

if
    echo -n "making backup file..."
    bitcoind backupwallet "$private/$backup"
    r=$? ; ((r != 0))
then error bitcoind $r
elif
    echo ok
    cd $private
    echo -n "encrypting..."
    gpg -e -r $name "$backup" 
    r=$? ; ((r != 0))
then error gpg $r
elif
    echo ok
    rm "$backup"
    echo -n "copying to distant server..."
    scp "$backup.gpg" $sftp_address:
    r=$? ; ((r != 0))
then error scp $r
elif
    echo ok
    echo -n "adding to distant archive..."
    ssh $sftp_address <<< "tar rf wallet-backup.tar $backup.gpg && rm $backup.gpg"
    r=$? ; ((r != 0))
then error ssh $r
elif
    echo ok
    echo -n "copying to smartphone..."
    obexftp -b "$bluetoothaddr" -c /Data/backups -p "$backup.gpg"
    r=$? ; ((r != 0))
then error obexftp $r
elif
    echo ok
    echo -n "sending backup via email..."
    mutt $email -s backup -a $backup.gpg < /dev/null
    r=$? ; ((r != 0))
then error mutt $r
else
    echo ok
    rm "$backup.gpg"
fi