kiba
Legendary
 Offline
Activity: 980
Merit: 1014
|
 |
February 19, 2011, 07:39:10 PM |
|
Well, the sole reason I wasn’t suspicious is simple: As this thread already had some posts I thought, it would’ve come out if the "application" is malicious. I was wrong to put my trust in this, obviously.
I simply didn't bite. |
|
|
|
|
|
|
|
|
There are several different types of Bitcoin clients. The most secure are full nodes like Bitcoin Core, which will follow the rules of the network no matter what miners do. Even if every miner decided to create 1000 bitcoins per block, full nodes would stick to the rules and reject those blocks.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
mico
Full Member
Offline
Activity: 172
Merit: 100
Decentralized Ascending Auctions on Blockchain
|
|
February 19, 2011, 08:46:33 PM |
|
Those russians if they were russians are making bad reputation for us - lzsaver is trying to investigate it in our russian sub-forum. That is sad how many scammers are from russia (such as Nerd and his bitcointrade.biz and others). Karma will punish you, russian scammers!
|
|
|
|
|
bitcoinex
|
|
February 19, 2011, 09:58:00 PM |
|
That is sad how many scammers are from russia (such as Nerd and his bitcointrade.biz and others).
This is because work time of the russian programmers are cheap. |
New bitcoin lottery: probiwon.com- Moжeт, ты eщё и в Heвидимyю Pyкy Pынкa вepyeшь? - Зaчeм жe вepoвaть в тo, чтo мoжнo нaблюдaть нeпocpeдcтвeннo? |
|
|
|
Bruce Wagner
|
|
February 19, 2011, 10:01:37 PM |
|
The internet, as a whole, is a dangerous place for novices and the non-technical. It's really impossible to come up with a full-proof system to protect every user from themselves.
On the otherhand, even knowledgeable and wise users can be tricked.
Lessons Learned:
(1) Be a bit Suspicious... especially if many people have not reported success in using something.
(2) Don't be the first to try something new --- especially when Bitcoin (i.e. money) is involved!
|
|
|
|
|
|
Anonymous
Guest
|
|
February 20, 2011, 01:03:23 AM |
|
Sadly I think this is going to become common. It's just too easy, especially if the forum was even larger and had many unknowing and unsuspecting individuals.
Could we somehow enforce rules on links to downloadable material? Create a team willing to somehow test new downloads before they are allowed on the forum? How do you protect people when the users are not as advanced in computers as 95% of the users here currently?
I sense a new business model. I think you are right. |
|
|
|
|
ribuck
Donator
Hero Member
Offline
Activity: 826
Merit: 1039
|
|
February 20, 2011, 10:04:29 AM |
|
Create a team willing to somehow test new downloads before they are allowed on the forum?
It's pretty hard to test a closed-source application. It might work perfectly, but might contain code that changes its behavior at some future date. You can test more thoroughly by disassembling the binary and working out what it does, but that's seriously time-consuming and wouldn't be practical for apps like this one. As it happens, this one did (accidentally) include the source code. So a business could have charged a fee to certify it as safe or unsafe. |
|
|
|
|
kiba
Legendary
Offline
Activity: 980
Merit: 1014
|
|
February 20, 2011, 02:37:19 PM |
|
As it happens, this one did (accidentally) include the source code. So a business could have charged a fee to certify it as safe or unsafe.
A security firm would just flat out refuse to review closed source software. |
|
|
|
ribuck
Donator
Hero Member
Offline
Activity: 826
Merit: 1039
|
|
February 20, 2011, 04:48:54 PM |
|
A security firm would just flat out refuse to review closed source software.
Security firms review closed source software all the time (e.g. viruses), but it involves reverse engineering, takes a huge amount of time, and costs a lot of money. For most people it won't be possible to avoid running at least some closed source software that has access to wallet.dat. Even on Linux, few people are running a "whiter than white" distribution. Most people have at least some closed source drivers and codecs on their system. Effectively securing wallet.dat is really difficult for the non-technical Bitcoin user. |
|
|
|
|
|
stakhanov
|
|
February 20, 2011, 08:34:00 PM |
|
I think one of the lessons there is that wallet.dat should really be encrypted by default, and unlocked with a password when starting the bitcoin client. It's still not bullet proof, but it would make it a lot harder to just steal your wallet with a simple malware app.
|
|
|
|
|
|
BitterTea
|
|
February 20, 2011, 09:26:17 PM |
|
I am working on an app that will transparently keep multiple wallets in encrypted form until they are "opened" (extracted to the Bitcoin data directory). It also handles removable drives by storing the volume name of the drive your wallet is on. When the volume is inserted, a notification is created and the wallet is available for selection. Two things - it's Windows only, and you'll have to have a GPG keyring.
I'm just cleaning things up right now, I've open sourced any of my projects and am feeling a little self conscious about my code. I'll make a post here once it is available for download.
|
|
|
|
|
|
bitcoinex
|
|
February 21, 2011, 09:18:26 PM |
|
I think one of the lessons there is that wallet.dat should really be encrypted by default, and unlocked with a password when starting the bitcoin client. It's still not bullet proof, but it would make it a lot harder to just steal your wallet with a simple malware app.
https://www.bitcoin.org/smf/index.php?topic=1852.0 |
New bitcoin lottery: probiwon.com- Moжeт, ты eщё и в Heвидимyю Pyкy Pынкa вepyeшь? - Зaчeм жe вepoвaть в тo, чтo мoжнo нaблюдaть нeпocpeдcтвeннo? |
|
|
|
BitterTea
|
|
February 22, 2011, 11:59:19 PM |
|
Hey, just a heads up, I've released WalletBuddy, an application (for Windows, .Net 4.0 required) that runs in the systray and securely stores, manages, and backs up multiple wallets. Please feel free to look over the code and let me know if you have any questions. http://bitcointalk.org/index.php?topic=3735.msg52972 |
|
|
|
|
we6jbo
Newbie
Offline
Activity: 42
Merit: 0
|
|
February 24, 2011, 01:07:11 AM |
|
In another thread I was reading that since this attack, the developer of his program was, shall I put, worried that nobody would use another 3rd party program here. At least that was my interpretation of what he said. That got me thinking that we're all computer savvy and most of us have security in mind but what about other projects such as Tor which facilities a similar P2P concept as Bitcoin and yet because their project is a lot older than Bitcoin and they have gathered a lot of users with various levels of computer experience, an attack on Bitcoin might might likely happen on Tors site and the program the the attacker writes might idle away on a Tor's computer until the user of Tor decides to try out Bitcoin.
|
|
|
|
|
dishwara
Legendary
Offline
Activity: 1855
Merit: 1016
|
|
February 24, 2011, 06:41:47 AM |
|
This only backs up the wallet, correct? I'm assuming it cannot copy while the bitcoin program is running, but I don't know how bitcoin uses the wallet file and if it locks it or not. Could you let me know?
This looks to be what I have been looking for.
just create .bat file (for windows 7, in xp other path to wallet.dat): @echo off
:start
xcopy.exe "C:\Users\%username%\AppData\Roaming\Bitcoin\wallet.dat" "C:\%Dropbox_folder%\" /y
sleep 1800
goto start and do not trust third-party programs when i run this i got this error C:\Users\Administrator\Desktop>sleep 1800 'sleep' is not recognized as an internal or external command, operable program or batch file. How to solve it? Also is there any way to do incremental backup (I mean n+1 files)? |
|
|
|
|
|
BitterTea
|
|
February 24, 2011, 06:49:58 AM |
|
Also is there any way to do incremental backup (I mean n+1 files)?
WalletBuddy will do that, but I need someone to check my source code first.  |
|
|
|
|
|
stakhanov
|
|
February 24, 2011, 07:03:02 AM |
|
Hey, just a heads up, I've released WalletBuddy, an application (for Windows, .Net 4.0 required)
Why this choice? It means a lot of people (at least here) won't be able to use your app. I would have been interested... In the long run, I still think it should be included by default in the mainstream client. If we want to see widespread bitcoin adoption, we have to make the default setting as secure as possible. |
|
|
|
|
|
BitterTea
|
|
February 24, 2011, 07:13:43 AM
Last edit: February 24, 2011, 07:26:34 AM by BitterTea |
|
Why this choice? It means a lot of people (at least here) won't be able to use your app. I would have been interested...
In the long run, I still think it should be included by default in the mainstream client. If we want to see widespread bitcoin adoption, we have to make the default setting as secure as possible.
I know, but I'm familiar with the .NET framework and wanted this for myself. It was only after I started building it that I decided to release it. I wonder... Hmm, it looks like Mono is .NET 4.0 compatible except WPF and some other things which I'm not using. I'm going to test it with their compatibility tool, and then I'll update my thread. edit... I just need to replace my use of WqlEventQuery to detect drive changes. I should be able to just can periodically instead. Then, I think it should work using Mono 2.8 on Linux. |
|
|
|
|
we6jbo
Newbie
Offline
Activity: 42
Merit: 0
|
|
February 24, 2011, 07:54:20 AM |
|
This only backs up the wallet, correct? I'm assuming it cannot copy while the bitcoin program is running, but I don't know how bitcoin uses the wallet file and if it locks it or not. Could you let me know?
This looks to be what I have been looking for.
just create .bat file (for windows 7, in xp other path to wallet.dat): @echo off
:start
xcopy.exe "C:\Users\%username%\AppData\Roaming\Bitcoin\wallet.dat" "C:\%Dropbox_folder%\" /y
sleep 1800
goto start and do not trust third-party programs when i run this i got this error C:\Users\Administrator\Desktop>sleep 1800 'sleep' is not recognized as an internal or external command, operable program or batch file. How to solve it? Also is there any way to do incremental backup (I mean n+1 files)? The command might be delay or pause. Alternatively I believe windows comes with a built in crontab type tool in the lower right hand corner. It's been a long time since I've used windows. |
|
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5194
Merit: 12972
|
|
February 24, 2011, 01:18:20 PM |
|
When i run this i got this error
C:\Users\Administrator\Desktop>sleep 1800
'sleep' is not recognized as an internal or external command,
operable program or batch file.
How to solve it?
Replace "sleep" with "timeout". (This only works with Vista and later.) |
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
grondilu
Legendary
Offline
Activity: 1288
Merit: 1076
|
|
February 24, 2011, 01:24:34 PM |
|
I'd like to show off my own bash script: #!/bin/bash
name=grondilu
sftp_address=grondilu@somewhere.fr
email=grondilu@nospam.fr
bluetoothaddr="00:XX:YY:ZZ:UU:TT"
private="$HOME/Private"
backup="wallet-$(date +%s).dat"
error() {
echo $1 returned error code $2
rm -f $private/"$backup"{,.gpg}
exit $2
}
if
echo -n "making backup file..."
bitcoind backupwallet "$private/$backup"
r=$? ; ((r != 0))
then error bitcoind $r
elif
echo ok
cd $private
echo -n "encrypting..."
gpg -e -r $name "$backup"
r=$? ; ((r != 0))
then error gpg $r
elif
echo ok
rm "$backup"
echo -n "copying to distant server..."
scp "$backup.gpg" $sftp_address:
r=$? ; ((r != 0))
then error scp $r
elif
echo ok
echo -n "adding to distant archive..."
ssh $sftp_address <<< "tar rf wallet-backup.tar $backup.gpg && rm $backup.gpg"
r=$? ; ((r != 0))
then error ssh $r
elif
echo ok
echo -n "copying to smartphone..."
obexftp -b "$bluetoothaddr" -c /Data/backups -p "$backup.gpg"
r=$? ; ((r != 0))
then error obexftp $r
elif
echo ok
echo -n "sending backup via email..."
mutt $email -s backup -a $backup.gpg < /dev/null
r=$? ; ((r != 0))
then error mutt $r
else
echo ok
rm "$backup.gpg"
fi
|
|
|
|
|
