|
Timbo925
|
 |
April 21, 2013, 12:02:03 PM |
|
Put a warning up about enabling 2 factor auth - I lost 1.2 BTC due to a "It would take a desktop PC about 175 years to crack your password" password. ( http://howsecureismypassword.net) Dont test your password at these kind of sites. Just plain stupid to enter it somewhere online to test the strengt ... |
|
|
|
|
|
rme
|
|
April 21, 2013, 12:24:58 PM |
|
Put a warning up about enabling 2 factor auth - I lost 1.2 BTC due to a "It would take a desktop PC about 175 years to crack your password" password. ( http://howsecureismypassword.net) Dont test your password at these kind of sites. Just plain stupid to enter it somewhere online to test the strengt ... The website uses only Javascript. |
|
|
|
|
|
rme
|
|
April 21, 2013, 12:26:10 PM |
|
Please Blockchain.info redirect HTTP to HTTPS always like Bitcointalk and MtGox do.
Also in the wallet login page warn users to check the green bar in the url.
|
|
|
|
|
internationalaw
Member
 Offline
Activity: 78
Merit: 10
Community Manager at Letstalkbitcoin.com
|
|
April 21, 2013, 05:51:51 PM |
|
Thanks for the reset piuk!!!!!!
|
|
|
|
|
ErebusBat
|
|
April 21, 2013, 11:45:19 PM |
|
Put a warning up about enabling 2 factor auth - I lost 1.2 BTC due to a "It would take a desktop PC about 175 years to crack your password" password. ( http://howsecureismypassword.net) Dont test your password at these kind of sites. Just plain stupid to enter it somewhere online to test the strengt ... I would trust https://www.grc.com/haystack.htm |
|
|
|
John (John K.)
Global Troll-buster and
Legendary
Offline
Activity: 1288
Merit: 1227
Away on an extended break
|
|
April 23, 2013, 02:31:19 PM |
|
PS: The site's having problems again: Got error 157 'Unknown error code' from NDBCLUSTER |
|
|
|
|
Trillian
Newbie
Offline
Activity: 23
Merit: 0
|
|
April 23, 2013, 02:35:55 PM |
|
Yup, latest transaction shown is now 15 mins old. Can't login to my wallet.
|
|
|
|
|
|
|
John (John K.)
Global Troll-buster and
Legendary
Offline
Activity: 1288
Merit: 1227
Away on an extended break
|
|
April 23, 2013, 03:03:56 PM |
|
|
|
|
|
|
|
willphase
|
|
April 23, 2013, 03:37:21 PM |
|
Piuk, can you comment on the Amazon S3 backup regime for deleted private keys - i.e. if I were to upload a private key and then later on delete it - are old copies of the encrypted wallet file still stored on S3 - and if so, for how long?
Regards,
Will
piuk - I wondered if you had a moment to answer my question about the S3 backups...? Will |
|
|
|
hazek
Legendary
Offline
Activity: 1078
Merit: 1003
|
|
April 24, 2013, 09:36:11 AM |
|
I was just suggested to pay a 0.005 fee by the blockchain app. The app is really great however I really miss the option to enter a specific fee. The choice right now seems to be to either not pay anything or to pay what the app suggests..
|
My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)
If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
|
|
|
|
piuk (OP)
|
|
April 24, 2013, 12:03:26 PM
Last edit: April 24, 2013, 01:43:24 PM by piuk |
|
Changes to Alias ResolvingWhen a wallet is accessed using an alias if the browser does not already have the wallet identifier saved or have an authorised login session email authorisation will now be required.  If the browser is perviously recognised by blockchain no authorisation is required. Wallets can still be accessed directly by identifier, which provides 128 bits of entropy and should always be kept secret. For example if you visit my personal wallet: https://blockchain.info/wallet/piuk if will appear as if no wallet exists however I will receive an authorisation email. A number of users have reported their wallet being compromised to me, the exact cause is unknown (I suspect malware) however in pretty much all cases the user has set a wallet alias which is the same as their bitcointalk username (and used on other sites). This is common practice, however it much more secure if the wallet identifier and alias are kept secret. The above changes are meant to address this problem. I will respond to the above posts shortly, apologies for the delay.
|
|
|
|
|
ghostshirt
|
|
April 24, 2013, 12:31:22 PM |
|
Hello,
How does Blockchain.info calculate a transaction fee? I've made a 2420-byte transaction and paid 0.0015 BTC, I thought 0.0005 is the norm for Bitcoin network (for now).
|
|
|
|
|
ErebusBat
|
|
April 24, 2013, 12:31:50 PM |
|
A number of users have reported their wallet being compromised to me, the exact cause is unknown (I suspect malware) however in pretty much all cases the user has set a wallet alias which is the same as their bitcointalk username (and used on other sites). This is common practice, however it much more secure if the wallet identifier and alias are kept secret. The above changes are meant to address this problem.
I will respond to the above posts shortly, apologies for the delay.
I love this. I will let you know if I start to get a ton of emails from unknown browsers. HOWEVER if this is indeed malware targeted at BCI it would be a very trivial task to either just steal the wallet identifier/blob from the browser (we already know they have the password). So we may not see a decline in these reports if this is the cause (however this is still a great feature!). PLEASE ENABLE TWO FACTOR AUTHENTICATION PEOPLE! Ben: Has anyone ever reported a theft from BCI while 2FA was enabled on their account? |
|
|
|
|
ErebusBat
|
|
April 24, 2013, 12:32:31 PM |
|
Hello,
How does Blockchain.info calculate a transaction fee? I've made a 2420-byte transaction and paid 0.0015 BTC, I thought 0.0005 is the norm for Bitcoin network (for now).
It depends on how big (BTC wise) and how old the inputs are. |
|
|
|
|
|
|
Gaff
|
|
April 24, 2013, 01:12:43 PM |
|
Changes to Alias ResolvingWhen a wallet is accessed using an alias if the browser does not already have the wallet identifier saved or have an authorised login session email authorisation will now be required. If the browser is perviously recognised by blockchain no authorisation is required. Wallet can still be accessed directly by identifier, which provides 128 bits of entropy and should always be kept secret. For example if you visit my personal wallet: https://blockchain.info/wallet/piuk if will appear as if no wallet exists however I will receive an authorisation email. A number of users have reported their wallet being compromised to me, the exact cause is unknown (I suspect malware) however in pretty much all cases the user has set a wallet alias which is the same as their bitcointalk username (and used on other sites). This is common practice, however it much more secure if the wallet identifier and alias are kept secret. The above changes are meant to address this problem. I will respond to the above posts shortly, apologies for the delay. I like this change - but blockchain.info assumes my email is secure. I don't think this is a great assumption. Question: Shouldn't 2-factor authentication be sufficient here? If I have the right identifier and I pass the 2-factor check *then* you can send me the encrypted wallet? |
|
|
|
|
|
Gaff
|
|
April 24, 2013, 01:21:19 PM |
|
Changes to Alias Resolving
...Also given the recent scandal with Instawallet URLs being searchable via Google - can you send a one-time-alias URL rather than the real identifier? |
|
|
|
|
|
ErebusBat
|
|
April 24, 2013, 03:16:29 PM
Last edit: April 24, 2013, 03:34:44 PM by ErebusBat |
|
For those that just want the story without the reddit follow through: I just had 160 bitcoins stolen by this transaction: https://blockchain.info/tx/5abb271eb6e2d0da1855b06282c84dcf7467dda9da6da9090cad10ddae957fc7I use the blockchain.info wallet service to manage that address. My password was a random 18 character password with punctuation, upper/lower case etc. I had two-factor authentication with Google Authenticator turned on and a second password on the account that was a random 8 characters. I had logged into the account with my laptop at home to send a small transaction of 0.937 bitcoins half an hour earlier. I haven't left the house since so no one has had access to my laptop. I'm on WPA2 secured wifi but not using a VPN. Laptop is running Ubuntu. I also have the blockchain.info app on my phone. It doesn't use the 2-factor authentication or the main password but does prompt for the second password. I'm at a loss. This is my worst fear realized. Anyone have any suggestions?  EDIT: This is a quote from that thread: The phone app stores your primary password in plain text, relying on the sandboxing mechanism of the phone OS. And it doesn't support 2-factor. Your secondary 8 character password could be cracked. I just looked on my phone using iExplorer and didn't see anything, can anyone else (Ben) confirm or deny how this actually works? |
|
|
|
John (John K.)
Global Troll-buster and
Legendary
Offline
Activity: 1288
Merit: 1227
Away on an extended break
|
|
April 24, 2013, 03:41:33 PM |
|
Missing "Refresh" and "Logoff" GUI buttons that were in the top right corner previously. Is it just me, or something changed in the GUI?
What, no one else lost Refresh/Logoff buttons, just me? I'm on Chrome, and cleared my browser data recently. Now my buttons disappeared, and I miss them! I lose the buttons regularly on my small netbook when I use blockchain.info to push tx's through MyWallet. I'm running Chrome too. |
|
|
|
|
|
