Bitcoin Forum
December 08, 2016, 08:11:18 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 ... 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 [118] 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 »
  Print  
Author Topic: Blockchain.info - Bitcoin Block explorer & Currency Statistics  (Read 414545 times)
shibaji
Full Member
***
Offline Offline

Activity: 196



View Profile
April 27, 2013, 06:36:11 AM
 #2341


In the light of recent mysterious stealing of coins despite having 2FA and double password, will it be possible to offer any more protection against withdrawal ? Few suggestions in addition to the existing ones (of course the user will have to enable these, and not default):

1. A email reconfirmation (with hotlink to be clicked) before withdrawal. No reconfirmation, no withdrawal processed.
2. Option to completely disable withdrawal with a radio button / option, for which enabling withdrawal is email hot link confirmation dependent (like #1)
3. A picture + phrase verification while logging in with (alike Bank of America etc.)

Any other suggestions welcome.

BTC: 1G4FWK6U3qQb2ikgdcYZovLzyQ7xmWotBP  LTC: LUnQFuhQKNjhrsK4HSdcsn6Bf3wcT3tW2y  DVC: 1EKz74j7xNBYunJ77wQVD8DE843PwZaRFF
My reputation thread: https://bitcointalk.org/index.php?topic=183806.0
Shibaji's Your Man In USA Service: https://bitcointalk.org/index.php?topic=191303.msg1980889#msg1980889
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
zebedee
Donator
Hero Member
*
Offline Offline

Activity: 666



View Profile
April 27, 2013, 09:10:44 AM
 #2342


In the light of recent mysterious stealing of coins despite having 2FA and double password, will it be possible to offer any more protection against withdrawal ? Few suggestions in addition to the existing ones (of course the user will have to enable these, and not default):

1. A email reconfirmation (with hotlink to be clicked) before withdrawal. No reconfirmation, no withdrawal processed.
2. Option to completely disable withdrawal with a radio button / option, for which enabling withdrawal is email hot link confirmation dependent (like #1)
3. A picture + phrase verification while logging in with (alike Bank of America etc.)

Any other suggestions welcome.
I doubt these help, as the attacker doesn't seem to be using blockchain.info software to attack.  They seem to get the private keys somehow.
shibaji
Full Member
***
Offline Offline

Activity: 196



View Profile
April 27, 2013, 09:14:24 AM
 #2343

I doubt these help, as the attacker doesn't seem to be using blockchain.info software to attack.  They seem to get the private keys somehow.

That's scary!  Shocked

May be piuk can say something - if this has any truth - any withdraw must get suspended until things are resolved. At least piuk should advise people to pull out coins till things get resolved  Sad

BTC: 1G4FWK6U3qQb2ikgdcYZovLzyQ7xmWotBP  LTC: LUnQFuhQKNjhrsK4HSdcsn6Bf3wcT3tW2y  DVC: 1EKz74j7xNBYunJ77wQVD8DE843PwZaRFF
My reputation thread: https://bitcointalk.org/index.php?topic=183806.0
Shibaji's Your Man In USA Service: https://bitcointalk.org/index.php?topic=191303.msg1980889#msg1980889
2_Thumbs_Up
Sr. Member
****
Offline Offline

Activity: 323


View Profile
April 27, 2013, 12:13:25 PM
 #2344

I tried to add a tag for donations to http://www.gimp.org/

However, blockchain said that it can't find the adress in question at the website. You are not looking hard enough. It's in the bitcoin: URI format. Blockchain.info should preferably notice this.
Newar
Legendary
*
Offline Offline

Activity: 1162


https://gliph.me/hUF


View Profile
April 27, 2013, 02:01:29 PM
 #2345

I doubt these help, as the attacker doesn't seem to be using blockchain.info software to attack.  They seem to get the private keys somehow.

That's scary!  Shocked

May be piuk can say something - if this has any truth - any withdraw must get suspended until things are resolved. At least piuk should advise people to pull out coins till things get resolved  Sad
From what I understand the problem is with rooted phones. For me, I have uninstalled the app completely and setup another watch-only wallet on BCI. Installed the app again and will handle transactions from bitcoin-qt, I never had a lot in the BCI wallet to begin with, but a theft would be painful anyway, more so, if the reason is known.

OTC rating | GPG keyid 1DC91318EE785FDE | Gliph: lightning bicycle tree music | Mycelium, a swift & secure Bitcoin client for Android | LocalBitcoins
BurtW
Legendary
*
Offline Offline

Activity: 1792

All paid signature campaigns should be banned.


View Profile WWW
April 27, 2013, 02:09:08 PM
 #2346

From what I understand the problem is with rooted phones.
His most recent post on the subject says otherwise:

https://bitcointalk.org/index.php?topic=187822.msg1954147#msg1954147

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
jubalix
Legendary
*
Offline Offline

Activity: 1330


View Profile
April 27, 2013, 05:59:42 PM
 #2347

Changes to Alias Resolving

When a wallet is accessed using an alias if the browser does not already have the wallet identifier saved or have an authorised login session email authorisation will now be required.



If the browser is perviously recognised by blockchain no authorisation is required. Wallets can still be accessed directly by identifier, which provides 128 bits of entropy and should always be kept secret.

For example if you visit my personal wallet: https://blockchain.info/wallet/piuk if will appear as if no wallet exists however I will receive an authorisation email.

A number of users have reported their wallet being compromised to me, the exact cause is unknown (I suspect malware) however in pretty much all cases the user has set a wallet alias which is the same as their bitcointalk username (and used on other sites). This is common practice, however it much more secure if the wallet identifier and alias are kept secret. The above changes are meant to address this problem.

I will respond to the above posts shortly, apologies for the delay.


so the question is why did this change all of a sudden...why are browsers that were reconised, now not, and identifiers not put in?? as they were before....this is how they are attacking you something here...

::CoinWatch:: watch your PPC/BTC/LTC addresses and get a running balance, no QT, no private keys, no passwords, no logins no, sign ups.
jubalix
Legendary
*
Offline Offline

Activity: 1330


View Profile
April 27, 2013, 06:08:25 PM
 #2348


In the light of recent mysterious stealing of coins despite having 2FA and double password, will it be possible to offer any more protection against withdrawal ? Few suggestions in addition to the existing ones (of course the user will have to enable these, and not default):

1. A email reconfirmation (with hotlink to be clicked) before withdrawal. No reconfirmation, no withdrawal processed.
2. Option to completely disable withdrawal with a radio button / option, for which enabling withdrawal is email hot link confirmation dependent (like #1)
3. A picture + phrase verification while logging in with (alike Bank of America etc.)

Any other suggestions welcome.
I doubt these help, as the attacker doesn't seem to be using blockchain.info software to attack.  They seem to get the private keys somehow.

must be cracking hashes, or injecting .js

::CoinWatch:: watch your PPC/BTC/LTC addresses and get a running balance, no QT, no private keys, no passwords, no logins no, sign ups.
JonSnow
Member
**
Offline Offline

Activity: 112


View Profile
April 27, 2013, 07:54:44 PM
 #2349

HELP!!!

Everytime I go to my wallet page I get notified that an illegal imbedded object has been found and the popup states that I should not continue!!

WTF is going on with blockchain.info?

Apologies this was a problem cause by me. The error should be fixed now if you reload the page a few times.

Also please remove the verifier and use one of the packaged browser extensions http://blockchain.info/wallet/chrome-extension

I had to reinstall my OS and everything from scratch, and when I set up my wallet as before using the firefox extension, it asks for my identifier, but when given then results in the page reloading, the identifier being blank, and an email sent to me.  I click the link in the email, as instructed, but for whatever reason the firefox extension never seems to work or remember the identifier even after I've "allowed" the login attempt.
TheButterZone
Legendary
*
Offline Offline

Activity: 1624


Nemo me impune lacessit


View Profile WWW
April 27, 2013, 11:20:12 PM
 #2350

Is anybody else not getting SMS notifications on their watched addresses?

ETA: Just got one at 0820 UTC 4-28-13, yay.

ΜΟΛΩΝ ΛΑΒΕ! I sell stuff for BTC here here and here | Skirt & Kilts & Violin For Sale | Voiceover for BTC | Copy editing for BTC | THE Bitcoin Sound is here.
gpg_identity=http://pgp.thebutterzone.com | WoT feedback here & eBay feedback here | Buy BTC in San Diego, CA, or worldwide! | Get paid for taking surveys!
Change my name! "I am __ Satoshi __." | PayPal: Bitcoinese for "FU, I'm getting a chargeback up to 365 days later!" | Bitcoin voice chat
Newar
Legendary
*
Offline Offline

Activity: 1162


https://gliph.me/hUF


View Profile
April 28, 2013, 03:48:36 AM
 #2351

From what I understand the problem is with rooted phones.
His most recent post on the subject says otherwise:

https://bitcointalk.org/index.php?topic=187822.msg1954147#msg1954147
Thanks for that link.

Could it be two different attacks? The OP on reddit mentioned he had 2FA enabled and the app installed, whereas I don't see any mention of 2FA in the thread you linked to.

OTC rating | GPG keyid 1DC91318EE785FDE | Gliph: lightning bicycle tree music | Mycelium, a swift & secure Bitcoin client for Android | LocalBitcoins
John (John K.)
Global Troll-buster and
Legendary
*
Offline Offline

Activity: 1092


Will read PM's. Have more time lately


View Profile
April 28, 2013, 04:32:46 AM
 #2352

Is anybody else not getting SMS notifications on their watched addresses?

I'm not getting email notifications on my watched addresses - strange.

My BTC Tip Jar: 1Pgvfy19uwtYe5o9dg3zZsAjgCPt3XZqz9 , GPG ID: B3AAEEB0 ,OTC ID: johnthedong
Escrow service is available on a case by case basis! (PM Me to verify I'm the escrow!)

piuk
Hero Member
*****
Offline Offline

Activity: 910



View Profile WWW
April 28, 2013, 01:25:15 PM
 #2353

New Version of Android App

https://play.google.com/store/apps/details?id=piuk.blockchain.android&feature=nav_result#?t=W251bGwsMSwyLDNd

  • PIN Protection
  • Improved Fee Handling - The Fee policy set in the web interface will now be honoured in the android app
  • Second Password will be cleared after a transaction is sent
  • Fix Pairing Issues



How PIN protection works

1) When the PIN is created a unique secret is generated and stored on the server.
2) The users password is then encrypted with the new secret and saved on the device.
3) When restoring the wallet if the correct PIN is provided the server responds with the secret allowing the device to decrypt the password.
4) If the PIN is entered incorrectly 4 times the key is removed from the server and the main password will need to be re-entered.

Prevents malicious app on rooted devices from reading the password directly from app data however more sophisticated malware that reads the app memory or keyloggers will still be possible.

hazek
Legendary
*
Offline Offline

Activity: 1078


View Profile
April 28, 2013, 01:39:54 PM
 #2354

Great job piuk.

My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)

If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
willphase
Hero Member
*****
Offline Offline

Activity: 770


View Profile
April 28, 2013, 01:49:10 PM
 #2355

Hey Piuk - good job on the new version.  I looked briefly through the changes, but couldn't determine why the new version requires the new

 <uses-permission  android:name="android.permission.GET_TASKS"/>

can you explain this new permission?

EDIT 15:41Z: I see this has now been removed.  Cheers!

Will

Carlos L.
Legendary
*
Offline Offline

Activity: 952


View Profile
April 29, 2013, 07:31:55 AM
 #2356

Down? Cannot access my wallet.
ErebusBat
Hero Member
*****
Offline Offline

Activity: 560

I am the one who knocks


View Profile
April 29, 2013, 03:32:24 PM
 #2357

New Version of Android App

  • PIN Protection
  • Improved Fee Handling - The Fee policy set in the web interface will now be honoured in the android app
  • Second Password will be cleared after a transaction is sent
  • Fix Pairing Issues
Any plans to port this to the iOS version?

░▒▓█ Coinroll.it - 1% House Edge Dice Game █▓▒░ • Coinroll Thread • *FREE* 100 BTC Raffle

Signup for CEX.io BitFury exchange and get GHS Instantly!  Don't wait for shipping, mine NOW!
picobit
Hero Member
*****
Offline Offline

Activity: 547


Decor in numeris


View Profile
April 29, 2013, 06:19:11 PM
 #2358

Any plans to port this to the iOS version?

+1

I would really like to see the PIN and the fee policy being honored. 
piuk
Hero Member
*****
Offline Offline

Activity: 910



View Profile WWW
May 02, 2013, 04:02:46 PM
 #2359

New Android Version

- New Send types (Quick, Custom & Shared)
- Better transaction summary dialog
- Transaction notes
- Currency set in the web interface will now change the android app and visa versa
- Ability to scan a private key and view the balance + optionally sweep.
- Fix support for scanning watch only private keys
- Compressed private key support
- Better exchange rates view
- Toggle between local currency and BTC by tapping account balance
- Ability to generate a shared address in the request coins view
- Ability to backup the wallet to external storage.
- Ability to pair manually if the QR code is not working.

https://blockchain.info/wallet/android-app

Great job piuk.

Thanks hazek.

can you explain this new permission?

Was suggested here http://stackoverflow.com/questions/4414171/how-to-detect-when-an-android-app-goes-to-the-background-and-come-back-to-the-fo as a method to detect if the app is running in the background on older devices. Was not needed in the end though.

Any plans to port this to the iOS version?

+1

I would really like to see the PIN and the fee policy being honored.  


Yep, the iphone app will be getting an update very soon.

hazek
Legendary
*
Offline Offline

Activity: 1078


View Profile
May 02, 2013, 04:23:45 PM
 #2360

New Android Version

- New Send types (Quick, Custom & Shared)
- Better transaction summary dialog
- Transaction notes
- Currency set in the web interface will now change the android app and visa versa
- Ability to scan a private key and view the balance + optionally sweep.
- Fix support for scanning watch only private keys
- Compressed private key support
- Better exchange rates view
- Toggle between local currency and BTC by tapping account balance
- Ability to generate a shared address in the request coins view
- Ability to backup the wallet to external storage.
- Ability to pair manually if the QR code is not working.

https://blockchain.info/wallet/android-app

Great job piuk.

Thanks hazek.

Man oh man, you are one hell of a dev, awesome job yet again!

My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)

If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
Pages: « 1 ... 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 [118] 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!