Bitcoin Forum
November 10, 2024, 12:56:15 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Why do people keep on getting hacked?  (Read 1095 times)
Sioux (OP)
Full Member
***
Offline Offline

Activity: 185
Merit: 100


View Profile
January 30, 2014, 08:57:22 PM
 #1

is a safe password enough to not get hacked?

lets say you have an account on MTGOX with a password that contains big and small letters
extra keys and numbers and is over 20 caracters long

is there still a chance getting hacked?

(except phising,keyloggers)
Holliday
Legendary
*
Offline Offline

Activity: 1120
Merit: 1012



View Profile
January 30, 2014, 09:00:32 PM
 #2

is a safe password enough to not get hacked?

lets say you have an account on MTGOX with a password that contains big and small letters
extra keys and numbers and is over 20 caracters long

is there still a chance getting hacked?

(except phising,keyloggers)

If you aren't the sole controller of your private keys, you don't have any bitcoins.

Do whatever is necessary to make sure you are the sole controller of your private keys.

Offline wallets. Paper wallets. Cold storage. M of N wallets. Multisig addresses.

There are many tools available. I like Armory myself.

If you aren't the sole controller of your private keys, you don't have any bitcoins.
OnkelPaul
Legendary
*
Offline Offline

Activity: 1039
Merit: 1005



View Profile
January 30, 2014, 09:05:17 PM
 #3

Never ever allow a trojan to be installed on the computer which is used to access your bitcoins. Otherwise your password security (and mail-based two-factor authentication) is just gone out the Windows. High password complexity does not help, most passwords (except for the really trivial stupid ones) aren't guessed but stolen.
The safest approach is to have a computer that is only being used for wallet stuff - no web browsing, no e-mail, no filesharing, if possible running a small and safe linux...

Onkel Paul

eddlow
Newbie
*
Offline Offline

Activity: 52
Merit: 0


View Profile
January 31, 2014, 01:24:00 AM
 #4

If you use a separate computer for all the wallets (BTC, LTC, PPC, etc.) you can simply keep it offline, right? So you NEVER connect(ed) it to the internet. As long you send it to the right address, everything is fine I guess. Is that correct?
Soros Shorts
Donator
Legendary
*
Offline Offline

Activity: 1617
Merit: 1012



View Profile
January 31, 2014, 01:42:48 AM
 #5

If you use a separate computer for all the wallets (BTC, LTC, PPC, etc.) you can simply keep it offline, right? So you NEVER connect(ed) it to the internet. As long you send it to the right address, everything is fine I guess. Is that correct?
A savings-only wallet can be offline/cold/paper and you can keep sending coins to it. A wallet that you regularly spend from needs to be online at the time you spend the coins.
Holliday
Legendary
*
Offline Offline

Activity: 1120
Merit: 1012



View Profile
January 31, 2014, 01:53:43 AM
 #6

If you use a separate computer for all the wallets (BTC, LTC, PPC, etc.) you can simply keep it offline, right? So you NEVER connect(ed) it to the internet. As long you send it to the right address, everything is fine I guess. Is that correct?
A savings-only wallet can be offline/cold/paper and you can keep sending coins to it. A wallet that you regularly spend from needs to be online at the time you spend the coins.

That's not the case if you use Armory (a Bitcoin client).

You can create an offline wallet which never needs to go online, yet you can still spend from it by creating transactions online (online computer with no private keys) and signing those transactions offline (offline computer which holds the private keys).

If you aren't the sole controller of your private keys, you don't have any bitcoins.
Kouye
Sr. Member
****
Offline Offline

Activity: 336
Merit: 250


Cuddling, censored, unicorn-shaped troll.


View Profile
January 31, 2014, 02:03:06 AM
 #7

is a safe password enough to not get hacked?

lets say you have an account on MTGOX with a password that contains big and small letters
extra keys and numbers and is over 20 caracters long

is there still a chance getting hacked?

(except phising,keyloggers)
phishing is quite easy to avoid by using certificate-patrol.
keyloggers are quite easy to defeat by using keyscrambler.

[OVER] RIDDLES 2nd edition --- this was claimed. Look out for 3rd edition!
I won't ever ask for a loan nor offer any escrow service. If I do, please consider my account as hacked.
Abdussamad
Legendary
*
Offline Offline

Activity: 3682
Merit: 1580



View Profile
January 31, 2014, 03:25:14 AM
Last edit: February 02, 2014, 04:01:52 PM by Abdussamad
 #8

is a safe password enough to not get hacked?

lets say you have an account on MTGOX with a password that contains big and small letters
extra keys and numbers and is over 20 caracters long

is there still a chance getting hacked?

(except phising,keyloggers)

We are going to see more and more of this as time goes by. The number of noobs that are getting into bitcoin just keeps going up and up so we'll see more coins stolen. People don't like to hear that they are at fault, so the blame will fall on bitcoin and it will have a negative impact on bitcoin's reputation. But, yeah, rich pickings for thieves. Also opens up a door for those who can offer secure wallets. Unfortunately a lot of people have failed in that area so any newcomer will struggle to do it right.
Gareth Nelson
Hero Member
*****
Offline Offline

Activity: 721
Merit: 503


View Profile
January 31, 2014, 05:39:42 AM
 #9

is a safe password enough to not get hacked?

lets say you have an account on MTGOX with a password that contains big and small letters
extra keys and numbers and is over 20 caracters long

is there still a chance getting hacked?

(except phising,keyloggers)
phishing is quite easy to avoid by using certificate-patrol.
keyloggers are quite easy to defeat by using keyscrambler.

Keyloggers come in 2 forms:
Hardware - which no software can protect you against - this comes in the form of a device physically sitting between your keyboard and computer
Software - depends on a lot of variables, but you should generally assume that if a malicious party has code running on your computer that it is completely compromised

Phishing is easy to avoid with a few simple precautions in most cases


To answer the more general point: proper information security is a hard problem, people make mistakes and private keys or exchange/wallet credentials leak to the bad guys
sakkosekk
Full Member
***
Offline Offline

Activity: 224
Merit: 100



View Profile
January 31, 2014, 09:22:14 AM
 #10

is a safe password enough to not get hacked?

lets say you have an account on MTGOX with a password that contains big and small letters
extra keys and numbers and is over 20 caracters long

is there still a chance getting hacked?

(except phising,keyloggers)

We are going to see more and more of this as time goes by. The number of noobs that are getting into bitcoin just keeps going up and up so we'll see more coins stolen. People don't like to hear that they are at fault, so the blame will fall on bitcoin and it will have a negative impact on bitcoin's reputation. But, yeah, rick pickings for thieves. Also opens up a door for those who can offer secure wallets. Unfortunately a lot of people have failed in that area so any newcomer will struggle to do it right.

I don't think most people are aware that they probably have had numerous Trojans on their computers. The Trojans are only discovered once something goes wrong (theft of accounts, data, money, etc). The general assumption is "I've never has a virus so why would I get one now?" I used to be like that, but not anymore.
Lethn
Legendary
*
Offline Offline

Activity: 1540
Merit: 1000



View Profile WWW
January 31, 2014, 09:26:11 AM
 #11

They've been clicking on suspicious links and downloading weird shit and are trying to blame everything but themselves for the mistake.
iheartubuntu
Newbie
*
Offline Offline

Activity: 44
Merit: 0


View Profile
January 31, 2014, 06:36:22 PM
 #12

IMO social engineering is probably the biggest risk of all. You can cover some of your bases by using a linux OS, a strong password, not telling people you have bitcoins, etc. But I think if you were going to get hacked, a lot of times its going to come from social engineering. Its the easiest way "in". If you are sloppy and careless you are going to get hacked (talking at parties while drinking,leaving things around your dorm,etc). Ive been to two bitcoin meetings recently... a conference and a meetup and after both times I had several attacks on my email accounts. people trying to figure out my passwords. I didnt divulge any personal info except handing out my business cards!

BOTTOM LINE = Loose lips sink ships!
atc1
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250


View Profile
February 01, 2014, 10:10:17 AM
 #13

The chances of the exchange itself getting hacked is small,imo. Its the end user that is to blame for not keeping their systems clean,and obviously keeping sensitive information to yourself is paramount.

guybrushthreepwood
Legendary
*
Offline Offline

Activity: 1232
Merit: 1195



View Profile
February 01, 2014, 11:58:51 AM
 #14

Is this the same hacked as people claim on facebook that their account got 'hacked'. It didn't get hacked, you got phished for being an idiot.
Bitcoin Is A Great Idea
Member
**
Offline Offline

Activity: 65
Merit: 10

It is! :)


View Profile
February 03, 2014, 12:36:53 AM
 #15

is there still a chance getting hacked?
You don't own your Bitcoins. MtGox does.
So you would first need to solve that Smiley

n00ber
Sr. Member
****
Offline Offline

Activity: 588
Merit: 253



View Profile
February 03, 2014, 12:56:08 AM
 #16

To be safe. Keep a separate computer for bitcoin purposes only. With fresh os installation with bitcoin and antivirus only is installed. Do not install anything on this computer. Do not use this to browse the web other than very trusted website. Do not install java and flash and other plugins. Alt coins can be installed on vps.

Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!