bob123
Legendary
Offline
Activity: 1624
Merit: 2481
|
|
July 05, 2019, 08:52:36 AM |
|
So, to save the current owner (my friend) from any possible malware the old owner may have had installed in this PC, what should we do to prevent ourselves? Will a complete OS change work out?
Reinstalling the OS is the absolute minimum you should do. You'll get most malware removed with a wipe of the hard drive + reinstalling the OS. However, the theoretical risk of rootkits still exists. Reinstalling the OS won't help you there. But the chances aren't very high to have a computer infected with a good (in terms of professional) root kit. But since it is going to be used as an offline storage, you shouldn't be worried too much about that.
|
|
|
|
AB de Royse777
Legendary
Offline
Activity: 2674
Merit: 4158
Campaign Manager. My Telegram @Royse777
|
|
July 05, 2019, 09:51:41 AM |
|
~snip~
A question somewhat related to this topic: My friend purchased a 2nd hand PC and the person he bought it from, used to mine alts in it which clearly means that the previous owner held crypto in it (maybe BTC too).
So, to save the current owner (my friend) from any possible malware the old owner may have had installed in this PC, what should we do to prevent ourselves? Will a complete OS change work out? Like if we install new Windows without keeping old Windows.dat file in his PC, can we consider ourselves safe in this situation? He wants to use it mostly as an offline mode of storing his crypto there in his PC. Is he safe if we do it like that here?
I always install a fresh windows in this kind of case. It's safe for both party. As a buyer you feel secure that you have started from zero point. About the hardware wallet - my original thought behind this is that they have enough crypto to have a hardware wallet. For example: If someone has 100$ worth of BTC then there are no point to buy a hardware wallet that will cost 55 euro. Edit: Just noticed the response from two members above me regarding the OS. Now you can see you have 3 votes to reinstall the OS :-)
|
BETFURY ..... | ██████▄██▄███████████▄█▄ █████▄██████▄████▄▄▄█████ ██████████████████████████ ████▐█████████████████████ ███████████▀▀█▄▄▄▄█████████ ██▄███████▄▀███▀█▀▀█▄▄█▄█▄██ █▀██████████▄█████▄▄█████▀███ ██████████▄████▀██▄▀▀█▀█████▄ ███████████████▐█▄█▀▄███▀█▀██▄ ███████▄▄▄███▌▌██▄▀█▀█████████▄ ▀▀▀███████████▌██▀▀▀▀▀█▄▄▄████▀ ███████▀▀██████▄▄██▄▄▄█▄███▀▀ ████████████▀▀▀██████████▀
| ..... Leading iGaming Platform ..... |
UP TO 60% A P R B T C S T A K I N G | |
8,000+ GAMES |
HIGH ODDS SPORTSBOOK | | █▀▀ █ █ █ █ █ █ █ █ █ █ █ █▄▄ | | ▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄█ |
[
|
|
|
Lucius
Legendary
Offline
Activity: 3430
Merit: 6169
Eternal Thanks and Glory to the City of Heroes
|
|
July 05, 2019, 01:27:42 PM |
|
About the hardware wallet - my original thought behind this is that they have enough crypto to have a hardware wallet. For example: If someone has 100$ worth of BTC then there are no point to buy a hardware wallet that will cost 55 euro.
I would not agree with you on this, although this is often a repetitive phrase and some members on this forum will tell you that you do not need to invest in hardware wallet if you have less then $500 or something like that. There is some logic in that, but hardware wallet is actually a pretty cheap investment and anyone who wants extra security should not hesitate with such an investment. One better smartphone is cost ten times more then one Nano S, and they are sold as if they cost like hardware wallet. $100 worth of BTC today can be very easily doubled or tripled in future, so it is maybe wrong to say that you protect only $100.
|
|
|
|
HCP
Legendary
Offline
Activity: 2086
Merit: 4361
<insert witty quote here>
|
|
July 05, 2019, 09:20:34 PM |
|
He wants to use it mostly as an offline mode of storing his crypto there in his PC. Is he safe if we do it like that here?
Just wanted to say that it's either offline 100% of the time... or it isn't an "offline" cold storage PC. If it remains offline 100% of the time, it won't matter too much if there is any malware on the PC, as it isn't connected to anything so the malware can't leak any info. However, if your friend plans to "occasionally" connect it to the internet, then you would be well advised to do everything you could to ensure that it was "clean". In this case, as the others have already stated, wipe/format the drive and do a fresh OS install as a minimum.
|
|
|
|
Stedsm (OP)
Legendary
Offline
Activity: 3052
Merit: 1273
|
|
July 05, 2019, 10:07:53 PM |
|
So, to save the current owner (my friend) from any possible malware the old owner may have had installed in this PC, what should we do to prevent ourselves? Will a complete OS change work out?
Reinstalling the OS is the absolute minimum you should do. You'll get most malware removed with a wipe of the hard drive + reinstalling the OS. However, the theoretical risk of rootkits still exists. Reinstalling the OS won't help you there. But the chances aren't very high to have a computer infected with a good (in terms of professional) root kit. But since it is going to be used as an offline storage, you shouldn't be worried too much about that. Like HCP said, what if my friend wants to go online occasionally on this PC? What exactly is to be done with that root kits thing? And can't they do anything with the certificates/signatures installed for each app before and after? And going online through a smartphone (via HotSpot) or through WiFi Modem (Broadband service) makes any difference? He wants to use PC as an offline storage for crypto, but does that mean that he cannot go online even for other curricular things he needs to do in life?
|
| .SHUFFLE.COM.. | ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ | ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ | . ...Next Generation Crypto Casino... |
|
|
|
HCP
Legendary
Offline
Activity: 2086
Merit: 4361
<insert witty quote here>
|
|
July 05, 2019, 10:19:19 PM |
|
Yes, it does mean he cannot go online. If he wants true "offline storage", then the computer needs to remain offline permanently. Otherwise, it should be considered no more secure than a "normal" desktop wallet and then associated security measures will need to be taken to ensure the security and safety of their funds.
Additionally, using your "everyday" computer in conjunction with cryptocurrency can be problematic if your "everyday" computer activity includes "risky" activities (downloading pirated software, visiting porn sites etc). The chances of infecting your PC with malware/viruses is a lot higher in these instances.
|
|
|
|
The Sceptical Chymist
Legendary
Offline
Activity: 3528
Merit: 6995
Top Crypto Casino
|
|
July 06, 2019, 12:31:09 AM |
|
I don't think it's completely off-topic here to mention that I received my Ledger Nano S today, along with the steelwallet. Both are things of beauty, but that's about the only thing I can say about them right now since I haven't actually played around with them yet. So far I'm very happy with my purchase, and I've no doubt that these are the real deal and not some counterfeit garbage.
The Ledger and steelwallet arrived late in the day and I'm tired, so tomorrow I'll see what I can do about storing some crypto on the Ledger. I'm mostly interested in keeping NEO on it since it'll earn GAS without having to be running all the time.
If anyone else has any good advice for me, I'd greatly appreciate it--and I did read this thread. Hardware wallets are new to me and I'm not sure what the pitfalls are, if any.
|
|
|
|
pereira4
Legendary
Offline
Activity: 1610
Merit: 1183
|
|
July 06, 2019, 12:50:30 AM |
|
Hardware wallets are a bit of a meme in my book. I would look into the new Raspberry Pi 4, the 4 GB version. It should be similar to running a node in a Core 2 Duo I guess. You get 4 1.5ghz cores and without the IME or PSP clusterfucks. In addition, it looks cute plus you get to piss off Craig Wright running a node on it.
|
|
|
|
HCP
Legendary
Offline
Activity: 2086
Merit: 4361
<insert witty quote here>
|
|
July 06, 2019, 03:33:20 AM |
|
If anyone else has any good advice for me, I'd greatly appreciate it--and I did read this thread. Hardware wallets are new to me and I'm not sure what the pitfalls are, if any.
There aren't too many pitfalls really... and the Ledger Nano S is a decent enough piece of kit. Aside from all the normal advice of making sure the device is reset and generating a new seed mnemonic/PIN/Passphrase etc... I would also advise that BEFORE you send any crypto to the device, make sure you're comfortable with wiping it and restoring from the 24 word seed mnemonic. Basically, install Ledger Live, connect the device and follow the instructions for setting it up. Then note down the receiving address(es) given. Then wipe the device (there is an option in the settings or you can simply enter an incorrect PIN 3 times)... the restore from the 24 word seed mnemonic and confirm that you see the same receiving address(es) following the restore. This will give you piece of mind that: 1. You have correctly written down the WHOLE seed mnemonic (from memory, the initial setup only confirms a couple of the words at random). 2. The restore functionality works as advertised without risking any coins. When I got mine, I actually created a couple of different seeds and checked against things like Ian Coleman's BIP39 mnemonic converter to make sure that it was creating "proper" mnemonics, before I wiped and then created the "final" one. Also, try installing, deleting and reinstalling the coin apps on the device to get comfortable with how the "Manager" functionality in Ledger Live works and see that even if you remove an app and then reinstall, you still get the same addresses etc. Finally, just an FYI, by default, Ledger will give Nested Segwit addresses for BTC. You can also create "Legacy" if you want and apparently the native Segwit support is in final stages of release... for now, I believe native segwit is still marked as "experimental".
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18748
|
|
July 06, 2019, 08:33:26 AM |
|
This site is useful if you are going to be storing alts on your Ledger: https://support.ledger.com/hc/en-us/categories/115000811829-Apps. Basically, it gives you a step-by-step guide for each alt, including which wallet you need (or which wallets you can choose from) which are compatible with the Ledger to store your coins. The page for Neo is here: https://support.ledger.com/hc/en-us/articles/115005530425-Neo-NEO. Essentially you will be downloading the NEON wallet, and the instead of using a password or similar to unlock it, you will unlock it with your Ledger device. I would definitely follow HCP's advice above first, though. I also received and sent a few small transactions (a few dollars worth of BTC) first to make sure I was happy with how that worked too. One of the main benefits of the hardware wallet is that any time you are making a transaction, the transaction address and amount are shown on the hardware wallet's screen, and you have to confirm that these are correct (by pressing the right button) before the transaction will be signed. Make sure you check the address against the original address you were sent/given/displayed, and not against what you copy/pasted, just in case your computer is infected with clipboard malware.
|
|
|
|
Pmalek
Legendary
Offline
Activity: 2954
Merit: 7565
Playgram - The Telegram Casino
|
|
July 06, 2019, 11:06:15 AM |
|
1. You have correctly written down the WHOLE seed mnemonic (from memory, the initial setup only confirms a couple of the words at random). A lot of time has passed since I set up my Nano S but if my memory serves my right I had to check and confirm every single word of my seed and not just a few of them!? If someone has done the initial setup recently please confirm whether you had to re-enter every single word of your seed or just a few of them?
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
[/
|
|
|
TryNinja
Legendary
Offline
Activity: 3024
Merit: 7444
Top Crypto Casino
|
|
July 06, 2019, 11:27:51 AM |
|
A lot of time has passed since I set up my Nano S but if my memory serves my right I had to check and confirm every single word of my seed and not just a few of them!? If someone has done the initial setup recently please confirm whether you had to re-enter every single word of your seed or just a few of them?
It only asks for some of your words (e.g #8, #12, #17...) and not all of them.
|
|
|
|
ranochigo
Legendary
Offline
Activity: 3038
Merit: 4420
Crypto Swap Exchange
|
|
July 06, 2019, 11:46:59 AM |
|
IIRC, there was a case whereby someone was scammed with a fake seed. The person bought a hardware wallet online advertised as new and there was a pregenerated seed that was disguised as the recovery code and several victims fell for it. I would still take precautions and do my own due diligence with regards to buying a hardware wallet regardless of whether its new or not.
On the topic of raspberry pi, that's my current cold storage solution. Using Core on even with Pi 3+ is possible, provided that you're not operating it as a full node. I prefer a more simplistic approach with Electrum's GUI and its worth a consideration since the whole setup goes for about $35 and its cheaper than even a used hardware wallet. The security would be somewhat similar barring physical attacks.
|
|
|
|
AB de Royse777
Legendary
Offline
Activity: 2674
Merit: 4158
Campaign Manager. My Telegram @Royse777
|
|
July 06, 2019, 12:18:46 PM |
|
I don't think it's completely off-topic here to mention that I received my Ledger Nano S today, along with the steelwallet. Both are things of beauty, but that's about the only thing I can say about them right now since I haven't actually played around with them yet. So far I'm very happy with my purchase, and I've no doubt that these are the real deal and not some counterfeit garbage.
The Ledger and steelwallet arrived late in the day and I'm tired, so tomorrow I'll see what I can do about storing some crypto on the Ledger. I'm mostly interested in keeping NEO on it since it'll earn GAS without having to be running all the time.
If anyone else has any good advice for me, I'd greatly appreciate it--and I did read this thread. Hardware wallets are new to me and I'm not sure what the pitfalls are, if any.
Hey bud just wanted to give you a shout out. You must remember this post which I responded to you and advocating for ledger. I still do but there is something I was not aware. Please read this: https://saleemrashid.com/2018/03/20/breaking-ledger-security-model/It seems more than a year old article but this gives a very good insight about the device security. I hope this knowledge will help us to keep out crypto safe. Cheers :-)
|
BETFURY ..... | ██████▄██▄███████████▄█▄ █████▄██████▄████▄▄▄█████ ██████████████████████████ ████▐█████████████████████ ███████████▀▀█▄▄▄▄█████████ ██▄███████▄▀███▀█▀▀█▄▄█▄█▄██ █▀██████████▄█████▄▄█████▀███ ██████████▄████▀██▄▀▀█▀█████▄ ███████████████▐█▄█▀▄███▀█▀██▄ ███████▄▄▄███▌▌██▄▀█▀█████████▄ ▀▀▀███████████▌██▀▀▀▀▀█▄▄▄████▀ ███████▀▀██████▄▄██▄▄▄█▄███▀▀ ████████████▀▀▀██████████▀
| ..... Leading iGaming Platform ..... |
UP TO 60% A P R B T C S T A K I N G | |
8,000+ GAMES |
HIGH ODDS SPORTSBOOK | | █▀▀ █ █ █ █ █ █ █ █ █ █ █ █▄▄ | | ▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄█ |
[
|
|
|
The Sceptical Chymist
Legendary
Offline
Activity: 3528
Merit: 6995
Top Crypto Casino
|
|
July 06, 2019, 12:32:02 PM |
|
Man, I have no background in computer science or anything related to that, so most of that article is Greek to me--but I do appreciate the link. I have not yet set up the Ledger S, but I think I'm going to do it today and may add my NEO onto it. I don't suspect I'll have a problem as long as I can follow the directions. We'll see how it goes. For better or worse, I'm not all that concerned about my coins getting stolen, but I'll be careful about that.
|
|
|
|
TryNinja
Legendary
Offline
Activity: 3024
Merit: 7444
Top Crypto Casino
|
|
July 06, 2019, 12:43:33 PM |
|
Man, I have no background in computer science or anything related to that, so most of that article is Greek to me--but I do appreciate the link.
I have not yet set up the Ledger S, but I think I'm going to do it today and may add my NEO onto it. I don't suspect I'll have a problem as long as I can follow the directions. We'll see how it goes. For better or worse, I'm not all that concerned about my coins getting stolen, but I'll be careful about that.
The thing is that you still need physical access to the hardware wallet and a bit of social engineering to "break it". So, in most cases you will be safe as the only way you can actually be affected by this is if the bad guy is with you and you follow his instructions (in this case, he would probably just use the $5 wrench method). I wouldn't worry about this.
|
|
|
|
AB de Royse777
Legendary
Offline
Activity: 2674
Merit: 4158
Campaign Manager. My Telegram @Royse777
|
|
July 06, 2019, 12:48:50 PM |
|
~snip~ Man, I have no background in computer science or anything related to that, so most of that article is Greek to me--but I do appreciate the link.
I have not yet set up the Ledger S, but I think I'm going to do it today and may add my NEO onto it. I don't suspect I'll have a problem as long as I can follow the directions. We'll see how it goes. For better or worse, I'm not all that concerned about my coins getting stolen, but I'll be careful about that.
You will be okay. In their website they have good manuals. If you follow then it's easy peasy. For NEO, you will need to... Download the NEON Wallet, install it in your computer. Install the Neo app in your Ledger and you will be good to go once you setup your Ledger Nano S Anyway, the reason I give you the above link was that I felt I advocated too much about Ledger without knowing some of the risks might still exists. And I thought I should let you know about it. ~snip~
I wouldn't worry about this.
I too is not much worry about it but it's good to know the things we are dealing with. Cheers :-)
|
BETFURY ..... | ██████▄██▄███████████▄█▄ █████▄██████▄████▄▄▄█████ ██████████████████████████ ████▐█████████████████████ ███████████▀▀█▄▄▄▄█████████ ██▄███████▄▀███▀█▀▀█▄▄█▄█▄██ █▀██████████▄█████▄▄█████▀███ ██████████▄████▀██▄▀▀█▀█████▄ ███████████████▐█▄█▀▄███▀█▀██▄ ███████▄▄▄███▌▌██▄▀█▀█████████▄ ▀▀▀███████████▌██▀▀▀▀▀█▄▄▄████▀ ███████▀▀██████▄▄██▄▄▄█▄███▀▀ ████████████▀▀▀██████████▀
| ..... Leading iGaming Platform ..... |
UP TO 60% A P R B T C S T A K I N G | |
8,000+ GAMES |
HIGH ODDS SPORTSBOOK | | █▀▀ █ █ █ █ █ █ █ █ █ █ █ █▄▄ | | ▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄█ |
[
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18748
|
|
July 06, 2019, 02:08:34 PM |
|
IIRC, there was a case whereby someone was scammed with a fake seed. The reddit thread about it is here: https://www.reddit.com/r/ledgerwallet/comments/7obot7/all_my_cryptocurrency_stolen/Ledger's response to the incident is here: https://www.ledger.com/scam-second-hand-ledger-device/Regardless of where you ordered your Ledger from (or any other hardware wallet), even if directly from the official website, you should perform some basic checks when it first arrives to ensure it has not been tampered with, as I suggested earlier in the thread. Provided you do this, you will not fall victim to this kind of attack. Man, I have no background in computer science or anything related to that, so most of that article is Greek to me--but I do appreciate the link. Worth mentioning that all these security flaws have since been patched, provided you update your Ledger to the latest firmware (as I suggested in my reply above). See here for more details: https://www.ledger.com/firmware-1-4-deep-dive-security-fixes/. Also, by successfully updating, you are also verifying the genuineness of your Ledger, and that it hasn't been tampered with.
|
|
|
|
Stedsm (OP)
Legendary
Offline
Activity: 3052
Merit: 1273
|
|
July 10, 2019, 11:07:58 PM |
|
So, this probably shows that 2nd hand devices are actually worthless to be purchased and we shouldn't go for them at all when we even need to have a basic check passed even on our official devices, right? Worth mentioning that all these security flaws have since been patched, provided you update your Ledger to the latest firmware (as I suggested in my reply above). See here for more details: https://www.ledger.com/firmware-1-4-deep-dive-security-fixes/. Also, by successfully updating, you are also verifying the genuineness of your Ledger, and that it hasn't been tampered with. I believe I can ask this here - Can you tell us something about the different types of procedures such devices can be tampered with? If so, it could make us more mature about them so to save ourselves and others from falling apart from their coins just because they've got no / least technical knowledge about using these devices with care.
|
| .SHUFFLE.COM.. | ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ | ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ | . ...Next Generation Crypto Casino... |
|
|
|
HCP
Legendary
Offline
Activity: 2086
Merit: 4361
<insert witty quote here>
|
|
July 10, 2019, 11:41:45 PM |
|
Can you tell us something about the different types of procedures such devices can be tampered with? If so, it could make us more mature about them so to save ourselves and others from falling apart from their coins just because they've got no / least technical knowledge about using these devices with care.
There are only really 2 ways to tamper with the device: 1. Firmware 2. Hardware #1 is the "easiest" method... it's simply modifications made to the firmware to compromise the integrity. Ledger have made great strides since the work of Saleem Rashid to ensure that the device is able to detect altered firmware and/or stop it from working. #2 is a lot harder as you'd need to break open the casing (without damaging it) and either replace all the internals with your own custom board that replicated the workings of a Ledger... or you're need to attempt to find space in an already cramped container to try and squeeze in your own extra hardware. Then you'd need to put the case back together. I think it would probably be easier to actually just 3D Print your own casing and build your own full internals than attempting to modify and repackage an existing Ledger device.
|
|
|
|
|