Bitcoin Forum
November 20, 2019, 11:05:32 PM *
News: 10th anniversary art contest
 
   Home   Help Search Login Register More  
Pages: « 1 ... 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 [218] 219 220 221 222 223 224 225 226 227 228 229 230 231 »
  Print  
Author Topic: Armory - Discussion Thread  (Read 520947 times)
Carlton Banks
Legendary
*
Offline Offline

Activity: 2562
Merit: 2072



View Profile
January 13, 2015, 09:55:46 PM
 #4341

what's this Bitcoin Core 0.9.4 update notification i'm getting from Ubuntu?  it's from Launchpad Bitcoin PPA.  what do we do with it?

If 0.9 still works for you, you don't need 0.9.4. It's an(other) OpenSSL libraries clanger

Vires in numeris
1574291132
Hero Member
*
Offline Offline

Posts: 1574291132

View Profile Personal Message (Offline)

Ignore
1574291132
Reply with quote  #2

1574291132
Report to moderator
The Bitcoin Forum is turning 10 years old! Join the community in sharing and exploring the notable posts made over the years.
1574291132
Hero Member
*
Offline Offline

Posts: 1574291132

View Profile Personal Message (Offline)

Ignore
1574291132
Reply with quote  #2

1574291132
Report to moderator
btchris
Hero Member
*****
Offline Offline

Activity: 672
Merit: 501

a.k.a. gurnec on GitHub


View Profile WWW
January 13, 2015, 10:18:26 PM
 #4342

what's this Bitcoin Core 0.9.4 update notification i'm getting from Ubuntu?  it's from Launchpad Bitcoin PPA.  what do we do with it?
If 0.9 still works for you, you don't need 0.9.4. It's an(other) OpenSSL libraries clanger

To elaborate a bit, if you follow the advice next to the "News" alert at the top of every bitcointalk.org page, you don't need 0.9.4. It's a minor update whose main reason for existence is to work around the OpenSSL change mentioned in the News alert (plus a few other pretty minor bug fixes).
mmortal03
Legendary
*
Offline Offline

Activity: 1752
Merit: 1005


View Profile
February 17, 2015, 12:12:22 AM
 #4343

  • (2) You should not upgrade to Core 0.10 without this version!.  In other words, this new version of Armory is required if you plan to use the new version of Bitcoin Core (headers-first).  Luckily, they will probably both be officially released about the same time (end of Jan 2015).

Aha. Valuable information. Great work as usual!

What's the ETA, given that Core 0.10 has been released?
bitpop
Legendary
*
Offline Offline

Activity: 2548
Merit: 1045


https://keybase.io/bitpop


View Profile WWW
February 17, 2015, 12:32:06 AM
 #4344

  • (2) You should not upgrade to Core 0.10 without this version!.  In other words, this new version of Armory is required if you plan to use the new version of Bitcoin Core (headers-first).  Luckily, they will probably both be officially released about the same time (end of Jan 2015).

Aha. Valuable information. Great work as usual!

What's the ETA, given that Core 0.10 has been released?

Works fine now, basically rc

Reputation  |  PGP  |  Ethereum Classic
Bitcoin: 3DSh6AnmvBpDJFUz2mnLirMLmTMcFs9nDm
cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
February 17, 2015, 01:45:56 AM
 #4345

Fanny problems:

http://arstechnica.com/security/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/3/
etotheipi
Legendary
*
Offline Offline

Activity: 1428
Merit: 1005


Core Armory Developer


View Profile WWW
February 17, 2015, 03:13:56 AM
 #4346


Wow, epic.  Thanks for that link, I hadn't seen that yet. 

Indeed Fanny is quite a piece of malware.  To save anyone else reading the effort of finding the section:

Quote
Fanny: A computer worm that exploited what in 2008 were two zero-day vulnerabilities in Windows to self-replicate each time an infected USB stick was inserted into a targeted computer. The main purpose of Fanny was to conduct reconnaissance on sensitive air-gapped networks. After infecting a computer not connected to the Internet, Fanny collected network information and saved it to a hidden area of the USB drive. If the stick was later plugged in to an Internet-computer, it would upload the data to attacker servers and download any attacker commands. If the stick was later plugged into the air-gapped machine, the downloaded commands would be executed. This process would continue each time the stick was switched between air-gapped and Internet-connected machines.

Luckily (?!?) all this malware seems to be specifically targeted at Windows.  In fact, there's no mention of any other OSes, and many of the descriptions of the malware are extremely Windows-specific:

Quote
GrayFish is the crowning achievement of the Equation Group. The malware platform is so complex that Kaspersky researchers still understand only a fraction of its capabilities and inner workings. Key to the sophistication of GrayFish is its bootkit, which allows it to take extraordinarily granular control of the machines it infects.

"This allows it to control the launching of Windows at each stage," Kaspersky's written report explained. "In fact, after infection, the computer is not run by itself anymore: it is GrayFish that runs it step by step, making the necessary changes on the fly."

That's not to say it couldn't be done on Linux or Mac ... but simply those weren't the target platforms.  And this is literally the most advanced malware on the planet, so we can hope that there's a high barrier to entry to replicate this on the other OS (as I write this, I realize there's no guarantee that they haven't already...)


Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
mmortal03
Legendary
*
Offline Offline

Activity: 1752
Merit: 1005


View Profile
February 17, 2015, 03:42:53 AM
 #4347


Wow, epic.  Thanks for that link, I hadn't seen that yet. 

Indeed Fanny is quite a piece of malware.  To save anyone else reading the effort of finding the section:

Quote
Fanny: A computer worm that exploited what in 2008 were two zero-day vulnerabilities in Windows to self-replicate each time an infected USB stick was inserted into a targeted computer. The main purpose of Fanny was to conduct reconnaissance on sensitive air-gapped networks. After infecting a computer not connected to the Internet, Fanny collected network information and saved it to a hidden area of the USB drive. If the stick was later plugged in to an Internet-computer, it would upload the data to attacker servers and download any attacker commands. If the stick was later plugged into the air-gapped machine, the downloaded commands would be executed. This process would continue each time the stick was switched between air-gapped and Internet-connected machines.

Luckily (?!?) all this malware seems to be specifically targeted at Windows.  In fact, there's no mention of any other OSes, and many of the descriptions of the malware are extremely Windows-specific:

Quote
GrayFish is the crowning achievement of the Equation Group. The malware platform is so complex that Kaspersky researchers still understand only a fraction of its capabilities and inner workings. Key to the sophistication of GrayFish is its bootkit, which allows it to take extraordinarily granular control of the machines it infects.

"This allows it to control the launching of Windows at each stage," Kaspersky's written report explained. "In fact, after infection, the computer is not run by itself anymore: it is GrayFish that runs it step by step, making the necessary changes on the fly."

That's not to say it couldn't be done on Linux or Mac ... but simply those weren't the target platforms.  And this is literally the most advanced malware on the planet, so we can hope that there's a high barrier to entry to replicate this on the other OS (as I write this, I realize there's no guarantee that they haven't already...)



It was mentioned in there or some other article that they believe a Mac OS version of some of this malware is also out there.
marcus_of_augustus
Legendary
*
Offline Offline

Activity: 3010
Merit: 1173



View Profile
February 17, 2015, 05:28:23 AM
 #4348

most hdd are first loaded with windows at the factory so if the firmware is infected anytime before linux is installed then it will still be in the firmware, unless special efforts are made to reflash the hdd firmware before installing linux.

Newar
Legendary
*
Offline Offline

Activity: 1358
Merit: 1000


https://gliph.me/hUF


View Profile
February 17, 2015, 07:08:35 AM
 #4349

The infographic shows only FAT16 and 32 are affected?

OTC rating | GPG keyid 1DC91318EE785FDE | Gliph: lightning bicycle tree music | Mycelium, a swift & secure Bitcoin client for Android | LocalBitcoins
justusranvier
Legendary
*
Offline Offline

Activity: 1400
Merit: 1006



View Profile
February 17, 2015, 07:17:11 AM
 #4350

I see a potential market for actual (not soft) hardware again.
picobit
Hero Member
*****
Offline Offline

Activity: 547
Merit: 500


Decor in numeris


View Profile
February 17, 2015, 08:01:43 AM
 #4351

That's not to say it couldn't be done on Linux or Mac ... but simply those weren't the target platforms.  And this is literally the most advanced malware on the planet, so we can hope that there's a high barrier to entry to replicate this on the other OS (as I write this, I realize there's no guarantee that they haven't already...)

The only "good" thing there is to say about this in connection with Armory is that these guys are professionals with huge budgets.  They are not going to expose themselves by stealing our meagre bitcoin stashes.  That gives us a short respite, at least until this malware leaks into the hands of the common criminals.  Who will probably mainly go after the home banking password. Smiley
Newar
Legendary
*
Offline Offline

Activity: 1358
Merit: 1000


https://gliph.me/hUF


View Profile
February 17, 2015, 04:03:25 PM
 #4352

Maybe time to chuck in this again:

Tx signing via minimodem
https://bitcointalk.org/index.php?topic=735111.0

Can of course be used with any sort of data you need to send / receive from the air-gapped system.

OTC rating | GPG keyid 1DC91318EE785FDE | Gliph: lightning bicycle tree music | Mycelium, a swift & secure Bitcoin client for Android | LocalBitcoins
goatpig
Moderator
Legendary
*
Offline Offline

Activity: 2366
Merit: 1133

Armory Developer


View Profile
February 17, 2015, 04:24:17 PM
 #4353

Maybe time to chuck in this again:

Tx signing via minimodem
https://bitcointalk.org/index.php?topic=735111.0

Can of course be used with any sort of data you need to send / receive from the air-gapped system.

We have someone looking at it. No ETAs, but we are working the code.

Moria843
Sr. Member
****
Offline Offline

Activity: 441
Merit: 250


Found Lost beach - quiet now


View Profile
February 17, 2015, 05:48:27 PM
 #4354

I thought turning off all autorun/start functions on my hot and cold computer protected me.

I agree this exploit probably isn't being wasted on us.

Does anyone produce a "secure" USB drive or a drive whose firmware is read only?

Hot time, summer in the city, back of my mine getting hot & gritty!!!
Adrian-x
Legendary
*
Offline Offline

Activity: 1372
Merit: 1000



View Profile
February 17, 2015, 06:15:37 PM
 #4355

I thought turning off all autorun/start functions on my hot and cold computer protected me.

I agree this exploit probably isn't being wasted on us.

Does anyone produce a "secure" USB drive or a drive whose firmware is read only?

I'm glad my offline backup never has internet assess, the question is now can I repurpose the machine at some later date without compromising my passwords and seeds? 

Thank me in Bits 12MwnzxtprG2mHm3rKdgi7NmJKCypsMMQw
Rampion
Legendary
*
Offline Offline

Activity: 1120
Merit: 1000


View Profile
February 19, 2015, 03:41:10 PM
 #4356

Oops, I just updated to Bitcoin Core 0.10.0 and fired up Armory 0.92.3, it looks stuck on "building databases"... Did I screw up?

etotheipi
Legendary
*
Offline Offline

Activity: 1428
Merit: 1005


Core Armory Developer


View Profile WWW
February 19, 2015, 03:54:53 PM
 #4357

Oops, I just updated to Bitcoin Core 0.10.0 and fired up Armory 0.92.3, it looks stuck on "building databases"... Did I screw up?

Use the secure downloader to grab 0.92.99.7-testing.  It's a release candidate and should be officially renamed to 0.93 tomorrow (or latest Monday).

You'll wipe the DBs, but the rebuild is super fast!  Thank goatpig for that Smiley

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
Rampion
Legendary
*
Offline Offline

Activity: 1120
Merit: 1000


View Profile
February 19, 2015, 03:59:06 PM
 #4358

Oops, I just updated to Bitcoin Core 0.10.0 and fired up Armory 0.92.3, it looks stuck on "building databases"... Did I screw up?

Use the secure downloader to grab 0.92.99.7-testing.  It's a release candidate and should be officially renamed to 0.93 tomorrow (or latest Monday).

You'll wipe the DBs, but the rebuild is super fast!  Thank goatpig for that Smiley

OK, will do that... BTW, Armory 0.92.3 finally built the database and displayed the correct balance, so I guess is somewhat compatible with BC 0.10.0

goatpig
Moderator
Legendary
*
Offline Offline

Activity: 2366
Merit: 1133

Armory Developer


View Profile
February 19, 2015, 04:00:29 PM
 #4359

Oops, I just updated to Bitcoin Core 0.10.0 and fired up Armory 0.92.3, it looks stuck on "building databases"... Did I screw up?

Use the secure downloader to grab 0.92.99.7-testing.  It's a release candidate and should be officially renamed to 0.93 tomorrow (or latest Monday).

You'll wipe the DBs, but the rebuild is super fast!  Thank goatpig for that Smiley

OK, will do that... BTW, Armory 0.92.3 finally built the database and displayed the correct balance, so I guess is somewhat compatible with BC 0.10.0

I will crash if you receive blocks out of order while it is running. It should resume properly after a restart though.

Rampion
Legendary
*
Offline Offline

Activity: 1120
Merit: 1000


View Profile
February 19, 2015, 04:00:52 PM
Last edit: February 19, 2015, 04:12:24 PM by Rampion
 #4360

Don't see 0.92.99.7-testing, it says last update retrieved 4 months ago, maybe because I have my system set up to run through Tor?

EDIT: I managed to reactivate secure download by tweaking the "privacy setting", but i see 0.92.99.7 only on Windows - I'm a mac user.

Pages: « 1 ... 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 [218] 219 220 221 222 223 224 225 226 227 228 229 230 231 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!