...
And don't forget you guys using Mymonero it is not safe to leave large amounts on. MIM attack (was presumed) has already cost someone 16,000 XMR (IIRC).
My understanding is that this was an attack against https rather than an attack against MyMonero itself. I stand to be corrected on this. As for attacking https: here are some possibilities I can think of:
1) Man in the middle attacks that downgrade the connection to http:
Some possible culprits here can be:
a) A network provider.
b) An ISP
c) An Internet backbone provider
d) A VPN provider
e) A Tor exit node (If Tor is used)
etc.
Countermeasure: Check that one has https: at every stage of the transaction
2) Malicious software running on the client computer. For example key loggers etc. This is one of the most common causes of loss.
Countermeasures:
a) Replace Microsoft Windows or even Mac OS X with GNU/Linux or another Free Libre Open Source Software (FLOSS) OS. R
b) If you really must use Microsoft Windows or Mac OS X then there are all the "safe" computing solutions that are promoted by big proprietary software vendors at a cost. Anti virus software, anti malware software, using only genuine non pirated software etc.
c) Replace IOS with Android. For Android see 4 below or simply do not trust the mobile device.
d) In addition to a) b) or c) above: Avoid high risk sites, installing software one does not trust, html email, clicking on malicious, email links
3) Attack against the certificate issuer or a malicious certificate issuer.
Countermeasures:
This one can be tricky if the attacker for example is a government, The answer is make sure you trust the certificate vendor, and in a extreme case use self signed certificates.
4) Attacks by so called "legitimate" players. These typically are proprietary operating system vendors, including Microsoft, hardware vendors and "premium" content vendors. The primary motivations here are:
a) DRM (Digital restrictions / rights management, digital locks, copy protection etc.)
b) Spying for the purpose of marketing.
c) Government spying is typically a much lower risk and in many cases piggybacks on a) and b) above.
Examples:
a) DRM: The infamous Sony rootkit. The culprit was Sony BMG
https://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal . One can also argue that the design of the Microsoft Windows registry was in fact motivated by DRM since it does frustrate the copying of installed windows applications. The side effect of this is that the Microsoft Windows registry is also the perfect breeding ground for malware.
b) Spying for the purpose of marketing: Superfish
https://en.wikipedia.org/wiki/Superfish The culprits here were Lenovo and Microsoft. (Microsoft is accountable here since it licensed the use of its trademarks in the sale of the infected computers). In this case Lenovo placed a rouge certificate in the operating system that broke SSL in order to decrypt the the connection to obtain marketing data from https browsing. Basically to break initiatives such as Encrypt the Web.
https://www.eff.org/encrypt-the-web. Lenovo has been caught repeatedly doing this and is still licensing trademarks from Microsoft to sell computers.
c) Government spying. Most of these attacks tend to be highly targeted and in many cases rely on a) and b) above.
https://en.wikipedia.org/wiki/Global_surveillance_disclosures_(2013%E2%80%93present)
Countermeasures:
Large corporations cannot be trusted here since they are the main adversary; however their products if they have a FLOSS OS can in many cases be made safe.
a) Use only a FLOSS OS that does not support DRM at the OS level. The most popular are GNU/Linux on the laptops / desktops and Android (see b below) on mobile.
b) Ensure you have full control of the computer of device (this mean root access) and lock down the computer or device using only FLOSS tools. This is critical for Android or Chromebooks since they are typically sold with the manufacturer, a telco or OS vendor having root access. Note: Rooting an Android device or putting a Chromebook in "developer mode" will break the DRM on the device.
This makes sense because a computer or device cannot serve two masters. It can protect the paranoia and business models of "big content" such as the MPAA or your moneroj but not both. c) Avoid software or content that infected with DRM unless you can break the DRM. Breaking the DRM may be illegal in your jurisdiction depending on the circumstances, in that case the only legal option is to avoid the DRM infected software or content or see d below
d) As alternative to c put the DRM infected software or content in a FLOSS controlled sandbox. This can be another computer or device, a virtual machine, or some other kind of sandbox. This is also a good strategy with proprietary software even if it not infected with DRM. The key here is the security of the sandbox. A very good analogy is biological containment labs. The degree of security is determined by the risk posed by the pathogens. Watch out for shares on your network, software bugs in the virtual machine or sandbox etc.
e) As a mitigation measure avoid proprietary software and operating systems targeted to consumers. Many large proprietary software vendors, including Microsoft, take the point of view that consumers are fair game for these shenanigans while business users are not. Take a look at Lenovo's response to Superfish.
http://news.lenovo.com/news-releases/lenovo-statement-on-superfish.htm They avoided attacking their business customers, by not infecting products that were meant for business customers with their Superfish malware.
The above is not meant to be a comprehensive list. I am sure members of the community can find other attack vectors. We now come to one more attack vector:
5) Attacking the server. This is in reality the only aspect under the control of the server operator. In the case of MyMonero, this would be fluffypony.
The reality is that the attacks 1) - 4) I mentioned above have little if anything to do with the security of a particular server, and are equally applicable to any other secure online activity, for example fiat banking. In addition many of these attacks will also work against a Monero or other cryptocurrency wallet stored on one's own computer or device and even against a brain. paper, off line, etc wallet that was created or used, using a compromised computer or device.
My take is that with MyMonero a very a significant part if not most of the risk lies with client computer or device. Edit: Disclosure. As of this date I do not have a MyMonero wallet although I may get one in the future.
