Bitcoin Forum
December 02, 2016, 10:35:53 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2]  All
  Print  
Author Topic: Real-world useful application for Bitcoin: Malware/Hacker Canary  (Read 4176 times)
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
January 19, 2012, 06:38:27 PM
 #21


assuming that the hacker will "accept" a mere 1BTC.  your reason for putting up 1000BTC to begin with implies that he wouldn't.

1000 USD (not BTC) was my suggestion for what to bait a hacker with on a database server in a place where it is clear it is bait.  (in this case, you would watch both for the coins to be stolen, and for efforts made to prevent others from seeing the bait and redeeming it first).  In such a case, the hacker has probably broken in via sql injection and he is more sophisticated and knows what he is doing and why he is there.

1 BTC is what I'd suggest against protection from automated malware on a typical home PC.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
1480718153
Hero Member
*
Offline Offline

Posts: 1480718153

View Profile Personal Message (Offline)

Ignore
1480718153
Reply with quote  #2

1480718153
Report to moderator
1480718153
Hero Member
*
Offline Offline

Posts: 1480718153

View Profile Personal Message (Offline)

Ignore
1480718153
Reply with quote  #2

1480718153
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480718153
Hero Member
*
Offline Offline

Posts: 1480718153

View Profile Personal Message (Offline)

Ignore
1480718153
Reply with quote  #2

1480718153
Report to moderator
1480718153
Hero Member
*
Offline Offline

Posts: 1480718153

View Profile Personal Message (Offline)

Ignore
1480718153
Reply with quote  #2

1480718153
Report to moderator
cypherdoc
Legendary
*
Offline Offline

Activity: 1764



View Profile
January 19, 2012, 08:07:10 PM
 #22


assuming that the hacker will "accept" a mere 1BTC.  your reason for putting up 1000BTC to begin with implies that he wouldn't.

1000 USD (not BTC) was my suggestion for what to bait a hacker with on a database server in a place where it is clear it is bait.  (in this case, you would watch both for the coins to be stolen, and for efforts made to prevent others from seeing the bait and redeeming it first).  In such a case, the hacker has probably broken in via sql injection and he is more sophisticated and knows what he is doing and why he is there.

1 BTC is what I'd suggest against protection from automated malware on a typical home PC.

i think its a good idea.  i'm gonna send 1BTC to all my computers.
Serge
Legendary
*
Offline Offline

Activity: 1050


View Profile
January 19, 2012, 08:45:07 PM
 #23

Mike or anyone else for that matter: any kind of precautions that you can recommend when going on IRC?  Are modern consumer routers with enabled firewall suffice? I remember back in dial-up days script kiddies with little know-how could do really nasty and damaging things to one's system since then I stayed away from the IRC for the sake of not exposing my hostmask, network and system to all sorts of malicious probes. Is it safer nowadays?
beckspace
Sr. Member
****
Offline Offline

Activity: 385


Aimed at Jupiter


View Profile
January 19, 2012, 08:53:41 PM
 #24

i think its a good idea.  i'm gonna send 1BTC to all my computers.

I leave baits all over. So far, no hacks. Even in old computers, no antivirus, just the usual firewall settings. (OSX and Windows).

I save a plain-text version of a private key (.txt) on my Desktop also. No hacks either.


"This house is clean." (Poltergeist)

You guys have really come up with somethin'
dayfall
Sr. Member
****
Offline Offline

Activity: 312



View Profile
January 19, 2012, 09:07:43 PM
 #25

Good god, this is brilliant.  I now realize that I have been doing this without thinking about it. 
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
January 19, 2012, 09:21:09 PM
 #26

Mike or anyone else for that matter: do you take any kind of precautions that you can recommend when going on IRC?  Are modern consumer routers with enabled firewall suffice? I remember back in dial-up days script kiddies with little know-how could do really nasty and damaging things to one's system since then I stayed away from the IRC for the sake of not exposing my hostmask, network and system to all sorts of malicious probes. Is it safer nowadays?

IRC isn't the big danger, I consider it relatively safe, unless you consider people knowing your IP to be a risk and only if they have a reason to target you.  Just knowing your IP address doesn't entice a hacker to target you at random if you're just joe anybody, but if they think you might have something they want, then it would be a risk.  The biggest risk for the average home user behind a firewall is they browse to a website that serves them something that exploits a hole in their browser (aka "drive-by download") or in a plugin (such as Adobe Flash), or they download something that contains malware.  A firewall can't stop any of that, because a firewall will let through any incoming responses to outbound requests - exactly what web surfing is.  If it stopped such responses, you wouldn't be able to use a web browser.

Any site can get you - because sometimes the exploits come through the third party stuff (like banner ads) hosted on completely legitimate websites.  As a rule, you're more likely to get hit on websites where you're looking for "something for nothing" (free porn, pirated software, the latest sex tape, etc.) where the site's existence is probably funded by the sleaziest advertising companies who turn a blind eye to exploits.  And you are less likely to get hit on sites where security is a priority - such as your bank site.  Antivirus helps protect against stale threats, but many exploits in the wild will not be detected by antivirus, a situation that will not change any time soon.

The only way to really protect yourself from that is to do all your normal web browsing on one computer that you don't care if it gets infected, or something that's easy to restore to its pre-infected condition (e.g. Live CD), and then do all your sensitive web browsing (banking, bitcoins etc) on another computer that you never use to surf the web at large.  Keeping your operating system up to date is also a prerequisite.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
Serge
Legendary
*
Offline Offline

Activity: 1050


View Profile
January 19, 2012, 09:37:37 PM
 #27

Mike, all good points for the average user regarding safe browsing

I think all bitcoin IRC users are potential targets for hackers and they already know one piece of valuable information: IP/hostmasks from IRC connection. I'm just not sure how safe router and OS firewalls to keep them blocked from local networks as you cannot keep all incoming ports closed obviously.  Maybe I'm too paranoid about it from the time back in the day when one IRC user left me a .txt note on my C drive that he was there, thankfully he was cool not to format my drive about which I heard stories from other users.

edit: and for that matter I'm obviously running Bitcoin client with 'noirc' flag
Transisto
Donator
Legendary
*
Offline Offline

Activity: 1624



View Profile WWW
January 20, 2012, 07:40:47 AM
 #28

With this AV, you really get what you pay for.

Take note : Watching the client balance is not a viable way tell if your PC is compromised, you need to have a client elsewhere that check for activity on this address and trigger an alarm.

Such a service could be very easy to set-up.

That may still be a hard sell as so many people confuse adware and most any PC failure as viruses.
This could be advertised as : for finding rootkit trojan that you can't see.
bitplane
Sr. Member
****
Offline Offline

Activity: 321

Firstbits: 1gyzhw


View Profile WWW
January 20, 2012, 06:58:10 PM
 #29

You can use ChangeDetection for email alerts when a blockexplorer.com page changes.

May as well just start doing this and advise others to do the same, it might just catch on.
cypherdoc
Legendary
*
Offline Offline

Activity: 1764



View Profile
January 20, 2012, 07:12:18 PM
 #30

You can use ChangeDetection for email alerts when a blockexplorer.com page changes.

May as well just start doing this and advise others to do the same, it might just catch on.

nice!
westkybitcoins
Legendary
*
Offline Offline

Activity: 980

Firstbits: Compromised. Thanks, Android!


View Profile
January 20, 2012, 07:37:23 PM
 #31

You can use ChangeDetection for email alerts when a blockexplorer.com page changes.

May as well just start doing this and advise others to do the same, it might just catch on.

Great link. Thanks!

Bitcoin is the ultimate freedom test. It tells you who is giving lip service and who genuinely believes in it.
...
...
In the future, books that summarize the history of money will have a line that says, “and then came bitcoin.” It is the economic singularity. And we are living in it now. - Ryan Dickherber
...
...
ATTENTION BFL MINING NEWBS: Just got your Jalapenos in? Wondering how to get the most value for the least hassle? Give BitMinter a try! It's a smaller pool with a fair & low-fee payment method, lots of statistical feedback, and it's easier than EasyMiner! (Yes, we want your hashing power, but seriously, it IS the easiest pool to use! Sign up in seconds to try it!)
...
...
The idea that deflation causes hoarding (to any problematic degree) is a lie used to justify theft of value from your savings.
TeslaUa
Full Member
***
Offline Offline

Activity: 168



View Profile WWW
June 07, 2012, 08:52:40 PM
 #32

What if you find yourself getting paid instead of robbed? How would you react on that? Wink

Also I can see it as a hackers competition ground. One announces bounty to hack a specific host with a requirement to put a hacked.bit into /root with the address to pay the bounty.

Heck, one can test-proof his system before using it for something important.
Anduck
Hero Member
*****
Online Online

Activity: 898


quack


View Profile
June 07, 2012, 09:19:34 PM
 #33

A web service where you put your address/addresses and email/sms info. If money moves out, you get notified. Would it be any good? Wouldn't need to install any software.

MoneyIsDebt
Full Member
***
Offline Offline

Activity: 180



View Profile
June 08, 2012, 07:31:30 AM
 #34

Uhm, if a thief/virus/whatever gets access to your laptop and copies your wallet.dat, he can wait five years before actually stealing your money. And you have no idea you were compromised, or when. A canary is only good if it warns you in good time before a disaster.

Sig for sale
westkybitcoins
Legendary
*
Offline Offline

Activity: 980

Firstbits: Compromised. Thanks, Android!


View Profile
June 08, 2012, 07:37:10 AM
 #35

Uhm, if a thief/virus/whatever gets access to your laptop and copies your wallet.dat, he can wait five years before actually stealing your money. And you have no idea you were compromised, or when. A canary is only good if it warns you in good time before a disaster.

If he waits too long, the keys in your wallet may have become obsolete (this assumes you only use each address once and you go through over 100 addresses before he "pulls the trigger.")

Bitcoin is the ultimate freedom test. It tells you who is giving lip service and who genuinely believes in it.
...
...
In the future, books that summarize the history of money will have a line that says, “and then came bitcoin.” It is the economic singularity. And we are living in it now. - Ryan Dickherber
...
...
ATTENTION BFL MINING NEWBS: Just got your Jalapenos in? Wondering how to get the most value for the least hassle? Give BitMinter a try! It's a smaller pool with a fair & low-fee payment method, lots of statistical feedback, and it's easier than EasyMiner! (Yes, we want your hashing power, but seriously, it IS the easiest pool to use! Sign up in seconds to try it!)
...
...
The idea that deflation causes hoarding (to any problematic degree) is a lie used to justify theft of value from your savings.
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
June 08, 2012, 08:51:13 PM
 #36

Uhm, if a thief/virus/whatever gets access to your laptop and copies your wallet.dat, he can wait five years before actually stealing your money. And you have no idea you were compromised, or when. A canary is only good if it warns you in good time before a disaster.


In a practical sense though, most thieves won't, for various reasons, the least of which is that your wallet will probably be empty at some point in five years, as you'll have switched to another client that doesn't need 6 months to download the block chain.  Of course some will wait, but this methodology isn't a 100% intrusion detection (nothing is), just a reasonable cost heuristic that will improve the detection rate meaningfully in relation to its cost.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!