-snip-
I once tried to start a MLM business. I was told at one of the meetings that pertaining to my back office is important information about my business. My business involves money and I would not leave my banks website without signing out of my account, therefore, I should not leave my back office without signing out of my account.
That is sound advice, but the reason for this is that someone could physically sneak into your office and could access information if you do not lock the system and/or log out of critical services.
The hackers know the code for the network. The hackers know the sites that are the most popular and would have the most coins.
So does everybody else. Bitcoin is open source and many services have a publicly known cold storrage address to proof solvency. There are also Satoshis coins, the FBI had some, etc. There even is a list somewhere for addresses with the most coins.
The hackers would not need very much to take and bust through the sites firewall
I doubt that. Attacks on systems typically are not the "bust through" kind, but more the "finding a tiny hole and poke around in it until you get a foot in" kind.
and look around for those users who did not sign out of an account. I do not suppose it would take a hacker too much longer from this point to wipe the site clean of coins. Is this possible?
Sure its possible, but this would typically require some sort of vulnerability that is either not commonly known or not fixed.
I am going to be taking better precautions and start signing out of my accounts at each site.
Thats good, but that will only help against some very specific attacks.
If there is a chance my theory is correct, or that I am on the correct path of figuring out how these sites are being hacked, I think everyone in the network should be informed of this and begin taking precautions also.
I hope I posted this in the correct spot. I do not think this post fits anywhere else. I think everyone who uses the BTC network should take better precautions, because this is money we are talking about. These users would not leave a banks website and not log out of their account. Most bank websites have an auto sign out when the page is closed out, or there is a certain amount of time that the page is open and there has been no activity by the user.
If it is something as simple as making these small changes to protect these sites and out investments/hard work in the future then we need to start making these changes and making them now.
Thank you for reading. I am sorry this post was quite long. Any insights from those who know a bit more about Internet and Network security would be greatly appreciated.
IMHO the best you as a user can do to make sure accounts are safe is to make sure your account(s) and machine(s) are safe. Make sure you have strong and unique passwords for every service you use. Use a password manager to help you with that. No one expects you to memorize 20+ strong passwords. There are portable and open source solutions like keepass2 that work on every common OS. Use 2 factory authentication when possible so you have an extra layer of protection in case your password gets compromised regardless. Make sure you keep your online system updated with the latest patches. Be careful about the software you download and install. Almost all infected systems I had to clean in the last years have been infected due to user interaction. Be careful when opening mail attachments. If you store significant amounts of bitcoins, use cold storrage. Paper wallets, an old laptop, etc. Do not keep them with a service, no matter how reputable they are unless you have a very good reason (e.g. daytrading) and understand the risks involved.
