If you liked this post, you may also be interested in...
- Israeli Police (Mostly) Cleared Of NSO-Related Wrongdoing While NSO Issues Legal Threats To Calcalist Over Cover-Up Claims
- Unknown American VC Firm Apparently Looking To Acquire NSO Group, Limit It To Selling To Five Eyes Countries
- Yet Another Israeli Malware Manufacturer Found Selling To Human Rights Abusers, Targeting iPhones
- Whistleblower Alleges NSO Offered To 'Drop Off Bags Of Cash' In Exchange To Access To US Cellular Networks
- Spying Begins At Home: Israel's Government Used NSO Group Malware To Surveill Its Own Citizens
Reader Comments
Subscribe: RSS
View by: Time | Thread
Just like cash
So, if you take precautions with cash, and your online bank account and credit card info, you need to take them with your BitCoins, too. A significant difference between an online bank account and your BitCoins is that you are in 100% control of all the information related to your BitCoins. You don't have to worry that after buying something from a merchant, that they'll save or leak your credit card number and its out in the wild.
Say you mine BitCoins on a Windows box that's connected up to the Internet. When you mine one, it goes to the wallet file on that machine. Get a non-networked Linux box for your "real" wallet, and transfer any mined coins from one to the other.
[ link to this | view in chronology ]
Re: Just like cash
[ link to this | view in chronology ]
well,
[ link to this | view in chronology ]
Re: well,
If people want to be safe with their coins, make a separate account for BC and put deny access to everyone else on the BC wallet file. Then you can run BC as that user and no malware you randomly decide to install will get your wallet.
If people didn't randomly install crap on their machines, they would get malware.
[ link to this | view in chronology ]
Re: Re: well,
Not saying 7 or Linux is easier to "hack" than the other, I'm saying that neither's security should be ranked based on conventions where vendors' interests are at stake more than those that wish to breach them.
[ link to this | view in chronology ]
Re: Re: well,
Would have been easier if they had connected to the network.
[ link to this | view in chronology ]
Re: Re: well,
Citation needed.
[ link to this | view in chronology ]
Re: Re: Re: well,
[ link to this | view in chronology ]
Re: Re: Re: Re: well,
The news said you were a liar. Look it up yourself.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
COINcidence? I don't think so.
[ link to this | view in chronology ]
Re: COINcidence? I don't think so.
[ link to this | view in chronology ]
Tracibility
The lack of traceability is a myth. People can follow the stolen bitcoins through the network as each transaction is public. It's going to be pretty hard for the thief to cash it out somewhere.
[ link to this | view in chronology ]
Re: Tracibility
Only if someone validates the BitCoins they are receiving against this list will they be stopped. Just like serial numbers on paper money. Unless you're looking for it, the 'cash' is just 'cash'.
[ link to this | view in chronology ]
Re: Re: Tracibility
That does little good if 25,000 people receive a bitcoin from this thief - it doesn't mean that those 25,000 people become thieves, just as a store clerk receiving a stolen $20 bill in return for groceries doesn't make them a thief.
[ link to this | view in chronology ]
Bitcoin should require a password after selecting an 'account number'.
So you have all these bitcoin account numbers and you select one. You shouldn't just willy nilly be able to select an account number and then suddenly transfer bitcoins from one account to another. A password should be required and that password should be the password required to decrypt the necessary information to transfer bitcoins.
Sure, most people will likely choose easily crakable passwords, and bitcoin should give some advice on recommended password parameters, but at least it slows down the process of malicious bitcoin transfers by third party software, which could give a later alerted user time to transfer his bitcoins to an uncompromised account before the password is cracked.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
You can always encrypt the wallet file, store it offline, or send your bitcoin to a website that "stores" them for you (mybitcoin.com for example)... but that doesn't stop the fact that stored bitcoin can be taken from your machine if you don't protect it somehow.
[ link to this | view in chronology ]
Re: Re:
Of course, but you assume that all cases of malware intrusion are succeeded by someone typing in all of their bitcoin passwords before discovering the intrusion.
Also, a password can deter someone with physical access to the computer from simply copying the file over and getting easy access to that information. It gives time for users who periodically transfer money from account to account for security reasons to do so or to discover the intrusion and transfer the money before anything gets cracked. More work is needed to gain access to those coins, that extra work will act as a thief deterrent, and people will weigh the work necessary to steal those coins with the work necessary to earn them.
Also, malware creators will need to extend more work creating an appropriate keylogger to work with the data transfer software (or if it's a general keylogger they have to spend lots of time looking through the logs, especially if they are looking through the logs of hundreds of users, and by then many of those users could discover the intrusion and transfer the money to another safer account).
It's like a lock on a door. It won't keep a determined criminal out by any stretch of the imagination, but it's enough to deter many criminals.
[ link to this | view in chronology ]
Re: Re: Re:
It's important to note that the bitcoin software is not necessarily a single program - anyone can create their own "secure" bitcoin program if they want (it's open source)... so this problem is likely to solve itself as people actually care enough to do it.
There's no central authority involved here, so trying to say what they "should do" is sort of pointless, as no one person, or group of people is necessarily responsible for how bitcoin is stored or managed.
[ link to this | view in chronology ]
Re: Re: Re: Re:
I know.
"There's no central authority involved here, so trying to say what they "should do" is sort of pointless, as no one person, or group of people is necessarily responsible for how bitcoin is stored or managed."
'They' refer to the bitcoin client developers, and there is a point, to point out the need to create such security features. Yes, they will likely be created anyways, but I was just making a suggestion for discussion purposes since such a suggestion is relevant to the OP.
[ link to this | view in chronology ]
Re: Re: Re: Re:
Yes, but general key logs are a time consuming pain to analyze, especially when you have hundreds of them, such extra needed work acts as a deterrent and gives alerted users time to transfer the money to other accounts before it gets stolen.
[ link to this | view in chronology ]
Re: Re:
Yeah, but in order to transfer data, at some time that file needs to be decrypted, and a keylogger can monitor the password necessary to decrypt it. So your 'solution' suffers the same shortcoming just as well.
[ link to this | view in chronology ]
Re: Re: Re:
I don't know about you, but I keep my money in multiple locations - some easy to get to (my actual wallet), some in a safe (locked in my house), and some in my bank account (obviously protected by the institution itself).
That way if someone mugs me in the street, they only get what's in my wallet at the time. If someone breaks into my house (and somehow figures out my safe combination - perhaps because they somehow saw me use it through a window or something), they still don't get what's in my savings account.
Anyone can do the same with bitcoin, they just tend to be lazy because it's "convenient" to just keep it all in one place, on their trusty, secure computer.
[ link to this | view in chronology ]
Re: Re: Re: Re:
Implementing client based password protection and the above aren't two mutually exclusive possibilities.
[ link to this | view in chronology ]
The protocol for the bitcoin system is pretty much unbreakable
[ link to this | view in chronology ]
[ link to this | view in chronology ]