Results 1 to 8 of 8
  1. #1
    sweetbet's Avatar
    sweetbet is offline Public Member
    Join Date
    November 2012
    Posts
    2,819
    Blog Entries
    5
    Thanks
    898
    Thanked 1,576 Times in 1,087 Posts

    Default Critical Electrum vulnerability

    If you are using the Electrum wallet, then you might want to visit the following thread.
    https://bitcointalk.org/index.php?topic=2702103.0

  2. The Following User Says Thank You to sweetbet For This Useful Post:

    TheGooner (8 January 2018)

  3. #2
    Sherlock's Avatar
    Sherlock is offline Public Member
    Join Date
    December 2013
    Location
    WC
    Posts
    4,163
    Thanks
    1,256
    Thanked 3,264 Times in 1,817 Posts

    Default

    It does not affect users who have set password.
    We are all bloodsucking ticks, hungry, devious
    each one latched on to the ass of the previous
    when the last and the first latch on it can be shown
    ass-blood sucked by the first from the last is his own

  4. The Following 3 Users Say Thank You to Sherlock For This Useful Post:

    Cash Bonus (8 January 2018), MMM (7 January 2018), sweetbet (7 January 2018)

  5. #3
    DaftDog's Avatar
    DaftDog is offline Private Member
    Join Date
    October 2008
    Posts
    1,893
    Thanks
    534
    Thanked 660 Times in 380 Posts

    Default

    Quote Originally Posted by Sherlock View Post
    It does not affect users who have set password.
    Apparently that is not true. See update one in OP's link.

  6. #4
    wonderpunter's Avatar
    wonderpunter is offline Private Member
    Join Date
    August 2013
    Posts
    2,512
    Blog Entries
    5
    Thanks
    402
    Thanked 1,680 Times in 1,008 Posts

    Default

    Anyone with a significant amount of btc should be using a hardware wallet anyhow, but also a password.. people still leave financial tools open without pass?

  7. The Following User Says Thank You to wonderpunter For This Useful Post:

    Cash Bonus (8 January 2018)

  8. #5
    Cash Bonus's Avatar
    Cash Bonus is offline Private Member
    Join Date
    May 2014
    Posts
    3,980
    Thanks
    8,260
    Thanked 2,472 Times in 1,761 Posts

    Default

    Quote Originally Posted by wonderpunter View Post
    people still leave financial tools open without pass?
    Yes, you're absolutely correct, and all very much too often, unfortunately

  9. #6
    Sherlock's Avatar
    Sherlock is offline Public Member
    Join Date
    December 2013
    Location
    WC
    Posts
    4,163
    Thanks
    1,256
    Thanked 3,264 Times in 1,817 Posts

    Default

    Quote Originally Posted by wonderpunter View Post
    Anyone with a significant amount of btc should be using a hardware wallet anyhow, but also a password.. people still leave financial tools open without pass?
    I do not trust HW wallets for anything else than hot or tepid wallets. Have you seen the HW keyloggers in keyboards, cable extensions and so on? IMO just a matter of time until someone adds something like that into the plastic box between the HW wallet and microUSB jack for example. The attacker then does not collect some random data. He knows that all data and keystrokes on HW wallet are significant.

    With open source wallets there is just one attack vector - just the software; with HW walets there are two.
    We are all bloodsucking ticks, hungry, devious
    each one latched on to the ass of the previous
    when the last and the first latch on it can be shown
    ass-blood sucked by the first from the last is his own

  10. #7
    wonderpunter's Avatar
    wonderpunter is offline Private Member
    Join Date
    August 2013
    Posts
    2,512
    Blog Entries
    5
    Thanks
    402
    Thanked 1,680 Times in 1,008 Posts

    Default

    Quote Originally Posted by Sherlock View Post
    I do not trust HW wallets for anything else than hot or tepid wallets. Have you seen the HW keyloggers in keyboards, cable extensions and so on? IMO just a matter of time until someone adds something like that into the plastic box between the HW wallet and microUSB jack for example. The attacker then does not collect some random data. He knows that all data and keystrokes on HW wallet are significant.

    With open source wallets there is just one attack vector - just the software; with HW walets there are two.
    But trezor smart pin is immune to keyloggers it changes every time, the logger would alo need a spy camera to catch the screen realtime which would change on the next use anyhow

  11. #8
    Sherlock's Avatar
    Sherlock is offline Public Member
    Join Date
    December 2013
    Location
    WC
    Posts
    4,163
    Thanks
    1,256
    Thanked 3,264 Times in 1,817 Posts

    Default

    What I am trying to tell is that you just trust to some people that it really is as they say it is. I am not telling the hw wallet can be spied by keylogger. I am saying (for example) the wallet itself can have keylogger inside of it. How do you know what exactly is inside of your HW wallet? The software wallets is under constant reviews. The software of opensource HW wallets is as well, but who is checking the hardware of every piece?<br><br>The guy who is doing my IT security confirmed me that security of HW wallets is overhyped and that he does not trust the HW wallets for the reason above. HW wallets are significant improvement of security, but it is not a perfect solution for storing big money.
    We are all bloodsucking ticks, hungry, devious
    each one latched on to the ass of the previous
    when the last and the first latch on it can be shown
    ass-blood sucked by the first from the last is his own

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •