/biz/ - Business & Finance

>>7313317
actual link pls

>>7313348
https://cointelegraph.com/news/newly-discovered-vulnerability-in-all-ledger-hardware-wallets-puts-user-funds-at-risk

old news

>>7313371
>31 min ago
>old news

yeah ok you fucken nerd

fucking kill yourself, stupid cunt

>inb4 le ledger was never secure im so smart lolololol
just fuck off you absolute retard

>>7313317
lol just double check the address before you send, retards

saw this yesterday. if you arent a complete brainlet and check your receiving addresses you're fine.

This is nothing new, there is no way for ledger to force users to check the address on the device screen prior to receiving, though they probably should do more to advertise the feature since it is critical for safe receiving on any hardware wallet.

Oh and the feature doesn't even work for Segwit wallets, so there's that....

I thought you were supposed to check the address on the ledger before confirming anyway? Why is this even news lol

If you’ve got man in the middle/browser you can be fucked a million different ways from Sunday - yet you pick the easiestly mitigated example.

Great its not ledgers fault for not alerting a change of address. And the user has to go an extra step to show it too? A simple alert notifying you that address is different from previous transaction should be an auto prompt before accepting/receiving funds.

>>7313412
Literally double check addresses, the title is extra fuddy to generate views as if every hw wallet is getting drained right now

>>7313586
The address will be different from last it doesnt reuse addresses

>>7313607
Unfortunately that feature isn't available for Segwit wallets or a number of altcoins...

>>7313317
Major vulnerability, exit while you can

Ledger, when operating a secure system is too hard for you.

>>7313735
No reason not to use a ledger on top of a secure system. Unless you have manufactured your own hardware chip to isolate your keys and sign transactions....

>>7313801
>No reason not to use a ledger on top of a secure system. Unless you have manufactured your own hardware chip to isolate your keys and sign transactions....

Im signing my transactions offline. My non-mainstream os (no, not linux) won't execute anything that's on the usb key.

10/10 attacks are just browser or email anyways.

hw wallets were never gonna protect you against your OS being compromised. always make sure to use the same address when receiving and always check the address you're sending to. this is the only way to ensure you don't get fucked, and if you weren't doing this you didn't really gain any security advantage from using a hw wallet at all.

>>7313317
lol the FUD is at it's peak.

later USA will ban exchanges, merkel will personaly piss on bitcoin and macron will order the national french bank to buy all bitcoins available and sell at 100$.

>>7313917
it's almost as if hw wallets were more convenient than using a secondary offline computer and always signing offline

>>7313317
ooh its hardware wallet FUD again

kys

>>7313317
>Chad in a hoodie
>aNonnymoos sticker
>h a c k e r c o d e
Sage

It actually is a bit old, this article came out surprisingly late.

That being said, you're only as safe as the computer you're plugged into.

If you aren't using NoScript and scanning every file you download you're part of the problem.

>>7313355

>Cointelegraph

Fuck me dead that's the last straw, the amount of FUD that comes out of this website is ridiculous. I'm dropping these cunts for good and I recommend everyone do the same.

>>7314125
Dropping? From what? Are they on your RSS feed or something?

>>7314100
This
>tfw uBlock,uMatrix,Tampermonkey, no cookies and no browsing history
Protect ya neck, niggers

>>7313716
don't worry, price is locked in at $20000

>>7313981
>it's almost as if hw wallets were more convenient than using a secondary offline computer and always signing offline

It's also more transparent and KISS while hw wallets are blackboxes you need to trust some vendor with.

nice FUD fuckstick

>>7314331
What's KISS?

>>7314153

Dropping them from my radar of reputable crypto news sites

yesss.. more FUD in times like these. you think the price will tank further? lmao

>>7313449
>just double check the address
I'm amazed people don't do this. I'm so paranoid about a random type of c/ping wrong address I autistically double check about 6 times before I send anything.

>>7314421
>What's KISS?

Keep it simple stupid - if you know every aspect of your setup, there is almost no room for error. Nobody really knows what is exactly inside that ledger blackbox. If you connect it to an already compromised computer, there will always be attack vectors, be it attacking the ledger itself via usb or intercepting/mitm the data. Cold wallet is as simple as it can get and offline signing might seem inconvenient, but at the same time it's fully transparent and simple.

>>7314125
I was in their telegram channel for a little while and their posts were nothing but sponsored shit and fud. Dropped.

>>7314752
Thanks. Offline RaspPi master race here btw

So why use a hardware wallet over paper other than "muh gadgets"?

>>7314884
it's far easier to sign transactions.

>>7314884
also the other way to generate a seed safely is to have a separate offline computer and then to print the paper wallet you'd need a permanently offline printer too. It's easier to just get a hardware wallet.

>>7313317
yeah I'm shaking right now

>>7314985
Permanently offline computer to remain inside a faraday cage at all times, write the key or seed down.

But then you can't get the wallet software onto the computer, unless you use a flash drive which could be infected.

Ledger is the only way, right?

>>7313317
Double check address before sending to totally avoid this issue. Already do that. LITERALLY NOTHING. KYS FAGGOT.