/biz/ - Business & Finance

File: 66 KB, 1068x1063, ledger-wallet-1068x1063.jpg [View same] [iqdb] [saucenao] [google]

PSA: Ledger Wallets Not Secure Anonymous Sat Feb 3 14:51:32 2018 No.7262755 [Reply] [Original]

>https://news.bitcoin.com/ledger-addresses-man-in-the-middle-attack-that-threatens-millions-of-hardware-wallets/

>>	Anonymous Sat Feb 3 14:53:15 2018 No.7262804 > bitcoin.com > roger ver

>>	Anonymous Sat Feb 3 14:57:44 2018 No.7262932 File: 6 KB, 250x250, smugdoka.jpg [View same] [iqdb] [saucenao] [google] >>7262755 >glorified usb stick

>>	Anonymous Sat Feb 3 14:59:48 2018 No.7262975 File: 3.83 MB, 3024x3344, 1490724276007.jpg [View same] [iqdb] [saucenao] [google] >>7262755 trezor again on top. superior security. superior locking mechanism.

>>	Anonymous Sat Feb 3 15:01:19 2018 No.7263014 >not using an airgapped pc and communicating through qr codes

>>	Anonymous Sat Feb 3 15:02:05 2018 No.7263043 >>7262975 whoops! we stored your seed on memory in plaintext https://ether.direct/2017/08/18/frozen-trezor-data-remanence-attacks/

>>	Anonymous Sat Feb 3 15:04:18 2018 No.7263089 >Check that send address on nano s display matches in app address >That was hard Also who is dumb enough to download malware onto their computer

>>	Anonymous Sat Feb 3 15:04:41 2018 No.7263098 >>7262755 >malware can change the address that is sent to the device for signing no shit, this can happen to any wallet. thats why you verify the address on-device

>>	Anonymous Sat Feb 3 15:05:04 2018 No.7263110 File: 81 KB, 720x757, BCASH.jpg [View same] [iqdb] [saucenao] [google] >>7262755 >roger-ver.com No thank you.

>>	Anonymous Sat Feb 3 15:05:30 2018 No.7263120 this is why i keep all my coins on yobit. most secure exchange out there

>>	Anonymous Sat Feb 3 15:06:53 2018 No.7263152 >>7263043 already fixed

>>	Anonymous Sat Feb 3 15:07:24 2018 No.7263169 >>7262755 >not buying a trezor >>7263043 >exploit fixed in under 2 weeks >attackers would have needed access to the physical device

Anonymous Sat Feb 3 15:07:50 2018 No.7263178

>>7262755
>look at the actual transaction you're signing

No fucking shit, morons. How has this not occurred to you people before?

This is not a vulnerability with the wallet itself, it's just a fact of the tech. Always look at the transaction you're signing, don't just do it blindly.

Fuck out of here.

>>	Anonymous Sat Feb 3 15:08:36 2018 No.7263198 >>7263169 ledger fags can get fucked remotely. a feature not a bug.

>>	Anonymous Sat Feb 3 15:08:50 2018 No.7263206 >>7262975 It affects trezor too, you dunce. As >>7263098 said it affects all wallets. This malware has been around for a while, this is not new. Always double check the address when sending any funds.

Anonymous Sat Feb 3 15:14:25 2018 No.7263378
File: 105 KB, 900x1200, DPMm_KlXkAAUuu6.jpg [View same] [iqdb] [saucenao] [google]

>>7262932
>plug in USB drive
>open jpg of a screenshot of a secret key
>fill tooth bear plane
>type one character randomly at a time until secret key is complete, use mouse to randomize cursor placement
>f o a p
>fl oh ar pl
>fll oth bar pln
>fill ooth bear plan
>fill tooth bear plane
>keyloggers can't intercept your brain entropy
>more secure than ledger/trezor/etc

Anonymous Sat Feb 3 15:15:45 2018 No.7263416

>buy usb key
>download veracrypt
>format and encrypt usb key using SHA-512
>save passwords, keys, seeds and offline wallets on encrypted partition
>create redundant backups

The above costs the price of the usb and is infinitely more secure than a ledger

>>	Anonymous Sat Feb 3 15:17:14 2018 No.7263465 >>7263378 some keyloggers can relay mouse cursor movement points so this isn't necessarily as safe as you think it would just take a little effort to work out, but the hacker would have all required data

>>	Anonymous Sat Feb 3 15:37:07 2018 No.7263992 stupid thread, the ledger can't detect if a virus is running on your PC that's up to you, swapping the receiving address with the attacker's is something that can be done on literally any wallet software or otherwise

>>	Anonymous Sat Feb 3 16:17:55 2018 No.7265022 File: 16 KB, 480x360, comfypepe.jpg [View same] [iqdb] [saucenao] [google] >>7262755 >tfw you keep each coin daemon in its own Qubes Whonix VM with no other software installed have fun getting pwned by malware on your insecure-by-design OS, Winbabbys

>>	Anonymous Sat Feb 3 16:19:30 2018 No.7265068 besides the extremes at either end of a spectrum, the ability of a thief will always be greater than that of the ability of a locksmith. its just the basics of the system

Advanced search
Text to find
Subject [?]Search by post subject. Leave empty for any.
Username [?]Search for user name. Leave empty for any user name.
Tripcode [?]Search for tripcode. Leave empty for any.
Email [?]Search by email. Leave empty for any.
Filename [?]Search by image filename. Leave empty for any.
From Date [?]Enter what date to start searching from. Format is YYYY-MM-DD
To Date [?]Enter what date to start searching until. Format is YYYY-MM-DD
Image hash
Search in	All Posts OPs Only
Deleted posts	Show all posts Show only deleted posts Only show non-deleted posts
Internal posts	Show all posts Show only internal posts Show only archived posts
Order	New posts first Old posts first
Capcode	All Posts Only by Users Only by Mods Only by Admins Only by Developers
Results	Posts Threads
Action	[ Simple ]