Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Trojan Goes After Bitcoins

Soulskill posted more than 3 years ago | from the strict-inevitabilities dept.

Bitcoin 344

Orome1 writes "Bitcoin has definitely caught the attention of criminals. Even though it has been calculated that the use of botnets for Bitcoin mining is still not quite as lucrative as renting them out for other purposes, targeting people who have them in their digital wallets is quite another matter. Symantec researchers have spotted in the wild a Trojan dedicated to this specific purpose. Named Infostealer.Coinbit, it searches for the Bitcoin wallet.dat file on the infected computer and sends it to the criminal(s)."

cancel ×

344 comments

Sorry! There are no comments related to the filter you selected.

mugging (5, Insightful)

x6060 (672364) | more than 3 years ago | (#36474438)

Imagine that. Storing values that represent "Money" in a plaintext file was a bad idea. Who would've thunk... =\

Re:mugging (5, Funny)

cgeys (2240696) | more than 3 years ago | (#36474490)

Well, it's open source. You can improve it yourself.

Re:mugging (2)

x6060 (672364) | more than 3 years ago | (#36474606)

I would worry about ANY attempt at a form of open currency that was released with such a gaping hole as "If someone grabs this single file off my computer then they have all my money..." It doesn't matter if it's open or not.

Re:mugging (1)

Anonymous Coward | more than 3 years ago | (#36474708)

Welcome the notion of public key cryptography. If someone steals the private key, they can then steal/impersonate anything based upon that. Same issue that RSA had with their symmetric keys getting lose recently.
The easy and bullet-proof solution for bitcoin is to have a "savings" account wallet you store offline. A neat feature of bitcoin is that you don't need your wallet to add money to it (just to remove money from it). And the wallet is a very small file. You can put it on a floppy, cd, or any secure location or even multiples as backups.

Re:mugging (0)

Anonymous Coward | more than 3 years ago | (#36474880)

Multiples usually cost extra.

Re:mugging (1)

bennomatic (691188) | more than 3 years ago | (#36474932)

What's a floppy?

Re:mugging (2)

jeffmeden (135043) | more than 3 years ago | (#36474998)

Something a would-be thief would likely not even recognize as being able to store a high-virtual-value item such as a bitcoin wallet. Consider it the equivalent of stashing your money in a cookie jar.

Re:mugging (0)

Anonymous Coward | more than 3 years ago | (#36475012)

Your girlfriend told me it's YOU.

so ? (1)

unity100 (970058) | more than 3 years ago | (#36474734)

how is it any different in real life ?

Re:so ? (0)

Anonymous Coward | more than 3 years ago | (#36474850)

in real life, federal law states that as long as I report my card info as being stolen within three days of my discovering that it has been stolen (not within three days of the actual theft, note) then I'm only liable for the first $50.

of course that requires governmental oversight of commerce, which the lolbertarians behind buttcoin strongly oppose, so...

Re:so ? (2)

unity100 (970058) | more than 3 years ago | (#36474890)

thats a credit card. a credit card is not money. in real life, if your money is stolen, it is stolen.

Re:so ? (0)

Anonymous Coward | more than 3 years ago | (#36474944)

okay, then in real life, people halfway across the world can't steal my paper cash money electronically through my computer just because I went to a dodgy website with an insecure web browser

captcha: "taxable". hahahahahahaha

Re:so ? (1)

jeffmeden (135043) | more than 3 years ago | (#36475074)

thats a credit card. a credit card is not money. in real life, if your money is stolen, it is stolen.

In real life, if your money is money (as in paper currency) you need a safe in order to consider it, well, safe. Otherwise, yes, its pointless to think that bitcoin is any less secure than having cash around. But hmm, we did think up some "alternative" to requiring anyone who wishes to participate in the currency economy to obtain and store paper currency... If only I could remember what it was...

Re:so ? (2)

NiteMair (309303) | more than 3 years ago | (#36475326)

You mean those institutions that take your money and then reinvest it to make money for themselves - occasionally causing an economic collapse that decreasing the value of your money drastically? They also happen to keep a pretty handy record of every transaction so that governments can see what you've been up to with your money...

Yeah, I can't see why anyone might be searching for an alternative form of currency.

Re:so ? (1)

icebraining (1313345) | more than 3 years ago | (#36474912)

That's if you have a card. Bitcoins wallets are like cash, not cards.

Re:so ? (1)

MyFirstNameIsPaul (1552283) | more than 3 years ago | (#36474966)

You store your cash on a card? How do you do that? I think what GP was trying to say is that if you store all your cash in your house or on your person, it's much more likely to get stolen than if you store it in a bank, which is what most people do.

Re:so ? (0)

Anonymous Coward | more than 3 years ago | (#36474866)

It's not. Put your savings in a secure savings account. Don't walk around with it all in your back pocket or under your mattress.

Re:so ? (1)

unity100 (970058) | more than 3 years ago | (#36474952)

you can also put your bitcoins in an OFFLINE computer. or flashdisk. or a secure 'bank' that will keep them.

Re:so ? (0)

Anonymous Coward | more than 3 years ago | (#36475252)

It works, but then you need to go online to use it.

or a secure 'bank' that will keep them.

Yeah, that sure sounds legit.

Re:so ? (0)

Anonymous Coward | more than 3 years ago | (#36474876)

I don't keep all of my money in one location. Some is in my wallet, some in various accounts, some in the mattress, etc. You can't steal it all at once.

Re:so ? (1)

unity100 (970058) | more than 3 years ago | (#36474978)

you can do the same with bitcoin. you can have numerous wallets, keep them all in different places, even offline computers/flashdisks.

Re:so ? (1)

jeffmeden (135043) | more than 3 years ago | (#36475124)

I can if I devalue it to the point of uselessness! Muahahahahahah

Yours in deflation,

Kilgore T Krugerrand

Re:mugging (1)

erroneus (253617) | more than 3 years ago | (#36475042)

Agreed. Seems pretty obvious that the file should actually be comprised of two parts where one is kept on a removable storage device and the other can be on your local machine(s). That wouldn't be "THE Answer" but it it would be better than this.

I think that a lot of these types of problems will emerge and Bitcoin will be redesigned and rebooted.

Re:mugging (1)

Bert64 (520050) | more than 3 years ago | (#36475230)

Any currency works like that...
If someone grabs your cash then they have all your money with traditional currency too.
You need to take the same precautions with bitcoin too.

Re:mugging (1)

LocalH (28506) | more than 3 years ago | (#36475322)

As opposed to "If someone grabs this single wallet out of my pocket then they have all my money". Sure, PINs and the like, but still the situation is similar.

Re:mugging (3, Insightful)

NeutronCowboy (896098) | more than 3 years ago | (#36474542)

No kidding. I always thought that the actual money file was encrypted, and could have an arbitrary name. You know, like a truecrypt volume file. Then I find out it's by default a text file hanging out on your computer. Fine and dandy if you have 100% control over your computer at all times, but we all know that's never the case. And judging by the passwords people use, it will be easy to brute force most passwords.

Somehow, I think bitcoin is going to flame out in a rash of digital thievery when criminals realize that it is easier to steal someone's bitcoin file than it is to mine it or even look for credit card info.

Re:mugging (-1, Troll)

Mindcontrolled (1388007) | more than 3 years ago | (#36474640)

So can we finally settle on the fact that bitcoin is not only bullshit, but obviously plain stupid bullshit and move on, stopping with the spam about a meaningless circlejerk by some basement dwellers that have no clue about economics, except for maybe profiteering from a ponzi scheme?

Re:mugging (0)

Anonymous Coward | more than 3 years ago | (#36474686)

The only way Bitcoin is going away is if somebody invents a better way to send money over the internet to drug dealers.

Or am I the only one who noticed that the BTC -> USD rate quintupled after Silk Road hit the mainstream media?

Re:mugging (1)

hedwards (940851) | more than 3 years ago | (#36474750)

I haven't been following it that closely, the Time To Lulz is just not suitable for spectating. I'd chalk that up to people having a ZOMG I can actually do something with this pseudo currency reaction. It's probably the only sane reaction I've seen to Bitcoins, if you buy some, to spend, then you're not likely to get burned. Assuming you don't go stupid and stalk up on them for the long term.

Re:mugging (0)

Anonymous Coward | more than 3 years ago | (#36474948)

I was going to stalk up on BitCoin but they hit me with a restraining order for "stocking". I attribute it to hosiery discrimination!

Re:mugging (0)

Anonymous Coward | more than 3 years ago | (#36475222)

Assuming you don't go stupid and stalk up on them for the long term.

I'm sneaking up on your bitcoins.

Re:mugging (5, Insightful)

rcs1000 (462363) | more than 3 years ago | (#36474768)

Bitcoins may well be worthless, but they are in no respect a Ponzi scheme. Ponzi schemes have to grow geometrically to continue in existence, which is why they quickly get destroyed after a few iterations. Bitcoins in circulation, on the other hand, grow at an increasingly slow pace. Similarly, Ponzi schemes have a 'promoter'.

The whole purpose of the bitcoin ecosystem is that it is something electronically transferrable (anonymously), yet fundamentally limited in its number.

Now: they could easily be a complete fraud - with the number of bitcoins in circulation being far more than claimed. However, if the claims for the limitation of their number in circulation are true, then they could easily become a store of value, in that any fiat currency (or indeed gold itself), has value because choose to believe it.

Or to put it another way: if people wish to assign bitcoins value, they can. Likewise, they can choose not to.

Re:mugging (0)

Mindcontrolled (1388007) | more than 3 years ago | (#36474902)

I'll admit to the fact that bitcoins are not a ponzi scheme as soon as I get an open admission that neither is social security by one of the notorious conservatrolls here.

Re:mugging (0)

Anonymous Coward | more than 3 years ago | (#36475280)

Social Security is in no respect a Ponzi scheme. Ponzi schemes have to grow geometrically to continue in existence, which is why they quickly get destroyed after a few iterations. Social Security on the other hand is prevented from growing geometrically because the population isn't growing fast enough, and yet it is slatted to keep going strong forever... ...

Wait, what do you mean "Social Security can't continue at its current pace"? Surely there are enough stupid kids working to pay retirees. "There isn't"? Huh, I guess I got nothing.

Re:mugging (4, Insightful)

Pope (17780) | more than 3 years ago | (#36475078)

It's still a pyramid scheme, as has been commented dozens of times on all the previous articles about BitCoins. Early adopters get the easiest blocks to solve, making them the most coins for the least effort? As more people join, the effort goes up geometrically, meaning more effort has to be put in to realize lesser gains? A very few people at the start control a huge number of the BitCoins? It's a fucking pyramid scheme of the highest order. And it makes me laugh my ass off over the fools who can't see it for what it is and drop thousands or tens of thousands of real dollars on it.

Re:mugging (1)

rcs1000 (462363) | more than 3 years ago | (#36475200)

No: you don't get it.

A Ponzi scheme involves earlier investors being paid by later investors.

The whole point of bitcoins is that their number is mathematically limited. They may - or may not - have value depending on whether people attribute value to them. Their number increases, but slowly (the very opposite of a Ponzi scheme).

In a Ponzi scheme, a central promoter tells people their investment is worth x. On the contrary, with Bitcoins, the only value they have is what someone else will pay for them. And the fact that their number is mathematically limited means people *may* attribute value to them.

Now: there is clearly a demand for a currency which allows electronic, anonymous transfers. And there is clearly demand for a currency, where the government cannot devalue its real worth by printing as many as they want.

But, there is a corollary. And that is that, unbacked by the government, and being basically illiquid, you are making an enormous bet that other people will in the future choose to attribute a value to a very large number.

I am much, much less sceptical of bitcoins than many on here. But that does not mean I own any. I'm not that brave...

Re:mugging (1)

cHiphead (17854) | more than 3 years ago | (#36475266)

Isn't every monetary system a pyramid scheme in that respect?

Re:mugging (3, Interesting)

tbannist (230135) | more than 3 years ago | (#36475092)

I don't think Bitcoin is a ponzi scheme [wikipedia.org] . It's not really an investment scheme at all. It's closer to a pyramid scheme [wikipedia.org] or possibly a just a simple con. After all, the more people "mining" Bitcoins, the less productive mining Bitcoins becomes. The early investors got Bitcoins faster and cheaper and as demand rises they can sell their Bitcoins that cost less to make for the same amount as the later, harder to make Bitcoins.

Re:mugging (1)

icebraining (1313345) | more than 3 years ago | (#36474946)

You could encrypt the wallet, but with what? A password? Offline encryption is too cheap. A key file? But then if you keep that key file in the machine, you gain nothing.

There's no really effective security that the bitcoin program could apply; you need to copy the wallet off the machine.

Re:mugging (0)

Anonymous Coward | more than 3 years ago | (#36475096)

Money file doesn't contain money. It just contains public-private key pairs. Just like RSA's recent failure or if someone swipes your PIN and card, if someone steals the one thing you were supposed to keep safe, all bets are off.
You don't actually need the file to add money to your account, so people should just keep their savings wallet in an offline/secure location.

Re:mugging (1)

DrXym (126579) | more than 3 years ago | (#36475206)

Well it's not a text file, it's a Berkeley DB file but same difference. It's shoddy design and it would have been apparent to anyone who spent a few minutes looking at the state of the source code.

Re:mugging (2)

Joce640k (829181) | more than 3 years ago | (#36474630)

I, for one, was totally stunned by that. WTF were they thinking? If the rest of Botcoin is as security-minded as this then it's sunk before it even goes anywhere.

Re:mugging (2)

petermgreen (876956) | more than 3 years ago | (#36474790)

If someone has access to your user session then encrypting your wallet it is only going to make the attackers life slightly harder since you will need to supply the software with a password to decrypt it at some point.

There isn't really any good soloution to this other than moving the wallet completely off the machine that is running an insecure general purpose OS onto a limited function device.

Re:mugging (1)

Yvanhoe (564877) | more than 3 years ago | (#36474822)

Just as bas as printing this money on paper. What a ludicrous idea.

Re:mugging (1)

x6060 (672364) | more than 3 years ago | (#36474964)

Except that I can physically secure paper. And stealing it requires a physical confrontation (Something criminals want to avoid at all costs). Also, you cant really automate mugging people on the street.You CAN automate stealing bitcoins. While if I have bit coin I can be sitting on my computer, just browsing the internet and poof, all my bitcoins are gone, and i might not even know till I try and use them next.

Re:mugging (1)

Yvanhoe (564877) | more than 3 years ago | (#36475132)

The idea that you can't secure a computer to make it impervious to non-physical attacks is the biggest fraud of the 21st century.

Re:mugging (0)

Anonymous Coward | more than 3 years ago | (#36475182)

Hey, here's an idea. Put the bitcoins in a TrueCrypt vault. Put the TrueCrypt vault on a USB stick. Put the USB stick on a chain and hang it around your neck. Problem solved. God, I must be a genius.

Another visitor! (2, Informative)

Anonymous Coward | more than 3 years ago | (#36474444)

Next up: Guy pays for burger with Bitcoin.

Can we stop the Bitcoin stories already?

Re:Another visitor! (0)

sakdoctor (1087155) | more than 3 years ago | (#36474554)

That isn't going to happen. Didn't you notice that bitcoin has it's own slashdot icon?
These slashvertisments are here to stay.

Re:Another visitor! (5, Insightful)

infodragon (38608) | more than 3 years ago | (#36474814)

As much as the Bitcoin stories are getting a little much we are seeing the birth of something completely new; A medium of exchange that is independent of any government. The criminal/socially unacceptable elements are legitimizing the currency by applying value. Anything that enough humans apply value to will become valuable. The primary value of gold is that many people ascribe value to it and wish to possess it. If you buy gold on the markets you pay a storage fee because there are not enough commercial applications of gold to make storage profitable. Silver, platinum, copper... They all pay a bit if you buy contracts. The only purpose of gold then is to provide a medium of exchange.

Bitcoin is something similar in that a very large group of people are beginning to value the electronic currency, thus it has value. The context of the source of that valuation has no consequence. Humans are now using it as a medium of exchange which is now creating demand. That demand is causing a rise in price and others now wish to posses it as it has potential for increasing value. This is the basic form of speculation.

Now we have a socially illegitimate group applying the initial value and then speculators step in. Speculators are socially acceptable and so a balance is beginning to form. If this continues a stabilized economy will form and it will be unstoppable.

To wish that these stories be stopped is a bit shot sighted. We may be witnessing something that has *NEVER* happened before! It's quite exciting to watch something like this form, not to mention the insight into human behavior and the many benefits that can result for that insight. Not to mention a currency that is independent of any one government.

I do not see Bitcoins ever replacing government currency but I do see it becoming a supplemental tool for securing wealth and providing a medium of exchange detached from economically repressive governments. Any government that taxes represses it's people, the people accept that repression as a necessity to govern the society. Anyway, being able to purchase something without the government being in your business is a true expression of freedom and extends a way for true privacy to be exercised. This scares quite a few people in government and will be incredibly interesting to watch it play out.

As a side note, the VHS and Internet were "legitimized" by unsavory elements of society. And here we are discussing something in a way that 20 years ago was a dream and 80 years ago was unimagined, all because it was first a marginal "thing" exploited by unsavory elements in which a majority of the population expressed the desire to not be bothered. We live in exciting times and Bitcoin is the tip of something extremely interesting.

Re:Another visitor! (4, Insightful)

Zenaku (821866) | more than 3 years ago | (#36475008)

I would mod you up if I could, as you've said just what I wanted to say.

BitCoin is technically interesting, dammit. I don't own any, and I don't think I want to. . . it does seem like a risky, unstable economy to me. But the very idea of it is brilliant, and the implementation details and implications of its existence are profoundly interesting to me. It fits the "New for Nerds, Stuff that Matters" theme far better than most of the other stories posted here.

Re:Another visitor! (2)

infodragon (38608) | more than 3 years ago | (#36475158)

I've considered putting $10 USD into just because it creates a vested interest. That interest sensitizes on a psychological level that no amount of intellectual interest can duplicate.

Re:Another visitor! (1)

BitZtream (692029) | more than 3 years ago | (#36475220)

The criminal/socially unacceptable elements are legitimizing the currency by applying value

So some bored kid modifies a standard off the shelf virus to go specifically after a given file on your computer, that is in effect worthless ... it suddenly becomes worth something? You must be one of the morons who bought into Bitcoin. They aren't attacking so much to do something with your bitcoin, its more like mugging you and taking your wallet then throwing it away later. They are going after them just to go after them and cause trouble, NOT to use the crap that is unusable sense no one with half a clue would accept it as payment for anything of actual value.

The primary value of gold is that many people ascribe value to it and wish to possess it.

The primary value of gold is its unique physical properties which are both visually pleasing to most people and very useful in many different processes and industries. It has a higher than normal value because of its rarity. Those two facts give it value, which THEN leads to their being a market for it.

You seem to be totally disconnected from reality as far as what things have value and why.

Bitcoin is something similar in that a very large group of people are beginning to value the electronic currency, thus it has value.

4 is not 'a very large group'. By that same measure however, there is 'a very large group' of idiots who send their bank account info to Nigerian spammers to. Actually, its the same group.

Now we have a socially illegitimate group applying the initial value and then speculators step in

Really? Again trying to ascribe value to something because someone wants to grief you over it? Do you think a gay man is valuable JUST because some idiot homophobe beats him up? Your logic is just dumb.

I do not see Bitcoins ever replacing government currency but I do see it becoming a supplemental tool for securing wealth and providing a medium of exchange detached from economically repressive governments. Any government that taxes represses it's people, the people accept that repression as a necessity to govern the society. Anyway, being able to purchase something without the government being in your business is a true expression of freedom and extends a way for true privacy to be exercised. This scares quite a few people in government and will be incredibly interesting to watch it play out.

Damnit, I got trolled. I didn't realize you were one of those idiots who think taxes are oppression. Without the result of government taxes, I'm rather sure your dumbass would have died from starvation being completely unable to survive in an anarchistic with none of the benefits of civilization to save your ass.

Re:Another visitor! (1)

Anonymous Coward | more than 3 years ago | (#36474872)

Its simple... some people have wads of cash tied to BitCoin, so they want it on /. as often as Apple stories hit. Even though BitCoin serves no real purpose, as it can't be used anonymously.

I wouldn't call it a Ponzi scheme officially, but early adopters are the ones who will be cashing in (easier to "mine" coins at the start as opposed to later on.) That is why you are seeing the slashvertisements -- once the currency gets established, the guys who had a ton of coins initially will cash out, and the currency will devalue to nothing.

I say note it as a cool crypto trick, but pass it on. It has no robustness built in, as if RSA or the hash algorithms has any weaknesses, the whole Bitcoin ecosystem will forever grind to a halt and everything put into it will be worthless. This is why early adopters want more people -- so they can cash out before the blackhats end the party by cracking the cryptosystems used.

Overhyped (2)

darth_MALL (657218) | more than 3 years ago | (#36474456)

I saw a comment in a previous article about Bitcoin suggesting that /. was acting as a shill for this 'product'. How is they hyperbole justified when the only place it's talked about is here? Shenanigans.

-1 reader for slashdot. Keep it up guys (0)

PhreakOfTime (588141) | more than 3 years ago | (#36474986)

I stopped reading slashdot for awhile, because of this blatant garbage. If I wanted to read a bunch of shills, I would read ITworld.

Low and behold, I finally come back today, and there is ANOTHER bitcoin story(non-story). Slashdot just lost a reader, and I've been here for oh... 14 years.

Re:-1 reader for slashdot. Keep it up guys (0)

Anonymous Coward | more than 3 years ago | (#36475118)

And yet you will come back time after time.

And yet... (2, Insightful)

Sygnus (83325) | more than 3 years ago | (#36474458)

Nothing of value was lost.

Re:And yet... (1)

montyzooooma (853414) | more than 3 years ago | (#36474510)

Except for Slashdot's credibility.

Re:And yet... (1)

RivenAleem (1590553) | more than 3 years ago | (#36474558)

Trying to set up a recursive thread?

Is there any way to give them a poisoned wallet? (1)

John Hasler (414242) | more than 3 years ago | (#36474470)

n/t

Re:Is there any way to give them a poisoned wallet (4, Funny)

bistromath007 (1253428) | more than 3 years ago | (#36474512)

*looks at the trend in value of bitcoins*

Yes.

ALL BITCOIN NEWS IS SPAM (-1, Flamebait)

Anonymous Coward | more than 3 years ago | (#36474500)

The bitcoin people keep pushing their stories out to gain notoriety.

It's just a tool for drug addicts to buy dope, nothing more. Stop posting stories about bitcoin.

Re:ALL BITCOIN NEWS IS SPAM (1)

Anonymous Coward | more than 3 years ago | (#36474602)

Who pays you, little mechanical turk? Who's behind all the anti-bitcoin FUD? I wouldn't trust it to hold my money but I refuse to believe anyone is as ignorant of the principles as your comment suggests.

Re:ALL BITCOIN NEWS IS SPAM (2)

hedwards (940851) | more than 3 years ago | (#36474812)

There's nothing behind the anti-bitcoin crowd, apart from the fact that we're smart enough to see what a colossal scam it is. Supposedly, it isn't anonymous, which makes it even less useful as that would make it unsuitable to replace bags of cash for criminal deeds.

You get bitcoins by doing the calculations which are required to use bitcoins, so, it's not based upon anything other than the belief that it's valuable. On top of that, the rate at which ones gets bitcoins slows as time goes by to a fixed amount, meaning that early adopters get bitcoins for basically nothing, while the people later on get screwed. It's not quite a Ponzi scheme, but it's damned close.

Additionally, unlike other fiat currencies, you're not guaranteed to be able to buy anything with them later on, or even doing anything with them. USDs are essentially just paper, but you're guaranteed to at least be able to pay your taxes with them, pay debt, or exchange them into whatever your local currency is via most banks.

Re:ALL BITCOIN NEWS IS SPAM (1)

icebraining (1313345) | more than 3 years ago | (#36475218)

But how is it a scam, if that's all obvious? You can get all that by simply reading its FAQ. It specifically says they promise no profits, and that it'll be worthless if nobody accepts them.

Re:ALL BITCOIN NEWS IS SPAM (1)

walshy007 (906710) | more than 3 years ago | (#36475288)

You get bitcoins by doing the calculations which are required to use bitcoins, so, it's not based upon anything other than the belief that it's valuable.

Can you please explain how anything is _inherently_ valuable? all value is assigned by people themselves.

USDs are essentially just paper, but you're guaranteed to at least be able to pay your taxes with them, pay debt, or exchange them into whatever your local currency is via most banks.

And if those uses are for some reason not needed by you at all and yet bitcoins is, how is bitcoin less valuable?

Lesson of the day, there is no inherent value, all values are subjective.

A file within a file... (4, Insightful)

xMrFishx (1956084) | more than 3 years ago | (#36474568)

Encryption! (Sorry, couldn't resist - and I know it's not)

But honestly, if you're using this system for any sort of money handling, then leaving it, the equivilent of lying around, is not a good idea. Secure your money properly, use common sense. Also I believe it's even on BitCoin's good practise list of recommendations. Encrypt your wallet and keep a backup elsewhere incase a nasty trojan erases it. Good data retention practise applies to everything.

Re:A file within a file... (1)

olsmeister (1488789) | more than 3 years ago | (#36474776)

For BitCoin simply to place it on their list of recommended good practices is not sufficient and, quite frankly, irresponsible. If experience has taught us nothing else, it's that the average user has very little concept of how to secure their data, and if it is to be done correctly it needs to be at the application if not the OS level.

Hell, I'd be willing to bet that even if BitCoin were limited for use exclusively by IT professionals and CS majors, we'd still be seeing stories about people being robbed.

Re:A file within a file... (1)

icebraining (1313345) | more than 3 years ago | (#36474988)

There's nothing Bitcoin can do. Encrypting with a password is useless (too cheap to crack), encrypting with a key file is useless if the key file is kept on the same machine.

The user has to copy the wallet off the machine, there's no magic bullet.

Re:A file within a file... (0)

Anonymous Coward | more than 3 years ago | (#36475212)

That's just a bullshit excuse.

Encrypting with a long english language sentence (say, this one) will stop even the most determined attacker.

Re:A file within a file... (1)

maxume (22995) | more than 3 years ago | (#36475316)

So someone should market a usb stick as a physical bitcoin wallet?

They could brand it as "The Magic Bullet".

Re:A file within a file... (0)

Anonymous Coward | more than 3 years ago | (#36474778)

Sure, you can encrypt your wallet, and then you have to decrypt the fucking thing to use it.

Of course, the recommendation is to have a separate wallet on a USB stick or something that's encrypted, and then to transfer coins from your insecure wallet to your secure one on a regular basis (you don't need to decrypt a wallet to send coins to an address in it). But what "normal" user will know to do this?

What the client *should* do is what every fucking private-key-storing tool does: encrypt the god damned private keys with a secret key that the user must enter before the client can sign a transaction. But, of course, this is too brain-dead fucking obvious, apparently.

Re:A file within a file... (1)

walshy007 (906710) | more than 3 years ago | (#36475342)

What the client *should* do is what every fucking private-key-storing tool does: encrypt the god damned private keys with a secret key that the user must enter before the client can sign a transaction. But, of course, this is too brain-dead fucking obvious, apparently.

Too cheap to crack computationally, no security would be achieved and you've just annoyed the users by adding an extra step they can forget (and also lose all their bitcoins by forgetting their password)

Bad idea

Re:A file within a file... (0)

Anonymous Coward | more than 3 years ago | (#36474782)

Even renaming the file would stop 99% of trojans from finding it.

Re:A file within a file... (1)

icebraining (1313345) | more than 3 years ago | (#36475084)

The bitcoin program has to have *some way* of finding the file. The trojan can use the same way.

trojan infected computer (0)

Anonymous Coward | more than 3 years ago | (#36474624)

How does this Infostealer.Coinbit trojan get on to the infected computer?

Infostealer.Coinbit
Type: Trojan
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000 link [symantec.com]

But can't the network be fooled??? (0)

Anonymous Coward | more than 3 years ago | (#36474728)

After relentlessly reading through the bitcoin wiki, it seems like there are many possible ways to corrupt the system. In the real world it's like trying to pass around fools gold but the cross-checks just aren't beefed up enough to catch it. All one needs is a decent size cluster to create it's own blocks/hashes and then dump it on the network. The network then thinks it's all legit. it's literally making money out of nothing, not mining or exchanging...

My offer stands (1, Funny)

bigsexyjoe (581721) | more than 3 years ago | (#36474736)

I would be happy to pay five billion bigsexyjoe nickels for you to stop running bitcoin stories. Thank you

Re:My offer stands (1)

Ecuador (740021) | more than 3 years ago | (#36475048)

I will add eleventy bajillion pirate dinaarrgh dollars to that offer.

Re:My offer stands (0)

Anonymous Coward | more than 3 years ago | (#36475202)

I'll add 8 Pu's.

I just have to de-orbit them first.

Suspicious (0)

inviolet (797804) | more than 3 years ago | (#36474770)

Color me skeptical that this virus is purely venal in nature.

Governments have far more to lose from bitcoin than J. Random Crimeshop has to gain from stealing bitcoin wallets (with the associated hassle of converting them to cash). A purely electronic money that is peer-to-peer can easily evade taxation. Governments would collapse within the year of bitcoin's widespread acceptance.

I think this was one of the background premises of _Snowcrash_ and _The Diamond Age_. Without the ability to tax transactions, or even to track them to individuals, governments crash and burn. So even if this particular virus was not born in Langley, Virginia, sooner or later the CIA absolutely MUST craftily squash bitcoin.

Re:Suspicious (0)

Anonymous Coward | more than 3 years ago | (#36474982)

They will simply transfer the tax burden from transactions (sales tax) to incomes (income tax).

Re:Suspicious (1)

Beelzebud (1361137) | more than 3 years ago | (#36475036)

Well the most important point is that if you think bitcoin is a threat to world governments, you're living in a dreamworld, and your grip on sanity is weak at best. Don't try to live on bitcoins, you might starve to death.

Re:Suspicious (1)

betterunixthanunix (980855) | more than 3 years ago | (#36475030)

Governments have far more to lose from bitcoin

What do governments have to lose from Bitcoin? At the end of the day, no nation's currency is in jeopardy from Bitcoin, because:

  1. People still need to pay taxes, at the very least on their property, and they cannot use Bitcoin to settle their tax obligations. People who do not pay their taxes will lose their property, and possibly be put in prison.
  2. Courts do not have to recognize debts paid in Bitcoins, nor do courts have to recognize a failure to repay a Bitcoin loan. Thus, nobody will make Bitcoin loans (since it would be too difficult to seize the collateral from people who default on the loan) and only a fool would try to repay a loan in Bitcoins, since the courts might still insist that the loan be repaid in another currency. Loans are an important part of the economy, and are necessary for a lot of businesses to operate; if Bitcoin cannot support a system of loans, then Bitcoin will never replace other currencies.
  3. As it turns out, in some countries (like the United States), barter is taxable, and thus a Bitcoin transaction would be taxable. Failing to report a large Bitcoin transaction would be a serious crime, and it would be fairly difficult to hide it. If Bitcoin becomes the currency of people who are committing crimes, the government will start tracking down Bitcoin users; since people will still need their nation's currency eventually, governments will only have to watch the Bitcoin exchanges and see who is trying to selling Bitcoins for other currencies.

Really, Bitcoin is a superficially interesting experiment that is doomed to fail in the long run. Digital cash should be issued by banks, and backed by actual currency -- you can still enable anonymous and offline payments, and you have the added benefit of being able to track down people who try to cheat the system (e.g. there are digital cash systems in which people who try to double spend wind up revealing their identity in the process). Unfortunately, the current US political climate is not very friendly toward anonymous payments, and so it is unlikely that we will see banks issuing digital cash, but it is nice to dream.

Re:Suspicious (1)

ribuck (943217) | more than 3 years ago | (#36475268)

Governments have far more to lose from bitcoin...

Governments who embrace and legitimise Bitcoin will gain economic growth due to Bitcoin's speedy transactions, reliable settlement, and low transaction cost.

Governments will need to make some adjustments, for sure, but they needn't fear Bitcoin.

So? (1)

betterunixthanunix (980855) | more than 3 years ago | (#36474784)

So a trojan goes around trying to find some data? Big deal. Call me when the data has some actual value, and is not just part of a giant speculative bubble (or perhaps pyramid scheme).

This is a problem with available solutions (2)

Dr. Spork (142693) | more than 3 years ago | (#36474786)

This security hole and related stealing is definitely a problem, but it's not a problem for Bitcoin. I give it a week before somebody releases a beta version of a simple bitcoin management application that encrypts, backs up and hides the relevant .dat file, as well as providing other functionality for managing your account and maybe even mining. Ideally, this would be a program that you compile yourself, so that you know there's nothing shady in it. I don't see anything in Bitcoin itself which makes it inherently vulnerable to this sort of stealing. A good application for this could make bitcoins at least as safe as your password for online banking.

So sad (1)

TheRealFixer (552803) | more than 3 years ago | (#36474816)

Back in 2001, a virus stole all my TreeLoot dollars. 2 years of punching the monkey, all down the drain in an instant.

Re:So sad (1)

MadKeithV (102058) | more than 3 years ago | (#36475242)

Be glad it didn't steal your porn collection. At least 2 decades of spanking the monkey down the drain in an instant.

Does encryption help? Why not secure sessions? (1)

madhatter256 (443326) | more than 3 years ago | (#36474852)

I don't think encryption alone will help. It only protects you when your PC is not on or when bitcoin is not running. Once bitcoin is running, the trojan only needs to find the memory space the program is using to steal your wallet.dat info.

Why not make bitcoin do what most banking websites do and create secure sessions when accessing your account, or in this case your wallet.dat file?

I haven't dabbled a lot in bitcoin, so far, but afte installing it, everything is there, in the open. It doesn't ask me to create an account persay, it generates one, but it doesn't ask me to create a password or anything.

Re:Does encryption help? Why not secure sessions? (1)

icebraining (1313345) | more than 3 years ago | (#36475150)

Once bitcoin is running, the trojan only needs to find the memory space the program is using to steal your wallet.dat info.

Well, you do need root access to read other programs' memory space, so it would make it more difficult.

The reason encryption would be useless is because offline password cracking is too cheap nowadays, specially if you have a beefy GPGPU system like any bitcoiner will.

Daily Story (0)

Anonymous Coward | more than 3 years ago | (#36474874)

About Bitcoin......can Lulzsec release something and get a story before lunch, FTW!?

Why? (0)

Anonymous Coward | more than 3 years ago | (#36474918)

Why? They aren't worth anything, who the fuck cares.
Bad press is better than no press, or what?

Why should I pay attention to Bitcoin again? (-1)

Anonymous Coward | more than 3 years ago | (#36474920)

Seriously! When Bitcoin first popped up on the scene, my first thought was pyramid scheme. Now, after several weeks, and some nefarious activity going on with it in several articles this week, why should I give 1 piss about Bitcoin? I have yet to read a solid reason why I should care what it is.

What???? (0)

Anonymous Coward | more than 3 years ago | (#36474994)

why in the world is the file not substantially, or even multi-layer encrypted??????

what is money? (1)

circletimessquare (444983) | more than 3 years ago | (#36475072)

money is an abstract representation of a wealth of a society. as such, it needs integrity. this integrity is derived from transparency. without integrity or transparency, "money" loses meaning, and therefore value, because people lose confidence in a society's money: they don't want to invest meaning and value in it if they can't depend upon the idea that it is worthy to do so. and without integrity and transparency, there's no way to track or understand a currency's value. it's like wanting absolutely security with absolute convenience: on some level, convenience and security are antagonistic concepts, you make compromises and tradeoffs

likewise, what bitcoin wants to be, what it wants to do with the idea of money, is actually antagonistic with the way money is supposed to work in society. and IN society is the only way money ever works: even gold has no meaning without other human beings who desire it. if you have a pile of gold, and you are starving, you're doomed. you can't eat it. so what is the intrinsic "value" of gold after all? none, really

so bitcoin is a philosophical failure, and is doomed, except for the temporary enthusiasm of a bunch of people who don't even understand what money really is

the more well-functioning, well-policed, transparent, and rich, the society, the more integrity there is, the more confidence there is, and the more value your money has

which brings us to an argument about the tea party assholes who are antagonistic to the idea of investing in the general health and welfare of society, from the healthcare of their fellow citizens to the infrastructure of their rail systems. even though such an investment pays dividends, increasing your personal wealth, in concrete and abstract ways, and not investing in the health of society reduces the value of your money. because money loses value if society loses value. but i digress

Here's the Bitcoin Story... (1)

Nethemas the Great (909900) | more than 3 years ago | (#36475152)

I was kind of wondering what happened yesterday. I mean seriously, a whole day without a Bitcoin story!

ENOUGH! (0)

pz (113803) | more than 3 years ago | (#36475284)

Enough with the Bitcoin spam!

Trojans are unsafe. (1, Funny)

Ukab the Great (87152) | more than 3 years ago | (#36475334)

Trojan's in your wallets don't offer very much protection. Any sex ed teacher can tell you that.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?