what the fuck is this, Veeky Forums?
What the fuck is this, Veeky Forums?
I keep my passcode thingy with random words in my email drafts
is this safe
No
Here's a tip, nobody can hack a sheet of paper
If you don't know, you deserve it.
Enjoy your stolen keys.
basically with spectre, code can access protected memory locations and other processes memory
websites can read data from other webpages you have opened
enjoy losing your private keys and 2fa privates
the video they have showing the attack could read your key as you type it in from a piece of paper
so you'd need to have some sketchy website open while you're doing your thing on MEW?
2 step authenticators for every account boys
Use a virtual keyboard
the exploit can easily be embedded into malicious ads or inlined scripts
i'd expect an experienced team could pull off the prank of a decade using this
This
Never copy the 2step code to your PC anywhere just write that shit down
Also buy a nano ledger or trez
damn, mildly freaking out. i've got my private key in a truecrypt volume but i copy/paste it to MEW to check my stuff.
what to do until i get a ledger/trez?
its read from memory retard, not your keystrokes
2fa seed can be read as the exchange shows them on the webpage at generation
pasting it to mew is susceptible to the spectre exploit, also why bother with a truecrypt volume when keepassx or another password manager is better suited for keys
>also why bother with a truecrypt volume
it's just the best thing i knew about. i'll look into the one you mentioned.
but even if i had my private key memorized, i don't see how anything would prevent being vulnerable to this. am i worrying too much? i half feel like putting my coins back on binance.
its nothing to be worried about really, dont keep sketchy sites open or sites with malicious ads or malicious inlined scripts (e.g. 4chin) open when you do though
truecrypt's great but for keys you might as well use a password manager
also using the "fix" mentioned by mew makes it much more difficult to get the keys due to memory mapping etc
MY LINKS AHHHHHHHHHHHHH
>or sites with malicious ads or malicious inlined scripts (e.g. 4chin)
damn. i've had Veeky Forums open when i last checked with MEW a couple hours ago. i've got a feeling i'm worrying too much, but i've got all my coins on there.
i just checked and my chrome is up to date. i'll do the fix they mention on there. i ran the windows defender virus scan and it's clean, but mew said it wouldn't show up anywho.
Haven't been visiting MEW and ED since that spectre/meltdown shit got revealed.
Disabled JS everywhere.
Better safe than sorry.
>MEW
what is that?
the exploit as far as i can understand uses just-in-time compiled javascript so it'd only be run as long as the script is loaded on whatever website or source, might be possible to embed it into cookies or some shit im not entirely certain
simply blocking scripts with noscript or in the brave browser is the best solution though that breaks literally every site because everyone uses pajeetscript
My key/sQAs are in *.rar with password on my dropbox (also on offline HDD).
Am I kidding myself or is this sufficient?
my ether wallet
i turned off javascript in chrome.
but if i've already logged into MEW 2-4 times i'm fucked already? i just got a new wallet to transfer from binance like 3 hours ago. stumbled across this on MEW just randomly.
is 4chin running any javascript if you have ublock?
Alright, what is the best fucking way to secure your keys/2fa's?
I have several HDD's, Malwarebytes installed.
What method should i use to secure my keys?
Is what this user said good enough?
What other precautions to use?
Should i do this ?
Just give me every fucking single thing to do to get my shit secure
I DONT WANT TO LOSE MY LINKS
that's what i'm wondering. the video they show of the exploit basically says if you've ever typed your private key out then you're fucked.
BAAAAAAMP
CMON GUYS
most likely not, the exploit is not exclusive to mew and im pretty certain you are only vulnerable during run-time of the exploit
yes
>malwarebytes
hello r****t, just use common sense 2017
so you're saying you'd have to be doing something shifty to get exploited? my computer is up to date, chrome is up to date. i know i'm visiting the official MEW website. i only have Veeky Forums open, no strange websites.
so i'm probably good? man, i'm freaking out.
I have my keys and everything on a lap top that is never online
I have few of my crypto related credentials on LastPass
Bad idea?
there are no reports of it being exploited yet be safe anyway if you’re holding large amounts
We are a group of anonymous 4channers from Veeky Forums who need you. We are a pump community called Binance Crypto Pump and we want to pump coins so that all in the group can win. Too many other Pump groups on discord have corrupt staff, which give whales foreknowledge of coin picks for bribes, as well as show partiality to friends, we will NOT do this, what matters most to us is that we ALL make money and nobody within the group is screwed over. While we're still starting out, soon we will blow up and those who join early will gain special privileges, we will begin doing raffles in the range of $100-$1000 once we reach 1000 members, so the sooner you join the sooner you can enter and with less competition. It's time for the downtrodden and pink wojak'd anons to rise up, it is time for us to become the heads of the pyramid.
Join us now at discord gg/4jXzErh (add the period)
BECOME
THE
PYRAMID
TLDR; >$100-$1000 raffles >Pumping coins to make a 30%-150% profit in seconds
>Fair and transparent ranking, hard work WILL be rewarded
>general crypto chat, speculations, and predictions
>binance related news and chat
>the staff WILL UNDER NO CIRCUMSTANCES accept bribes for foreknowledge of coin picks
>the only way to gain ranks is to earn it, we will not be partial to friends or whales
no join = no lambo
>Implying I use Intel
if they were your coins would you put them back on binance until you get a ledger?
the more i read about it, it's an exploit not directly targeting private keys. just all data from a computer? i think maybe i'm calming down a bit. i'm a decently paranoid user. always keep my windows/chrome updated. i spell outloud the MEW website before i enter my private key.
SHUT THE FUCK UP YOU PIECE OF FUCKING SHIT THIS IS SERIOUS BUSINESS. I HOPE YOUR ENTIRE FAMILY WITNESSES YOUR DEATH AND COMES UP WITH REASON WHY THEY CAN'T ATTEND YOUR FUNERAL YOU PIECE OF HUMAN GARBAGE
its not only intel thats affected though
AMD was affected by the bounds check bypass variant, but thats been patched by software and os devs
the branch target injection variant hasnt been demonstrated to work on AMD though in theory it should though at a much lower rate than intel
rogue data cache load is the only one thats proven not to affect AMD due to architecture differences
ARM is also affected
Guys.
If you want to store your keys/2fa backups/passphrases/whatever digitally use a secure password manager or veracrypt (with sha512 or whirlpool).
Don't lose/forget your master password or you are fucked for all eternity.
how does the future of cryptocurrency look if hackers can inject some code in ur cookies and steal all your money? we just need another big hack and then we will have a bear market for half a year
did you read about the exploit? if you've ever typed out your private key into a website (like MEW) you're fucked.
i think maybe i'm overreacting, i can't tell.
shit i've been watching porn at the same time i've been trading all week... just turned on the chrome fix. how fucked am i?
who the hell types the private key? arent u all copy pasting that shit?
Most exploits will come from rogue websites running javascript code to steal your keys.
Best thing to do is to have a dedicated trading computer with ublock/adblock that only visits your trading sites, email, and nothing else. Reduce your exposure.
>if hackers can inject some code in ur cookies and steal all your money
i know, i was trying to protect my link by taking it off binance and then 2 hours later i read this.
fucking hell.
>Most exploits will come from rogue websites
so you'd need to be visiting some weird dookie fetish website while entering your private key, right?
the more i'm calming down i'm starting to feel like my keys are safe.
but in the meantime i'm not using javascript and these captcha's suck. starting to feel like i should buy tinfoil, too.
just remember the private key from your own memory. i thought you are all sperglords.
the question is: how widespread are these attacks in the wild and are there already reports of normies having their keys stolen?
you idiots realise windows was patched for this back in the creators update?
I use windows 8.1
Up to date. Is it ok?
I just windows 7
is my shit secure?
This is literally retarded. Put it in a zip with a good long password instead. You can keep the zip anywhere you want. And keep your devices secure.
put your keepass store in a veracrypt container pls
You guys are over Thinking.
Leaving your currency on Binance/Coinbase/GDAX ECT. is much more secure than on your personal desktop wallet.
Why? Your account is secure with 2fa and tied directly to your private key which you don't have direct access to. Meaning they have no private key to steal, and if any market was somehow hacked they still have to get through loads of encryption.
On top of that this hack requires the user to actively open something on their end before if an view anything. The servers used for markets are only used for that. No one is going to browse some site using company server pcs. Period.
You on the other hand are far more likely to slip up and get your key stolen by going to bdtrapsnpound.xxx and not realizing some faggot bypassed your encryption while you were letting off a load to some dude in a dress.
>site isolation
Should I enable this?
Won't it fuck a lot of things up?
truecrypt and veracrypt are good. store the keepassx file in there and it's secure enough to store on forever-cloud services like google drive
It's a warning to retards who have thousands of $, but are too poor to pay for a secure $90 ledger.
password managers have exploits too often
Yeah. I use Veracrypt mostly. I am slowly moving all my truecrypts over to it. Not simple to move 7+ TB drives on a wim.
>Leaving your currency on Binance/Coinbase/GDAX ECT. is much more secure than on your personal desktop wallet.
kek. ever heard of mt gox, cryptsy and a shit ton of other exchanges that got hacked? can't wait till the next one happens so i can buy the fucking dips
Dasright.
The only way you're losing money from an exchange these days, is if you forget 2FA - or if the exchange runs an exit scam. Hackers can't get to the keys.
Kek I forgot to backup my 2fa key codes. Laziness is the best defense
I don't type them out.
I mount my veracrypt file container, copy/paste code I need, dismount file container.
What if the hacker is on the roof of the next building watching me with binoculars?
What if the hack is coming from inside the house?
>Binance
Yeah, no
Coinbase/GDAX desu probably is the safest place to keep coins because it's all insured and they'll get fucked by the SEC if they attempt an exit scam since their HQ is and employees are all known publicly.
NO WONDER!!! I'VE BEEN COMPROMISED WITHOUT KNOWING HOW! NOW I KNOW! I WILL FIND THESE FUCKING HACKERS!
Use both, put the keepass file in the veracrypt container. Never trust only one solution.
Put a dot under or use black light ink on letters in a book that spell out half your password and half in a different one. To make it harder, do something like ignore all vowels but still circle them in the book to throw off attackers.
If you have alot start thinking about how to leave the code and instructions to someone you care about securely
no it will just use more memory
I wanna know this too.
Is this what communist capitalism is like?
hackerman could
Whew, i feel better now. Checked on me linkies and theyre still cozy in my wallet.
crypsty was an exit scam, also I think the bigger worry now is government raids
I was there for Mt. Goyim.
That was a different story though and they are still in legal hot water for it.
In that situation though it was someone on the inside, not some random lardtard on the outside.
No it isn't
Not right now
Help is windows 7 safe does it get the ups date ? Fuck I haven't updated in a while ..
They're paying people back at the USD value of bitcoin back then so karples is still making millions off the leftover coins.
what why?
Because that update you have to get manually until it comes out automatically in like a week.
Don't know why they did that but yeah.
My captcha doesn't fucking work in Chrome and I can't post when this is setting is enabled.
What the fuck.
>down a bunch jav
> Usually rip by Chinese
I'm 100% sure if I get compromised it's going to be through a JAV torrent. Also along with half this board with their Asian fetish.
how do I get it manually?
PLEASE help me
>Binance
>exit scamming when they just reached the top spot as an exchange
Jewgle it bro
google what?
How to manually get the update
Come on
nvm, found it and installing now
thx
Link browski
I will just leave my shit on binance
Do you use an encrypted mail service like protonmail or tutanota? Otherwise, no.
You're delusional. Exchange can be hacked and they can just take your money and say they were hacked. Crypto gave people an opportunity to have full control over their money, but it seems a lot of people just don't have enough brainpower to take necessary precautions
i use windows vista it's so old nobody hacks it lmao you guys that's what you get for updating every 5 minutes
Would a 2FA email be good?
Here's an even better tip: you know that private key you wrote down on paper?
Remember that time when it was on your computer monitor as you were copying it onto paper?
Yeah, that means a snapshot could've been taken.
Am ı fine if i'm using an AMD cpu?
2FA is not encryption. If your normie mail service is compromised hackers will have access to the plaintext. Protonmail doesn't have your private key password, so if they got compromised hackers would only find encrypted data.
I study computer science and this bug is a major issue.
1. YOU WILL HAVE TO GET A NEW CPU
2. ALL CPU'S WHERE DESIGNED ON THIS FOR THE LAST 5 YEARS
3. THEY CAN LITERALLY READ EVERYTHING YOU ARE TYPING
Browsers will be ok since they will patch but you will be vulnerable forever until you get a new CPU kinda BS. CPU's will also take a major performance hit from this. Fuck the guy who uncovered this bug.
I believe the first variant (there are three, and the one being referred to in the twitter post) also affects AMD