diff options
author | Brian Erdelyi <brian.erdelyi@gmail.com> | 2015-01-31 18:15:53 -0400 |
---|---|---|
committer | bitcoindev <bitcoindev@gnusha.org> | 2015-01-31 22:16:02 +0000 |
commit | e18937f65b5cd2832ac92d2a225a082becfe2065 (patch) | |
tree | 8b2f90cbb2164bcd1cee916318d1664388f6998e | |
parent | 6ba5aa25c03b8c533b210802266369b10a2397c6 (diff) | |
download | pi-bitcoindev-e18937f65b5cd2832ac92d2a225a082becfe2065.tar.gz pi-bitcoindev-e18937f65b5cd2832ac92d2a225a082becfe2065.zip |
[Bitcoin-development] Proposal to address Bitcoin malware
-rw-r--r-- | ab/3b436fb4afb0800e93eef35c118b931c61d416 | 184 |
1 files changed, 184 insertions, 0 deletions
diff --git a/ab/3b436fb4afb0800e93eef35c118b931c61d416 b/ab/3b436fb4afb0800e93eef35c118b931c61d416 new file mode 100644 index 000000000..fdc864dfb --- /dev/null +++ b/ab/3b436fb4afb0800e93eef35c118b931c61d416 @@ -0,0 +1,184 @@ +Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] + helo=mx.sourceforge.net) + by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) + (envelope-from <brian.erdelyi@gmail.com>) id 1YHgKg-0001JB-R1 + for bitcoin-development@lists.sourceforge.net; + Sat, 31 Jan 2015 22:16:02 +0000 +Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com + designates 209.85.216.43 as permitted sender) + client-ip=209.85.216.43; envelope-from=brian.erdelyi@gmail.com; + helo=mail-qa0-f43.google.com; +Received: from mail-qa0-f43.google.com ([209.85.216.43]) + by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) + (Exim 4.76) id 1YHgKf-0007hO-KK + for bitcoin-development@lists.sourceforge.net; + Sat, 31 Jan 2015 22:16:02 +0000 +Received: by mail-qa0-f43.google.com with SMTP id v10so24664657qac.2 + for <bitcoin-development@lists.sourceforge.net>; + Sat, 31 Jan 2015 14:15:56 -0800 (PST) +X-Received: by 10.229.19.3 with SMTP id y3mr26681464qca.1.1422742556121; + Sat, 31 Jan 2015 14:15:56 -0800 (PST) +Received: from [192.168.1.58] ([64.147.83.112]) + by mx.google.com with ESMTPSA id g7sm2851351qag.26.2015.01.31.14.15.55 + for <bitcoin-development@lists.sourceforge.net> + (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); + Sat, 31 Jan 2015 14:15:55 -0800 (PST) +From: Brian Erdelyi <brian.erdelyi@gmail.com> +X-Pgp-Agent: GPGMail 2.5b4 +Content-Type: multipart/signed; + boundary="Apple-Mail=_C54F50CA-8B96-4AEA-951B-713510857F83"; + protocol="application/pgp-signature"; micalg=pgp-sha512 +Date: Sat, 31 Jan 2015 18:15:53 -0400 +Message-Id: <27395C55-CF59-4E65-83CA-73F903272C5F@gmail.com> +To: bitcoin-development@lists.sourceforge.net +Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\)) +X-Mailer: Apple Mail (2.2070.6) +X-Spam-Score: -0.6 (/) +X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. + See http://spamassassin.org/tag/ for more details. + -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for + sender-domain + 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider + (brian.erdelyi[at]gmail.com) + -0.0 SPF_PASS SPF: sender matches SPF record + 1.0 HTML_MESSAGE BODY: HTML included in message + -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from + author's domain + 0.1 DKIM_SIGNED Message has a DKIM or DK signature, + not necessarily valid + -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature +X-Headers-End: 1YHgKf-0007hO-KK +Subject: [Bitcoin-development] Proposal to address Bitcoin malware +X-BeenThere: bitcoin-development@lists.sourceforge.net +X-Mailman-Version: 2.1.9 +Precedence: list +List-Id: <bitcoin-development.lists.sourceforge.net> +List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>, + <mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe> +List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development> +List-Post: <mailto:bitcoin-development@lists.sourceforge.net> +List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help> +List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>, + <mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe> +X-List-Received-Date: Sat, 31 Jan 2015 22:16:02 -0000 + + +--Apple-Mail=_C54F50CA-8B96-4AEA-951B-713510857F83 +Content-Type: multipart/alternative; + boundary="Apple-Mail=_8D6BCAAD-07BE-4D6B-8E28-5FDE3C76084F" + + +--Apple-Mail=_8D6BCAAD-07BE-4D6B-8E28-5FDE3C76084F +Content-Transfer-Encoding: quoted-printable +Content-Type: text/plain; + charset=utf-8 + +Hello all, + +The number of incidents involving malware targeting bitcoin users = +continues to rise. One category of virus I find particularly nasty is = +when the bitcoin address you are trying to send money to is modified = +before the transaction is signed and recorded in the block chain. This = +behaviour allows the malware to evade two-factor authentication by = +becoming active only when the bitcoin address is entered. This is very = +similar to how man-in-the-browser malware attack online banking = +websites. + +Out of band transaction verification/signing is one method used with = +online banking to help protect against this. This can be done in a = +variety of ways with SMS, voice, mobile app or even security tokens. = +This video demonstrates how HSBC uses a security token to verify = +transactions online. https://www.youtube.com/watch?v=3DSh2Iha88agE = +<https://www.youtube.com/watch?v=3DSh2Iha88agE>. + +Many Bitcoin wallets and services already use Open Authentication (OATH) = +based one-time passwords (OTP). Is there any interest (or existing = +work) in in the Bitcoin community adopting the OATH Challenge-Response = +Algorithm (OCRA) for verifying transactions? + +I know there are other forms of malware, however, I want to get thoughts = +on this approach as it would involve the use of a decimal representation = +of the bitcoin address (depending on particular application). In the = +HSBC example (see YouTube video above), this was the last 8 digits of = +the recipient=E2=80=99s account number. Would it make sense to convert = +a bitcoin address to decimal and then truncate to 8 digits for this = +purpose? I understand that truncating the number in some way only = +increases the likelihood for collisions=E2=80=A6 however, would this = +still be practical or could the malware generate a rogue bitcoin address = +that would produce the same 8 digits of the legitimate bitcoin address? + +Brian Erdelyi + +--Apple-Mail=_8D6BCAAD-07BE-4D6B-8E28-5FDE3C76084F +Content-Transfer-Encoding: quoted-printable +Content-Type: text/html; + charset=utf-8 + +<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html = +charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; = +-webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" = +class=3D"">Hello all,<div class=3D""><br class=3D""></div><div = +class=3D"">The number of incidents involving malware targeting bitcoin = +users continues to rise. One category of virus I find particularly = +nasty is when the bitcoin address you are trying to send money to is = +modified before the transaction is signed and recorded in the block = +chain. This behaviour allows the malware to evade two-factor = +authentication by becoming active only when the bitcoin address is = +entered. This is very similar to how man-in-the-browser malware = +attack online banking websites.</div><div class=3D""><br = +class=3D""></div><div class=3D"">Out of band transaction = +verification/signing is one method used with online banking to help = +protect against this. This can be done in a variety of ways with = +SMS, voice, mobile app or even security tokens. This video = +demonstrates how HSBC uses a security token to verify transactions = +online. <a href=3D"https://www.youtube.com/watch?v=3DSh2Iha88agE" = +class=3D"">https://www.youtube.com/watch?v=3DSh2Iha88agE</a>.</div><div = +class=3D""><br class=3D""></div><div class=3D"">Many Bitcoin wallets and = +services already use Open Authentication (OATH) based one-time passwords = +(OTP). Is there any interest (or existing work) in in the Bitcoin = +community adopting the OATH Challenge-Response Algorithm (OCRA) for = +verifying transactions?</div><div class=3D""><br class=3D""></div><div = +class=3D"">I know there are other forms of malware, however, I want to = +get thoughts on this approach as it would involve the use of a decimal = +representation of the bitcoin address (depending on particular = +application). In the HSBC example (see YouTube video above), this = +was the last 8 digits of the recipient=E2=80=99s account number. = + Would it make sense to convert a bitcoin address to decimal and = +then truncate to 8 digits for this purpose? I understand that = +truncating the number in some way only increases the likelihood for = +collisions=E2=80=A6 however, would this still be practical or could the = +malware generate a rogue bitcoin address that would produce the same 8 = +digits of the legitimate bitcoin address?</div><div class=3D""><br = +class=3D""></div><div class=3D"">Brian Erdelyi</div></body></html>= + +--Apple-Mail=_8D6BCAAD-07BE-4D6B-8E28-5FDE3C76084F-- + +--Apple-Mail=_C54F50CA-8B96-4AEA-951B-713510857F83 +Content-Transfer-Encoding: 7bit +Content-Disposition: attachment; + filename=signature.asc +Content-Type: application/pgp-signature; + name=signature.asc +Content-Description: Message signed with OpenPGP using GPGMail + +-----BEGIN PGP SIGNATURE----- +Comment: GPGTools - https://gpgtools.org + +iQIcBAEBCgAGBQJUzVQZAAoJEOU8U1lTQFC+2aoP/0Ku/SKhWe9+/BR9cUohee/V +k9j2n2qRkO9FvLdV7a26jVzn48qmK9S3ThCrAPAT8cUKHZMKemMJsB9WjSgMxTwF +nsrJx61TK5Ks+ACyUOd1U9YBWtCqteDwhHUZDCea9Fq90nY8Cx1nKTDp9BAzVRSh +7ZBXEebOM1yN8dsnt0AfS/FtIigBZqUCHWN1BZ8c800CTcTa9EwUsex6N9f9uM24 +YXh4a+fl3g98MQjUriZd2MRswx/qTJpVbc25+vccP+2lcBnqAQ/j2Pj0xCDrCb0B +jmpyghocBsdWMAAtthW4Cm/MLUrDlunBzmFNyzltr/C3xig58zv1UaMgPkXUrjTc +7A1SXliGSTzEhKu6e/rD9O6NEaA2R1I6q6Wi8inyDkcxT8YV0D+kjSaSOF4OtksJ +3iAOvAT5b5vh+LNh1mOhfNF19nVjRIvObjjF+XBu1xAKeXuA5Ub3kVof4IWjmMJG +zXSj7Q0bs1loKRU2KhE09X3IHuJrImtAWAyXsHcu78Q9iAn6QhUSAK19IHVN9ra2 +3jW57bjhKV1GcP2Lz5364YE/3sJubfjfUKPslgxVO1eZjqtT8lEBPuMuhyb9Mpjk +h+X9rGWgmlx+FNy7M0Kc/B+5jmaprnBP0Uw+b1sbpfVE7We15u6RN6IK84tFa6CG +XZoVRGKBU6kA7aZ2CCbK +=o89+ +-----END PGP SIGNATURE----- + +--Apple-Mail=_C54F50CA-8B96-4AEA-951B-713510857F83-- + + |