Re: [ANN][HZ] Horizon Long + Fair Distribution|Decentralized Asset Exchange
About security:
Personally, I simply keep my accounts separate.
Inspired by that sad tragedy last year, by the way, I stick to my multi-tier architecture.
Because I want to be able to trust, so I need to be able to trust my own precautions.
Low amounts / would not matter much:
Using any wallet, incl. webwallet (site could have been hacked).
Mid-amounts, and need to access often:
I am using my own local HZ wallet, on my browsing machine (could have a trojan).
Uptodate firewall, antivirus, Java, kept as clean as possible - but there will never be 100% security.
Larger amounts, access seldom:
Booting Linux from a current LiveCD (read-only = no easy way to get hacked);
Blockchain & HZ & Java unzipped from a USB-stick, incl. checking sha256sums.
Usable within a few minutes, once I got that shellscript ready.
If I will ever own really large amounts, I would definitely learn to sign transactions
on an offline machine (cold storage), so that the privatekeys / passphrases never
enter a computer which is / has ever been / will ever be ... connected to the internet.
Be you own bank = Be your own security department.
Personally, I simply keep my accounts separate.
Inspired by that sad tragedy last year, by the way, I stick to my multi-tier architecture.
Because I want to be able to trust, so I need to be able to trust my own precautions.
Low amounts / would not matter much:
Using any wallet, incl. webwallet (site could have been hacked).
Mid-amounts, and need to access often:
I am using my own local HZ wallet, on my browsing machine (could have a trojan).
Uptodate firewall, antivirus, Java, kept as clean as possible - but there will never be 100% security.
Larger amounts, access seldom:
Booting Linux from a current LiveCD (read-only = no easy way to get hacked);
Blockchain & HZ & Java unzipped from a USB-stick, incl. checking sha256sums.
Usable within a few minutes, once I got that shellscript ready.
If I will ever own really large amounts, I would definitely learn to sign transactions
on an offline machine (cold storage), so that the privatekeys / passphrases never
enter a computer which is / has ever been / will ever be ... connected to the internet.
Be you own bank = Be your own security department.
That's exactly what i'm doing now
, plus linux as a platform, firewalls on both PC and router (just for the sake of paranoia) and a bunch of other stuff.SILVER's back-up account is actually a network of accounts for extra security and protection. Those accounts i only access once when i create them, and will access once more in case liquidation of the asset is needed.
Oh, and for extra extra security i clear my browser cache every day... just to be sure
...
Very good.
And let's keep on extending this list, whenever we find new sec hints.
I have just come across a novelty in brand new NXT, which closes an attack vector in using "webwallets"
Quote from: Riker
... In fact this has always been the case your passphrase never left your browser when signing transactions. The novelty of the light/roaming client is that the JavaScript code used by the client is loaded from your local installation thus closing the attack vector in which a remote node could push a malicious JavaScript to steal your passphrase.
https://nxtforum.org/nrs-releases/nrs-v1-10-0e/msg222820/#msg222820Moreover, for the high security/large-amount-of-money-accounts, better use a fresh browser, one without any add-ons/plugins installed!