Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Bitcoin Discussion
Re: Bitcoinica lost 43,554 BTC from Linode compromise, suspicious TXIDs publicized
by
rjk
on 02/03/2012, 04:45:00 UTC
Quote from: smickles on March 02, 2012, 04:42:35 AM
Quote from: btc_artist on March 02, 2012, 04:41:13 AM
Quote from: smickles on March 02, 2012, 04:38:02 AM
Quote from: bitcoinBull on March 02, 2012, 04:34:11 AM
Quote from: bearbones on March 02, 2012, 04:26:43 AM
Quote from: cablepair on March 02, 2012, 04:23:08 AM
i mean seriously, could not this whole thing been prevented if the wallet was just encrypted?

Obviously the software running against the hot wallet has to have access to it. This means that if someone roots the server, they'll be able to have the same access to the hot wallet. Encryption would not have entered into it.

Zhou, good on you for covering this! I'm having a hard enough time covering the BTCinch theft; I can only imagine how pissed you are at linode.

In this case, encryption would have protected the wallet because the attacker was only able to get root access after a reboot.
why would a reboot stop the attacker from seeing the wallet being unencrypted during the next use?
You have to enter the wallet password/passphrase after rebooting/restarting bitcoin.
am i missing something here? wouldn't that entry be exactly what the attacker would be waiting for?
Pretty sure such a random suspicious reboot would cause the poolop to review the server before entering any creds anywhere. Especially when his Linode access manager says that there was a login to his account a few minutes before, not caused by him.