Bitcoin Forum
February 18, 2019, 09:00:08 PM *
News: Latest Bitcoin Core release: 0.17.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2]  All
  Print  
Author Topic: Electrum replacement needed.  (Read 283 times)
TryNinja
Legendary
*
Online Online

Activity: 924
Merit: 1020


ChipMixer's Badge of Honor


View Profile
February 10, 2019, 04:18:32 PM
 #21

-snip-
Who cares about what Microsoft does? Their whole main product is a spyware (Windows). Stop using the “Microsft does” card all the time. We are presenting you FACTS. No expert is going to deny that PGP signatures are WAY safer than hash files verifications. Period.

uh Legendary you are smarter than Microsoft and Bill Gates
Look at what I found. Where is your god (Bill Gates) now? Roll Eyes

Quote
The Microsoft Security Response Center uses this PGP key to sign all security notifications and encourages others to use this key when sending sensitive information to us. You should send all security vulnerability reports to secure@microsoft.com.
http://www.microsoft.com/en-us/msrc/pgp-key-msrc

1550523608
Hero Member
*
Offline Offline

Posts: 1550523608

View Profile Personal Message (Offline)

Ignore
1550523608
Reply with quote  #2

1550523608
Report to moderator
Your Bitcoin transactions
The Ultimate Bitcoin mixer
made truly anonymous.
with an advanced technology.
Mix coins
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
TryNinja
Legendary
*
Online Online

Activity: 924
Merit: 1020


ChipMixer's Badge of Honor


View Profile
February 10, 2019, 04:45:29 PM
 #22

-snip-
Who cares about what Microsoft does? Their whole main product is a spyware (Windows). Stop using the “Microsft does” card all the time. We are presenting you FACTS. No expert is going to deny that PGP signatures are WAY safer than hash files verifications. Period.

uh Legendary you are smarter than Microsoft and Bill Gates
Look at what I found. Where is your god (Bill Gates) now? Roll Eyes

Quote
The Microsoft Security Response Center uses this PGP key to sign all security notifications and encourages others to use this key when sending sensitive information to us. You should send all security vulnerability reports to secure@microsoft.com.
http://www.microsoft.com/en-us/msrc/pgp-key-msrc

stupid Legendary. Not just microsoft, most softwares companies signed their softwares. But why they just let users verify their files by hashes?
As soon as you download a malicious software from a fake page, the hashes on the *fake* page will also be fake. How the heck do you use an information from the fake page to verify itself as legit? It’s like asking a scammer if he is a scammer. If he says “no”, you instantly trust him.

By verificating the file signature, which was previously set up from a trusted source, you don’t depend the confirmation bis from a single untrusted source, which is a fake website.

If you still didn’t understand that (somehow), then you are a moron and I will not discuss with you anymore. I’m not that patient with ignorent prople like you. Goodbye.

bob123
Hero Member
*****
Offline Offline

Activity: 826
Merit: 828



View Profile WWW
February 11, 2019, 01:11:41 PM
 #23

You can always trust the source code.

DONT

 Huh

A computer does EXACTLY what is written in the code.

If YOU can't read or understand it, it is your fault.



There is a good reason to "not show security alerts". This offers way too much room for exploitation and would create new potential attack vectors.

lol so microsoft and security companies are stupid because they show users security alerts

There is nothing which needs to be fixed currently.

yes because microsoft and security companies are stupid

Actually, the brains behind microsoft are very clever.
They are gathering more information from you than allowed by law and make money out of it.

To be precise, YOU are stupid for using microsoft without turning off all spying settings.



I don't understand the big crying about this "vulnerability". All it allowed was to show a message from the electrum server.
That's nothing security-related at all.

This wouldn't even get a CVSS score of 3 of 10 (i calculated it myself). That's definitely just low severity.

it is 10/10 high risk security. Terrible mistake of a developer

I don't think you know how CVSS works.

Actually.. it doesn't effect:
- Confidentiality
- Integrity
- Availability

The vulnerability doesn't allow the attacker to do anything except just SHOWING A MESSAGE.

That's like sending you an email with the title of "electrum is vulnerable, plz udpate from this very very offcial siite: electrummalware.org/iamstupid/forclickingthis" (mistakes intended)

People like you actually would click on it and install malware  Roll Eyes





stupid Legendary
FIRST OF ALL, Legendary, answer these questions:
1. Why Microsoft just let users verify files by hashes?
2. Why Microsoft doesnt recommend users verify files by signature?
3. Microsoft is encouraging poor security behaviour?
4. Microsoft just let users verify files by hashes is "false security"?
5. You and your ThomasV are smarter than Microsoft and Bill Gates?

1. Because it is way easier (especially for non-techy people like you who don't understand anything at all)

2. Because Microsoft has a very very bad security policy

3. Yes

4. Depending on the source of the hashes to verify with, yes

5. I am actually 99.9 % sure that TomasV is smarter than billy gates.

AltcoinBuilder
Copper Member
Jr. Member
*
Offline Offline

Activity: 35
Merit: 1


View Profile WWW
February 11, 2019, 08:18:38 PM
 #24

Can anyone recommend a light wallet for btc? Must have a linux version. Multibit was fine but its been abandoned. I have 0 trust in Electrum.

I do have Jaxx and Exodus for scraps but I don't trust these do it all wallets with btc.
most of hardware wallets use electrum for SPV, it is one of the best SPV wallets. just ensure that you download and use original version.

pooya87
Legendary
*
Offline Offline

Activity: 1554
Merit: 1405



View Profile
February 12, 2019, 03:38:37 AM
 #25

1. Because it is way easier (especially for non-techy people like you who don't understand anything at all)
2. Because Microsoft has a very very bad security policy

actually Microsoft already has a similar mechanism at work with digital signatures using asymmetric cryptography using RSA keys, where you have to pay and buy a "certificate" if you want to have your applications have that.

but for some reason this user you are arguing with here, doesn't want to accept any reply and keeps pushing for hashes to replace the secure PGP signatures! which will never happen by the way.

HCP
Legendary
*
Offline Offline

Activity: 882
Merit: 1097

<insert witty quote here>


View Profile
February 12, 2019, 04:51:23 AM
 #26

but for some reason this user you are arguing with here, doesn't want to accept any reply and keeps pushing for hashes to replace the secure PGP signatures! which will never happen by the way.
One begins to wonder "why" someone would campaign so hard for Electrum to reduce security by switching to using simple hashes for binary file verification? Huh

Perhaps a "long con" to try and get the Electrum devs to help condition less knowledgeable users to implicitly trust file hashes to prove authenticity... so that they can then setup a fake site, with fake .exe and fake hashes to fool users who now believe that file hash = secure.  Lips sealed Roll Eyes

Although, I think I'm probably giving some people too much credit. Tongue

pooya87
Legendary
*
Offline Offline

Activity: 1554
Merit: 1405



View Profile
February 12, 2019, 05:01:35 AM
 #27

but for some reason this user you are arguing with here, doesn't want to accept any reply and keeps pushing for hashes to replace the secure PGP signatures! which will never happen by the way.
One begins to wonder "why" someone would campaign so hard for Electrum to reduce security by switching to using simple hashes for binary file verification? Huh

Perhaps a "long con" to try and get the Electrum devs to help condition less knowledgeable users to implicitly trust file hashes to prove authenticity... so that they can then setup a fake site, with fake .exe and fake hashes to fool users who now believe that file hash = secure.  Lips sealed Roll Eyes

Although, I think I'm probably giving some people too much credit. Tongue

i think you are giving him too much credit, haha
and as i said above, this will never happen no matter how much he pushes for it. it is too obvious that it is not safe to do that and it has been discussed a very long time ago and Thomas. V. commented on it by the time.

besides if a user is too lazy to check the signature, they are also too lazy to check the hashes so it wouldn't even make any differences! they still have to open their terminal (in Linux) or install an application (in windows) to do the hashes and their verification so the steps are nearly similar!

Pages: « 1 [2]  All
  Print  
 
Jump to:  

Bitcointalk.org is not available or authorized for sale. Do not believe any fake listings.
Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!