Android Security Vulnerability
android_CC

Android Security Vulnerability 11 August 2013 We recently learned that a component of Android responsible for generating secure random numbers contains critical weaknesses, that render all Android wallets generated to date vulnerable to theft. Because the problem lies with Android itself, this problem will affect you if you have a wallet generated by any Android app. An incomplete list would be Bitcoin Wallet, blockchain.info wallet, BitcoinSpinner and Mycelium Wallet.   In order to re-secure existing wallets, key rotation is necessary. This involves generating a new address with a repaired random number generator and then sending all the money in your wallet back to yourself. If you use an Android wallet then we strongly recommended you upgrade to the latest version available in the Play Store as soon as one becomes available. Once your wallet is rotated, you will need to contact anyone who has stored addresses generated by your phone and give them a new one. If you use Bitcoin Wallet by Andreas Schildbach, key rotation will occur automatically soon after you upgrade. The old addresses will be marked as insecure in your address book. You will need to make a fresh backup.   Updates for other wallet apps should be released shortly.

Continue Reading →

Why the Only Real Way to Buy Bitcoins Is on the Streets
buttonwoodmeetingWIRED

Why the Only Real Way to Buy Bitcoins Is on the Streets By Robert McMillan 07.23.13 6:30 AM On a damp Thursday night in July, a half-dozen men gather on the steps of San Francisco’s Yerba Buena Gardens, just across from St. Patrick Church on Mission Street. They dress down, mostly wearing the jeans and t-shirts uniform of Bay Area programmers. As the sun sets, they’re trading currency in the fog, selling silver and cash for Bitcoins and other crypto-currencies. Every now and then a new trader wanders by, asking, “Buttonwood?”   Welcome to the quickest, most private way to buy the internet’s most successful digital currency: in-person and face-to-face.   Buttonwood meetups started in New York a few months ago and fanned out to San Francisco and Los Angeles. Buttonwood is an allusion to the May 17, 1792 agreement, struck under a buttonwood tree at 68 Wall Street, that set down the rules for what became the New York Stock Exchange. The Yerba Buena Bitcoiners see themselves as the modern descendants of these 18th century traders. Like them, they conduct their business in the open and face-to-face.   READ THE FULL STORY

Continue Reading →

Solving the Slow In-Person Transaction Problem
Pulsing-Breathing-Living-pulsing-breathing-living-sprengben-city-traffic-jam-night-1600x1200.jpg

Solving the Slow In-Person Transaction Problem Vitalik Buterin | On 25, Jun 2013 One of the crucial features for a digital transaction medium to be viable for payments made in person is that it should be reliable, and nearly instant. A transaction, once created by the sender, should appear on the receiver’s device within one to three seconds. Even five seconds may be acceptable, but from the point of view of an average user requiring a customer and merchant to awkwardly wait for fifteen seconds while a transaction makes its way over the network is an embarrassment – especially when competing platforms like Square can accomplish the same (albeit without Bitcoin’s low fees and universality) in less than three. And yet, in practice, that is all too often the state of in-person Bitcoin transactions right now. A transaction sent with Blockchain may take as long as twenty seconds to reach a nearby client running Bitcoin Wallet for Android and if the transaction is non-standard in certain ways (eg. by not having a fee) it can take several minutes or even hours to show. To understand why this happens, it is first important to understand the most common case in which it does not happen: when the sender and receiver are both blockchain.info. Blockchain.info differs from other popular wallets, like Bitcoin Wallet for Android, in that it is semi-centralized; although blockchain.info is still using the same, decentralized, underlying Bitcoin protocol as everyone else, the wallets themselves send and receive transactions from […]

Continue Reading →

Bitcoin Security Part I
bitcoin_dsktop_wp_blocks_2_by_carbonism-d3h8rh4

Bitcoin Self-Defense, Part I: Wallet Protection Vitalik Buterin | On 16, May 2013 Bitcoin Wallet Security has always been a primary concern in the development community. Although no other payment system in existence grants you the same level of freedom and control over your money that Bitcoin does, at the same time it can also be its greatest weakness. If you lose your wallet, or the password to your wallet, there is (usually) no one who can help you recover it. If someone else gains access to your wallet (and your password) and steals everything, there is no way to reverse the transaction. This has all been known for the past four years, and great progress in security has been made, but many people do not realize that we still actually have a long way to go. Even if you take all of the standard security precautions, as the examples I am about to give will show, often a single mistake can undo all of your hard work and set you back tens of thousands of dollars. What this article will do is explore some of the more worrying examples of recent (and not-so-recent) losses and thefts, and what users and developers can do to protect themselves. The Allinvain Theft Because of the sheer amount of media attention that it received, arguably no list of Bitcoin-related security incidents is complete without this one. In June 2011, the Bitcointalk member “allinvain” lost 25,000 BTC (worth $500,000 at the time) after an […]

Continue Reading →