BitShares Forum
Main => General Discussion => Topic started by: 麥可貓 on August 19, 2014, 09:27:21 am
-
In lock screen of qt_wallet, I just found that I can do the following things (now I am using 0.4.2 in ubuntu):
1. right click mouse, press "Go Back"
2. the wallet will really go back to the tab before screen locked, and there are a couple seconds before re-lock (this interval may vary depending on the final tab you are while pressing lock).
3. I can prepare a command in my clipboard, paste it, and hit ENTER. This step may require performing step 1-2 for multiple times.
I think basically the information of your account can be obtained using step 1-2 (account names in wallet, transaction histry, etc), and can do something more using step 3
-
The underlying wallet is locked, your funds are safe.
Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
-
The underlying wallet is locked, your funds are safe.
Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
What about transaction details, account names ?
If it is that easy to bypass passwords in the GUI it should be fixed... (not that a person with physical access to your PC cant obtain the data but why should it be that easy)...
-
The underlying wallet is locked, your funds are safe.
What about transaction details, account names ?
If it is that easy to bypass passwords in the GUI it should be fixed... (not that a person with physical access to your PC cant obtain the data but why should it be that easy)...
If someone can get to your computer to perform described actions they can also get the raw data for your wallet .. in there account names and transaction details are plain text (for a good reason) only private keys are encrypted ..
when you press the lockout button the GUI performs a wallet_lock which deletes the private key from memory making it impossible to retreive the private key in unencrypted form ...
You are spreading FUD ..
-
The underlying wallet is locked, your funds are safe.
What about transaction details, account names ?
If it is that easy to bypass passwords in the GUI it should be fixed... (not that a person with physical access to your PC cant obtain the data but why should it be that easy)...
If someone can get to your computer to perform described actions they can also get the raw data for your wallet .. in there account names and transaction details are plain text (for a good reason) only private keys are encrypted ..
when you press the lockout button the GUI performs a wallet_lock which deletes the private key from memory making it impossible to retreive the private key in unencrypted form ...
You are spreading FUD ..
Scenario:
1 Unprivileged account using the wallet GUI through elevation.
2 Lockout
3 Expectation is that noone can see anything (locked GUI and unprivileged account).
The issue is that 3 is not true.
-
The underlying wallet is locked, your funds are safe.
What about transaction details, account names ?
If it is that easy to bypass passwords in the GUI it should be fixed... (not that a person with physical access to your PC cant obtain the data but why should it be that easy)...
It is a bug for sure, just not fatal.
If someone can get to your computer to perform described actions they can also get the raw data for your wallet .. in there account names and transaction details are plain text (for a good reason) only private keys are encrypted ..
when you press the lockout button the GUI performs a wallet_lock which deletes the private key from memory making it impossible to retreive the private key in unencrypted form ...
You are spreading FUD ..
Scenario:
1 Unprivileged account using the wallet GUI through elevation.
2 Lockout
3 Expectation is that noone can see anything (locked GUI and unprivileged account).
The issue is that 3 is not true.