BitShares Forum

Main => General Discussion => Topic started by: 麥可貓 on August 19, 2014, 09:27:21 am

Title: "Go Back" in lock screen
Post by: 麥可貓 on August 19, 2014, 09:27:21 am
In lock screen of qt_wallet, I just found that I can do the following things (now I am using 0.4.2 in ubuntu):
1. right click mouse, press "Go Back"
2. the wallet will really go back to the tab before screen locked, and there are a couple seconds before re-lock (this interval may vary depending on the final tab you are while pressing lock).
3. I can prepare a command in my clipboard, paste it, and hit ENTER. This step may require performing step 1-2 for multiple times.

I think basically the information of your account can be obtained using step 1-2 (account names in wallet, transaction histry, etc), and can do something more using step 3
Title: Re: "Go Back" in lock screen
Post by: bytemaster on August 19, 2014, 12:00:31 pm
The underlying wallet is locked, your funds are safe. 


Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
Title: Re: "Go Back" in lock screen
Post by: emski on August 19, 2014, 12:11:20 pm
The underlying wallet is locked, your funds are safe. 


Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)

What about transaction details, account names ?
If it is that easy to bypass passwords in the GUI it should be fixed... (not that a person with physical access to your PC cant obtain the data but why should it be that easy)...
Title: Re: "Go Back" in lock screen
Post by: xeroc on August 19, 2014, 12:22:50 pm
The underlying wallet is locked, your funds are safe.

What about transaction details, account names ?
If it is that easy to bypass passwords in the GUI it should be fixed... (not that a person with physical access to your PC cant obtain the data but why should it be that easy)...
If someone can get to your computer to perform described actions they can also get the raw data for your wallet .. in there account names and transaction details are plain text (for a good reason) only private keys are encrypted ..

when you press the lockout button the GUI performs a wallet_lock which deletes the private key from memory making it impossible to retreive the private key in unencrypted form ...

You are spreading FUD ..
Title: Re: "Go Back" in lock screen
Post by: emski on August 19, 2014, 12:35:08 pm
The underlying wallet is locked, your funds are safe.

What about transaction details, account names ?
If it is that easy to bypass passwords in the GUI it should be fixed... (not that a person with physical access to your PC cant obtain the data but why should it be that easy)...
If someone can get to your computer to perform described actions they can also get the raw data for your wallet .. in there account names and transaction details are plain text (for a good reason) only private keys are encrypted ..

when you press the lockout button the GUI performs a wallet_lock which deletes the private key from memory making it impossible to retreive the private key in unencrypted form ...

You are spreading FUD ..
Scenario:
1 Unprivileged account using the wallet GUI through elevation.
2 Lockout
3 Expectation is that noone can see anything (locked GUI and unprivileged account).
The issue is that 3 is not true.
Title: Re: "Go Back" in lock screen
Post by: bytemaster on August 19, 2014, 05:47:47 pm
The underlying wallet is locked, your funds are safe.

What about transaction details, account names ?
If it is that easy to bypass passwords in the GUI it should be fixed... (not that a person with physical access to your PC cant obtain the data but why should it be that easy)...

It is a bug for sure, just not fatal.
If someone can get to your computer to perform described actions they can also get the raw data for your wallet .. in there account names and transaction details are plain text (for a good reason) only private keys are encrypted ..

when you press the lockout button the GUI performs a wallet_lock which deletes the private key from memory making it impossible to retreive the private key in unencrypted form ...

You are spreading FUD ..
Scenario:
1 Unprivileged account using the wallet GUI through elevation.
2 Lockout
3 Expectation is that noone can see anything (locked GUI and unprivileged account).
The issue is that 3 is not true.