Chrome Extension Stealing Cryptocurrency Keys and Passwords
A malicious Chrome extension surreptitiously steals Ethereum keys and passwords:
According to Denley, the extension is dangerous to users in two ways. First, any funds (ETH coins and ERC0-based tokens) managed directly inside the extension are at risk.
Denley says that the extension sends the private keys of all wallets created or managed through its interface to a third-party website located at erc20wallet[.]tk.
Second, the extension also actively injects malicious JavaScript code when users navigate to five well-known and popular cryptocurrency management platforms. This code steals login credentials and private keys, data that it’s sent to the same erc20wallet[.]tk third-party website.
Another example of how blockchain requires many single points of trust in order to be secure.
Peter A Popovich • January 3, 2020 2:05 PM
Mr. Schneier,
I see a real societal need that you or one of the community of people reading your blog could meet. A challenge to the community may be in order.
I am an amateur cryptographer who has been interested in this field throughout my life.
There is need for compromise in the area of “gun control / background checks / gun registration”. This is a big topic currently in Virginia.
What is needed is a system that will enable authorities to have access to gun records but only with the most stringent safeguards – meaning no ability for the government to “round up” the guns. However, when there is a crime committed, it would give government the ability to get at records including private sales when reasonable people co-operate. My thinking is to define a system with multiple people needing to co-operate to open the records (such as the attn general of a state, the local police department, the private or commercial seller of the firearm, the president of a local gun rights organization (maybe the NRA). Any one of these individuals or groups could block access the the records.
I believe that such a system could allow reasonable people to have their fears minimized and be the compromise needed to allow many pressing issues to be solved.
The first step would be to define the requirements of such a system.
Peter Popovich, Broad Run, Virginia (peter.popovich@gmail.com)