Quote:
Originally Posted by Freakin
this is much less likely that searching your computer for a wallet.dat
there are different levels of security, and at an absolute minimum you should have only an encrypted copy of your wallet.dat on your computer, as well as having it backed up somewhere
The trouble is, it's extremely difficult to actually set all this up, when it could very easily be done automatically by the client. It's the typical Linux hacker mindset. Why make something easy to use for non-savvy people when you can work on something else? Look at all the hoops to jump through, set up a completely different PC that is not connected to the network just to store my wallet. It's absolutely terrible.
BTW, I have seen almost this piss-poor level of default security at at least one poker site. There was a site that had a file that was stored on disk if you saved your password automatically. The file wasn't plain-text, but it was trivially easy to crack since it was a 1-1 conversion. I think it just shifted each character by 20 or something ridiculous. It would have been super easy to give people a "Poker Tracker"-like program, but actually just steal their username and password, drain their account, then move on. But you can be traced where that might be sending it to, where it came from, and the site could easily reverse transactions. Bitcoin doesn't have even a trivial level of encryption on the file, and is irreversible (and this is considered a feature!). The thought is "we make the framework, someone else will eventually make things safe". I'm not sure that kind of approach makes sense for the most basic security, though. You should make things safe, especially when dealing with money, then worry about other things.
I have a feeling that LulzSec might start heavily targeting early Bitcoin users and getting a ton of coins and dump them into the market to get their money, and also get their lulz from destroying the market. That's actually the biggest threat I see to the currency in the next 3 months.