You are viewing a single comment's thread from:

RE: In Light Of Recent Events: Can We Reach A Consensus On Banning Abusive Users From Steem?

in #dlive7 years ago

You know, I've thought of this before as a risk in the past. Unless you're extremely paranoid and type the key in from a piece of paper all the time, we all copy&paste. And once you've copied the key, it's in the clipboard memory of your device. This has happened to me several times, but I've been lucky not to have submitted it.

It's only a matter of time before someone writes something to scan your computer's memory clipboard (when the blockchain is mainstream enough and enough hackers know about it).

The way it is, it's going to take this happening to a whale for swift action to be taken. From what's happened to the DLive and Utopian accounts in the recent past, it's not too impossible for this to happen soon.

Sorry this happened to you @surfermarly :(

Sort:  

I had never thought about the memory clipboard, but now as you mentioned it: that can really become an issue. Of course we all (or most of us) copy-paste the keys. Yet, it's actually not the safest way of operating on the blockchain. A 2 step verification would be huge!

Thanks for the valuable addings - and also for your compassion :-)
Today I'm actually feeling much better already!

Steemit inc needs to simply install software that prevents someone from even pasting a private key in the memo, just like when you type in tehw ord bittrex they won't let you send money unless you type in a bittrex memo .... There are also chrome extensions that you can install that prevent all phishing links from even showing up without a BIG red warning page! So we could have a chrome extension that prevents noobs from even posting a private key in wallet memo or in a post or comment

steemit inc front end should just prevent a user from posting anything that the website detects to look similar to a private key like anything thjat bvegins with a P5 or 5H or whatever, shopuld be easy for a program to recognize that this seems like a private key, and to prevent posting!

And yeah @adetorrent is right the fuckjing Copypaste clipboard is a godamn honeypot for crypto people, so dangerous, we should always be deleting our clipbaord memory!