Saturday, November 5, 2016

Your telephone connected to the internet? Do not use it for a wallet.

Reached for comment, Coinbase CEO Brian Armstrong confirmed that some users had experienced attacks, but emphasized the individual nature of the breaches, saying, "phishing is something that's ongoing. It happens on every major site on the internet." Armstrong also pointed out Coinbase's use of two-factor authentication, a feature that's still missing from many major banking sites. The FireEye researchers agreed: none of these attacks seem to be targeting Coinbase’s own infrastructure. Every indication suggests they are individual exploits targeting individual accounts, and Coinbase’s own user agreement clearly states that users are "responsible for maintaining adequate security and control of any and all IDs, passwords, personal identification numbers, or any other codes that you use to access Coinbase services." For one reason or another, Jeff and the other customers failed to do that. Still, amid real financial losses, it’s easy to see why they feel betrayed.

Web connected devices do not make good wallets.  The Smart Card will never click on the wrong icon, it has no e mail, it has no screen, it has no mice. It only talks in units of probability trees..   We can go on celebrating our new telephones, but the price we pay is giving dough-re-me to the thieves.

No comments: