h a l f b a k e r yAlas, poor spelling!
add, search, annotate, link, view, overview, recent, by name, random
news, help, about, links, report a problem
browse anonymously,
or get an account
and write.
register,
|
|
|
Honeypurse
Bitcoin Based Canary / Burgler Alarm / Bug Bounty | |
As I use my various electronic devices I often wonder:
Has
this been hacked? I know I could run rootkit and virus
detection software, but that takes too long and it doesn't
really answer the question at hand. What if I don't have
a
virus but I've been hacked anyway? I end up relying
on
my
gut feeling.
Instead of guessing, there is a sure way to find out.
1) Leave a plain text document lying in a fortified area
of your device containing private key to a bitcoin wallet.
2) On another computer monitor bitcoin blockchain to
detect transactions on that wallet's address. This
monitoring is automated every 30 seconds.
3) If a transaction is detected it means someone
successfully hacked into your device and stole your
bitcoin
wallet. You get alerted by either an email, text
message, robo-call, or a big red flashing light with a
lound alarm.
Of course the wallet should contain sufficient bitcoins to
be tempting. For example, if someone was hacking you
to
send spam, they will probably go for the $5 wallet. On
the
other hand if their intention was to steal your identity to
commit fraud, they might need to see $100 wallet for
them to risk immediate detection. A top secret
government server may want to consider a $1,000,000
wallet in order to persuade foreign spies that they are
better off grabbing the wallet and running than to keep
rummaging through some secrets.
You might think: what's stopping the criminal stealing
the
wallet now, get what they want, and cash in the wallet
3
months later when they are long gone? To combat this,
a
wallet has to be updated periodically with a fresh one.
The more frequently the better. The old one is emptied
and the new one is filled. That will give the criminal
urgency to cash it right away. Also, the wallet is not
just
sitting on the device unprotected, all sorts of processes
are
checking suspicious activity. The criminal has to take
that
into consideration too. If they even get close to the
wallet
(let's say they read contents of a specific booby trapped
file) an alarm is triggered. They better hurry and cash it
before the owner empties the wallet first.
Canary Tokens
http://canarytokens.org/generate
[ixnaum, Aug 15 2016]
thinkst.com
http://thinkst.com
[not_morrison_rm, Aug 15 2016]
Please log in.
If you're not logged in,
you can see what this page
looks like, but you will
not be able to add anything.
Destination URL.
E.g., https://www.coffee.com/
Description (displayed with the short name and URL.)
|
| |
I humbly suggest you call this a honeypurse. |
|
| |
Yes, Honeypurse. Thank you Loris.
[+] to you. |
|
| |
Also I came up with a mechanism of ensuring the hacker
hurries up emptying the purse. Instead of using bitcoin, the
purse should be implemented using Ethereum. That way a
contract can be written up that incentivizes the hacker to
empty the purse soon and perhaps even to stay on the
system while he does so. |
|
| |
... turns out someone already baked this with Canary Tokens [link] |
|
| |
I get the feeling thinkst.com (canary tokens) is just taking the piss...linky |
|
| |