What’s wrong with MyEtherWallet?
Since Wednesday, some of MyEtherWallet users (MEW) have reported about the possible hacking of the DNS server. User requests were forwarded to servers controlled by attackers.
This information about DNS-hacking was confirmed by MEW officials and in the network, the talks about hacking the wallet began. Nevertheless the representatives of MEW denied information about hacking exactly the wallet, they confirmed the information that a number of public DNS-servers are hacked by criminals and users who have DNS in their settings were redirected to a phishing site (a snag site, looks like the main, original site, but belonging to intruders, developed to get an access to confidential user data — logins and passwords, credit card numbers, etc.). Speaking about the MEW, currently, IT does not have any security problems. As the problem appeared not on the side of MEW, company representatives are trying to identify the hacked servers and resolve the situation through informing customers.
What’s the hitch? Why do you need to know what exactly was hacked — the MEW wallet or DNS servers? When a service is hacked, attackers get an access to either managing all the stored service capabilities, or to critical financial or private users information (depending on the hacking quality), and in case of hacking the wallet, they get access directly to the user’s means.
In case of DNS server spoofing, as it happened in the situation with MEW, the user is redirected to a phishing site developed by attackers. Such sites, as mentioned above, completely duplicate the interface, structure, and design of the original site. When users are taken to the phishing site, they enter their logins and passwords of personal online wallets, and in doing so they send the attackers all the information they are interested in. In other words, the user himself gives the attackers all the critical information to access his wallet, without knowledge of working with a duplicate, not the real service.
Roughly speaking, DNS it’s just routing navigation system in the Internet. More precisely, DNS (domain name system) is a computer distributed system for obtaining information about domains. Mostly it is used to obtain an IP address by the hostname (computer or device), obtaining information about mail routing, serving nodes for protocols in the domain. A distributed DNS database is maintained via a hierarchy of DNS servers. So, DNS is a globally distributed store of keys and values. Servers all over the world can provide you with a value by key, and if they do not know the key, they will ask for help another server.
The methods of hacking DNS-servers are a wide topic, it could be the elementary injection or scale DDOS (attacks leading to the inability of the DNS server). In the case of a particular wallet, MEW employers claim that a “popular” hacking method aimed at breaking Internet routing and associated with the detection of vulnerabilities on public DNS servers was used.
In order to protect yourself from such fraudulent actions, it is recommended to visit the site only using the HTTPS protocol, it is usually designated as secure, it looks like this:
and if it is a question of financial and confidential information, always check by whom and how the document certifying the name of this site is signed.
and if it is a question of financial and confidential information, always check by whom and how the document certifying the name of this site is signed.
If you prefer to be absolutely sure, to see the SSL (Secure Sockets Layer - the cryptographic protocol that implies secure communication) certificate information, you need to do the following steps: Chrome Menu -> Developer tools -> Additional tools -> Developer tools -> Security -> View Certificate. A new window opens with all the information about the SSL certificate.
Here you can see the following things:
• Issued to: The domain for which the SSL certificate was issued. If it does not match the domain you were planning to reach, it is possible that the site has been replaced.
• Issued by: The certification authority responsible for issuing the certificate.
• Valid from …. to….: SSL certificate validity period.
In any case, even if you don’t plan to send any important information to the site, never ignore the browser’s message about the wrong certificate. Be careful, if it’s about your money and personal information. Or try to use only a local copy of your wallet.
Original: https://medium.com/@phenomteam/whats-wrong-with-myetherwallet-2e231fc49924
Leave What’s wrong with MyEtherWallet? to:
Read more #mew posts
Best Posts From phenom
We have not curated any of phenom's posts yet. But you can encourage our curation team to review posts by visiting them regularly and by referring other readers. Because we give priority to frequently read content.
More Posts From phenom
- What’s wrong with MyEtherWallet?
- Hedging of risks when investing in crypto assets
- No ads! – How ICO projects will. survive?
- SteemFest Hackathon - path to victory
- How to extend the capabilities of Bounty campaigns and increase the interest of users with the help of bounty platform by Phenom
- [SteemFest Hackaton] First steem-powered fully-automated bounty platform for ICO is out!
- EOS Final Presentation - video from Consensus 2017
- EOS Panel Discussion - video from Consensus 2017
- Every Person Is Under A Big Threat - Or A Frightening DDoS
- Elliptic Curve Cryptography - The Future Of Modern Encryption Or Imposed Modernization?
- Always wanted to protect your private information? Then start from learning basics of cryptography!
- All you need to know about Euler Diagrams: examples and opportunities
- How Does Shazam Work? Let's Understand Music Recognition Algorithms Together
- Fourier Transformation and Representation of the Signal in a Frequency Domain
- How to Start Programming and the Best Educational Sites. Sharing My Own Experience
- The Internet of Things - Our Better Future
- Darknet - The Best Way to Hide From Search Engines
- Multi-copters - the World's Most Popular Entertainment
- Drones - the Future of the World’s Races!
- Ever wondered what is Virtual Reality for? Then Look at the Three Main Areas of Its Application