Jump to content

Info on Nano-Chrome API issue?

XRPto50dollars

By XRPto50dollars
in Software and Hardware

 Share

Recommended Posts

XRPto50dollars

XRPto50dollars

Posted
  • Author
Posted
1 minute ago, Deux said:

Soo much FUD on ripple, it doesnt have alot to do with ripple.

Ledger this ledger that, you are talking about the ledger nano s. A separate company that offers a hardware wallet. If they offer software that is not secure. You need to contact them. Btw I assume its not only ripple, but any other cryptocurrency they support would have the same issue.

Or am I wrong on this topic?

We're talking about Ledger Nano S the device

Link to comment
Share on other sites
  • Replies 44
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

gray
gray

Being a newbie has nothing to do with it lol. There is no "Windows software component" that is required for Ledger Wallet for Ripple. There's a Chrome app which is multiplatform. Which doesn't need to

gray
gray

Ah, I see. Well I admit I was mistaken, the Ripple specific app for Ledger is a native app... Weird, since I was under the impression they were all Chrome apps. Anyway, the security implications are m

gray
gray

Well, first, XRP and the Ripple network is still just as safe as ever. Nothing's changed in that manner. Second, nothing is rekt so far, that we know of. If you download from the *real* chrome st

John_Buh

John_Buh

Posted
Posted
54 minutes ago, dav3 said:

so, long story short. is ledger nano still safe?

c'mon guys. I have to googled "how to check your graphic card in your computer" just to check my graphic card in my new laptop. this ledger things is beyond me 

The Nano is safe.  It is an excellent device and concept.

Link to comment
Share on other sites
John_Buh

John_Buh

Posted
Posted

Ok, folks I am going to do a  public service here.

I'll order a 2nd Nano S, set up a ridiculous worst case honeypot on an old laptop and expose a Nano to the

worst computing practices ever - put it on my router with zero protection, no antivirus, XP with no security patching,

put the public address of the wallet out there and see if the Nano S is compromised.

Results pending...

Link to comment
Share on other sites
XRPto50dollars

XRPto50dollars

Posted
  • Author
Posted
1 hour ago, John_Buh said:

Once again this board has allowed Max to jerk the collective chain.  Unreal.

ya you bring up a good point. looking at this from a logical standpoint, in addition to calling @gray a newbie (twice), @MaxEntropy also called her a 'silly person'. @gray is one of the most knowledgeable people i know in here.  I applaud gray for keeping cool and not getting defensive.

Now, we all from time to time let our emotions get the best of us, but he came out of nowhere and instantly began attacking her. so the question is.. why? Often times, people attack others when they know their side of the argument is weak and do so for dramatic effect. although he brings up possibly good points, at the same time, he would need to offer evidence that a computer running the Chrome App has been compromised in the past. Otherwise, he may be just trying to cause argumentation. 

 

Link to comment
Share on other sites
John_Buh

John_Buh

Posted
Posted
Just now, XRPto50dollars said:

ya you bring up a good point. looking at this from a logical standpoint, in addition to calling @gray a newbie (twice), @MaxEntropy also called her a 'silly person'. @gray is one of the most knowledgeable people i know in here.  I applaud gray for keeping cool and not getting defensive.

Now, we all from time to time let our emotions get the best of us, but he came out of nowhere and instantly began attacking her. so the question is.. why? Often times, people attack others when they know their side of the argument is weak and do so for dramatic effect. although he brings up possibly good points, at the same time, he would need to offer evidence that a computer running the Chrome App has been compromised in the past. Otherwise, he may be just trying to cause argumentation. 

 

The Ledger Ripple app is native.

Link to comment
Share on other sites
Hodor

Hodor

Posted
Posted
3 hours ago, XRPto50dollars said:

@MemberBerry...

i have no idea. i feel like i started this Topic just to make conversation, and inadvertently brought the entire Ledger system to its knees. If the ledger's Secure Element' is safe, yet we're downloading stuff to our computer in order to use the Ledger which compromises the security of our personal stuff aka banking, email, etc... whats the point?????????????????????? How could Ledger spend so much time, money, and research to create a super strong Nano S... yet they skimped and went with a Chrome App??? 1Todd even discovered Chrome is ENDING ALL APPS! So how can Ledger be 'so secure' if they took shortcuts along the way?

Lets face it... MOST people cant afford to buy a separate computer just to run a Nano, nor can MOST people have the technical know- how how to work with linux to create a true cold wallet.

i feel as if someone from Ledger is going to read this Thread and be like, "Crap.. someone figured out we're not safe."

Id love/appreciate/highly desire the mega-brains to give their thoughts on this:

Pretty much this Topic seems to have inadvertently brought up a huge security risk thanks to Gray's and Max's input; if its not with the Ledger itself, its with the computer its connected to via USB due to the Chrome App.

@PickleRick @RegalChicken @Hodor  @gray @Chewiecoin @JoelKatz @zenkert 

@Mercury @1todd960

If you are a person worried about Chrome on the Ledger Nano, the CTO of Ledger commented that they would be rolling out a new version that doesn't depend on Chrome in Q1 2018.  Here's the source: 

 

Link to comment
Share on other sites
John_Buh

John_Buh

Posted
Posted
14 minutes ago, Hodor said:

If you are a person worried about Chrome on the Ledger Nano, the CTO of Ledger commented that they would be rolling out a new version that doesn't depend on Chrome in Q1 2018.  Here's the source: 

 

Hodor - the Ledger Manager and other coin wallets are Chrome apps.  The specific Ripple Wallet app is native.

Link to comment
Share on other sites
Valhalla_Guy

Valhalla_Guy

Posted
Posted
4 hours ago, XRPto50dollars said:

We're talking about Ledger Nano S the device

i am not sure what it is you are looking for? What would be "secure" in your mind?

When you pay a bill, do you not write a check, seal it in an envelope, and then "transfer it to the public system via Postal carrier"  How do you sleep at night knowing that your saliva and donkey glue is all that secures your bank's name & address, along with your secure (private) checking account number + RTN number. It also has the payee name, and amount transferred.

Oh yeah let's not forget a valid copy of your signature, and technically, if I wanted to hack your "secure method of wealth transfer",  I could even get your DNA!

Of course on the public side of the envelope, you put your name and address, as well as the payee's location. (this allows us to know what envelopes to hack, without having to open them all)

The only safe wallet is one that is never opened- FIAT or CRYPTO!  The safest XRP wallet, is a true cold wallet, that is generated on a PC that never went online, nor ever will. You would put your coins in it, and NEVER spend them. (This is 100% secure yet it also makes your coins 100% worthless, since you can't spend them)

Once you "open" your wallet to actually spend money (FIAT or CRYPTO), you will need to compromise some security for the transaction to take place. 

The Ledger is the SAFEST wallet for those who like to "frequently spend" (read transfer) crypto, because it never exposes your key to the PC or the world. Preventing your key from exposure, comes at the cost of trusting a 3rd party to protect your key.

I suppose, until they mint XRP, that you can put under your mattress, along with never unlocking your doors, and never leaving home, you will never feel secure?

(How did you buy crypto in the first place, without exposing your personal info and some form of financial account number to the web?) 

Dear sir, It is not that you do not understand Ledger or Crypto; after reading all of your posts, on many threads, it appears you do not understand the word security.

 

 

Link to comment
Share on other sites
Deux

Deux

Posted
Posted
1 hour ago, Valhalla_Guy said:

i am not sure what it is you are looking for? What would be "secure" in your mind?

When you pay a bill, do you not write a check, seal it in an envelope, and then "transfer it to the public system via Postal carrier"  How do you sleep at night knowing that your saliva and donkey glue is all that secures your bank's name & address, along with your secure (private) checking account number + RTN number. It also has the payee name, and amount transferred.

Oh yeah let's not forget a valid copy of your signature, and technically, if I wanted to hack your "secure method of wealth transfer",  I could even get your DNA!

Of course on the public side of the envelope, you put your name and address, as well as the payee's location. (this allows us to know what envelopes to hack, without having to open them all)

The only safe wallet is one that is never opened- FIAT or CRYPTO!  The safest XRP wallet, is a true cold wallet, that is generated on a PC that never went online, nor ever will. You would put your coins in it, and NEVER spend them. (This is 100% secure yet it also makes your coins 100% worthless, since you can't spend them)

Once you "open" your wallet to actually spend money (FIAT or CRYPTO), you will need to compromise some security for the transaction to take place. 

The Ledger is the SAFEST wallet for those who like to "frequently spend" (read transfer) crypto, because it never exposes your key to the PC or the world. Preventing your key from exposure, comes at the cost of trusting a 3rd party to protect your key.

I suppose, until they mint XRP, that you can put under your mattress, along with never unlocking your doors, and never leaving home, you will never feel secure?

(How did you buy crypto in the first place, without exposing your personal info and some form of financial account number to the web?) 

Dear sir, It is not that you do not understand Ledger or Crypto; after reading all of your posts, on many threads, it appears you do not understand the word security.

 

 

Not sure what you guys are smoking, but its not healthy.

Link to comment
Share on other sites
gray

gray

Posted
Posted (edited)
7 hours ago, MemberBerry said:

So...chromium app for linux is also rekt?

This ledger thing is soo complicated for no-techs.

Is xrp safe? Is ledger safe now or what does alll of this mean?

Well, first, XRP and the Ripple network is still just as safe as ever. Nothing's changed in that manner.

Second, nothing is rekt so far, that we know of. If you download from the *real* chrome store or the *real* ledger website and you have https on, you can basically guarantee you're downloading the genuine Ledger app. At that point you're basically trusting ledger themselves to not **** it up. The vulnerability max has "revealed" is that, in theory, you could get phished or scammed, say by a lookalike domain name, in which case you could download a non-genuine app and install it without realizing. Ultimately, though, you could be scammed in this way basically just as easily either way. I'd bet that the majority of windows users don't even know how to tell whether a piece of software they're installing has been properly signed or not because they're so used to installing unsigned software that they don't even blink at it.

Ultimately, I don't think Ledger is perfect whatsoever, but their security is still very good, especially for the relative ease of use it provides compared to other methods that would provide similar levels of security. There's still no known remote attack vector on either the Ledger or Trezor. This means they still need to get their hands on your device itself to have even a chance of recovering your coins, and even in that scenario, it's still unlikely and very difficult. In addition, using a Ledger is no more likely than using any other wallet as far as potential for you to get scammed and download malware.

Finally, I think what has really been revealed to you and maybe others the past couple days @XRPto50dollars is just how many possible attack vectors there are on basically anything these days. Ultimately you could get phished or fall victim to malware not just for crypto but for any number of the things you listed. Just being in the crypto world at the moment probably increases the likelihood of that happening because people know that there are so many not technically savvy people in the crypto world that they can prey on.

Edited by gray
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...