emsemporium Posted February 7, 2018 Share Posted February 7, 2018 Quote New security feature: verify your receive address directly on your Nano S Dear Ledger user, Protecting your security is of paramount importance to us. TheLedger Wallet Bitcoin Chrome application has just been updated to give you more control over the security of your transactions. The update is automatic and enables an essential new feature: verification of the reception address directly on the device.This new feature is addressing a specific issue known in the crypto-community as the "Man in the Middle Attack". There has been a recent announcement of a malware proof of concept that could potentially infect the user’s computer - including, the Ledger Chrome application. In this scenario, an attacker could theoretically change the ‘receive’ address displayed on the (infected) computer’s screen within the Ledger Chrome application. By enabling you to verify the receive address on your device (the only source you can trust), the updated Chrome app provides an additional peace-of-mind. Always verify the receive address on your device before communicating it to a third party. Your current funds are not at risk and do not require any action. Besides this important software update, we are taking 3 specific actions to make sure our users are safe and secure, while remaining alert: • Software updates: the LedgerWallet Bitcoin Chrome application is the first to benefit from the on device receive address verification feature. It is available for Bitcoin and all other coins managed by the Chrome app. ETHand XRP apps will benefit from that new feature in the upcoming desktop global release.• Upgraded Bug Bounty program: we are growing quickly - and we are still developing and strengthening some of our behind the scenes processes. We value contributions from security researchers and the community, and will be making our Bug Bounty programs faster and more efficient.• Prevention: we are continuously working on developing resources and materials to help our user base better understand the threats hey face and how they can best secure their assets. If not done already, we urge you to read our basic security principles ruleset. Security is an arms race. We’re in it for the long haul and are prepared for it. At Ledger, we take our mission seriously and that mission is to protect you. Thank you for your trust. Eric Larcheveque Ledger, CEO FYI I appreciate that not everyone on here is a fan of the Nano S hard wallet, but this is a copy of the email I've just received from Ledger regarding a security update which effects Ripple. jag216, Tradekraft, benstr and 2 others 4 1 Link to comment Share on other sites More sharing options...
RippleDrifter Posted February 7, 2018 Share Posted February 7, 2018 So the Ripple update for this is not available yet? Link to comment Share on other sites More sharing options...
emsemporium Posted February 7, 2018 Author Share Posted February 7, 2018 1 hour ago, emsemporium said: It is available for Bitcoin and all other coins managed by the Chrome app. ETHand XRP apps will benefit from that new feature in the upcoming desktop global release.• Make of that what you will, but "upcoming" seems to suggest that they are still working on it. In the meantime, I'm keeping my Nano S safely locked up in the second drawer of my des-- ah, but then that would be telling... Tikrp and pascales 2 Link to comment Share on other sites More sharing options...
XRPto50dollars Posted February 7, 2018 Share Posted February 7, 2018 (edited) some more info in another topic.. (man in the middle attack) Edited February 7, 2018 by XRPto50dollars Link to comment Share on other sites More sharing options...
Valhalla_Guy Posted February 7, 2018 Share Posted February 7, 2018 I could be wrong, but the security 'flaw' in the XRP wallet is minor compared to other coins. My understanding is that Bitcoin (and perhaps others) use a new "receive address" for each deposit. This means that you need to verify the address displayed on your screen, against that displayed on the Ledger itself, when receiving funds. XRP wallets use the same receive address (Public Key) for all transactions. This means as long as you know your receive address worked at least once (activation) you are good forever. The XRP wallet app, on Ledger, is only vulnerable upon the initial creation of your wallet; when you first "see" your receive address (public key) This address can be compromised, so make sure you only send the minimum XRP to activate your wallet, and cover fees. If it works, your public key good. Remember that to "receive" coin, the ledger itself does not need to be online, and the XRP app does not need to be running. Only when sending coins (xrp) is the ledger to be pulled from it's deeply buried and well protected vault, in your backyard. I own a Ledger, so please let me know if I am wrong- I also use a paper wallet, and keep 80% of my coins there, bc I still have trust issues with Ledger. XRPto50dollars, gray and WillGetThere 2 1 Link to comment Share on other sites More sharing options...
XRPto50dollars Posted February 7, 2018 Share Posted February 7, 2018 6 minutes ago, Valhalla_Guy said: I could be wrong, but the security 'flaw' in the XRP wallet is minor compared to other coins. My understanding is that Bitcoin (and perhaps others) use a new "receive address" for each deposit. This means that you need to verify the address displayed on your screen, against that displayed on the Ledger itself, when receiving funds. XRP wallets use the same receive address (Public Key) for all transactions. This means as long as you know your receive address worked at least once (activation) you are good forever. The XRP wallet app, on Ledger, is only vulnerable upon the initial creation of your wallet; when you first "see" your receive address (public key) This address can be compromised, so make sure you only send the minimum XRP to activate your wallet, and cover fees. If it works, your public key good. Remember that to "receive" coin, the ledger itself does not need to be online, and the XRP app does not need to be running. Only when sending coins (xrp) is the ledger to be pulled from it's deeply buried and well protected vault, in your backyard. I own a Ledger, so please let me know if I am wrong- I also use a paper wallet, and keep 80% of my coins there, bc I still have trust issues with Ledger. very good summary Link to comment Share on other sites More sharing options...
gray Posted February 10, 2018 Share Posted February 10, 2018 On 2/7/2018 at 12:03 PM, Valhalla_Guy said: I could be wrong, but the security 'flaw' in the XRP wallet is minor compared to other coins. My understanding is that Bitcoin (and perhaps others) use a new "receive address" for each deposit. This means that you need to verify the address displayed on your screen, against that displayed on the Ledger itself, when receiving funds. XRP wallets use the same receive address (Public Key) for all transactions. This means as long as you know your receive address worked at least once (activation) you are good forever. The XRP wallet app, on Ledger, is only vulnerable upon the initial creation of your wallet; when you first "see" your receive address (public key) This address can be compromised, so make sure you only send the minimum XRP to activate your wallet, and cover fees. If it works, your public key good. Remember that to "receive" coin, the ledger itself does not need to be online, and the XRP app does not need to be running. Only when sending coins (xrp) is the ledger to be pulled from it's deeply buried and well protected vault, in your backyard. I own a Ledger, so please let me know if I am wrong- I also use a paper wallet, and keep 80% of my coins there, bc I still have trust issues with Ledger. Yep, this is correct. XRP doesn't generate receive addresses for extra coins each transaction. However there's a slight nuance here, which is that in theory your receive address could be compromised any time you look at it on the Ledger app, but with Ripple, you know that something is wrong if that receive address is different than your original address. With other cryptos, it's completely normal that it is different. emsemporium 1 Link to comment Share on other sites More sharing options...
MegaNerd Posted February 12, 2018 Share Posted February 12, 2018 Did Ledger Nano S company ever replace their chrome app for the nano? i cant find anything. Link to comment Share on other sites More sharing options...
XRPto50dollars Posted February 14, 2018 Share Posted February 14, 2018 On 2/7/2018 at 10:31 AM, RippleDrifter said: So the Ripple update for this is not available yet? still not available bender. RippleDrifter 1 Link to comment Share on other sites More sharing options...
XRPto50dollars Posted February 14, 2018 Share Posted February 14, 2018 On 2/12/2018 at 6:12 PM, MegaNerd said: Did Ledger Nano S company ever replace their chrome app for the nano? i cant find anything. if its anything like anything else in life, theyll release the new'whatever it is' for the Chrome App, but there will be bugs and issues and it wont work for months on end haha Link to comment Share on other sites More sharing options...
XRPto50dollars Posted April 18, 2018 Share Posted April 18, 2018 On 2/7/2018 at 9:03 AM, emsemporium said: ETHand XRP apps will benefit from that new feature in the upcoming desktop global release.• ya guess what.. 3 months later... still hasnt happened. my belief in the company's ability to keep XRPs safe is waning real fast Link to comment Share on other sites More sharing options...
XRPto50dollars Posted April 18, 2018 Share Posted April 18, 2018 On 2/12/2018 at 6:12 PM, MegaNerd said: Did Ledger Nano S company ever replace their chrome app for the nano? i cant find anything. nope. talk about being secure. Link to comment Share on other sites More sharing options...
emsemporium Posted April 18, 2018 Author Share Posted April 18, 2018 https://www.ledger.fr/2018/04/17/announcing-ledger-firmware-1-4-2/ FYI folks - here's the link to the latest update for the Ledger Nano S. XRPto50dollars and mistatee2000 1 1 Link to comment Share on other sites More sharing options...
MegaNerd Posted April 19, 2018 Share Posted April 19, 2018 (edited) 23 hours ago, XRPto50dollars said: nope. talk about being secure. I saw you posted this as well in another topic: https://www.ledger.fr/2018/02/23/announcing-new-ledger-wallet-desktop-mobile-applications/ looks like theyre going to update the chrome app in the next month or so. yay. the device is as secure as one could be i believe. you just have to use it right Edited April 19, 2018 by MegaNerd Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now