Julian Yap

Enhancing security through signed Mac Wallet builds

Presently the vast majority of cryptocurrency Mac Wallet applications are distributed in an insecure fashion which opens end users up to potential security issues such as malware.

Trust is essential when using cryptocurrency wallet applications as reducing your operating system’s security settings and allowing yourself to install a software application from an unverified source could have disastrous effects. It is quite feasible that a wallet application you install today may contain "malware that steals Bitcoins":http://www.darkreading.com/attacks-breaches/more-than-100-flavors-of-malware-are-stealing-bitcoins/d/d-id/1141396.

One way to combat this in the Mac OS X system is to use "code signing":https://developer.apple.com/library/mac/documentation/Security/Conceptual/CodeSigningGuide/CodeSigningGuide.pdf.

From the "Wikipedia":http://en.wikipedia.org/wiki/Code_signing entry:

Code signing is the process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed by use of a cryptographic hash.

I have started a "Signed Mac Wallet Builds Program":http://julianyap.com/pages/macwalletbuilds.html which provides coins the service of having their Mac Wallets built and signed by me. Please note that there is nothing preventing coin developers from directly signing up for an Apple Mac developer account, going through the verification process and providing this service themselves.

I encourage all coins which believe in the longevity and public trust of their coin to provide signed Mac Wallets. You owe it to your users and the community.

I encourage all cryptocurrency users to demand signed Mac Wallet builds from their coin developers. In order for alt coins to compete on the same level as Bitcoin, they must offer the same if not better level of trustworthiness.

I have discussed this program with Pinkcoin and Razorcoin who have agreed to be apart of the launch of this program. The "signed Pinkcoin wallet":http://crypto.pink/wallet/ and the "signed Razorcoin wallets":http://razorco.in are both available for immediate download.

Here is a screen shot of the signed Pinkcoin Mac Wallet along with my developer ID verified by Apple:

!/images/pinkcoinsignedverification.png!

Please read my "Signed Mac Wallet Builds Program":http://julianyap.com/pages/macwalletbuilds.html page which goes into more detail.

UPDATE, July 9 2014: The "Nautiluscoin":http://www.nautiluscoin.com Mac Wallet is now signed.

UPDATE, July 29 2014: The "Sync":http://www.synclub.net Mac Wallet is now signed.

3 JULY 2014 @ 03:02PM

Pages

Follow Me

Google+ RSS