Here's the take-away:
1. ONLY store your wallet.dat on an encrypted partition.
by extension:
1a. DON'T BACKUP YOUR WALLET TO AN UNENCRYPTED PARTITION!
1b. Don't use Dropbox to backup your wallet!
1c. DON'T USE DROPBOX TO BACKUP YOUR WALLET! Yes, it's handy, yes, it's automatically backed up, and yes it's encrypted. But none of that matters. Although Dropbox does encrypt your data, the way the Dropbox system works makes it a relatively insecure place for storing your wallet - once you connect to Dropbox on a PC, rather than keeping your password, the program keeps a token. Anyone with that token has access to your Dropbox (and your wallet). It doesn't matter that the data is encrypted because Dropbox does the decryption on their end (not good - companies should learn, this is the same thing Gawker did wrong, and is one of the many things Sony did wrong, and it's one of the easiest problems to avoid).
1d. If you want to use a cloud-based back-up solution, MAKE SURE that it encrypts *LITERALLY *ALL* of your data before it is "sent to the cloud." Also, MAKE SURE THAT ONLY YOU HAVE THE ENCRYPTION KEY. (Or trusted loved ones. But you know what I mean - make sure the service doesn't keep a copy of your key - otherwise you can get totally screwed even if you personally do everything right.) Yes, this means that if you ever lose that password you lose all that data - but that's why we have password "hints" and why we have password autofillers. Wuala does encrypt your data beforehand and does not store a copy of the key (and incidentally, accepts Bitcoin if you want to use their paid services) and there are services such as Carbonite which can supposedly do the same (although I can't personally vouch for any of these).

2. The key to keeping a system secure (aside from just disconnecting it from the Internet) is to BE AWARE. Pay attention to what is installed on your system, and why, and how often you use it. If you aren't using it, get rid of it as it's nothing more than a potential attack vector.
2a. PAY ATTENTION to what's on your computer!
2b. PAY ATTENTION to what's on your computer! Assuming this guy is telling the truth, this is where he really fucked up. He was running this on his main home PC, which he also used for work and stock trading. I'd assume he also used the same computer for general Web browsing, file sharing, gaming, chatting, and everything else. We all do it, and it puts us at risk. It's not that it isn't/can't be OK - it can - but he did it without thinking about the fact that every program is a potential attack vector. It would've been OK if he'd kept his wallet on a physically disconnected volume, but he didn't.'t.

3. Keep the PC which holds your main wallet up-to-date and keep it secure, and/or keep your wallet off your PC until you want to use it.
3a. If you can, keep your wallet on another computer (IE, not your main PC) that pretty much isn't used for anything but Bitcoin, and LOCK IT DOWN TIGHT. The more programs you have on the PC, the more vectors of attack an attacker has.
3b. For most of us, it's not feasible to have a separate PC just for Bitcoin. This can be OK. If you have a lot of Bitcoin, keep your main wallet on a Flash drive or something similar that is only physically connected to your system when you want to run Bitcoin. (Make sure you understand - I am NOT talking about making a copy of your wallet, I am talking about actually moving the file to a separate drive where it is normally inaccessible to the Bitcoin software except when you deliberately plug it in.)

4. Be smart and realize you are human. Leaving your wallet in plain sight in a locked car isn't "keeping it safe" and it seems like it's pretty obvious that doing it puts you at risk, but accidents happen sometimes - which is why we tend to keep our money either with a bank or somewhere safe at home. If you have enough Bitcoin, keep two wallets - one with the majority of your Bitcoin, and one with your spending money - and make sure the "main" wallet is kept ultra-secure. Treat your BTC wallet like a real wallet - don't keep large amounts on you because if you get robbed and you're carrying $100 or even $1000 you're set back but not enough that you won't recover, but if you're carrying $500,000 and you get robbed (or lose your wallet) you're pretty well fucked.

Sure, if you're not overly worried about getting them stolen.

Hello I need a couple things cleared up for me, first off After I install Ubuntu and the bitcoin program and generate the 10 addresses why am I saving all the addresses and not just one? Will I be fine leaving a copy of the wallet on the usb drive that has Ubuntu on it or would that be a bad idea? And now that I will have 10 new addresses I can send my current btc to any one of those and then delete the wallet that is on my HD or do I need to leave that so I can send future btc from my HD to my new addresses? Also I don't need to mine with Ubuntu it is just a medium for safe transactions of my btc correct?

That's right, 80% of all issues will sitting before the machine   

what do u mean by "store"?  by being in a virtual state isn't the virtual file system just temporary until u logoff live cd unless u decide to save the wallet?


which then means it can be stolen despite not being logged on with live cd?

Thanks for a Great Post, it does appear that the 'wallet' and it's security is not straightforward as it might at first appear, it would be wise to assume that anyone who has installed Bitcoin to a PC could theoretically be compromised already, and it seems that if someone took a copy of your unprotected wallet.dat file three weeks ago, they could wait 1yr or two yrs and assume that Bitcoins will be worth more then start using those wallets.
So here is a worse case scenario, that EVERYONE who installed Bitcoin, in an unprotected fashion, which would probably be most people. may have had their wallet 'peeked', you might not have cared then, you might not care now because you only have a few Bitcoins, but theoretically, hackers could have been scouring the net, looking for unprotected wallets and taken copies.
In 5 yrs time, many of these wallets may no longer exist, but a few at least may well have significant amounts of Bitcoins in them, which they wil be able to use because they have your wallet, which is more accurately likened to a Key.
That means anyone who has left themselves vulnerable at sometime in the past, even if they didn't have any Bitcoins, is now at risk because those Old snapshots, taken of your empty wallets can be used to run transactions at sometime in the future, when your Wallet may contain significantly more BTC's.
Does that mean also that anyone mining using the CPU or GPU is inadvertently sending out a signal saying their wallet is 'open', an invitation for hackers to come in and take a copy of your 'wallet' for use at a later date.

Anyone with significant no of BTC's who has ever left their PC in an unprotected mode is right now at risk that someone has taken a copy that
they may well be able to use at some later date.
So the real procedure we need is not how to create a backup wallet but how to get those bitcoins out of that wallet, destroy the client we have downloaded, shred, defrag, wipe the disc and start again with a new download.
My guess is we are all potentially compromised, and if you intend having any significant BTC's in that wallet, you we should think about
starting again, I mean surely all the bad guys have to do is release a virus that infects harddrives and sits there looking for wallet.dat, sending a copy to BadGuy Central, it could even be of a fresh install, it will not matter if its a copy of a freshly created wallet because at sometime in the future there will be coins in it, which preseumably they can check with Block explorer, aren't we all screwed ?

Hi guys! For the newbies out there that may not fully understand encrypting or all the complicated steps you guys have laid out here I have a very simple solution for 100% security.  DO NOT STORE YOUR WALLET ON ANY COMPUTER EVER!  Use a removable media to store your wallet.dat and keep it in a safe place.  At the moment I keep my wallet on two flash drives, flash drives are very convenient but are known to fail.  This is why I have two.  Whenever I need to make a transaction I plug in my flash drive and put my wallet on my pc, once I finish sending or receiving coins I move it back to the flash drive.  Hopefully soon the bitcoin client itself will have more built in security, but for the time being this is the most convenient method I can think of.  As an added bonus to this method, you can carry your wallet with you anywhere which could come in handy if you need to spend some coin on the fly!

thanks for this post, it's helped a lot. I'd hate to buy into bitcoins and have all of it get stolen or lost.

Thanks for the excellent write up! If I had any coin I would send some your way.