Pages:
Author

Topic: [ANN] Critical vulnerability (denial-of-service attack) - page 3. (Read 25839 times)

legendary
Activity: 1652
Merit: 1128
Isn't Bitcoin meant to be public or something, not 'public when you want it to be'?

It is open and public, you could have looked through the code to find it yourself, don't be lazy and expect everyone else to tell you the results of their work.
sr. member
Activity: 278
Merit: 250
Huge thanks to Gavin and all involved for handling this professionally.  You are first class!
legendary
Activity: 2576
Merit: 1186
FWIW, the network is now 5% secure against CVE-2012-2459.
sr. member
Activity: 322
Merit: 251
Isn't Bitcoin meant to be public or something, not 'public when you want it to be'?

Fact is, a lot of software companies would never make it public. You're free to try to find the vulnerability in the code yourself, but nobody is obligated to tell you what it is. The code is public. Go read it.

Additionally, it will be made public. It's unimportant the details of what happened as long as a fix has been released. (At least in the short-term.)
legendary
Activity: 2114
Merit: 1031
full member
Activity: 140
Merit: 100
donator
Activity: 362
Merit: 250
For anyone who is unaware, Forrest is the creator of the decentralized peer-to-peer mining pool p2pool - which will now be even more DoS resistant.  Smiley
Uh, what? p2pool is more susceptible to DoS than other pools, and this fix to bitcoind/Bitcoin-Qt does nothing to change that.

If you run a p2pool node you need run bitcoind, so with this vulnerability patched the net result is a system that is less susceptible to DoS, is it not?  I didn't mean to suggest this bug had anything to do with p2pool itself, which Forrest made it clear in the p2pool thread.

Regarding the DoS susceptibility, do you mind answering in the p2pool thread?  I don't want to hijack/derail this thread with a pool discussion - https://bitcointalksearch.org/topic/m.901218

mog
member
Activity: 76
Merit: 10
It really says something when the first I hear of a critical vuln is when I'm getting the link to the patch.
Handled quite well gentleman, good job.
legendary
Activity: 1330
Merit: 1026
Mining since 2010 & Hosting since 2012
We have been quietly notifying the largest exchanges, merchant service providers and mining pools about this issue, and waited until they upgraded or patched their code to go public with this:
Responsible disclosure FTW.

Absolutely a good call.   Thank you.

Dalkore
member
Activity: 92
Merit: 10
Was a network alert (getinfo.errors) broadcasted for this?
hero member
Activity: 588
Merit: 500
Coinabul - Gold Unbarred
Well, this is good and bad. Good that you caught it!

You guys might want to include a link to the software update...

Anyways, bump, bump, bump!
legendary
Activity: 826
Merit: 1001
rippleFanatic
For anyone who is unaware, Forrest is the creator of the decentralized peer-to-peer mining pool p2pool - which will now be even more DoS resistant.  Smiley

Many thanks guys.

Forrest's bitcoin address: 1HNeqi3pJRNvXybNX4FKzZgYJsdTSqJTbk

donator
Activity: 640
Merit: 500
Every bitcoind upgraded on my side, Thanks.
legendary
Activity: 2576
Merit: 1186
Explain it like I'm 10 please Smiley
"You really want to upgrade ASAP..."
hero member
Activity: 740
Merit: 500
Hello world!
Explain it like I'm 10 please Smiley
legendary
Activity: 2576
Merit: 1186
For anyone who is unaware, Forrest is the creator of the decentralized peer-to-peer mining pool p2pool - which will now be even more DoS resistant.  Smiley
Uh, what? p2pool is more susceptible to DoS than other pools, and this fix to bitcoind/Bitcoin-Qt does nothing to change that.
donator
Activity: 362
Merit: 250
For anyone who is unaware, Forrest is the creator of the decentralized peer-to-peer mining pool p2pool - which will now be even more DoS resistant.  Smiley

Many thanks guys.
donator
Activity: 640
Merit: 500
Which email did you use to notify WalletBit?

Kind regards
Kris
legendary
Activity: 2184
Merit: 1056
Affordable Physical Bitcoins - Denarium.com
Jan
legendary
Activity: 1043
Merit: 1002
We have been quietly notifying the largest exchanges, merchant service providers and mining pools about this issue, and waited until they upgraded or patched their code to go public with this:
Responsible disclosure FTW.
+1
Pages:
Jump to: