Isn't Bitcoin meant to be public or something, not 'public when you want it to be'?
It is open and public, you could have looked through the code to find it yourself, don't be lazy and expect everyone else to tell you the results of their work.
Topic: [ANN] Critical vulnerability (denial-of-service attack) - page 3. (Read 25767 times)
It is open and public, you could have looked through the code to find it yourself, don't be lazy and expect everyone else to tell you the results of their work.
Huge thanks to Gavin and all involved for handling this professionally. You are first class!
FWIW, the network is now 5% secure against CVE-2012-2459.
Isn't Bitcoin meant to be public or something, not 'public when you want it to be'?
Fact is, a lot of software companies would never make it public. You're free to try to find the vulnerability in the code yourself, but nobody is obligated to tell you what it is. The code is public. Go read it.
Additionally, it will be made public. It's unimportant the details of what happened as long as a fix has been released. (At least in the short-term.)
For anyone who is unaware, Forrest is the creator of the decentralized peer-to-peer mining pool p2pool - which will now be even more DoS resistant. 
Uh, what? p2pool is more susceptible to DoS than other pools, and this fix to bitcoind/Bitcoin-Qt does nothing to change that.If you run a p2pool node you need run bitcoind, so with this vulnerability patched the net result is a system that is less susceptible to DoS, is it not? I didn't mean to suggest this bug had anything to do with p2pool itself, which Forrest made it clear in the p2pool thread.
Regarding the DoS susceptibility, do you mind answering in the p2pool thread? I don't want to hijack/derail this thread with a pool discussion - https://bitcointalksearch.org/topic/m.901218
It really says something when the first I hear of a critical vuln is when I'm getting the link to the patch.
Handled quite well gentleman, good job.
Handled quite well gentleman, good job.
We have been quietly notifying the largest exchanges, merchant service providers and mining pools about this issue, and waited until they upgraded or patched their code to go public with this:
Responsible disclosure FTW.Absolutely a good call. Thank you.
Dalkore
Was a network alert (getinfo.errors) broadcasted for this?
Well, this is good and bad. Good that you caught it!
You guys might want to include a link to the software update...
Anyways, bump, bump, bump!
You guys might want to include a link to the software update...
Anyways, bump, bump, bump!
For anyone who is unaware, Forrest is the creator of the decentralized peer-to-peer mining pool p2pool - which will now be even more DoS resistant.
Many thanks guys.
Many thanks guys.
Forrest's bitcoin address: 1HNeqi3pJRNvXybNX4FKzZgYJsdTSqJTbk
Every bitcoind upgraded on my side, Thanks.
Explain it like I'm 10 please
"You really want to upgrade ASAP..." 
Explain it like I'm 10 please
For anyone who is unaware, Forrest is the creator of the decentralized peer-to-peer mining pool p2pool - which will now be even more DoS resistant.
Uh, what? p2pool is more susceptible to DoS than other pools, and this fix to bitcoind/Bitcoin-Qt does nothing to change that.
For anyone who is unaware, Forrest is the creator of the decentralized peer-to-peer mining pool p2pool - which will now be even more DoS resistant.
Many thanks guys.
Many thanks guys.
Which email did you use to notify WalletBit?
Kind regards
Kris
Kind regards
Kris
Well done.
We have been quietly notifying the largest exchanges, merchant service providers and mining pools about this issue, and waited until they upgraded or patched their code to go public with this:
Responsible disclosure FTW.Jump to: