Author

Topic: Is your exchange protected from heartbleed? (Read 667 times)

hero member
Activity: 899
Merit: 1002
April 19, 2014, 08:16:22 PM
#7
Since most exchangers are using Cloudflare, and since Cloudflare was given early notice of heartbleed and patched before it went public they weren't affected. OpenVPN was still affected until a day or so ago because it uses a bundled SSL library that was vuln to heartbleed as well, so for about a week somebody went crazy bypassing multi-auth by jacking sessions and stealing private keys. http://arstechnica.com/security/2014/04/heartbleed-exploited-to-hack-network-with-multifactor-authentication/

legendary
Activity: 2114
Merit: 1040
A Great Time to Start Something!

Most exchanges should have responded the first day.
Good to see it confirmed that the SSL bug is fixed on all of those.
I wonder if many hackers knew about the hole, or only "the Gov" was using it?
newbie
Activity: 52
Merit: 0
Some have weak encryption, aren't up to date with all the patches, don't use 2FA, are vulnerable to DDOS attacks, are vulnerable to SSL CRIME attack, ect....

The bigger threat is still the owners running off with the money though. I would only trust either a well regulated exchange in a country that prosecutes thieves like the US or an exchange that is insured or are using other means of protecting their clients like muti-sig authentications. Even than so I would still suggest securing your assets yourself and only using exchanges as a place to perform the trade. 

well said
hero member
Activity: 658
Merit: 501
Some have weak encryption, aren't up to date with all the patches, don't use 2FA, are vulnerable to DDOS attacks, are vulnerable to SSL CRIME attack, ect....

The bigger threat is still the owners running off with the money though. I would only trust either a well regulated exchange in a country that prosecutes thieves like the US or an exchange that is insured or are using other means of protecting their clients like muti-sig authentications. Even than so I would still suggest securing your assets yourself and only using exchanges as a place to perform the trade. 
newbie
Activity: 52
Merit: 0

excellent information! if you wouldn't mind providing more information about the other security issues?
hero member
Activity: 658
Merit: 501
newbie
Activity: 52
Merit: 0
This isn't anything new, but we also haven't heard much about it. With everything that's already happened can we afford to put our already fragile price of Bitcoin up for more risk? Even this thread has put out information about the heartbleed fix. We are aware of several different exchanges but how many have confirmed the openssl fix? Ask your exchange to confirm the fix. It's your money on the line. BTCPD will do our part and post a list of exchanges who have taken the proper measures. If you have information please let us know.

Thank you
Jump to: