Topic: Kaspersky and INTERPOL Say Blockchain is Vulnerable - page 3. (Read 4230 times)
...and Kaspersky just lost my general recommendation as antivirus software. Time to tell everyone to use virustotal with avira or avast again, I guess.
Quote
It is based on the idea of establishing a connection to the P2P networks of cryptocurrency enthusiasts, fetching information from transaction records and running it as a code.
So it is complete FUD - no normal Bitcoin client works like this at all.
You'd need some specially created Bitcoin client that uses something like OP_RETURN data as an executable (and I don't believe there even is such software in existence unless Kaspersky created it just to published this FUD article).
CIYAM, I agree that the way we're reading that line makes no sense, as no Bitcoin client will execute the code like this. However there is the chance that a malware or virus could use the Blockchain to store its data and code, it would be more resistant than storing it on some hacked server in Russia.
So the virus attack vector would be the same as always, a dodgy email, a USB drive found on the side of the road.
The difference being, that when the virus turns on, it'll always be able to find it's P2P network, latest instructions, latest patch for the virus, as it'll all be stored on the eternal, distributed, invincible database known as the Bitcoin blockchain.
Of course a couple of issues with this:
1) The cost to store this data would be stupidly high. Much better to used some hacked servers.
2) As I understand it, most Bitcoin clients do not store the 40 (or is it 80) bytes of arbitrary storage available per transaction.
(Meaning that if not enough nodes have the stored data that the virus needs, it'll be useless)
I think this issue might be worse with Ethereum, as the virus can be sure that all nodes are saving all the code on the blockchain.
Remember, we're not talking about getting infected from the blockchain, but once infected, the virus will use it's updates and data from the blockchain to update itself and be commanded.
I think that is the only real threat here, and I am not sure if it's even a practical one.
Elmer Fud again. It is common knowledge that you can put arbitrary data in the blockchain. There is no known way to use it for anything other than marking an occasion or including a read only message with a transaction. Pretty weak attack.
I am not entirely cartain about the story, but i have read that there were even cases of shild porn pictures stored in blockchain, there is a copy here ;
https://bitcointalksearch.org/topic/wtf-kiddy-porn-in-the-blockchain-for-life-191039 , and that is only a start of blockchain abuse.
https://bitcointalksearch.org/topic/wtf-kiddy-porn-in-the-blockchain-for-life-191039 , and that is only a start of blockchain abuse.
How long ago was that, and Kaspersky (along with INTERPOL) is just figuring it out? No wonder people are laughing at this and/or attacking them. BTW, if you had read the entire thread you linked and looked into it, there were not (and as far as I know still are not) child porn pictures in the blockchain. What is there is some data from a TOR service called The Hidden Wiki which includes, among other things, links to TOR hidden services which served as blackmarkets, child porn sites and the like. Odds are, with all the "dark web" busts in recent news, a lot of those services have probably been shut down by now anyway and I'm sure new ones are springing up every day.
You'd need some specially created Bitcoin client that uses something like OP_RETURN data as an executable (and I don't believe there even is such software in existence unless Kaspersky created it just to published this FUD article).
Exploiting a vulnerability before a malicious entity does actually is helpful because you can be prepared and patch it before shit happens. Whether or not what Kaspersky found is a vulnerability to begin with is another question (which I believe is not, like all of you).
I am not entirely cartain about the story, but i have read that there were even cases of shild porn pictures stored in blockchain, there is a copy here ;
https://bitcointalksearch.org/topic/wtf-kiddy-porn-in-the-blockchain-for-life-191039 , and that is only a start of blockchain abuse.
I dont see why everyone is attacking kaspersky, they are making a warning before shings get out of hand, atleast what we can do is listen to what they have to say.
cheers
LOL did you read that thread? Its already known long time ago how is it a vulnerability?
You cant be serious. (about listening to Kaspersky)
Until Kaspersky can make a tool to prove there is a vulnerability, I am not believing anything.
Prove it.
It's not FUD?
You'd need some specially created Bitcoin client that uses something like OP_RETURN data as an executable (and I don't believe there even is such software in existence unless Kaspersky created it just to published this FUD article).
Exploiting a vulnerability before a malicious entity does actually is helpful because you can be prepared and patch it before shit happens. Whether or not what Kaspersky found is a vulnerability to begin with is another question (which I believe is not, like all of you).
I am not entirely cartain about the story, but i have read that there were even cases of shild porn pictures stored in blockchain, there is a copy here ;
https://bitcointalksearch.org/topic/wtf-kiddy-porn-in-the-blockchain-for-life-191039 , and that is only a start of blockchain abuse.
I dont see why everyone is attacking kaspersky, they are making a warning before shings get out of hand, atleast what we can do is listen to what they have to say.
cheers
You'd need some specially created Bitcoin client that uses something like OP_RETURN data as an executable (and I don't believe there even is such software in existence unless Kaspersky created it just to published this FUD article).
Exploiting a vulnerability before a malicious entity does actually is helpful because you can be prepared and patch it before shit happens. Whether or not what Kaspersky found is a vulnerability to begin with is another question (which I believe is not, like all of you).
they are trying to hard to kill bitcoin price with all those troll news, despite all the 230 mark is still holding strong
they should at least back up their claim, why they don't try to abuse the blockchain then?
they should at least back up their claim, why they don't try to abuse the blockchain then?
This. Either that, or insiders know something that's why they are selling.
Or get out of the way and remain irrelevant.
Who are you?
Bit yeah. This is clearly a start of a FUD campaign. Looks like 2015 will be another bad year for BTC.
they are trying to hard to kill bitcoin price with all those troll news, despite all the 230 mark is still holding strong
they should at least back up their claim, why they don't try to abuse the blockchain then?
they should at least back up their claim, why they don't try to abuse the blockchain then?
This. Either that, or insiders know something that's why they are selling.
Or get out of the way and remain irrelevant.
If there is anything it has not yet been disclosed to the core devs their youtube video demo shows nothing that suggests the blockchain itself is vulnerable. From what I can see they merely used it to store data.
see here -> https://bitcointalksearch.org/topic/kaspersky-and-interpol-say-blockchain-is-vulnerable-1021143
see here -> https://bitcointalksearch.org/topic/kaspersky-and-interpol-say-blockchain-is-vulnerable-1021143
Quote
It is based on the idea of establishing a connection to the P2P networks of cryptocurrency enthusiasts, fetching information from transaction records and running it as a code.
So it is complete FUD - no normal Bitcoin client works like this at all.
You'd need some specially created Bitcoin client that uses something like OP_RETURN data as an executable (and I don't believe there even is such software in existence unless Kaspersky created it just to published this FUD article).
Quote
simply by using an exploit code that opens a notepad enabling corrupted data to be inserted into the Blockchain
Wow! My notepad can do things like that?
I am calling FUD as sure you can embed arbitrary data in the blockchain but "so what"?
You can embed arbitrary data in .jpg's (steganography) - does that make it dangerous to view a .jpg (or more relevant to this topic even to store it on your computer)?
You can embed arbitrary data in .jpg's (steganography) - does that make it dangerous to view a .jpg (or more relevant to this topic even to store it on your computer)?
Exactly. But this info is comng from Kaspersky and the Interpol... Someone out there is trying to pull off the ultimate Bitcoin FUD. And this is a good time to attack Bitcoin... While the climate is bearish.
I am calling FUD as sure you can embed arbitrary data in the blockchain but "so what"?
You can embed arbitrary data in .jpg's (steganography) - does that make it dangerous to view a .jpg (or more relevant to the OP to even store it on your computer)?
Unless they are talking about a bug in Bitcoin Script (which clearly they are not) then it really is just FUD (and Kaspersky have lost all credibility in my view with this).
You can embed arbitrary data in .jpg's (steganography) - does that make it dangerous to view a .jpg (or more relevant to the OP to even store it on your computer)?
Unless they are talking about a bug in Bitcoin Script (which clearly they are not) then it really is just FUD (and Kaspersky have lost all credibility in my view with this).
The article isn't clear. Is it saying that people can put arbitrary data into the block chain, or is it saying that somebody can corrupt my copy of the block chain? I don't see how either of those makes Bitcoin vulnerable, since the first is a feature and the second affects only me.
That is what I'm trying to find out as well. If it does, it means there are vulnerabilities that can be exploited affecting the blockchain but I'm just wondering how is it possible that nobody has seen it yet until recently.
Because there aren't bug in the bitcoin code ( and the ledger aka blockchain) here a good report (for good usage) of the bitcoin blockchain :
http://www.righto.com/2014/02/ascii-bernanke-wikileaks-photographs.html
The article isn't clear. Is it saying that people can put arbitrary data into the block chain, or is it saying that somebody can corrupt my copy of the block chain? I don't see how either of those makes Bitcoin vulnerable, since the first is a feature and the second affects only me.
That is what I'm trying to find out as well. If it does, it means there are vulnerabilities that can be exploited affecting the blockchain but I'm just wondering how is it possible that nobody has seen it yet until recently.
Someone out there must want BTC to go down... Maybe trying to pull off the ultimate FUD?
The article isn't clear. Is it saying that people can put arbitrary data into the block chain, or is it saying that somebody can corrupt my copy of the block chain? I don't see how either of those makes Bitcoin vulnerable, since the first is a feature and the second affects only me.
That is what I'm trying to find out as well. If it does, it means there are vulnerabilities that can be exploited affecting the blockchain but I'm just wondering how is it possible that nobody has seen it yet until recently.
So where is this "presented research"?
This,where is the research? They cannot say "blockchain is vulnerable" without give a full report and various example of that attack.
How about someone from our side takes a look at it. I trust Interpol as much as I trust the FBI.
I trust my cat more than FBI + Interpol
. 
The article isn't clear. Is it saying that people can put arbitrary data into the block chain, or is it saying that somebody can corrupt my copy of the block chain? I don't see how either of those makes Bitcoin vulnerable, since the first is a feature and the second affects only me.
Jump to: