Pages:
Author

Topic: Kaspersky and INTERPOL Say Blockchain is Vulnerable - page 3. (Read 4256 times)

sr. member
Activity: 448
Merit: 250
...and Kaspersky just lost my general recommendation as antivirus software. Time to tell everyone to use virustotal with avira or avast again, I guess.
legendary
Activity: 1176
Merit: 1015
Quote
It is based on the idea of establishing a connection to the P2P networks of cryptocurrency enthusiasts, fetching information from transaction records and running it as a code.

So it is complete FUD - no normal Bitcoin client works like this at all.

You'd need some specially created Bitcoin client that uses something like OP_RETURN data as an executable (and I don't believe there even is such software in existence unless Kaspersky created it just to published this FUD article).


CIYAM, I agree that the way we're reading that line makes no sense, as no Bitcoin client will execute the code like this. However there is the chance that a malware or virus could use the Blockchain to store its data and code, it would be more resistant than storing it on some hacked server in Russia.

So the virus attack vector would be the same as always, a dodgy email, a USB drive found on the side of the road.
The difference being, that when the virus turns on, it'll always be able to find it's P2P network, latest instructions, latest patch for the virus, as it'll all be stored on the eternal, distributed, invincible database known as the Bitcoin blockchain.

Of course a couple of issues with this:

1) The cost to store this data would be stupidly high. Much better to used some hacked servers.
2) As I understand it, most Bitcoin clients do not store the 40 (or is it 80) bytes of arbitrary storage available per transaction.
(Meaning that if not enough nodes have the stored data that the virus needs, it'll be useless)

I think this issue might be worse with Ethereum, as the virus can be sure that all nodes are saving all the code on the blockchain.

Remember, we're not talking about getting infected from the blockchain, but once infected, the virus will use it's updates and data from the blockchain to update itself and be commanded.

I think that is the only real threat here, and I am not sure if it's even a practical one.
sr. member
Activity: 406
Merit: 250
Elmer Fud again. It is common knowledge that you can put arbitrary data in the blockchain. There is no known way to use it for anything other than marking an occasion or including a read only message with a transaction. Pretty weak attack.
full member
Activity: 137
Merit: 100
I am not entirely cartain about the story, but i have read that there were even cases of shild porn pictures stored in blockchain, there is a copy here ;
https://bitcointalksearch.org/topic/wtf-kiddy-porn-in-the-blockchain-for-life-191039 , and that is only a start of blockchain abuse.

How long ago was that, and Kaspersky (along with INTERPOL) is just figuring it out? No wonder people are laughing at this and/or attacking them. BTW, if you had read the entire thread you linked and looked into it, there were not (and as far as I know still are not) child porn pictures in the blockchain. What is there is some data from a TOR service called The Hidden Wiki which includes, among other things, links to TOR hidden services which served as blackmarkets, child porn sites and the like. Odds are, with all the "dark web" busts in recent news, a lot of those services have probably been shut down by now anyway and I'm sure new ones are springing up every day.
legendary
Activity: 3976
Merit: 1421
Life, Love and Laughter...
You'd need some specially created Bitcoin client that uses something like OP_RETURN data as an executable (and I don't believe there even is such software in existence unless Kaspersky created it just to published this FUD article).

Exploiting a vulnerability before a malicious entity does actually is helpful because you can be prepared and patch it before shit happens. Whether or not what Kaspersky found is a vulnerability to begin with is another question (which I believe is not, like all of you).

I am not entirely cartain about the story, but i have read that there were even cases of shild porn pictures stored in blockchain, there is a copy here ;
https://bitcointalksearch.org/topic/wtf-kiddy-porn-in-the-blockchain-for-life-191039 , and that is only a start of blockchain abuse.
I dont see why everyone is attacking kaspersky, they are making a warning before shings get out of hand, atleast what we can do is listen to what they  have to say.

cheers

LOL did you read that thread? Its already known long time ago how is it a vulnerability?

You cant be serious. (about listening to Kaspersky)



Until Kaspersky can make a tool to prove there is a vulnerability, I am not believing anything.

Prove it.
legendary
Activity: 3976
Merit: 1421
Life, Love and Laughter...
It's not FUD?
legendary
Activity: 1722
Merit: 1000
Satoshi is rolling in his grave. #bitcoin
You'd need some specially created Bitcoin client that uses something like OP_RETURN data as an executable (and I don't believe there even is such software in existence unless Kaspersky created it just to published this FUD article).

Exploiting a vulnerability before a malicious entity does actually is helpful because you can be prepared and patch it before shit happens. Whether or not what Kaspersky found is a vulnerability to begin with is another question (which I believe is not, like all of you).

I am not entirely cartain about the story, but i have read that there were even cases of shild porn pictures stored in blockchain, there is a copy here ;
https://bitcointalksearch.org/topic/wtf-kiddy-porn-in-the-blockchain-for-life-191039 , and that is only a start of blockchain abuse.
I dont see why everyone is attacking kaspersky, they are making a warning before shings get out of hand, atleast what we can do is listen to what they  have to say.

cheers
hero member
Activity: 658
Merit: 500
You'd need some specially created Bitcoin client that uses something like OP_RETURN data as an executable (and I don't believe there even is such software in existence unless Kaspersky created it just to published this FUD article).

Exploiting a vulnerability before a malicious entity does actually is helpful because you can be prepared and patch it before shit happens. Whether or not what Kaspersky found is a vulnerability to begin with is another question (which I believe is not, like all of you).
legendary
Activity: 3976
Merit: 1421
Life, Love and Laughter...
they are trying to hard to kill bitcoin price with all those troll news, despite all the 230 mark is still holding strong

they should at least back up their claim, why they don't try to abuse the blockchain then?

This.  Either that, or insiders know something that's why they are selling.
No one is more of an insider than Satoshi Nakamoto, and Satoshi has not sold a single dollar's worth of bitcoin! Everyone here needs to grow a pair and



Or get out of the way and remain irrelevant.

Who are you? Grin

Bit yeah.  This is clearly a start of a FUD campaign.  Looks like 2015 will be another bad year for BTC.  
hero member
Activity: 784
Merit: 1000
https://youtu.be/PZm8TTLR2NU
they are trying to hard to kill bitcoin price with all those troll news, despite all the 230 mark is still holding strong

they should at least back up their claim, why they don't try to abuse the blockchain then?

This.  Either that, or insiders know something that's why they are selling.
No one is more of an insider than Satoshi Nakamoto, and Satoshi has not sold a single dollar's worth of bitcoin! Everyone here needs to grow a pair and



Or get out of the way and remain irrelevant.
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
If there is anything it has not yet been disclosed to the core devs their youtube video demo shows nothing that suggests the blockchain itself is vulnerable. From what I can see they merely used it to store data.

see here -> https://bitcointalksearch.org/topic/kaspersky-and-interpol-say-blockchain-is-vulnerable-1021143
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
Quote
It is based on the idea of establishing a connection to the P2P networks of cryptocurrency enthusiasts, fetching information from transaction records and running it as a code.

So it is complete FUD - no normal Bitcoin client works like this at all.

You'd need some specially created Bitcoin client that uses something like OP_RETURN data as an executable (and I don't believe there even is such software in existence unless Kaspersky created it just to published this FUD article).
AGD
legendary
Activity: 2070
Merit: 1164
Keeper of the Private Key
Quote
simply by using an exploit code that opens a notepad enabling corrupted data to be inserted into the Blockchain

Wow! My notepad can do things like that?
legendary
Activity: 3976
Merit: 1421
Life, Love and Laughter...
I am calling FUD as sure you can embed arbitrary data in the blockchain but "so what"?

You can embed arbitrary data in .jpg's (steganography) - does that make it dangerous to view a .jpg (or more relevant to this topic even to store it on your computer)?


Exactly.  But this info is comng from Kaspersky and the Interpol...  Someone out there is trying to pull off the ultimate Bitcoin FUD.  And this is a good time to attack Bitcoin...  While the climate is bearish.
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
I am calling FUD as sure you can embed arbitrary data in the blockchain but "so what"?

You can embed arbitrary data in .jpg's (steganography) - does that make it dangerous to view a .jpg (or more relevant to the OP to even store it on your computer)?

Unless they are talking about a bug in Bitcoin Script (which clearly they are not) then it really is just FUD (and Kaspersky have lost all credibility in my view with this).
hero member
Activity: 714
Merit: 500
The article isn't clear. Is it saying that people can put arbitrary data into the block chain, or is it saying that somebody can corrupt my copy of the block chain? I don't see how either of those makes Bitcoin vulnerable, since the first is a feature and the second affects only me.

That is what I'm trying to find out as well. If it does, it means there are vulnerabilities that can be exploited affecting the blockchain but I'm just wondering how is it possible that nobody has seen it yet until recently.

Because there aren't bug in the bitcoin code ( and the ledger aka blockchain) here a good report (for good usage) of the bitcoin blockchain :

http://www.righto.com/2014/02/ascii-bernanke-wikileaks-photographs.html
legendary
Activity: 3976
Merit: 1421
Life, Love and Laughter...
The article isn't clear. Is it saying that people can put arbitrary data into the block chain, or is it saying that somebody can corrupt my copy of the block chain? I don't see how either of those makes Bitcoin vulnerable, since the first is a feature and the second affects only me.

That is what I'm trying to find out as well. If it does, it means there are vulnerabilities that can be exploited affecting the blockchain but I'm just wondering how is it possible that nobody has seen it yet until recently.

Someone out there must want BTC to go down...  Maybe trying to pull off the ultimate FUD?
Q7
sr. member
Activity: 448
Merit: 250
The article isn't clear. Is it saying that people can put arbitrary data into the block chain, or is it saying that somebody can corrupt my copy of the block chain? I don't see how either of those makes Bitcoin vulnerable, since the first is a feature and the second affects only me.

That is what I'm trying to find out as well. If it does, it means there are vulnerabilities that can be exploited affecting the blockchain but I'm just wondering how is it possible that nobody has seen it yet until recently.
legendary
Activity: 1778
Merit: 1043
#Free market
So where is this "presented research"?
This,

where is the research? They cannot say "blockchain is vulnerable" without give a full report and various example of that attack.


How about someone from our side takes a look at it. I trust Interpol as much as I trust the FBI.

I trust my cat more than FBI + Interpol .
legendary
Activity: 4466
Merit: 3391
The article isn't clear. Is it saying that people can put arbitrary data into the block chain, or is it saying that somebody can corrupt my copy of the block chain? I don't see how either of those makes Bitcoin vulnerable, since the first is a feature and the second affects only me.
Pages:
Jump to: