Is this vulnerability (ncextract) legitimate?

Post Reply
jcason
Posts: 1
Joined: Sat Oct 22, 2016 8:04 pm
os: linux

Is this vulnerability (ncextract) legitimate?

Post by jcason » Sat Oct 22, 2016 8:07 pm

Hello all,

Came across this on a Reddit thread and am curious if this is a legitimate vulnerability at this time and if it is being addressed. Can anyone have a look and advise?

https://github.com/AyrA/ncExtract

I wasn't sure which subforum to post to, so if this should belong in another (maybe Technical Support?) please feel free to move it, moderators.

Thanks all!

cassini
Posts: 333
Joined: Sun May 26, 2013 6:36 pm

Re: Is this little script (ncextract) legitimate?

Post by cassini » Sat Oct 22, 2016 9:42 pm

jcason wrote:Is this vulnerability (ncextract) legitimate?
Hmm, I guess the question is wrong. ;)

Let me modify your question a bit:
Is this little script (ncextract) legitimate? Or is there a vulnerability?
then I'd say it is perfectly legitimate. It simply collects some pieces of information from the Namecoin blockchain. All the information is publicly visible anyway.

I don't see any vulnerability, though.

biolizard89
Posts: 1977
Joined: Tue Jun 05, 2012 6:25 am
os: linux

Re: Is this vulnerability (ncextract) legitimate?

Post by biolizard89 » Sun Oct 23, 2016 3:55 am

Hmm, I wonder if this script was used for the phishing email that I received a while back.

As Cassini said, from the readme it appears to simply be parsing information that Namecoin users intentionally made public. That's not a vulnerability in Namecoin. Honestly it looks like a useful script (although I haven't reviewed its code, so that's not an endorsement of the implementation, just that the concept is sound).
Jeremy Rand, Lead Namecoin Application Engineer
NameID: id/jeremy
DyName: Dynamic DNS update client for .bit domains.

Donations: BTC 1EcUWRa9H6ZuWPkF3BDj6k4k1vCgv41ab8 ; NMC NFqbaS7ReiQ9MBmsowwcDSmp4iDznjmEh5

Post Reply