Page 1 of 1

Is this vulnerability (ncextract) legitimate?

Posted: Sat Oct 22, 2016 8:07 pm
by jcason
Hello all,

Came across this on a Reddit thread and am curious if this is a legitimate vulnerability at this time and if it is being addressed. Can anyone have a look and advise?

https://github.com/AyrA/ncExtract

I wasn't sure which subforum to post to, so if this should belong in another (maybe Technical Support?) please feel free to move it, moderators.

Thanks all!

Re: Is this little script (ncextract) legitimate?

Posted: Sat Oct 22, 2016 9:42 pm
by cassini
jcason wrote:Is this vulnerability (ncextract) legitimate?
Hmm, I guess the question is wrong. ;)

Let me modify your question a bit:
Is this little script (ncextract) legitimate? Or is there a vulnerability?
then I'd say it is perfectly legitimate. It simply collects some pieces of information from the Namecoin blockchain. All the information is publicly visible anyway.

I don't see any vulnerability, though.

Re: Is this vulnerability (ncextract) legitimate?

Posted: Sun Oct 23, 2016 3:55 am
by biolizard89
Hmm, I wonder if this script was used for the phishing email that I received a while back.

As Cassini said, from the readme it appears to simply be parsing information that Namecoin users intentionally made public. That's not a vulnerability in Namecoin. Honestly it looks like a useful script (although I haven't reviewed its code, so that's not an endorsement of the implementation, just that the concept is sound).