Heart bleed

Post Reply
kurt
Posts: 144
Joined: Fri Jan 03, 2014 6:13 pm
os: windows

Heart bleed

Post by kurt »

http://heartbleed.com

How can Namecoin help ?

virtual_master
Posts: 541
Joined: Mon May 20, 2013 12:03 pm
Contact:

Re: Heart bleed

Post by virtual_master »

https://bitcointalk.org/index.php?topic=561751.0
Bitcoin and all Bitcoin based altcoins are also affected.
Two-thirds of the Web is vulnerable to eavesdropping with this bug.
Some operating system distributions that have shipped with potentially vulnerable OpenSSL version:

Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4
Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11
CentOS 6.5, OpenSSL 1.0.1e-15
Fedora 18, OpenSSL 1.0.1e-4
OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) and 5.4 (OpenSSL 1.0.1c 10 May 2012)
FreeBSD 10.0 - OpenSSL 1.0.1e 11 Feb 2013
NetBSD 5.0.2 (OpenSSL 1.0.1e)
OpenSUSE 12.2 (OpenSSL 1.0.1c)

Operating system distribution with versions that are not vulnerable:

Debian Squeeze (oldstable), OpenSSL 0.9.8o-4squeeze14
SUSE Linux Enterprise Server
FreeBSD 8.4 - OpenSSL 0.9.8y 5 Feb 2013
FreeBSD 9.2 - OpenSSL 0.9.8y 5 Feb 2013
FreeBSD Ports - OpenSSL 1.0.1g (At 7 Apr 21:46:40 2014 UTC)
http://namecoinia.org/
Calendars for free to print: 2014 Calendar in JPG | 2014 Calendar in PDF Protect the Environment with Namecoin: 2014 Calendar in JPG | 2014 Calendar in PDF
BTC: 15KXVQv7UGtUoTe5VNWXT1bMz46MXuePba | NMC: NABFA31b3x7CvhKMxcipUqA3TnKsNfCC7S

georgem
Posts: 82
Joined: Wed Aug 21, 2013 1:46 pm
os: windows

Re: Heart bleed

Post by georgem »

So a new bitcoin version 0.9.1 was released to counter this OpenSSL problem.
A few people have already reported stolen BTC. :?

https://bitcointalk.org/index.php?topic ... msg6132507

When is the next namecoin wallet version ready?

domob
Posts: 1129
Joined: Mon Jun 24, 2013 11:27 am
Contact:

Re: Heart bleed

Post by domob »

georgem wrote:So a new bitcoin version 0.9.1 was released to counter this OpenSSL problem.
A few people have already reported stolen BTC. :?

https://bitcointalk.org/index.php?topic ... msg6132507

When is the next namecoin wallet version ready?
As far as I can tell, Namecoin is not affected in the way Bitcoin Core 0.9 was. The only way for an attacker to compromise a Namecoin wallet would be if you run RPC over SSL (rpcssl=1 in namecoin.conf) and allow public access to RPC. Both are very non-standard things, so most of the users will be safe. The problematic thing in Bitcoin Core 0.9 was the payment protocol.

However: forum.namecoin.info seems vulnerable, so it should be patched & the TLS keys reissued ASAP!
BTC: 1domobKsPZ5cWk2kXssD8p8ES1qffGUCm | NMC: NCdomobcmcmVdxC5yxMitojQ4tvAtv99pY
BM-GtQnWM3vcdorfqpKXsmfHQ4rVYPG5pKS
Use your Namecoin identity as OpenID: https://nameid.org/

pmc
Posts: 73
Joined: Thu Oct 03, 2013 8:50 pm
Location: Germany
Contact:

Re: Heart bleed

Post by pmc »

My linux packages for Debian/openSUSE/Ubuntu at http://software.opensuse.org/download.h ... e=namecoin use the system openssl libraries, i. e. as soon as your system libraries have been updated, namecoin is safe.

Packages for CentOS/Fedora/RHEL use static openssl and are currently being re-built with openssl-1.0.1g.

John Kenney
Posts: 94
Joined: Sat Mar 29, 2014 2:20 pm
os: linux
Location: Sheffield, England
Contact:

Re: Heart bleed

Post by John Kenney »

The forum keeps redirecting me to http:// links. Thanks for allowing my forum account to be possibly easily compromised with plain text login & session keys.

MWD
Posts: 180
Joined: Mon Feb 10, 2014 10:31 pm
os: windows
Contact:

Re: Heart bleed

Post by MWD »

John Kenney wrote:The forum keeps redirecting me to http:// links. Thanks for allowing my forum account to be possibly easily compromised with plain text login & session keys.

Is that sarcasm at the people running this forum? That's not really fair.

Sure, they're not the most proactive bunch when it comes to website administration....They lost namecoin.bit, are having trouble getting namecoin.org back from one of their own, and couldn't remember who holds the SSL keys for this site. But they did jump on trying to fix this site from heartbleed pretty damn quick.

It's not just this site. The whole Internet is scrambling to patch this.

MWD
Namecoin, Dot-Bit and MeowBit are a complete new Internet ecosystem, building the roads to Web 4.0. http://www.meowbit.com
Dot-Bit Kitty Pix! The ONLY .bit-only kitty cat website in the world! http://dotbitkittypix.bit

domob
Posts: 1129
Joined: Mon Jun 24, 2013 11:27 am
Contact:

Re: Heart bleed

Post by domob »

John Kenney wrote:The forum keeps redirecting me to http:// links. Thanks for allowing my forum account to be possibly easily compromised with plain text login & session keys.
Yes, that's an annoyance. If you are looking for a work-around, try HTTPS Everywhere with a custom rule. Not trivial to set up (also not hard, though), and works perfectly for me.
BTC: 1domobKsPZ5cWk2kXssD8p8ES1qffGUCm | NMC: NCdomobcmcmVdxC5yxMitojQ4tvAtv99pY
BM-GtQnWM3vcdorfqpKXsmfHQ4rVYPG5pKS
Use your Namecoin identity as OpenID: https://nameid.org/

Post Reply