http://heartbleed.com
How can Namecoin help ?
Heart bleed
-
- Posts: 541
- Joined: Mon May 20, 2013 12:03 pm
- Contact:
Re: Heart bleed
https://bitcointalk.org/index.php?topic=561751.0
Bitcoin and all Bitcoin based altcoins are also affected.
Two-thirds of the Web is vulnerable to eavesdropping with this bug.
Bitcoin and all Bitcoin based altcoins are also affected.
Two-thirds of the Web is vulnerable to eavesdropping with this bug.
Some operating system distributions that have shipped with potentially vulnerable OpenSSL version:
Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4
Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11
CentOS 6.5, OpenSSL 1.0.1e-15
Fedora 18, OpenSSL 1.0.1e-4
OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) and 5.4 (OpenSSL 1.0.1c 10 May 2012)
FreeBSD 10.0 - OpenSSL 1.0.1e 11 Feb 2013
NetBSD 5.0.2 (OpenSSL 1.0.1e)
OpenSUSE 12.2 (OpenSSL 1.0.1c)
Operating system distribution with versions that are not vulnerable:
Debian Squeeze (oldstable), OpenSSL 0.9.8o-4squeeze14
SUSE Linux Enterprise Server
FreeBSD 8.4 - OpenSSL 0.9.8y 5 Feb 2013
FreeBSD 9.2 - OpenSSL 0.9.8y 5 Feb 2013
FreeBSD Ports - OpenSSL 1.0.1g (At 7 Apr 21:46:40 2014 UTC)
http://namecoinia.org/
Calendars for free to print: 2014 Calendar in JPG | 2014 Calendar in PDF Protect the Environment with Namecoin: 2014 Calendar in JPG | 2014 Calendar in PDF
BTC: 15KXVQv7UGtUoTe5VNWXT1bMz46MXuePba | NMC: NABFA31b3x7CvhKMxcipUqA3TnKsNfCC7S
Calendars for free to print: 2014 Calendar in JPG | 2014 Calendar in PDF Protect the Environment with Namecoin: 2014 Calendar in JPG | 2014 Calendar in PDF
BTC: 15KXVQv7UGtUoTe5VNWXT1bMz46MXuePba | NMC: NABFA31b3x7CvhKMxcipUqA3TnKsNfCC7S
Re: Heart bleed
So a new bitcoin version 0.9.1 was released to counter this OpenSSL problem.
A few people have already reported stolen BTC.
https://bitcointalk.org/index.php?topic ... msg6132507
When is the next namecoin wallet version ready?
A few people have already reported stolen BTC.
https://bitcointalk.org/index.php?topic ... msg6132507
When is the next namecoin wallet version ready?
Re: Heart bleed
As far as I can tell, Namecoin is not affected in the way Bitcoin Core 0.9 was. The only way for an attacker to compromise a Namecoin wallet would be if you run RPC over SSL (rpcssl=1 in namecoin.conf) and allow public access to RPC. Both are very non-standard things, so most of the users will be safe. The problematic thing in Bitcoin Core 0.9 was the payment protocol.georgem wrote:So a new bitcoin version 0.9.1 was released to counter this OpenSSL problem.
A few people have already reported stolen BTC.
https://bitcointalk.org/index.php?topic ... msg6132507
When is the next namecoin wallet version ready?
However: forum.namecoin.info seems vulnerable, so it should be patched & the TLS keys reissued ASAP!
BTC: 1domobKsPZ5cWk2kXssD8p8ES1qffGUCm | NMC: NCdomobcmcmVdxC5yxMitojQ4tvAtv99pY
BM-GtQnWM3vcdorfqpKXsmfHQ4rVYPG5pKS
Use your Namecoin identity as OpenID: https://nameid.org/
BM-GtQnWM3vcdorfqpKXsmfHQ4rVYPG5pKS
Use your Namecoin identity as OpenID: https://nameid.org/
Re: Heart bleed
My linux packages for Debian/openSUSE/Ubuntu at http://software.opensuse.org/download.h ... e=namecoin use the system openssl libraries, i. e. as soon as your system libraries have been updated, namecoin is safe.
Packages for CentOS/Fedora/RHEL use static openssl and are currently being re-built with openssl-1.0.1g.
Packages for CentOS/Fedora/RHEL use static openssl and are currently being re-built with openssl-1.0.1g.
-
- Posts: 94
- Joined: Sat Mar 29, 2014 2:20 pm
- os: linux
- Location: Sheffield, England
- Contact:
Re: Heart bleed
The forum keeps redirecting me to http:// links. Thanks for allowing my forum account to be possibly easily compromised with plain text login & session keys.
Re: Heart bleed
John Kenney wrote:The forum keeps redirecting me to http:// links. Thanks for allowing my forum account to be possibly easily compromised with plain text login & session keys.
Is that sarcasm at the people running this forum? That's not really fair.
Sure, they're not the most proactive bunch when it comes to website administration....They lost namecoin.bit, are having trouble getting namecoin.org back from one of their own, and couldn't remember who holds the SSL keys for this site. But they did jump on trying to fix this site from heartbleed pretty damn quick.
It's not just this site. The whole Internet is scrambling to patch this.
MWD
Namecoin, Dot-Bit and MeowBit are a complete new Internet ecosystem, building the roads to Web 4.0. http://www.meowbit.com
Dot-Bit Kitty Pix! The ONLY .bit-only kitty cat website in the world! http://dotbitkittypix.bit
Dot-Bit Kitty Pix! The ONLY .bit-only kitty cat website in the world! http://dotbitkittypix.bit
Re: Heart bleed
Yes, that's an annoyance. If you are looking for a work-around, try HTTPS Everywhere with a custom rule. Not trivial to set up (also not hard, though), and works perfectly for me.John Kenney wrote:The forum keeps redirecting me to http:// links. Thanks for allowing my forum account to be possibly easily compromised with plain text login & session keys.
BTC: 1domobKsPZ5cWk2kXssD8p8ES1qffGUCm | NMC: NCdomobcmcmVdxC5yxMitojQ4tvAtv99pY
BM-GtQnWM3vcdorfqpKXsmfHQ4rVYPG5pKS
Use your Namecoin identity as OpenID: https://nameid.org/
BM-GtQnWM3vcdorfqpKXsmfHQ4rVYPG5pKS
Use your Namecoin identity as OpenID: https://nameid.org/