Hello all,
Came across this on a Reddit thread and am curious if this is a legitimate vulnerability at this time and if it is being addressed. Can anyone have a look and advise?
https://github.com/AyrA/ncExtract
I wasn't sure which subforum to post to, so if this should belong in another (maybe Technical Support?) please feel free to move it, moderators.
Thanks all!
Is this vulnerability (ncextract) legitimate?
Re: Is this little script (ncextract) legitimate?
Hmm, I guess the question is wrong.jcason wrote:Is this vulnerability (ncextract) legitimate?
Let me modify your question a bit:
Is this little script (ncextract) legitimate? Or is there a vulnerability?
then I'd say it is perfectly legitimate. It simply collects some pieces of information from the Namecoin blockchain. All the information is publicly visible anyway.
I don't see any vulnerability, though.
-
- Posts: 2001
- Joined: Tue Jun 05, 2012 6:25 am
- os: linux
Re: Is this vulnerability (ncextract) legitimate?
Hmm, I wonder if this script was used for the phishing email that I received a while back.
As Cassini said, from the readme it appears to simply be parsing information that Namecoin users intentionally made public. That's not a vulnerability in Namecoin. Honestly it looks like a useful script (although I haven't reviewed its code, so that's not an endorsement of the implementation, just that the concept is sound).
As Cassini said, from the readme it appears to simply be parsing information that Namecoin users intentionally made public. That's not a vulnerability in Namecoin. Honestly it looks like a useful script (although I haven't reviewed its code, so that's not an endorsement of the implementation, just that the concept is sound).