Author [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] Topic: OpenSSL Heartbleed Vulnerability ?  (Read 393 times)

0 Members and 1 Guest are viewing this topic.

Offline unimercio

  • Sr. Member
  • ****
  • Posts: 245
  • The opportunity of a lifetime comes by every 7 day
    • View Profile
    • Conscious Entrepreneurship Foundation (CEF)
  • BTS: unimercio
OpenSSL Heartbleed Vulnerability ?
« on: April 09, 2014, 05:55:51 AM »

Any thoughts, concerns on the OpenSSL Heartbleed vulnerability and PTS.

http://www.bitcoinfeed.net/news/bitcoin-bitcoin-security-company-bitgo-responds-to-the-heartbleed-security-threat

“It’s fundamental to tell everyone to check all their servers and update ASAP [...] I can’t obviously be positive about it, but bitcoin-specific software (local wallets, etc.) should not be affected even if they use OpenSSL, since the bug is only triggerable in live TLS connections.”


Ps. Vertcoin has released an update to their wallet.
« Last Edit: April 09, 2014, 06:29:55 AM by unimercio »
Conscious Entrepreneurship Foundation (CEF)

Offline fuzzy

Re: OpenSSL Heartbleed Vulnerability ?
« Reply #1 on: April 09, 2014, 11:10:18 AM »
Any thoughts, concerns on the OpenSSL Heartbleed vulnerability and PTS.

http://www.bitcoinfeed.net/news/bitcoin-bitcoin-security-company-bitgo-responds-to-the-heartbleed-security-threat

“It’s fundamental to tell everyone to check all their servers and update ASAP [...] I can’t obviously be positive about it, but bitcoin-specific software (local wallets, etc.) should not be affected even if they use OpenSSL, since the bug is only triggerable in live TLS connections.”


Ps. Vertcoin has released an update to their wallet.

Bump
WhaleShares==DKP; BitShares is our Community! 
ShareBits and WhaleShares = Love :D

Offline unimercio

  • Sr. Member
  • ****
  • Posts: 245
  • The opportunity of a lifetime comes by every 7 day
    • View Profile
    • Conscious Entrepreneurship Foundation (CEF)
  • BTS: unimercio
Re: OpenSSL Heartbleed Vulnerability ?
« Reply #2 on: April 09, 2014, 11:12:16 AM »
Any thoughts, concerns on the OpenSSL Heartbleed vulnerability and PTS.

http://www.bitcoinfeed.net/news/bitcoin-bitcoin-security-company-bitgo-responds-to-the-heartbleed-security-threat

“It’s fundamental to tell everyone to check all their servers and update ASAP [...] I can’t obviously be positive about it, but bitcoin-specific software (local wallets, etc.) should not be affected even if they use OpenSSL, since the bug is only triggerable in live TLS connections.”


Ps. Vertcoin has released an update to their wallet.

Bump
+5% thanks fuzz
Conscious Entrepreneurship Foundation (CEF)

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12336
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BTS: xeroc
  • GitHub: xeroc
Re: OpenSSL Heartbleed Vulnerability ?
« Reply #3 on: April 09, 2014, 11:58:19 AM »
theres no issue unless you use RPC over SSL!
Give BitShares a try! Use the http://testnet.bitshares.eu provided by http://bitshares.eu powered by ChainSquad GmbH

Offline unimercio

  • Sr. Member
  • ****
  • Posts: 245
  • The opportunity of a lifetime comes by every 7 day
    • View Profile
    • Conscious Entrepreneurship Foundation (CEF)
  • BTS: unimercio
Re: OpenSSL Heartbleed Vulnerability ?
« Reply #4 on: April 09, 2014, 01:05:16 PM »
theres no issue unless you use RPC over SSL!

thanks, so http port 80 connections are safe just not encrypted.  I wonder why Vertcoin, etc.. are issuing wallet alerts?

http://www.bitcoinfeed.net/news/vertcoin-please-upgrade-your-wallet-immediately-due-to-heartbleed-bug-in-openssl-which-could-allow-your-vertcoins-to-be-stolen
Conscious Entrepreneurship Foundation (CEF)

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12336
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BTS: xeroc
  • GitHub: xeroc
Re: OpenSSL Heartbleed Vulnerability ?
« Reply #5 on: April 09, 2014, 02:37:43 PM »
If you have RPC enabled on a public interface and allow other ip addresses to open a SSL connection you SHOULD be concerned and upgrade/disable immediatelly
Give BitShares a try! Use the http://testnet.bitshares.eu provided by http://bitshares.eu powered by ChainSquad GmbH

 

Google+