Author Topic: OpenSSL Heartbleed Vulnerability ? (Read 2005 times)

xeroc

If you have RPC enabled on a public interface and allow other ip addresses to open a SSL connection you SHOULD be concerned and upgrade/disable immediatelly

unimercio

Quote from: xeroc on April 09, 2014, 11:58:19 am

theres no issue unless you use RPC over SSL!

thanks, so http port 80 connections are safe just not encrypted. I wonder why Vertcoin, etc.. are issuing wallet alerts?

http://www.bitcoinfeed.net/news/vertcoin-please-upgrade-your-wallet-immediately-due-to-heartbleed-bug-in-openssl-which-could-allow-your-vertcoins-to-be-stolen

xeroc

theres no issue unless you use RPC over SSL!

unimercio

Quote from: fuznuts on April 09, 2014, 11:10:18 am

Quote from: unimercio on April 09, 2014, 05:55:51 am
Any thoughts, concerns on the OpenSSL Heartbleed vulnerability and PTS.

http://www.bitcoinfeed.net/news/bitcoin-bitcoin-security-company-bitgo-responds-to-the-heartbleed-security-threat

“It’s fundamental to tell everyone to check all their servers and update ASAP [...] I can’t obviously be positive about it, but bitcoin-specific software (local wallets, etc.) should not be affected even if they use OpenSSL, since the bug is only triggerable in live TLS connections.”

Ps. Vertcoin has released an update to their wallet.

Bump

thanks fuzz

fuzzy

Quote from: unimercio on April 09, 2014, 05:55:51 am

Any thoughts, concerns on the OpenSSL Heartbleed vulnerability and PTS.

http://www.bitcoinfeed.net/news/bitcoin-bitcoin-security-company-bitgo-responds-to-the-heartbleed-security-threat

“It’s fundamental to tell everyone to check all their servers and update ASAP [...] I can’t obviously be positive about it, but bitcoin-specific software (local wallets, etc.) should not be affected even if they use OpenSSL, since the bug is only triggerable in live TLS connections.”

Ps. Vertcoin has released an update to their wallet.

Bump

unimercio · « *Last Edit: April 09, 2014, 06:29:55 am by unimercio* »

Any thoughts, concerns on the OpenSSL Heartbleed vulnerability and PTS.

http://www.bitcoinfeed.net/news/bitcoin-bitcoin-security-company-bitgo-responds-to-the-heartbleed-security-threat

“It’s fundamental to tell everyone to check all their servers and update ASAP [...] I can’t obviously be positive about it, but bitcoin-specific software (local wallets, etc.) should not be affected even if they use OpenSSL, since the bug is only triggerable in live TLS connections.”

Ps. Vertcoin has released an update to their wallet.

Author Topic: OpenSSL Heartbleed Vulnerability ? (Read 2005 times)

xeroc

Re: OpenSSL Heartbleed Vulnerability ?

unimercio

Re: OpenSSL Heartbleed Vulnerability ?

xeroc

Re: OpenSSL Heartbleed Vulnerability ?

unimercio

Re: OpenSSL Heartbleed Vulnerability ?

fuzzy

Re: OpenSSL Heartbleed Vulnerability ?

unimercio

OpenSSL Heartbleed Vulnerability ?