BitShares Forum

Main => General Discussion => Topic started by: unimercio on April 09, 2014, 05:55:51 am

Title: OpenSSL Heartbleed Vulnerability ?
Post by: unimercio on April 09, 2014, 05:55:51 am
Any thoughts, concerns on the OpenSSL Heartbleed vulnerability and PTS.

http://www.bitcoinfeed.net/news/bitcoin-bitcoin-security-company-bitgo-responds-to-the-heartbleed-security-threat

“It’s fundamental to tell everyone to check all their servers and update ASAP [...] I can’t obviously be positive about it, but bitcoin-specific software (local wallets, etc.) should not be affected even if they use OpenSSL, since the bug is only triggerable in live TLS connections.”


Ps. Vertcoin has released an update to their wallet.
Title: Re: OpenSSL Heartbleed Vulnerability ?
Post by: fuzzy on April 09, 2014, 11:10:18 am
Any thoughts, concerns on the OpenSSL Heartbleed vulnerability and PTS.

http://www.bitcoinfeed.net/news/bitcoin-bitcoin-security-company-bitgo-responds-to-the-heartbleed-security-threat

“It’s fundamental to tell everyone to check all their servers and update ASAP [...] I can’t obviously be positive about it, but bitcoin-specific software (local wallets, etc.) should not be affected even if they use OpenSSL, since the bug is only triggerable in live TLS connections.”


Ps. Vertcoin has released an update to their wallet.

Bump
Title: Re: OpenSSL Heartbleed Vulnerability ?
Post by: unimercio on April 09, 2014, 11:12:16 am
Any thoughts, concerns on the OpenSSL Heartbleed vulnerability and PTS.

http://www.bitcoinfeed.net/news/bitcoin-bitcoin-security-company-bitgo-responds-to-the-heartbleed-security-threat

“It’s fundamental to tell everyone to check all their servers and update ASAP [...] I can’t obviously be positive about it, but bitcoin-specific software (local wallets, etc.) should not be affected even if they use OpenSSL, since the bug is only triggerable in live TLS connections.”


Ps. Vertcoin has released an update to their wallet.

Bump
+5% thanks fuzz
Title: Re: OpenSSL Heartbleed Vulnerability ?
Post by: xeroc on April 09, 2014, 11:58:19 am
theres no issue unless you use RPC over SSL!
Title: Re: OpenSSL Heartbleed Vulnerability ?
Post by: unimercio on April 09, 2014, 01:05:16 pm
theres no issue unless you use RPC over SSL!

thanks, so http port 80 connections are safe just not encrypted.  I wonder why Vertcoin, etc.. are issuing wallet alerts?

http://www.bitcoinfeed.net/news/vertcoin-please-upgrade-your-wallet-immediately-due-to-heartbleed-bug-in-openssl-which-could-allow-your-vertcoins-to-be-stolen (http://www.bitcoinfeed.net/news/vertcoin-please-upgrade-your-wallet-immediately-due-to-heartbleed-bug-in-openssl-which-could-allow-your-vertcoins-to-be-stolen)
Title: Re: OpenSSL Heartbleed Vulnerability ?
Post by: xeroc on April 09, 2014, 02:37:43 pm
If you have RPC enabled on a public interface and allow other ip addresses to open a SSL connection you SHOULD be concerned and upgrade/disable immediatelly