Title: US Computer Emergency Readiness Team / nist.gov publish 2year old bitcoin vulns Post by: julz on August 14, 2012, 12:03:26 AM http://www.us-cert.gov/cas/bulletins/SB12-226.html
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5139 which references the discussion thread: https://bitcointalk.org/index.php?topic=822.0 Why now? Is it standard practice to release such old warnings? With wording like: "allows remote attackers to bypass intended economic restrictions and create many bitcoins via a crafted Bitcoin transaction." and "Impact Type:Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service" It's potentially damaging If people don't notice how old it is I would have thought. Title: Re: US Computer Emergency Readiness Team / nist.gov publish 2year old bitcoin vulns Post by: niko on August 14, 2012, 12:20:09 AM Good catch, julz. I have mixed feelings about this, but currently lean towards "great!" - essentially, a US government agency is recommending Bitcoin users to upgrade to the latest clients.
Bitcoin is listed there with the likes of Cisco. I like. Title: Re: US Computer Emergency Readiness Team / nist.gov publish 2year old bitcoin vulns Post by: rjk on August 14, 2012, 12:21:34 AM Those CVE numbers were issued a while back, but I guess they only just got around to publishing the actual vulnerability?
Title: Re: US Computer Emergency Readiness Team / nist.gov publish 2year old bitcoin vulns Post by: BkkCoins on August 14, 2012, 02:53:32 AM Maybe it took 2 years for the bureaucracy to decide that Bitcoin was ok for them to comment on or publish about. That could be a good sign. Or it's part of a new ramping up of disinformation against Bitcoin.
Title: Re: US Computer Emergency Readiness Team / nist.gov publish 2year old bitcoin vulns Post by: niko on August 14, 2012, 04:24:46 AM Maybe it took 2 years for the bureaucracy to decide that Bitcoin was ok for them to comment on or publish about. That could be a good sign. Or it's part of a new ramping up of disinformation against Bitcoin. NIST is about as close as you can get to a "friendly government" in the US. Their findings are of course in the public domain, but also - unlike many other agencies - in most cases directly applicable to real life. Unless new information emerges soon, I'd call this a good sign, even if it's slow and confusing in some ways. |