If this forum uses the apache Log4J logging tool it's vulnerable to the new Log4Shell critical zero-day vulnerability.

https://nvd.nist.gov/vuln/detail/CVE-2021-44228

Any system using it needs upgrading, or the mitigation applying.

https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/12/log4j-zero-day-log4shell-arrives-just-in-time-to-ruin-your-weekend/

All an attacker has to do is get the affected app to log a special string. For that reason, researchers have dubbed the vulnerability “Log4Shell”.

Log4j is an open source logging library written in Java that was developed by the Apache Software Foundation.

The vulnerability is triggered by a simple string sent to a vulnerable server:

[example string blocked by cloudflare]

When the vulnerable application logs the string it triggers a lookup to an attacker-controlled remote LDAP server (example.com in our scenario). The response from the malicious server contains a path to a remote Java class file that’s injected into the server process. Attackers can execute commands with the same level of privilege as the application that uses the logging library.

Mitigation

Mitigations are available for versions of log4j 2.10.0 and up. Version 2.15.0 is not vulnerable by default. Note that there may be other dependencies, such as your Java version, that need to be updated before you can upgrade. Fixing the vulnerability may not be straightforward, but it is urgent.

According to the Apache log4j project, if you are unable to upgrade, for whatever reason, you can mitigate this vulnerability in version 2.10.0 or higher by switching log4j2.formatMsgNoLookups to true. This can be done by adding ‐Dlog4j2.formatMsgNoLookups=True to the JVM command for starting the application.

Italy is bailing out two of its banks with up to $19 billion. Will other banks soon need bailing out? Will the bailouts start people buying Bitcoins?

https://www.bloomberg.com/news/articles/2017-06-25/italy-mobilizes-up-to-19-billion-to-keep-veneto-banks-afloat

Today I clicked the link marked "tutorial: How to create a plugin" on the electrum docs website, and it redirected me to a phishing site. The link's marked with a red arrow on the screenshot below.





This is a virustotal scan of the first site I was redirected to.

https://www.virustotal.com/en/url/d493df45c5989d0a0822458327abcc637b6a5e72d2f00ff26c34b4a8b2aa9147/analysis/1488897009/

I was very quickly redirected to another site afterwards. This is a screenshot of the second site.





This is a virustotal scan of it that says it's a phishing site.

https://www.virustotal.com/en/url/0fc2c2c8bdcba360946c08c47ce3c7fa7ea7222b10e8b273197d192ad02c9fa2/analysis/1488897538/

After testing the "tutorial: How to create a plugin" link again I was redirected to a different site that virustotal said was clean. However it was trying to sell me some dodgy investment scheme.

DON'T CLICK THAT LINK ON THE DOCS WEBSITE.

[update]

update

After some testing I'm fairly sure I identified a bug that affects the first run of a portable wallet, and a workaround for it. Please see this post for details

https://bitcointalk.org/index.php?topic=1814785.msg18079627#msg18079627




Earlier today my wallet only allowed setting a maximum dynamic fee of 0.001 BTC/KB, which it said would confirm within 25 blocks.

However, bitcoinfees.21.co recommended using 0.00226 BTC/KB for a confirmation in the next block. Today the network has a huge backlog of transactions, but some electrum users will still want to set a maximum dynamic fee for a confirmation in the next block.

If I have got my facts straight, then maybe the server code that calculates the maximum dynamic fee needs tweaking to take account of the recent ATH for mempool size.

*snip*

I tested the dynamic fee in my wallet today, and the maximum it allows is 0.001 BTC/KB, which it says will get my transaction confirmed within 25 blocks.





However, the bitcoinfees website recommends using 0.00226 BTC/KB for a fast transaction today. My wallet won't let me pay that much using dynamic fees, but will if I edit the fee manually.


https://bitcoinfees.21.co/

The statistics center page shows no members were online today. All the other statistics are OK, but there's a bug in that field.

https://bitcointalk.org/index.php?action=stats

I was shocked when I noticed Bitstamp has sunk down to 14th place for USD volume. It used to be the top exchange. Why has it sunk so far down in the volume traded through it? I know it was hacked a year ago but I don't think I ever saw it have such low volume as now.

The Fed's auction is in four days, will it move the price up, or down, or make no difference?

I think a high number of bidders could move the price up, and a lack luster number of bidders could move the price down. Have any of the previous bidders like Tim Draper, or any of the syndicates said they will be bidding yet? There hasn't been much discussion about it in the mainstream media.