Bitcoin Forum
November 08, 2024, 01:45:55 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Economy > Marketplace > Service Discussion > Are Bitcoin exchanges safe after ShellShock ?
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: Are Bitcoin exchanges safe after ShellShock ?  (Read 1816 times)
BitCoinDream (OP)
Legendary
*
Offline Offline

Activity: 2394
Merit: 1216

The revolution will be digital


View Profile
September 26, 2014, 09:51:57 AM
 #1
I have read ShellShock opens up Apache vulnerability. AFAIK most of the Bitcoin exchanges are running on Apache. So are they just awaiting to be ripped off ?

p.s. If U dont know what is ShellShock, check here.
RustyNomad
Sr. Member
****
Offline Offline

Activity: 336
Merit: 251



View Profile WWW
September 26, 2014, 09:53:23 AM
 #2
No exchange is safe in my opinion, no matter how they harp on about their 100% security.
BitCoinDream (OP)
Legendary
*
Offline Offline

Activity: 2394
Merit: 1216

The revolution will be digital


View Profile
September 26, 2014, 11:06:43 AM
 #3
Quote from: RustyNomad on September 26, 2014, 09:53:23 AM
No exchange is safe in my opinion, no matter how they harp on about their 100% security.

If Apache is affected, then practically very few websites are safe now, because Apache has become almost synonymous to web server. So if Apache is attacked, the result will be catastrophe including the banking systems and the heat on bitcoin exchanges will be negligible to that.
1Referee
Legendary
*
Offline Offline

Activity: 2170
Merit: 1427


View Profile
September 26, 2014, 11:35:10 AM
 #4
Any service involved with Bitcoin will never be safe.

The only thing they can do is keep the security spot on, and detect any security holes before hackers do.

newyorker91
Newbie
*
Offline Offline

Activity: 22
Merit: 0


View Profile
September 26, 2014, 11:46:49 AM
 #5
yeah trading became dangerous...
Tzupy
Legendary
*
Offline Offline

Activity: 2170
Merit: 1094



View Profile
September 26, 2014, 02:17:32 PM
 #6
After? They probably patched their Linux servers by now, but the problem existed for over 20 years, who knows if it was already exploited?
Sometimes, if it looks too bullish, it's actually bearish
ArticMine
Legendary
*
Offline Offline

Activity: 2282
Merit: 1050


Monero Core Team


View Profile
September 27, 2014, 02:22:19 AM
 #7
If they are running GNU/Linux on their servers and have fully patched their servers they are not vulnerable (this is the most likely scenario).
If they are running GNU/Linux on their servers and have not patched their servers they are vulnerable.
If they are running Microsoft Windows Server on their servers they are not vulnerable.
If they are running Apple Server on their servers they are vulnerable (Apple has yet to issue any patches).
Concerned that blockchain bloat will lead to centralization? Storing less than 4 GB of data once required the budget of a superpower and a warehouse full of punched cards. https://upload.wikimedia.org/wikipedia/commons/8/87/IBM_card_storage.NARA.jpg https://en.wikipedia.org/wiki/Punched_card
moni3z
Hero Member
*****
Offline Offline

Activity: 899
Merit: 1002



View Profile
September 27, 2014, 02:41:22 AM
 #8
If they have CGI scripts that call /bin/bash then they were vuln, or if they had any library on their system that called bash it was only one unauthenticated GET req from being totally pwned.
Tzupy
Legendary
*
Offline Offline

Activity: 2170
Merit: 1094



View Profile
September 27, 2014, 11:59:44 AM
 #9
http://arstechnica.com/security/2014/09/still-more-vulnerabilities-in-bash-shellshock-becomes-whack-a-mole/
Sometimes, if it looks too bullish, it's actually bearish
PenAndPaper
Sr. Member
****
Offline Offline

Activity: 252
Merit: 250


View Profile
September 27, 2014, 12:01:35 PM
 #10
I guess they hold the majority of their coins in cold storage... or they should anyway..
japandrew73
Full Member
***
Offline Offline

Activity: 182
Merit: 100


View Profile
September 27, 2014, 04:11:02 PM
 #11
is BTC-e affected by this?
RedDiamond
Sr. Member
****
Offline Offline

Activity: 294
Merit: 250


View Profile
September 28, 2014, 02:10:43 PM
 #12
You can use this page for testing: http://shellshocktest.com/

'This tool helps you to check if your server is vulnerable to CVE-2014-6271, also known as "ShellShock".'

Pages: [1]
  Print  
Bitcoin Forum > Economy > Marketplace > Service Discussion > Are Bitcoin exchanges safe after ShellShock ?
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!