Kaspersky and INTERPOL Say Blockchain is Vulnerable

[Todamont]

> How would you “accidentally execute” a sequence of bytes? Unless you're using something similar to eval, which then it's not accidental anymore.

Well, that's how injection attacks work. A client would naively try to read the data, and the data would contain an escape sequence followed by the equivalent of "eval" on the target operation system or hardware architecture. It doesn't seem impossible as a conceptual attack.

[muhrohmat]

well besides the fact we have to save our passes and addresses and amounts in personal computer i mean does the hackers try to steal all in blockchain directly or go to personlal comuters and a change in blockchain need to ocurr in like 4000 net work computers its a very diff thing

[majeis]

> How would you “accidentally execute” a sequence of bytes? Unless you're using something similar to eval, which then it's not accidental anymore.

Well, that's how injection attacks work. A client would naively try to read the data, and the data would contain an escape sequence followed by the equivalent of "eval" on the target operation system or hardware architecture. It doesn't seem impossible as a conceptual attack.

Keyword "naively." Publicly available data on the internet isn't really the problem since that's what the internet basically is. The problem is client-side whatever it is and that's on the end-user, not the fault of the network itself.

[S4VV4S]

I think you guys are very sentimental about the subject.

Interpol is right : http://www.forbes.com/sites/thomasbrewster/2015/03/27/bitcoin-blockchain-pollution-a-criminal-opportunity/

it could be abused to store malware control mechanisms or provide access to illicit content such as child abuse images that would be extremely difficult to take down.

And when that happens (coz it will) kiss your Bitcoins goodbye.

Oh, and don't say how are they going to do it.
If they make any kind of purchase/exchange with BTC illegal and fine it with lifetime in jail,
no business or exchange will take your Bitcoins.
Then you will have to turn to a black market but we have all seen how they all fell like flies haven't we?

Once again, stop being so sentimental and pay attention to the details.
Interpol is trying to protect (your) children from abuse, and that is just one example of what the blockchain is capable of.

[shorena]

I think you guys are very sentimental about the subject.

Interpol is right : http://www.forbes.com/sites/thomasbrewster/2015/03/27/bitcoin-blockchain-pollution-a-criminal-opportunity/

it could be abused to store malware control mechanisms or provide access to illicit content such as child abuse images that would be extremely difficult to take down.

And when that happens (coz it will) kiss your Bitcoins goodbye.

Again, any decentralized storage system is vulnerable in that regard.

Oh, and don't say how are they going to do it.
If they make any kind of purchase/exchange with BTC illegal and fine it with lifetime in jail,

Interpol does not make laws. They can not make anything illegal or legal. They are an organ to promote cooperation between police organisations in different countries. Who is this mysterious "they" you are referring to that can change all laws on a global scale?

no business or exchange will take your Bitcoins.

Under the assumption that bitcoin have just been declare illegal, which business and/or exchange would be left? None, because all exchanges and business would now be bankrupt, unless they do not actually hold bitcoins.

Then you will have to turn to a black market but we have all seen how they all fell like flies haven't we?

Once again, stop being so sentimental and pay attention to the details.
Interpol is trying to protect (your) children from abuse, and that is just one example of what the blockchain is capable of.

Blatantly declaring Bitcoin's blockchain vulnerable is not protecting any (my) children. In order to store the picture of an abused child, the picture must have been taken previously, thus the abuse must have already happened. Attacking the symptoms is not a solution. I doubt there is much of the content they are warning about in the blockchain. The main reason for this believe is that there are other, cheaper and more discrete ways. The only advantage in using the blockchain I could see is that it would be very hard to erase the data. On the other hand criminals tend to have a reason to avoid this very property as it would also make it very hard to hide their tracks.

[Snail2]

I consider their research as "marketing activity" .

[ensurance982]

CIYAM:
> You'd need some specially created Bitcoin client that uses something like OP_RETURN data as an executable...

That's actually an interesting idea. If you embedded some injection-like escape sequence, followed by assembly code tailored to a specific microprocessor set, then could it possibly be executed by any standard client when it is "naively" attempting to access the OP_RETURN data? Clients / nodes written in loosely-typed languages seem like they might be more vulnerable...

How would you “accidentally execute” a sequence of bytes? Unless you're using something similar to eval, which then it's not accidental anymore.

You could always go and try to cause some buffer overflows. Back in the good old days it was quite common to try and write some executable code into the memory, build a large enough landing pad, and whooops: your code gets executed

[AtheistAKASaneBrain]

Typical corporate FUD. And I don't think this is relevant for wallets that do not store your blockchain, and then again people running those that do (nodes) are knowledgeable enough to not get their computers infected.
Most average joes will be using blockchain.info or so, to deal with their BTC anyway.

[S4VV4S]

Again, any decentralized storage system is vulnerable in that regard.

True. One can not argue with that.

Interpol does not make laws. They can not make anything illegal or legal. They are an organ to promote cooperation between police organisations in different countries. Who is this mysterious "they" you are referring to that can change all laws on a global scale?

Interpol does not make laws, it follows them, and if they have orders to do something, they do it Internationally (or at least where Interpol has juristiction).
Also, even though the word "organ" might be correct, the word organization is the preffered choice. "Organ" may refer to a body part such as a penis.

Under the assumption that bitcoin have just been declare illegal, which business and/or exchange would be left? None, because all exchanges and business would now be bankrupt, unless they do not actually hold bitcoins.

True and False at the same time.
They will - yes they will - attempt to get some of their money back, and that means the black markets.

Blatantly declaring Bitcoin's blockchain vulnerable is not protecting any (my) children. In order to store the picture of an abused child, the picture must have been taken previously, thus the abuse must have already happened. Attacking the symptoms is not a solution. I doubt there is much of the content they are warning about in the blockchain. The main reason for this believe is that there are other, cheaper and more discrete ways. The only advantage in using the blockchain I could see is that it would be very hard to erase the data. On the other hand criminals tend to have a reason to avoid this very property as it would also make it very hard to hide their tracks.

I don't think you understood what I said, nor what Interpol said.
The blockchain is NOT vulnerable, on the contrary it's so solid that an abuser can host child abuse images on it indefinetely (and other malicious code).
Apart from that, Bitcoin gives ways for abusers to use it over money (fiat) due to it's (supposed) anonymity.
Also, criminals should not have ANY worries exploiting the blockchain because..... you know: coin mixers -> one time use address -> crime done and there forever.....
If that address is never to be used again then there is no chance they can track them.


Now, can you please stop being so "smart" and defensive about Bitcoin and pay attention to the details?
Or are you too busy playing bullshit ARG games (or covering up for the con artist) that you do not read between the lines?

[S4VV4S]

I could have sworn a similar article was posted last year and quickly debunked, I may have to do some digging.

This is more recent - March '15: http://www.forbes.com/sites/thomasbrewster/2015/03/27/bitcoin-blockchain-pollution-a-criminal-opportunity/

[manselr]

Bitcoin is a booming market and Kaspersky  makes their money off fear of electronic attacks. Probably Interpol with get a commission by supporting each other's claims to pump future Kaspersky products.