Bitcoin Forum
October 31, 2024, 08:58:17 PM *
News: Bitcoin Pumpkin Carving Contest
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 4 »  All
  Print  
Author Topic: Kaspersky and INTERPOL Say Blockchain is Vulnerable  (Read 4237 times)
tokeweed (OP)
Legendary
*
Offline Offline

Activity: 4130
Merit: 1461


Life, Love and Laughter...


View Profile
April 11, 2015, 03:06:38 PM
 #1

Quote

Kaspersky Labs and INTERPOL have presented research in which they show how blockchain-based cryptocurrencies can potentially be abused with arbitrary data that can be disseminated through its public decentralized databases.

These two entities addressed the issue at the BlackHat Asia conference in Singapore. They successfully demonstrated how arbitrary data can be injected into a digital currency decentralized database simply by using an exploit code that opens a notepad enabling corrupted data to be inserted into the Blockchain.

Not long ago, Kaspersky Lab’s signed an agreement and a memorandum of understanding with INTERPOL and Europol in order to expand cooperation in a joint fight against cyber crime. In addition, the company has also organized a series of training sessions for INTERPOL staff to give them some knowledge about malware analysis, digital forensics, and financial threat research.

A Kaspersky researcher named Vitaly Kamluk explains:


“Blockchainware, short for blockchain-based software, stores some of its executable code in the decentralized databases of cryptocurrency transactions. It is based on the idea of establishing a connection to the P2P networks of cryptocurrency enthusiasts, fetching information from transaction records and running it as a code. Depending on the payload fetched from the network, it can be either benign or malicious.”


Vitaly also stresses that before digital currency can be widely accepted, we need to understand the full potential of the threats it faces. The Bitcoin community seems to agree with Vitaly, as security is a healthy industry seeing remarkable growth in the cryptocurrency ecosystem.

A report from Juniper projects that the number of active Bitcoin users worldwide will reach 4.7 million by the end of 2019, up from just over 1.3 million last year. The company expects usage to continue to be dominated by exchange trading, with retail adoption largely restricted to relatively niche demographics. This is surely good news for the virtual currency industry, and it means that the potential of the technology has already been recognized.

The importance of cryptocurrencies on e-commerce and other online financial activities has been growing at an astonishing rate, and concerns over security are growing. Security issues will likely always be present in the Bitcoin world, and users will have to rely on cybersecurity firms to constantly innovate and provide solutions.


http://insidebitcoins.com/news/kaspersky-and-interpol-say-blockchain-is-vulnerable/31578

R


▀▀▀▀▀▀▀██████▄▄
████████████████
▀▀▀▀█████▀▀▀█████
████████▌███▐████
▄▄▄▄█████▄▄▄█████
████████████████
▄▄▄▄▄▄▄██████▀▀
LLBIT|
4,000+ GAMES
███████████████████
██████████▀▄▀▀▀████
████████▀▄▀██░░░███
██████▀▄███▄▀█▄▄▄██
███▀▀▀▀▀▀█▀▀▀▀▀▀███
██░░░░░░░░█░░░░░░██
██▄░░░░░░░█░░░░░▄██
███▄░░░░▄█▄▄▄▄▄████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█████████
▀████████
░░▀██████
░░░░▀████
░░░░░░███
▄░░░░░███
▀█▄▄▄████
░░▀▀█████
▀▀▀▀▀▀▀▀▀
█████████
░░░▀▀████
██▄▄▀░███
█░░█▄░░██
░████▀▀██
█░░█▀░░██
██▀▀▄░███
░░░▄▄████
▀▀▀▀▀▀▀▀▀
||.
|
▄▄████▄▄
▀█▀
▄▀▀▄▀█▀
▄░░▄█░██░█▄░░▄
█░▄█░▀█▄▄█▀░█▄░█
▀▄░███▄▄▄▄███░▄▀
▀▀█░░░▄▄▄▄░░░█▀▀
░░██████░░█
█░░░░▀▀░░░░█
▀▄▀▄▀▄▀▄▀▄
▄░█████▀▀█████░▄
▄███████░██░███████▄
▀▀██████▄▄██████▀▀
▀▀████████▀▀
.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
░▀▄░▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄░▄▀
███▀▄▀█████████████████▀▄▀
█████▀▄░▄▄▄▄▄███░▄▄▄▄▄▄▀
███████▀▄▀██████░█▄▄▄▄▄▄▄▄
█████████▀▄▄░███▄▄▄▄▄▄░▄▀
███████████░███████▀▄▀
███████████░██▀▄▄▄▄▀
███████████░▀▄▀
████████████▄▀
███████████
▄▄███████▄▄
▄████▀▀▀▀▀▀▀████▄
▄███▀▄▄███████▄▄▀███▄
▄██▀▄█▀▀▀█████▀▀▀█▄▀██▄
▄██▀▄███░░░▀████░███▄▀██▄
███░████░░░░░▀██░████░███
███░████░█▄░░░░▀░████░███
███░████░███▄░░░░████░███
▀██▄▀███░█████▄░░███▀▄██▀
▀██▄▀█▄▄▄██████▄██▀▄██▀
▀███▄▀▀███████▀▀▄███▀
▀████▄▄▄▄▄▄▄████▀
▀▀███████▀▀
OFFICIAL PARTNERSHIP
SOUTHAMPTON FC
FAZE CLAN
SSC NAPOLI
Jeremycoin
Legendary
*
Offline Offline

Activity: 1022
Merit: 1003


𝓗𝓞𝓓𝓛


View Profile
April 11, 2015, 03:19:52 PM
 #2

BTCitcoin is in danger, we must safe it.
Whatever they said, I'll still trust the BTCitcoin Grin

faucet used to be profitable
fryarminer
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500


View Profile
April 11, 2015, 03:22:53 PM
 #3

Oh no!!! Bitcoin is in danger!! Hodl your coins so you don't lose them!
LiteCoinGuy
Legendary
*
Offline Offline

Activity: 1148
Merit: 1014


In Satoshi I Trust


View Profile WWW
April 11, 2015, 03:35:23 PM
 #4

thank god i own only Litecoin 





Tongue

GTO911
Hero Member
*****
Offline Offline

Activity: 672
Merit: 500



View Profile
April 11, 2015, 03:51:07 PM
 #5

thank god i own only Litecoin 
Tongue

I really pity you, why wont you just cut the losses and enter some other position?
oblivi
Hero Member
*****
Offline Offline

Activity: 700
Merit: 501


View Profile
April 11, 2015, 03:53:20 PM
 #6

Sounds like not really found based scaremongering for Kaspersky and friends to start selling us "Crypto-antiviruses" of some sort.
Amph
Legendary
*
Offline Offline

Activity: 3248
Merit: 1070



View Profile
April 11, 2015, 03:56:48 PM
Last edit: April 11, 2015, 06:57:05 PM by Amph
 #7

they are trying too hard to kill bitcoin price with all those troll news, despite all the 230 mark is still holding strong

they should at least back up their claim, why they don't try to abuse the blockchain then?
tokeweed (OP)
Legendary
*
Offline Offline

Activity: 4130
Merit: 1461


Life, Love and Laughter...


View Profile
April 11, 2015, 04:00:37 PM
 #8

they are trying to hard to kill bitcoin price with all those troll news, despite all the 230 mark is still holding strong

they should at least back up their claim, why they don't try to abuse the blockchain then?

This.  Either that, or insiders know something that's why they are selling.

R


▀▀▀▀▀▀▀██████▄▄
████████████████
▀▀▀▀█████▀▀▀█████
████████▌███▐████
▄▄▄▄█████▄▄▄█████
████████████████
▄▄▄▄▄▄▄██████▀▀
LLBIT|
4,000+ GAMES
███████████████████
██████████▀▄▀▀▀████
████████▀▄▀██░░░███
██████▀▄███▄▀█▄▄▄██
███▀▀▀▀▀▀█▀▀▀▀▀▀███
██░░░░░░░░█░░░░░░██
██▄░░░░░░░█░░░░░▄██
███▄░░░░▄█▄▄▄▄▄████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█████████
▀████████
░░▀██████
░░░░▀████
░░░░░░███
▄░░░░░███
▀█▄▄▄████
░░▀▀█████
▀▀▀▀▀▀▀▀▀
█████████
░░░▀▀████
██▄▄▀░███
█░░█▄░░██
░████▀▀██
█░░█▀░░██
██▀▀▄░███
░░░▄▄████
▀▀▀▀▀▀▀▀▀
||.
|
▄▄████▄▄
▀█▀
▄▀▀▄▀█▀
▄░░▄█░██░█▄░░▄
█░▄█░▀█▄▄█▀░█▄░█
▀▄░███▄▄▄▄███░▄▀
▀▀█░░░▄▄▄▄░░░█▀▀
░░██████░░█
█░░░░▀▀░░░░█
▀▄▀▄▀▄▀▄▀▄
▄░█████▀▀█████░▄
▄███████░██░███████▄
▀▀██████▄▄██████▀▀
▀▀████████▀▀
.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
░▀▄░▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄░▄▀
███▀▄▀█████████████████▀▄▀
█████▀▄░▄▄▄▄▄███░▄▄▄▄▄▄▀
███████▀▄▀██████░█▄▄▄▄▄▄▄▄
█████████▀▄▄░███▄▄▄▄▄▄░▄▀
███████████░███████▀▄▀
███████████░██▀▄▄▄▄▀
███████████░▀▄▀
████████████▄▀
███████████
▄▄███████▄▄
▄████▀▀▀▀▀▀▀████▄
▄███▀▄▄███████▄▄▀███▄
▄██▀▄█▀▀▀█████▀▀▀█▄▀██▄
▄██▀▄███░░░▀████░███▄▀██▄
███░████░░░░░▀██░████░███
███░████░█▄░░░░▀░████░███
███░████░███▄░░░░████░███
▀██▄▀███░█████▄░░███▀▄██▀
▀██▄▀█▄▄▄██████▄██▀▄██▀
▀███▄▀▀███████▀▀▄███▀
▀████▄▄▄▄▄▄▄████▀
▀▀███████▀▀
OFFICIAL PARTNERSHIP
SOUTHAMPTON FC
FAZE CLAN
SSC NAPOLI
maku
Legendary
*
Offline Offline

Activity: 1288
Merit: 1000



View Profile
April 11, 2015, 04:20:06 PM
 #9

thank god i own only Litecoin  
Tongue

I really pity you, why wont you just cut the losses and enter some other position?
They said that every blockchain based cryptocurrency is in danger? Does your Litecoins are not based on blockchain technology? Everything is lost. No matter which cryptocurrency you own.
Lauda
Legendary
*
Offline Offline

Activity: 2674
Merit: 2965


Terminated.


View Profile WWW
April 11, 2015, 04:25:22 PM
 #10

So where is this "presented research"?
How about someone from our side takes a look at it. I trust Interpol as much as I trust the FBI.

"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks"
😼 Bitcoin Core (onion)
Denker
Legendary
*
Offline Offline

Activity: 1442
Merit: 1016


View Profile
April 11, 2015, 04:26:32 PM
 #11

they are trying to hard to kill bitcoin price with all those troll news, despite all the 230 mark is still holding strong

they should at least back up their claim, why they don't try to abuse the blockchain then?

Exactly. As long as they don't show any proof and devs from the community can counter check that news is just bullshit!
odolvlobo
Legendary
*
Offline Offline

Activity: 4494
Merit: 3400



View Profile
April 11, 2015, 04:26:47 PM
 #12

The article isn't clear. Is it saying that people can put arbitrary data into the block chain, or is it saying that somebody can corrupt my copy of the block chain? I don't see how either of those makes Bitcoin vulnerable, since the first is a feature and the second affects only me.

Join an anti-signature campaign: Click ignore on the members of signature campaigns.
PGP Fingerprint: 6B6BC26599EC24EF7E29A405EAF050539D0B2925 Signing address: 13GAVJo8YaAuenj6keiEykwxWUZ7jMoSLt
redsn0w
Legendary
*
Offline Offline

Activity: 1778
Merit: 1043


#Free market


View Profile
April 11, 2015, 04:30:27 PM
 #13

So where is this "presented research"?
This,

where is the research? They cannot say "blockchain is vulnerable" without give a full report and various example of that attack.


How about someone from our side takes a look at it. I trust Interpol as much as I trust the FBI.

I trust my cat more than FBI + Interpol .
Q7
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


View Profile WWW
April 11, 2015, 04:34:06 PM
 #14

The article isn't clear. Is it saying that people can put arbitrary data into the block chain, or is it saying that somebody can corrupt my copy of the block chain? I don't see how either of those makes Bitcoin vulnerable, since the first is a feature and the second affects only me.

That is what I'm trying to find out as well. If it does, it means there are vulnerabilities that can be exploited affecting the blockchain but I'm just wondering how is it possible that nobody has seen it yet until recently.

tokeweed (OP)
Legendary
*
Offline Offline

Activity: 4130
Merit: 1461


Life, Love and Laughter...


View Profile
April 11, 2015, 04:41:16 PM
 #15

The article isn't clear. Is it saying that people can put arbitrary data into the block chain, or is it saying that somebody can corrupt my copy of the block chain? I don't see how either of those makes Bitcoin vulnerable, since the first is a feature and the second affects only me.

That is what I'm trying to find out as well. If it does, it means there are vulnerabilities that can be exploited affecting the blockchain but I'm just wondering how is it possible that nobody has seen it yet until recently.

Someone out there must want BTC to go down...  Maybe trying to pull off the ultimate FUD?

R


▀▀▀▀▀▀▀██████▄▄
████████████████
▀▀▀▀█████▀▀▀█████
████████▌███▐████
▄▄▄▄█████▄▄▄█████
████████████████
▄▄▄▄▄▄▄██████▀▀
LLBIT|
4,000+ GAMES
███████████████████
██████████▀▄▀▀▀████
████████▀▄▀██░░░███
██████▀▄███▄▀█▄▄▄██
███▀▀▀▀▀▀█▀▀▀▀▀▀███
██░░░░░░░░█░░░░░░██
██▄░░░░░░░█░░░░░▄██
███▄░░░░▄█▄▄▄▄▄████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█████████
▀████████
░░▀██████
░░░░▀████
░░░░░░███
▄░░░░░███
▀█▄▄▄████
░░▀▀█████
▀▀▀▀▀▀▀▀▀
█████████
░░░▀▀████
██▄▄▀░███
█░░█▄░░██
░████▀▀██
█░░█▀░░██
██▀▀▄░███
░░░▄▄████
▀▀▀▀▀▀▀▀▀
||.
|
▄▄████▄▄
▀█▀
▄▀▀▄▀█▀
▄░░▄█░██░█▄░░▄
█░▄█░▀█▄▄█▀░█▄░█
▀▄░███▄▄▄▄███░▄▀
▀▀█░░░▄▄▄▄░░░█▀▀
░░██████░░█
█░░░░▀▀░░░░█
▀▄▀▄▀▄▀▄▀▄
▄░█████▀▀█████░▄
▄███████░██░███████▄
▀▀██████▄▄██████▀▀
▀▀████████▀▀
.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
░▀▄░▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄░▄▀
███▀▄▀█████████████████▀▄▀
█████▀▄░▄▄▄▄▄███░▄▄▄▄▄▄▀
███████▀▄▀██████░█▄▄▄▄▄▄▄▄
█████████▀▄▄░███▄▄▄▄▄▄░▄▀
███████████░███████▀▄▀
███████████░██▀▄▄▄▄▀
███████████░▀▄▀
████████████▄▀
███████████
▄▄███████▄▄
▄████▀▀▀▀▀▀▀████▄
▄███▀▄▄███████▄▄▀███▄
▄██▀▄█▀▀▀█████▀▀▀█▄▀██▄
▄██▀▄███░░░▀████░███▄▀██▄
███░████░░░░░▀██░████░███
███░████░█▄░░░░▀░████░███
███░████░███▄░░░░████░███
▀██▄▀███░█████▄░░███▀▄██▀
▀██▄▀█▄▄▄██████▄██▀▄██▀
▀███▄▀▀███████▀▀▄███▀
▀████▄▄▄▄▄▄▄████▀
▀▀███████▀▀
OFFICIAL PARTNERSHIP
SOUTHAMPTON FC
FAZE CLAN
SSC NAPOLI
abyrnes81
Hero Member
*****
Offline Offline

Activity: 714
Merit: 500



View Profile
April 11, 2015, 04:56:20 PM
 #16

The article isn't clear. Is it saying that people can put arbitrary data into the block chain, or is it saying that somebody can corrupt my copy of the block chain? I don't see how either of those makes Bitcoin vulnerable, since the first is a feature and the second affects only me.

That is what I'm trying to find out as well. If it does, it means there are vulnerabilities that can be exploited affecting the blockchain but I'm just wondering how is it possible that nobody has seen it yet until recently.

Because there aren't bug in the bitcoin code ( and the ledger aka blockchain) here a good report (for good usage) of the bitcoin blockchain :

http://www.righto.com/2014/02/ascii-bernanke-wikileaks-photographs.html
CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1086


Ian Knowles - CIYAM Lead Developer


View Profile WWW
April 11, 2015, 05:12:03 PM
 #17

I am calling FUD as sure you can embed arbitrary data in the blockchain but "so what"?

You can embed arbitrary data in .jpg's (steganography) - does that make it dangerous to view a .jpg (or more relevant to the OP to even store it on your computer)?

Unless they are talking about a bug in Bitcoin Script (which clearly they are not) then it really is just FUD (and Kaspersky have lost all credibility in my view with this).

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
tokeweed (OP)
Legendary
*
Offline Offline

Activity: 4130
Merit: 1461


Life, Love and Laughter...


View Profile
April 11, 2015, 05:14:32 PM
 #18

I am calling FUD as sure you can embed arbitrary data in the blockchain but "so what"?

You can embed arbitrary data in .jpg's (steganography) - does that make it dangerous to view a .jpg (or more relevant to this topic even to store it on your computer)?


Exactly.  But this info is comng from Kaspersky and the Interpol...  Someone out there is trying to pull off the ultimate Bitcoin FUD.  And this is a good time to attack Bitcoin...  While the climate is bearish.

R


▀▀▀▀▀▀▀██████▄▄
████████████████
▀▀▀▀█████▀▀▀█████
████████▌███▐████
▄▄▄▄█████▄▄▄█████
████████████████
▄▄▄▄▄▄▄██████▀▀
LLBIT|
4,000+ GAMES
███████████████████
██████████▀▄▀▀▀████
████████▀▄▀██░░░███
██████▀▄███▄▀█▄▄▄██
███▀▀▀▀▀▀█▀▀▀▀▀▀███
██░░░░░░░░█░░░░░░██
██▄░░░░░░░█░░░░░▄██
███▄░░░░▄█▄▄▄▄▄████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█████████
▀████████
░░▀██████
░░░░▀████
░░░░░░███
▄░░░░░███
▀█▄▄▄████
░░▀▀█████
▀▀▀▀▀▀▀▀▀
█████████
░░░▀▀████
██▄▄▀░███
█░░█▄░░██
░████▀▀██
█░░█▀░░██
██▀▀▄░███
░░░▄▄████
▀▀▀▀▀▀▀▀▀
||.
|
▄▄████▄▄
▀█▀
▄▀▀▄▀█▀
▄░░▄█░██░█▄░░▄
█░▄█░▀█▄▄█▀░█▄░█
▀▄░███▄▄▄▄███░▄▀
▀▀█░░░▄▄▄▄░░░█▀▀
░░██████░░█
█░░░░▀▀░░░░█
▀▄▀▄▀▄▀▄▀▄
▄░█████▀▀█████░▄
▄███████░██░███████▄
▀▀██████▄▄██████▀▀
▀▀████████▀▀
.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
░▀▄░▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄░▄▀
███▀▄▀█████████████████▀▄▀
█████▀▄░▄▄▄▄▄███░▄▄▄▄▄▄▀
███████▀▄▀██████░█▄▄▄▄▄▄▄▄
█████████▀▄▄░███▄▄▄▄▄▄░▄▀
███████████░███████▀▄▀
███████████░██▀▄▄▄▄▀
███████████░▀▄▀
████████████▄▀
███████████
▄▄███████▄▄
▄████▀▀▀▀▀▀▀████▄
▄███▀▄▄███████▄▄▀███▄
▄██▀▄█▀▀▀█████▀▀▀█▄▀██▄
▄██▀▄███░░░▀████░███▄▀██▄
███░████░░░░░▀██░████░███
███░████░█▄░░░░▀░████░███
███░████░███▄░░░░████░███
▀██▄▀███░█████▄░░███▀▄██▀
▀██▄▀█▄▄▄██████▄██▀▄██▀
▀███▄▀▀███████▀▀▄███▀
▀████▄▄▄▄▄▄▄████▀
▀▀███████▀▀
OFFICIAL PARTNERSHIP
SOUTHAMPTON FC
FAZE CLAN
SSC NAPOLI
AGD
Legendary
*
Offline Offline

Activity: 2070
Merit: 1164


Keeper of the Private Key


View Profile
April 11, 2015, 06:49:26 PM
 #19

Quote
simply by using an exploit code that opens a notepad enabling corrupted data to be inserted into the Blockchain

Wow! My notepad can do things like that?

Bitcoin is not a bubble, it's the pin!
+++ GPG Public key FFBD756C24B54962E6A772EA1C680D74DB714D40 +++ http://pgp.mit.edu/pks/lookup?op=get&search=0x1C680D74DB714D40
CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1086


Ian Knowles - CIYAM Lead Developer


View Profile WWW
April 11, 2015, 06:55:23 PM
 #20

Quote
It is based on the idea of establishing a connection to the P2P networks of cryptocurrency enthusiasts, fetching information from transaction records and running it as a code.

So it is complete FUD - no normal Bitcoin client works like this at all.

You'd need some specially created Bitcoin client that uses something like OP_RETURN data as an executable (and I don't believe there even is such software in existence unless Kaspersky created it just to published this FUD article).

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
Pages: [1] 2 3 4 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!