Security 'expert' clams bitcoin vulnerability. Presenting at Ekoparty Conf.

[jimbobway]

Sergio Demian Lerner
‏@SDLerner
At #Ekoparty Security Conference, I'll give a sneak peek (not the full disclosure) of AVALANCHE, a #Bitcoin vulnerability I found.

http://twitter.com/SDLerner/status/247725013975834624

[Severian]

.

[dree12]

Uh-oh. I'm not going to make any transactions, so that the chain rollback (if it happens) will be less painful. Hopefully the nosedive doesn't occur this time.

[DeathAndTaxes]

Wonder why he wouldn't informed the developers here:

https://bitcointalk.org/index.php?action=profile;u=24826

[Severian]

Wonder why he wouldn't informed the developers here:

https://bitcointalk.org/index.php?action=profile;u=24826

I just asked him.

[Raoul Duke]

Wonder why he wouldn't informed the developers here:

https://bitcointalk.org/index.php?action=profile;u=24826

Maybe he did and they're keeping quiet.
Or maybe he's lying lol

[apetersson]

i would guess he is disclosing

https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2012-3789

which is fixed in all recent versions of bitcoin. since he disclosed it responsibly and it has been fixed i do not mind that he now takes credit for his discovery publicly.

[jimbobway]

He said he is only doing a partial disclosure and not a full disclosure.  I imagine he will do a full disclosure after the conference and will talk to Gavin.

I am guessing he just wants some credit for discovering this vulnerability.

[jimbobway]

Uh-oh. I'm not going to make any transactions, so that the chain rollback (if it happens) will be less painful. Hopefully the nosedive doesn't occur this time.

Here is Gavin's description of a serious vs critical vulnerability.  https://bitcointalk.org/index.php?topic=88892.0

[Etlase2]

I trust that Sergio is working with bitcoin's best interests and there is nothing to fear, but this thread reminds me of someone who claimed to have found a vulnerability several months back on some website, but I don't remember what (or if anything) became of it.

[Sergio_Demian_Lerner]

Hi!

Don't worry!

First, the dev team has already fixed this in 7.0. I hope the new stable release is ready soon and everybody upgrades.

Secondly, I won't be saying anything that can help an attacker exploit the vuln.

I will talk about many aspects of Bitcoin, and only one of them being the existence of DoS vulnerabilities, past heists in the ecosystem, and how Bitcoin has managed to handle them.

I will also talk about scalability, which has always been my deepest concern.

The conference titled "Bitcoin, Mavepay and the future of crytprocurrencies" is scheduled for Thursday 14:20 local time, Buenos Aires, Argentina at Ekoparty. Obviously I will also talk about my own proposals (Mavepay).

Come to Buenos Aires!
Juliano Rizzo and Thai Duong will be talking about CRIME, a devastating vulnerability they found in SSL!


Best regards,
 Sergio.