0.13.0 Binary Safety Warning

[Kakmakr]

Is the attacking of the binaries a new angle to take control of the network, or just a attempt to steal a bunch of coins and to discredit the security of a decentralized network? If this succeeded, we would have been in serious problems. Good work catching this early and sending out warning notices before it happened. ^smile^

[1715290389]

1715290389

[1715290389]

1715290389

[1715290389]

1715290389

[Coding Enthusiast]

You should securely verify the signature and hashes before running any Bitcoin Core binaries. 
So just checking the hash is insufficient?

there is a difference between checking the integrity and checking the Authenticity of a downloaded file.

checking the hashes (CheckSums) with only computing the hash using MD5, SHA or CRC will only let you verify the integrity of the downloaded file and it is vulnerable to collision attack.

that is why you should always check the signature of the file using GnuPG (GNU Privacy Guard). this way you make sure of both authenticity (owner) and integrity (content) of a downloaded file.

[Lauda]

Sounds like laying the groundwork for a disinfo campaign when Chinese miners fork to a larger max blocksize. Sowing the seeds now to favor an adversarial mindset when it comes to plans coming from China.

Stop trolling.

Nah, I’m probably just wish thinking… More likely that “cobra” is just acting like a petty tyrant again, similar to the last time he showed up, wanting to edit satoshi’s whitepaper.

There's nothing tyrannic about this nor his suggestion to add an updated version of the whitepaper.

Also Lauda your the CEO of BTCE arnt you?

I may or may not be. Please refrain from creating consecutive posts.

Can you explain this MIM attack more precisely, are you saying that data will be forged for a long time, would they need to attack both sender and receiver at the same time

A simple Google search would give you the required information (changing data in between the two of them).

is this attack going after transactions or miners confirming transactions, and what kinds of alerts will be prompted if the Binaries aren't correct,

No alert will be prompted, that's the problem.

Is the attacking of the binaries a new angle to take control of the network, or just a attempt to steal a bunch of coins and to discredit the security of a decentralized network? If this succeeded, we would have been in serious problems.

Generally, it is unfortunate that only a handful of people compile and build their own binaries (which is recommended).

[eddie13]

Maybe you should sticky this?

[Wind_FURY]

Potential drama or is this something really serious? "State sponsored attacks" sounds really serious and I wish that someone who knows something posts what's really going on here.

[Hazir]

I am not sure why no one suggested this before, but maybe the best option is to forget about 0.13 ver and don't upgrade Bitcoin Core at all?
Wait for version 0.14 or something? It this a feasible solution?

[achow101]

If the binaries hosted on bitcoin.org are compromised or down, some of the developers host their own builds of the binaries. Since these are deterministically built, the hashes should all be the same. These hashes for all of the files are stored in the gitian.sigs repo and they are all signed with the PGP keys of all the signers. The organization of that signature repo is self explanatory.

I host my gitian build on my GitHub repo here: https://github.com/achow101/bitcoin/releases. IIRC Jonas Schnelli also hosts the binaries on his website, but I don't remember where they are.

[Pursuer]

I am not sure why no one suggested this before, but maybe the best option is to forget about 0.13 ver and don't upgrade Bitcoin Core at all?
Wait for version 0.14 or something? It this a feasible solution?

first of all I think it is more of a drama than anything else and I wish they'd explained more about the situation already.

second of all, this risk is not a new thing (although the attack itself in a bigger size is new) and you should always check the signature of these sensitive file when your money is involved regardless of the current situation.
p.s. to my knowledge since they are uploading the binaries on https://bitcoin.org unless their ssl keys are not compromised there is no way of messing with the uploaded files. right?
edit: reading more about https and compromises I realize there are many other ways this can go down!

[YIz]

Is there no way of distributing a file more safely than uploading to bitcoin.org's server? for example, if the devs upload the file to Google Drive, wouldn't it be safer?

[Lauda]

Maybe you should sticky this?

There's a stickied thread regarding verification in Begginers & Help. I'm not sure about making this one sticky as well. I guess putting in on temporarily wouldn't harm.

Potential drama or is this something really serious?

General rule: Better safe than sorry.

I am not sure why no one suggested this before, but maybe the best option is to forget about 0.13 ver and don't upgrade Bitcoin Core at all?

This isn't a solution of any sort. You're mitigating the upgrade process; there's nothing that prevents this from happening from the next major release.

to my knowledge since they are uploading the binaries on https://bitcoin.org unless their ssl keys are not compromised there is no way of messing with the uploaded files. right?

That's a common misconception. SSL is secure if all of the 'pre-conditions' are set (e.g. server key is not stolen). Look up the term "dSniff" -  this was the first public implementation of MITM vs. SSL (IIRC).

for example, if the devs upload the file to Google Drive, wouldn't it be safer?

If we are talking about state-sponsored attacks, what makes you think that Google would be safer?

[RodeoX]

It's time for users to learn about cryptographically signed keys and how to compare hashes.

P.S. Is this related to the NSA tool kit release?

[BillyBobZorton]

Soroscoin is finally here :p
Anyway, it's funny how /r/btc trolls always find a way to blame everything on blockstream. Those guys are real schizos.

I am not sure why no one suggested this before, but maybe the best option is to forget about 0.13 ver and don't upgrade Bitcoin Core at all?
Wait for version 0.14 or something? It this a feasible solution?

just verify the file... you should be doing this since day 1.

[Quickseller]

Sounds like laying the groundwork for a disinfo campaign when Chinese miners fork to a larger max blocksize. Sowing the seeds now to favor an adversarial mindset when it comes to plans coming from China.

Stop trolling.

This is actually one of the first things that I thought of when I read the warning. I would say the above is likely the case until questions like these, and questions about how this information was obtained can be answered. As of now all we have to go on is the word of someone who has zero reason to be trusted, and has many reasons to be distrusted.

Most major bitcoin entities will most likely be using custom software that is built from scratch anyway, so verifying the signatures of the blockstream core devs is mostly a moot point.

I am not sure why no one suggested this before, but maybe the best option is to forget about 0.13 ver and don't upgrade Bitcoin Core at all?
Wait for version 0.14 or something? It this a feasible solution?

If what is being described in the OP is true, then the attacker would simply wait for 0.14 to be released to infect their targets.

p.s. to my knowledge since they are uploading the binaries on https://bitcoin.org unless their ssl keys are not compromised there is no way of messing with the uploaded files. right?

No. An attacker can use different https keys, and use other means to trick trick a user into thinking that the https keys are correct. Or, an attacker can potentially steal the https keys from bitcoin.org, which by design, must remain online at all times.

Is there no way of distributing a file more safely than uploading to bitcoin.org's server? for example, if the devs upload the file to Google Drive, wouldn't it be safer?

Google drive would not be safer.

[YIz]

for example, if the devs upload the file to Google Drive, wouldn't it be safer?

If we are talking about state-sponsored attacks, what makes you think that Google would be safer?

I assume they will have more trouble compromising it than bitcoin.org servers. I was just asking.

[BitcoinSupremo]

NSA has been hacked lately but I guess this has not anything to do with it. I read at the hacker news that the hackers were asking 560 mln USD in bitcoin in order to give back the hacking tools of NSA. Is electrum still safe as that's the wallet I use ? Or it is related to the bitcoin core ? Thanks in advance for clearing my doubts. I never used bitcoin core but I want to know if my coins are at risk or not ?

[billotronic]

Is there no way of distributing a file more safely than uploading to bitcoin.org's server? for example, if the devs upload the file to Google Drive, wouldn't it be safer?

ffs people,

https://github.com/bitcoin/bitcoin/blob/master/doc/gitian-building.md

it's all there... ready to go.

learn to use the tools that are given to you. gitian building is the second sexist thing about bitcoin and anyone reading this thread should be thinking long and hard about taking control of your own bins.

[eddie13]

This is actually kinda cool and has the potential for a positive spin..

If it really comes down to it, NSA Vs. BTC, or China gov Vs. BTC, then WHEN (not if) BTC whoops their asses BTC will go to $10k for sure..

Just one more thing for BTC's resume, like a world champion UFC belt..

I say bring it on and lets get this forlong proposed dual out of the way. Maybe the sooner the better..

If the headlines in 6 months are "NSA attacks BTC, BTC wins, NSA cries" - then Moon, super confidence..

People have been wondering and some unconfident about this possibility since the inception of crypto, if we can finally put it to bed and come out on top we will come out WAY on top..

[Mr Felt]

Do we know whether Cobra was hacked or something?  How can we be certain there is genuine concern about state-sponsored attacks and that yesterday's Cobra is the same a prior Cobras? 

@Theymos - Do you guys have a protocol in place in the event one of the bitcoin.org maintainers becomes compromised (not suggesting that happened here - just thinking hypothetically)?

[theymos]

I am not sure why no one suggested this before, but maybe the best option is to forget about 0.13 ver and don't upgrade Bitcoin Core at all?
Wait for version 0.14 or something? It this a feasible solution?

There's no flaw in 0.13.0. The concern is that for the next major release, an attack might be attempted as everyone rushes to upgrade. If the Core devs had to do a non-SegWit 0.12.2 bugfix release, then the warning would apply equally to that.

Do we know whether Cobra was hacked or something?

Cobra signs all of his commits to bitcoin.org. Unless his PGP key and several of his accounts were compromised, he's the same person

@Theymos - Do you guys have a protocol in place in the event one of the bitcoin.org maintainers becomes compromised (not suggesting that happened here - just thinking hypothetically)?

Cobra has full control of the domain name. I'm the backup in case he gets hit by a bus or something. To my knowledge, there's no way to improve this "one person compromised -> domain compromised" situation without creating some sort of legal entity (and even then I'm not so sure).

[Lauda]

https://github.com/bitcoin/bitcoin/blob/master/doc/gitian-building.md

it's all there... ready to go.
learn to use the tools that are given to you. gitian building is the second sexist thing about bitcoin and anyone reading this thread should be thinking long and hard about taking control of your own bins.

That process needs to be more streamlined and a better guide needs to be made (one that is less complex). Keep in mind that it may very well be difficult for non tech savy users to follow it. Additionally, errors/problems during the process are also not uncommon.

If the headlines in 6 months are "NSA attacks BTC, BTC wins, NSA cries" - then Moon, super confidence..
-snip-

If we do assume that this is the case, what makes you think that the NSA would admit this/leave traces of it? Additionally, what makes you think that the major media would run a story like this?
Bumping this up for visibility due to its importance. It's being pushed down by spam.