Bitcoin Forum
December 09, 2021, 08:02:11 AM *
News: Latest Bitcoin Core release: 22.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: bitcoin core updated to 0.9.1  (Read 3437 times)
awesomeami
Member
**
Offline Offline

Activity: 98
Merit: 10



View Profile
April 08, 2014, 10:16:31 PM
Last edit: April 08, 2014, 11:51:00 PM by awesomeami
 #1

UPDATE:
Change ALL YOUR PASSWORDS on all your BTC-forums, casinos, exchanges, bettings websites ++ (internet) banking systems, gmail, FB, this forum, all httpS ...
(most paranoic - do it twice a day next 2 weeks - and don't forget them Tongue)


http://www.reddit.com/r/Bitcoin/comments/22jtxg/bitcoin_core_version_091_released/

Pls update https://bitcointalk.org/index.php?board=87.0 ty theymos nice & fast work Smiley

https://bitcointalk.org/index.php?topic=562409.msg6132778#msg6132778


Quote
A bug in OpenSSL, used by Bitcoin-Qt/Bitcoin Core, could allow your bitcoins to be stolen. Immediately updating Bitcoin Core to 0.9.1 is required in some cases, especially if you're using 0.9.0. Download.
https://bitcoin.org/bin/0.9.1/

https://bitcointalk.org/index.php?topic=561923.msg6128780#msg6128780
https://bitcointalk.org/index.php?topic=561923.msg6131049#msg6131049
https://bitcointalk.org/index.php?topic=561923.msg6131397#msg6131397

1639036931
Hero Member
*
Offline Offline

Posts: 1639036931

View Profile Personal Message (Offline)

Ignore
1639036931
Reply with quote  #2

1639036931
Report to moderator
1639036931
Hero Member
*
Offline Offline

Posts: 1639036931

View Profile Personal Message (Offline)

Ignore
1639036931
Reply with quote  #2

1639036931
Report to moderator
1639036931
Hero Member
*
Offline Offline

Posts: 1639036931

View Profile Personal Message (Offline)

Ignore
1639036931
Reply with quote  #2

1639036931
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1639036931
Hero Member
*
Offline Offline

Posts: 1639036931

View Profile Personal Message (Offline)

Ignore
1639036931
Reply with quote  #2

1639036931
Report to moderator
roslinpl
Legendary
*
Offline Offline

Activity: 2030
Merit: 1190


https://cryptocoinsinfo.net


View Profile WWW
April 08, 2014, 10:30:17 PM
 #2

Yeah... I hope not many people have lost BTC because of that bug ...

Damn Smiley ... what to do, shit happens - good that reaction was quick and 0.9.1 is released.

 
..
 
..
 
..
 
..
SIGNATURES
  █████████████████████████████████████████████████████████████████████████████  
███████████████████████████████████████████████████████████████████████████████████
██████                █████      █████                ███████                ██████
████                    ███      ███                    ███                    ████
████      ████████████  ███      ███      ████████████  ███      ████████████  ████
████      ████████████  ███      ███      ████████████  ███      ████████████  ████
████      ████████████  ███      ███      ████████████  ███      ████████████  ████
████      █████████████████      ███      █████████████████      ██████████████████
████  █████████████████████      ███  █████████████████████  ██████████████████████
████  █████████████████████      ███  ████              ███  ██████████████████████
████                  █████  ███████  ████              ███                  ██████
██████                  ███  ███████  ████      ██████  █████                  ████
██████████████████████  ███  ███████  ████████████████  █████████████████████  ████
██████████████████████  ███  ███████  ████████████████  █████████████████████  ████
██████████████████      ███  ███████  ████████████      █████████████████      ████
████  ████████████      ███  ███████  ████████████      ███  ████████████      ████
████  ████████████      ███  ███████  ████████████      ███  ████████████      ████
████  ████████████      ███  ███████   ███████████      ███  ████████████      ████
████                    ███  ███████                    ███                    ████
██████                █████  █████████                ███████                ██████
███████████████████████████████████████████████████████████████████████████████████
   █████████████████████████████████████████████████████████████████████████████  
|
██  ██ ██████ ███████ ██
 ██████   ██   ██ █ ██ ██
 ██  ██   ██   ██   ██ ████

████████████████████████████
████████████████████████████
████████████████████████████
████░░░░░░░░░░          ████
████░░░░░░░░░░          ████
▐███▌░░░░▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄███▌
▐████░░░░██████████████████▌
▐████░░░░░░░░░         ████▌
 ████░░░░░░░░░         ████
 ████▄▄▄▄▄▄▄▄▄▄▄▄▄    ▐████
 ▐████░░░░████████    ████▌
 ▐████░░░░████████    ████▌
 ▐████░░░░▀▀▀██▀▀▀    ████▌
  ████▌░░░░░░░       ▐████
  ██████▄▄░░░░    ▄▄██████
  ███████████▄▄███████████
  ▀▀▀██████████████████▀▀▀
        ▀▀▀▀▀██▀▀▀▀▀
BANNERS
 
..
 
..
 
..
 
..
arcnorth
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile
April 08, 2014, 10:33:07 PM
 #3

Just so we're clear, the bug only affects bitcoin-qt and not any other 3rd party wallet like multibit right?

I'm going to transfer all my bitcoin to an online account just in case  Sad
Rampion
Legendary
*
Offline Offline

Activity: 1120
Merit: 1000


View Profile
April 08, 2014, 10:34:14 PM
 #4

I'm going to transfer all my bitcoin to an online account just in case  Sad

I hope you are joking.

DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1020


Gerald Davis


View Profile
April 08, 2014, 10:36:47 PM
Last edit: April 08, 2014, 10:47:34 PM by DeathAndTaxes
 #5

Just so we're clear, the bug only affects bitcoin-qt and not any other 3rd party wallet like multibit right?

I'm going to transfer all my bitcoin to an online account just in case  Sad

Do you use SSL for remote RPC calls to your bitcoind daemon?  No.  Then it doesn't affect you even if you use Bitcoin-Core (the client formerly known as Bitcoin-QT).  Forgot about the new payment protocol system.  Great timing on that one. Smiley

Switching to an online account would be foolish.  Shutdown your client if you are worried.  Don't statup it up again until you have upgraded.
Rampion
Legendary
*
Offline Offline

Activity: 1120
Merit: 1000


View Profile
April 08, 2014, 10:45:46 PM
 #6

Do you use SSL for remote RPC calls to your bitcoind daemon?  No.  Then it doesn't affect you even if you use Bitcoin-Core (the client formerly known as Bitcoin-QT). 

FYI:

If you are using the graphical version of 0.9.0 on any platform, you must update immediately. Download here. If you can't update immediately, shut down Bitcoin until you can. If you ever used the payment protocol (you clicked a bitcoin: link and saw a green box in Bitcoin Core's send dialog), then you should consider your wallet to be compromised. Carefully generate an entirely new wallet (not just a new address) and send all of your bitcoins there. Do not delete your old wallet.
- If you are using any other version of Bitcoin-Qt/Bitcoin Core, including bitcoind 0.9.0, you are vulnerable only if the rpcssl command-line option is set. If it is not, then no immediate action is required. If it is, and if an attacker could have possibly communicated with the RPC port, then you should consider your wallet to be compromised.

This vulnerability is caused by a critical bug in the OpenSSL library used by Bitcoin Core. Successfully attacking Bitcoin Core by means of this bug seems to be difficult in most cases, and it seems at this point that even successful attacks may be limited, but I recommend taking the above actions just in case.

If you are using a binary version of Bitcoin Core obtained from bitcoin.org or SourceForge, then updating your system's version of OpenSSL will not help. OpenSSL is packaged with the binary on all platforms.

Download 0.9.1
Announcement

Other software (including other wallet software) may also be affected by this bug. OpenSSL is extremely common.

roslinpl
Legendary
*
Offline Offline

Activity: 2030
Merit: 1190


https://cryptocoinsinfo.net


View Profile WWW
April 08, 2014, 10:50:08 PM
 #7

Just so we're clear, the bug only affects bitcoin-qt and not any other 3rd party wallet like multibit right?

I'm going to transfer all my bitcoin to an online account just in case  Sad
No worries too much. Problem is with Bitcoin-qt not with Multibit ...

And offline 3rd party wallets are not recommended to keep your BTCs  - online wallets are to keep reasonable amounts not all of your holdings...

Just do not worry as you are multibit user.
Just make sure your computer is behind a firewall, your router is behind a firewall, you can install some additional fire wall, and antivirus, and spybot remover and just keep all safety steps in mind. E-mails, phishing web sites, etc. Smiley

regards.

 
..
 
..
 
..
 
..
SIGNATURES
  █████████████████████████████████████████████████████████████████████████████  
███████████████████████████████████████████████████████████████████████████████████
██████                █████      █████                ███████                ██████
████                    ███      ███                    ███                    ████
████      ████████████  ███      ███      ████████████  ███      ████████████  ████
████      ████████████  ███      ███      ████████████  ███      ████████████  ████
████      ████████████  ███      ███      ████████████  ███      ████████████  ████
████      █████████████████      ███      █████████████████      ██████████████████
████  █████████████████████      ███  █████████████████████  ██████████████████████
████  █████████████████████      ███  ████              ███  ██████████████████████
████                  █████  ███████  ████              ███                  ██████
██████                  ███  ███████  ████      ██████  █████                  ████
██████████████████████  ███  ███████  ████████████████  █████████████████████  ████
██████████████████████  ███  ███████  ████████████████  █████████████████████  ████
██████████████████      ███  ███████  ████████████      █████████████████      ████
████  ████████████      ███  ███████  ████████████      ███  ████████████      ████
████  ████████████      ███  ███████  ████████████      ███  ████████████      ████
████  ████████████      ███  ███████   ███████████      ███  ████████████      ████
████                    ███  ███████                    ███                    ████
██████                █████  █████████                ███████                ██████
███████████████████████████████████████████████████████████████████████████████████
   █████████████████████████████████████████████████████████████████████████████  
|
██  ██ ██████ ███████ ██
 ██████   ██   ██ █ ██ ██
 ██  ██   ██   ██   ██ ████

████████████████████████████
████████████████████████████
████████████████████████████
████░░░░░░░░░░          ████
████░░░░░░░░░░          ████
▐███▌░░░░▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄███▌
▐████░░░░██████████████████▌
▐████░░░░░░░░░         ████▌
 ████░░░░░░░░░         ████
 ████▄▄▄▄▄▄▄▄▄▄▄▄▄    ▐████
 ▐████░░░░████████    ████▌
 ▐████░░░░████████    ████▌
 ▐████░░░░▀▀▀██▀▀▀    ████▌
  ████▌░░░░░░░       ▐████
  ██████▄▄░░░░    ▄▄██████
  ███████████▄▄███████████
  ▀▀▀██████████████████▀▀▀
        ▀▀▀▀▀██▀▀▀▀▀
BANNERS
 
..
 
..
 
..
 
..
awesomeami
Member
**
Offline Offline

Activity: 98
Merit: 10



View Profile
April 08, 2014, 10:54:36 PM
Last edit: April 08, 2014, 11:23:03 PM by awesomeami
 #8

Just so we're clear, the bug only affects bitcoin-qt and not any other 3rd party wallet like multibit right?

I'm going to transfer all my bitcoin to an online account just in case  Sad

Do you use SSL for remote RPC calls to your bitcoind daemon?  No.  Then it doesn't affect you even if you use Bitcoin-Core (the client formerly known as Bitcoin-QT).  Forgot about the new payment protocol system.  Great timing on that one. Smiley

Switching to an online account would be foolish.  Shutdown your client if you are worried.  Don't statup it up again until you have upgraded.
THIS!!

1. Just don't panic
2. Shutdown all bitcoin clients (better other ones, too - like multibit or armory)
3. upgrade
4. watch carefully for few days - better don't start
5. move to another wallet - https://bitcointalk.org/index.php?topic=562409.msg6132778#msg6132778 just for sure
6. read more about here:
https://bitcointalk.org/index.php?topic=561923.msg6133060#msg6133060

Change ALL YOUR PASSWORDS on banking systems, gmail, FB, this forum, all httpS ...
(most paranoic - do it twice a day next 2 weeks - and don't forget them Tongue)



grue
Legendary
*
Offline Offline

Activity: 2058
Merit: 1274



View Profile
April 09, 2014, 04:00:49 AM
 #9

oh look, this sort of fearmongering again. On bitcoin-qt, you're not compromised unless you clicked a bitcoin payment link.

Change ALL YOUR PASSWORDS on banking systems, gmail, FB, this forum, all https
what if i told you that all of the major browsers do not use openssl? chrome and firefox use NSS, and microsoft uses their own closed source solution. What if I also told you that the vulnerability does not include code injection, so unless you entered passwords into a openssl application, you're safe.

It is pitch black. You are likely to be eaten by a grue.

Adblock for annoying signature ads | Enhanced Merit UI
meawleir21
Member
**
Offline Offline

Activity: 84
Merit: 10


View Profile
April 09, 2014, 04:54:20 AM
 #10

LOL this is just big! if it's vlad who found it then he got himself attention for sure...
binaryFate
Legendary
*
Offline Offline

Activity: 1484
Merit: 1001


Still wild and free


View Profile
April 09, 2014, 08:33:03 AM
 #11

oh look, this sort of fearmongering again. On bitcoin-qt, you're not compromised unless you clicked a bitcoin payment link.

Change ALL YOUR PASSWORDS on banking systems, gmail, FB, this forum, all https
what if i told you that all of the major browsers do not use openssl? chrome and firefox use NSS, and microsoft uses their own closed source solution. What if I also told you that the vulnerability does not include code injection, so unless you entered passwords into a openssl application, you're safe.

The memory of the browser is compromised, no need to type any password... it is enough if they are in the part of your RAM that can be dumped to the attacker. Same for session IDs.
Good news that chrome and firefox are not affected.

Monero's privacy and therefore fungibility are MUCH stronger than Bitcoin's. 
This makes Monero a better candidate to deserve the term "digital cash".
awesomeami
Member
**
Offline Offline

Activity: 98
Merit: 10



View Profile
April 09, 2014, 09:38:56 AM
 #12

Good news that chrome and firefox are not affected.

Can you pls explain how can I be/was safe using FF connecting to "compromised OpenSLL www".
ty - I am not much expert in that - maybe some link, ty

Lethn
Legendary
*
Offline Offline

Activity: 1540
Merit: 1000



View Profile WWW
April 09, 2014, 09:57:10 AM
 #13

You know, I was looking at their 0.9.0 version of the Bitcoin client, it said FINAL in big capital letters and then I thought "What if they find a new bug or vulnerability in it, then it won't be the final version at all will it?" open source software will always be improved upon and always be updated because there are so many people looking at the code and finding things.
roslinpl
Legendary
*
Offline Offline

Activity: 2030
Merit: 1190


https://cryptocoinsinfo.net


View Profile WWW
April 09, 2014, 10:11:56 AM
 #14

You know, I was looking at their 0.9.0 version of the Bitcoin client, it said FINAL in big capital letters and then I thought "What if they find a new bug or vulnerability in it, then it won't be the final version at all will it?" open source software will always be improved upon and always be updated because there are so many people looking at the code and finding things.

this is true. And 0.9.0 not final at all Smiley

And perhaps there will be always some issue to solve ...
OpenSource.

 
..
 
..
 
..
 
..
SIGNATURES
  █████████████████████████████████████████████████████████████████████████████  
███████████████████████████████████████████████████████████████████████████████████
██████                █████      █████                ███████                ██████
████                    ███      ███                    ███                    ████
████      ████████████  ███      ███      ████████████  ███      ████████████  ████
████      ████████████  ███      ███      ████████████  ███      ████████████  ████
████      ████████████  ███      ███      ████████████  ███      ████████████  ████
████      █████████████████      ███      █████████████████      ██████████████████
████  █████████████████████      ███  █████████████████████  ██████████████████████
████  █████████████████████      ███  ████              ███  ██████████████████████
████                  █████  ███████  ████              ███                  ██████
██████                  ███  ███████  ████      ██████  █████                  ████
██████████████████████  ███  ███████  ████████████████  █████████████████████  ████
██████████████████████  ███  ███████  ████████████████  █████████████████████  ████
██████████████████      ███  ███████  ████████████      █████████████████      ████
████  ████████████      ███  ███████  ████████████      ███  ████████████      ████
████  ████████████      ███  ███████  ████████████      ███  ████████████      ████
████  ████████████      ███  ███████   ███████████      ███  ████████████      ████
████                    ███  ███████                    ███                    ████
██████                █████  █████████                ███████                ██████
███████████████████████████████████████████████████████████████████████████████████
   █████████████████████████████████████████████████████████████████████████████  
|
██  ██ ██████ ███████ ██
 ██████   ██   ██ █ ██ ██
 ██  ██   ██   ██   ██ ████

████████████████████████████
████████████████████████████
████████████████████████████
████░░░░░░░░░░          ████
████░░░░░░░░░░          ████
▐███▌░░░░▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄███▌
▐████░░░░██████████████████▌
▐████░░░░░░░░░         ████▌
 ████░░░░░░░░░         ████
 ████▄▄▄▄▄▄▄▄▄▄▄▄▄    ▐████
 ▐████░░░░████████    ████▌
 ▐████░░░░████████    ████▌
 ▐████░░░░▀▀▀██▀▀▀    ████▌
  ████▌░░░░░░░       ▐████
  ██████▄▄░░░░    ▄▄██████
  ███████████▄▄███████████
  ▀▀▀██████████████████▀▀▀
        ▀▀▀▀▀██▀▀▀▀▀
BANNERS
 
..
 
..
 
..
 
..
S4VV4S
Hero Member
*****
Offline Offline

Activity: 1568
Merit: 502



View Profile
April 09, 2014, 10:26:26 AM
 #15

So if someone DIDN'T click on a bitcoin link using 0.9.0 they are safe right?

███████████████████████████
██████████▀▀         ▀▀████
█████████▀              ▀██
█████████   ▐████████▌   ██
███▀▀             ███▌   ██
██▀               ███▌   ██
██   ▐███████████████▌   ██
██   ▐███               ▄██
██   ▐███            ▄▄████
██   ▐████████▌   █████████
██▄              ▄█████████
███▄▄         ▄▄███████████
███████████████████████████
.
.crosswise.
..........Next Gen Cross-Chain DEX..........
|   TELEGRAM   |    TWITTER    |    DISCORD    |     MEDIUM     |  INSTAGRAM  |
.
...SIGN IN...
binaryFate
Legendary
*
Offline Offline

Activity: 1484
Merit: 1001


Still wild and free


View Profile
April 09, 2014, 11:18:49 AM
 #16

Good news that chrome and firefox are not affected.

Can you pls explain how can I be/was safe using FF connecting to "compromised OpenSLL www".
ty - I am not much expert in that - maybe some link, ty


The vulnerability is in the openssl library, that may be used by your browser among other things. But apparently firefox is using a different module for SSL capabilities, and not the openssl implementation, so it is not affected.
If a server was using that particular weak version of the openssl library, then anybody could dump data from that server, but not the other way around.

This is on the level of "browser not technically affected", however on the level of "user being safe" as you mention, things are less good: if a server was vulnerable, then the attacker could maybe use the weakness to take further control of the server (or impersonate it using its certificate), putting you at risk when you are doing your usual activity with what you believe is the usual friendly https server you have always talk to...

Monero's privacy and therefore fungibility are MUCH stronger than Bitcoin's. 
This makes Monero a better candidate to deserve the term "digital cash".
DannyHamilton
Legendary
*
Offline Offline

Activity: 2660
Merit: 2730



View Profile
April 09, 2014, 01:35:32 PM
 #17

You know, I was looking at their 0.9.0 version of the Bitcoin client, it said FINAL in big capital letters and then I thought "What if they find a new bug or vulnerability in it, then it won't be the final version at all will it?"

FINAL means the final 0.9.0.  Any change that comes after that will go into 0.9.1.
Fixx
Hero Member
*****
Offline Offline

Activity: 535
Merit: 501


EMC


View Profile
April 09, 2014, 05:31:58 PM
 #18

Were is Wallet.dat placed in Bitcoin 0.9.x ver for Windows x64 ?

bitcoinforhelp
Full Member
***
Offline Offline

Activity: 154
Merit: 100


View Profile
April 09, 2014, 05:33:48 PM
 #19

i won't change, i feel secure Smiley, less secure would be changing them
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1020


Gerald Davis


View Profile
April 09, 2014, 06:09:18 PM
 #20

You know, I was looking at their 0.9.0 version of the Bitcoin client, it said FINAL in big capital letters and then I thought "What if they find a new bug or vulnerability in it, then it won't be the final version at all will it?" open source software will always be improved upon and always be updated because there are so many people looking at the code and finding things.

Final on any version of Bitcoin simply distinguished between that and the release candidate.

i.e. 0.9.0 RC1, 0.9.0 RC2, <insert as many Release Candidates as necessary to resolve outstanding issues)>,  0.9.0 Final.

Version 0.9 is final it will never be updated.  Case in point the next release was v0.9.1
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!