theymos (OP)
Administrator
Legendary
Offline
Activity: 5334
Merit: 13302
|
|
April 08, 2014, 10:41:37 PM Last edit: April 17, 2014, 02:43:59 PM by theymos |
|
If you are using the graphical version of 0.9.0 on any platform, you must update immediately. Download here. If you can't update immediately, shut down Bitcoin until you can. If you ever used the payment protocol (you clicked a bitcoin: link and saw a green box in Bitcoin Core's send dialog), then you should consider your wallet to be compromised. Carefully generate an entirely new wallet (not just a new address) and send all of your bitcoins there. Do not delete your old wallet. If you are using any other version of Bitcoin-Qt/Bitcoin Core, including bitcoind 0.9.0, you are vulnerable only if the rpcssl command-line option is set. If it is not, then no immediate action is required. If it is, and if an attacker could have possibly communicated with the RPC port, then you should consider your wallet to be compromised. This vulnerability is caused by a critical bug in the OpenSSL library used by Bitcoin Core. Successfully attacking Bitcoin Core by means of this bug seems to be difficult in most cases, and it seems at this point that even successful attacks may be limited, but I recommend taking the above actions just in case. If you are using a binary version of Bitcoin Core obtained from bitcoin.org or SourceForge, then updating your system's version of OpenSSL will not help. OpenSSL is packaged with the binary on all platforms. Download 0.9.1AnnouncementOther software (including other wallet software) may also be affected by this bug. OpenSSL is extremely common.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
alani123
Legendary
Offline
Activity: 2534
Merit: 1496
|
|
April 08, 2014, 10:47:38 PM |
|
If you ever used the payment protocol (you clicked a bitcoin: link and saw a green box in Bitcoin Core's send dialog), then you should consider your wallet to be compromised.
This vulnerability is caused by a critical bug in the OpenSSL library used by Bitcoin Core. Successfully attacking Bitcoin Core by means of this bug seems to be difficult in most cases, and it seems at this point that even successful attacks may be limited, but I recommend taking the above actions just in case.
I shivered for a monent. Next time try mentioning the good news first. Thanks for the heads up!
|
| Duelbits | ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ | | TRY OUR UNIQUE GAMES! ◥ DICE ◥ MINES ◥ PLINKO ◥ DUEL POKER ◥ DICE DUELS | | | | █▀▀ █ █ █ █ █ █ █ █ █ █ █ █▄▄ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ KENONEW ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄█ | | 10,000x MULTIPLIER | | ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ | | ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ |
[/tabl
|
|
|
CoinLearn
|
|
April 08, 2014, 10:59:00 PM Last edit: April 10, 2014, 08:13:31 AM by CoinLearn |
|
This is incredible... who found the bug ? Wladimir ? _______________________________________________________________________________ _____________ www.CoinLearn.org - Learn and Earn Free Bitcoins
|
|
|
|
firejuan
|
|
April 08, 2014, 11:03:58 PM |
|
The article I read and this subsequent website states the Heart bleed bug has been around since 12-11. http://heartbleed.com/This is incredible... who found the bug ? Wladimir ?
|
|
|
|
poordeveloper
|
|
April 08, 2014, 11:04:09 PM |
|
If you ever used the payment protocol (you clicked a bitcoin: link and saw a green box in Bitcoin Core's send dialog), then you should consider your wallet to be compromised. Does ever mean in the 0.9.0 version, or at any point of time?
|
|
|
|
mammix2
Legendary
Offline
Activity: 1302
Merit: 1004
|
|
April 08, 2014, 11:04:36 PM |
|
If you ever used the payment protocol (you clicked a bitcoin: link and saw a green box in Bitcoin Core's send dialog), then you should consider your wallet to be compromised.
This vulnerability is caused by a critical bug in the OpenSSL library used by Bitcoin Core. Successfully attacking Bitcoin Core by means of this bug seems to be difficult in most cases, and it seems at this point that even successful attacks may be limited, but I recommend taking the above actions just in case.
I shivered for a monent. Next time try mentioning the good news first. Thanks for the heads up! Exactly, we're not talking about a few £ or $ here and there...LOL!
|
1HfpFYxBUpQ941mKd4DEjsyA22HN4Kerzu
|
|
|
Joshuar
|
|
April 08, 2014, 11:07:04 PM |
|
This applies to Multibit Bitcoin wallets? Multibit vs 0.5.17?
|
❱❱ | | ██ █║█ ║║║ ║║║ █║█ ██ | | | | | ▄██▄ ▄██████▄ ▄██████████ ▄██████████▀ ▄▄ ▄██████████▀ ▄████▄ ▄██████████▀ ████████▄ ██████████▀ ▀████████ ▀███████▀ ▄███▄ ▀████▀ ▄█▄ ▄███▄ ▀███▀ ▄███████▄ ▀▀ ▄█████▄ ▄███████▄ ▄██████████ ▄█████████ █████████ ▄██████████▀ ▄██████████▀ ▀█████▀ ▄██████████▀ ▄██████████▀ ▀▀▀ ▄██████████▀ ▄██████████▀ ██████████▀ ▄██████████▀ ▀███████▀ █████████▀ ▀███▀ ▄██▄ ▀█████▀ ▄██████▄ ▀▀▀ █████████ ▀█████▀ ▀▀▀ | | e i d o o ██
| | ▄██▄ ▄██████▄ ▄██████████ ▄██████████▀ ▄▄ ▄██████████▀ ▄████▄ ▄██████████▀ ████████▄ ██████████▀ ▀████████ ▀███████▀ ▄███▄ ▀████▀ ▄█▄ ▄███▄ ▀███▀ ▄███████▄ ▀▀ ▄█████▄ ▄███████▄ ▄██████████ ▄█████████ █████████ ▄██████████▀ ▄██████████▀ ▀█████▀ ▄██████████▀ ▄██████████▀ ▀▀▀ ▄██████████▀ ▄██████████▀ ██████████▀ ▄██████████▀ ▀███████▀ █████████▀ ▀███▀ ▄██▄ ▀█████▀ ▄██████▄ ▀▀▀ █████████ ▀█████▀ ▀▀▀ | | | | | ██ █║█ ║║║ ║║║ █║█ ██ | | ❰❰ | | |
|
|
|
theymos (OP)
Administrator
Legendary
Offline
Activity: 5334
Merit: 13302
|
|
April 08, 2014, 11:10:18 PM |
|
Does ever mean in the 0.9.0 version, or at any point of time?
The payment protocol only exists in 0.9.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
knight22
Legendary
Offline
Activity: 1372
Merit: 1000
--------------->¿?
|
|
April 08, 2014, 11:20:59 PM |
|
Do I need to uninstall 0.9.0?
|
|
|
|
awesomeami
Member
Offline
Activity: 98
Merit: 10
|
|
April 08, 2014, 11:21:28 PM |
|
|
|
|
|
BittBurger
|
|
April 08, 2014, 11:25:13 PM |
|
Theymos - I have a number of people I need to tell to update. Can I tell them to just go to bitcoin.org and update yet? (the front end website I mean) Updte: Looks like here has 0.9.1? https://bitcoin.org/en/download-B-
|
|
|
|
awesomeami
Member
Offline
Activity: 98
Merit: 10
|
|
April 08, 2014, 11:25:56 PM |
|
Theymos -
I have a number of people I need to tell to update.
Can I tell them to just go to bitcoin.org and update yet?
-B-
What about to use ALERT https://en.bitcoin.it/wiki/Alerts
|
|
|
|
poordeveloper
|
|
April 08, 2014, 11:27:24 PM |
|
Theymos -
I have a number of people I need to tell to update.
Can I tell them to just go to bitcoin.org and update yet?
-B-
What about to use ALERT https://en.bitcoin.it/wiki/AlertsMy exact thoughts. I think this is serious enough.
|
|
|
|
alani123
Legendary
Offline
Activity: 2534
Merit: 1496
|
|
April 08, 2014, 11:28:19 PM |
|
Theymos -
I have a number of people I need to tell to update.
Can I tell them to just go to bitcoin.org and update yet?
-B-
What about to use ALERT https://en.bitcoin.it/wiki/AlertsMaybe he's talking about non techincal users. To answer his original question, YES the website seems to have updated the download links to the latest version. https://bitcoin.org/en/download
|
| Duelbits | ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ | | TRY OUR UNIQUE GAMES! ◥ DICE ◥ MINES ◥ PLINKO ◥ DUEL POKER ◥ DICE DUELS | | | | █▀▀ █ █ █ █ █ █ █ █ █ █ █ █▄▄ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ KENONEW ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄█ | | 10,000x MULTIPLIER | | ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ | | ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ |
[/tabl
|
|
|
BittBurger
|
|
April 08, 2014, 11:28:52 PM |
|
Exactly. Thanks.
|
|
|
|
awesomeami
Member
Offline
Activity: 98
Merit: 10
|
|
April 08, 2014, 11:31:01 PM |
|
Sure. Thats good & OK. But we should(??) alarm all users ASAP to at least shutdown bitcoin core and don't use it and upg. ASAP.
|
|
|
|
bronan
|
|
April 08, 2014, 11:31:10 PM |
|
the new client crashes pretty nasty ok found its my antivirus trying to avoid another bitcoin virus people who use windows make sure when the program crashes to set any antivirus to allow the data its a false positive
|
|
|
|
awesomeami
Member
Offline
Activity: 98
Merit: 10
|
|
April 08, 2014, 11:31:48 PM |
|
the new client crashes pretty nasty
pls what OS do u use? No crashes with 0.9.0??
|
|
|
|
/dev/null
|
|
April 08, 2014, 11:33:09 PM Last edit: April 08, 2014, 11:49:52 PM by /dev/null |
|
Edit: using electrum is safe.
|
|
|
|
madmadmax
|
|
April 08, 2014, 11:38:23 PM |
|
That's exactly what all those three letter organizations doing within the Bitcoin Foundation, introducing vulnerabilities to the protocol.
|
▄▄▄▄▄ ▄▄▄▄▄ ▄▄█▀▀▀▀▀▀██▄ ▄▄█▀▀▀▀▀▀▀█▄ ▄██▀ ▀██▄ ▄██▀ ▀█▄ ██▀ ▀██▄ ▀▀ ██ ██ ▀██ ▄▄▄▄▄▄▄▄██ ██ ▀██▄ ▀▀▀▀▀▀▀▀▀▀ ██▄ ▄██ ▀██▄ ▄▄▄ ▀██▄ ▄██▀ ▀██▄▄ ▄██▀ ▀▀██████▀▀ ▀▀██████▀▀
| | █ ║ █ | ✔ Unchained Smart Contracts ✔ Decentralized Oracle ✔ Infinitly Scalable
| ✔ Blockchain Technology ✔ Turing-Complete ✔ State-Channels
| █ ║ █ | ▄████▄▄ ▄ ██ ████████████▀ ████▄ █████████████▀ ▀████████▄▄ █████████████ ▄▄█████████████████████████ ██████████████████████████ ▀██████████████████████ █████████████████████ ▀█████████████████▀ ▄█████████████▀ ▄▄███████████████▀ ▀▀▀▀▀▀▀▀▀▀▀
| | ▄██▄ ▄ ▐████ ▄▄ █████ ██████████ █████████████████▀ ▄████████████▀████▌ ██████████ ▀████ ▀▀ █████ ██████████ ▀████▌▄████████████▀ ▄▄▄███████████████▌ ██████████▀ ▐████ ▀▀▀ ████▌ ▀▀▀ ▀███▀
| | f | | █ ║ █ | |
|
|
|
|