BitCoinDream (OP)
Legendary
 Offline
Activity: 2324
Merit: 1204
The revolution will be digital
|
 |
September 26, 2014, 09:51:57 AM |
|
I have read ShellShock opens up Apache vulnerability. AFAIK most of the Bitcoin exchanges are running on Apache. So are they just awaiting to be ripped off ? p.s. If U dont know what is ShellShock, check here. |
|
|
|
|
|
|
|
|
|
|
"This isn't the kind of software where we can leave so many unresolved bugs that we need a tracker for them." -- Satoshi
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
|
RustyNomad
|
|
September 26, 2014, 09:53:23 AM |
|
No exchange is safe in my opinion, no matter how they harp on about their 100% security.
|
|
|
|
|
BitCoinDream (OP)
Legendary
Offline
Activity: 2324
Merit: 1204
The revolution will be digital
|
|
September 26, 2014, 11:06:43 AM |
|
No exchange is safe in my opinion, no matter how they harp on about their 100% security.
If Apache is affected, then practically very few websites are safe now, because Apache has become almost synonymous to web server. So if Apache is attacked, the result will be catastrophe including the banking systems and the heat on bitcoin exchanges will be negligible to that. |
|
|
|
1Referee
Legendary
Offline
Activity: 2170
Merit: 1427
|
|
September 26, 2014, 11:35:10 AM |
|
Any service involved with Bitcoin will never be safe.
The only thing they can do is keep the security spot on, and detect any security holes before hackers do.
|
|
|
|
|
newyorker91
Newbie
Offline
Activity: 22
Merit: 0
|
|
September 26, 2014, 11:46:49 AM |
|
yeah trading became dangerous...
|
|
|
|
|
Tzupy
Legendary
Offline
Activity: 2128
Merit: 1074
|
|
September 26, 2014, 02:17:32 PM |
|
After? They probably patched their Linux servers by now, but the problem existed for over 20 years, who knows if it was already exploited?
|
Sometimes, if it looks too bullish, it's actually bearish
|
|
|
ArticMine
Legendary
Offline
Activity: 2282
Merit: 1050
Monero Core Team
|
|
September 27, 2014, 02:22:19 AM |
|
If they are running GNU/Linux on their servers and have fully patched their servers they are not vulnerable (this is the most likely scenario).
If they are running GNU/Linux on their servers and have not patched their servers they are vulnerable.
If they are running Microsoft Windows Server on their servers they are not vulnerable.
If they are running Apple Server on their servers they are vulnerable (Apple has yet to issue any patches).
|
|
|
|
|
moni3z
|
|
September 27, 2014, 02:41:22 AM |
|
If they have CGI scripts that call /bin/bash then they were vuln, or if they had any library on their system that called bash it was only one unauthenticated GET req from being totally pwned.
|
|
|
|
|
Tzupy
Legendary
Offline
Activity: 2128
Merit: 1074
|
|
September 27, 2014, 11:59:44 AM |
|
|
Sometimes, if it looks too bullish, it's actually bearish
|
|
|
|
PenAndPaper
|
|
September 27, 2014, 12:01:35 PM |
|
I guess they hold the majority of their coins in cold storage... or they should anyway..
|
|
|
|
|
|
japandrew73
|
|
September 27, 2014, 04:11:02 PM |
|
is BTC-e affected by this?
|
|
|
|
|
|
RedDiamond
|
|
September 28, 2014, 02:10:43 PM |
|
You can use this page for testing: http://shellshocktest.com/'This tool helps you to check if your server is vulnerable to CVE-2014-6271, also known as "ShellShock".' |
|
|
|
|
|
