abyrnes81
|
|
February 17, 2015, 11:11:31 PM |
|
No comments from @gmaxwell yet?
Doesn't look like it Maybe he is busy and he can't reply I do not know. Is this bug real or not ? Because now a lot of people (various nodes) have updated their client.
|
|
|
|
|
|
|
|
|
Be very wary of relying on JavaScript for security on crypto sites. The site can change the JavaScript at any time unless you take unusual precautions, and browsers are not generally known for their airtight security.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
lolled
|
|
February 17, 2015, 11:13:44 PM |
|
No comments from @gmaxwell yet?
Doesn't look like it Maybe he is busy and he can't reply I do not know. Is this bug real or not ? Because now a lot of people (various nodes) have updated their client. EvilKnievel has a negative rep for a similar thing from gmaxwell back in 2014. Not sure if he would take him seriously on this now.
|
|
|
|
Daedelus
|
|
February 17, 2015, 11:16:27 PM |
|
Just for the record: The bitcoind node, that redsn0w has set up on a VPS Server was shotdown within less than 10 seconds; the bitcoind node consumed so much CPU and memory that the entire server stopped working. Even a login via SSH was not possible anymore.
I can "confirm" but it was only a small droplet with the basic specifics. These were the ghraps: I don't know what he did, I've suggested him to try with other linux machine (not vps) and maybe someone here can help him. How do you explain this? ^
|
|
|
|
Evil-Knievel (OP)
Legendary
Offline
Activity: 1260
Merit: 1168
|
|
February 17, 2015, 11:56:38 PM Last edit: April 17, 2016, 07:52:30 PM by Evil-Knievel |
|
This message was too old and has been purged
|
|
|
|
Quickseller
Copper Member
Legendary
Offline
Activity: 2870
Merit: 2298
|
|
February 18, 2015, 12:44:37 AM |
|
EvilKnievel has a negative rep for a similar thing from gmaxwell back in 2014. Not sure if he would take him seriously on this now.
Please check again. Evil-Knievel, I wanted to follow up with you. I previously said that I thought you were lying about this exploit, however you were able to show a "real world" demonstration with redsn0w's full node (with his permission) and it appears the gamaxwell has evaluated your claim and apparently your claim checked out
|
|
|
|
ncsupanda
Legendary
Offline
Activity: 1628
Merit: 1012
|
|
February 19, 2015, 08:50:56 PM |
|
|
|
|
|
JorgeStolfi
|
|
February 19, 2015, 09:54:45 PM |
|
Do we have six confirmations yet?
|
Academic interest in bitcoin only. Not owner, not trader, very skeptical of its longterm success.
|
|
|
ABitNut
|
|
February 19, 2015, 11:52:06 PM |
|
The silence is becoming slightly awkward. It seems that there is indeed an issue. Is this issue being addressed at the moment? Is there a discussion about it elsewhere that I'm not aware of?
What gives?
|
|
|
|
|
ABitNut
|
|
February 20, 2015, 08:45:18 AM |
|
Actually being able to get a third party to process control characters would be a vector for some shenanigans. Nice catch by Evil Knievel there. Thanks for linking to that pull request.
|
|
|
|
Evil-Knievel (OP)
Legendary
Offline
Activity: 1260
Merit: 1168
|
|
February 20, 2015, 09:31:41 AM Last edit: April 17, 2016, 07:52:18 PM by Evil-Knievel |
|
This message was too old and has been purged
|
|
|
|
msin
Legendary
Offline
Activity: 1470
Merit: 1004
|
|
February 20, 2015, 04:28:20 PM |
|
This is a completely different topic, but thanks to Gmaxwell for the credits. I really appreciate that. I would assume their silence means they are actively working on a solution. Great to see these bugs addressed and credited in the proper way.
|
|
|
|
abyrnes81
|
|
February 20, 2015, 06:09:06 PM |
|
Has he received any bounty for discovering this bug? If the reply is yes, how much he has received?
|
|
|
|
ncsupanda
Legendary
Offline
Activity: 1628
Merit: 1012
|
|
February 20, 2015, 07:20:57 PM |
|
Lighthouse approved the posting this afternoon, so fundraising should be possible.
|
|
|
|
Evil-Knievel (OP)
Legendary
Offline
Activity: 1260
Merit: 1168
|
|
February 20, 2015, 07:50:17 PM Last edit: April 17, 2016, 07:52:00 PM by Evil-Knievel |
|
This message was too old and has been purged
|
|
|
|
ncsupanda
Legendary
Offline
Activity: 1628
Merit: 1012
|
|
February 20, 2015, 08:16:37 PM Last edit: February 20, 2015, 10:05:21 PM by ncsupanda |
|
Lighthouse approved the posting this afternoon, so fundraising should be possible.
Wow, you guys are such a great community. Do you have a link to the project file? Evil The file is on my desktop - the link it created is a few posts up. I'm away from my computer but as soon as I get back I will post the link to it. Should be about an hour or so. EDIT: https://vinumeris.com/_lighthouse/crowdfund/project/bug-bounty-requested-10-btc-for-dos-bug-in-current-clients
|
|
|
|
wr104
|
|
April 02, 2015, 07:23:25 PM |
|
Bump.
Was this really a DoS bug in the client? Did it get fixed?
|
|
|
|
unamis76
Legendary
Offline
Activity: 1512
Merit: 1005
|
|
April 03, 2015, 01:13:18 PM |
|
I'm also curious about the outcome on this. I see OP doesn't have negative trust anymore, so this bug was most likely real and important.
|
|
|
|
MaliceRed
|
|
April 03, 2015, 06:54:36 PM |
|
I third that notion, would very much like to see the outcome of this whole situation.
|
|
|
|
|
|