Bitcoin Forum
October 25, 2020, 08:18:34 AM *
News: Latest Bitcoin Core release: 0.20.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: US Computer Emergency Readiness Team / nist.gov publish 2year old bitcoin vulns  (Read 1141 times)
julz
Legendary
*
Offline Offline

Activity: 1092
Merit: 1000



View Profile
August 14, 2012, 12:03:26 AM
Last edit: August 14, 2012, 03:32:44 AM by julz
 #1

http://www.us-cert.gov/cas/bulletins/SB12-226.html

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5139

which references the discussion thread: https://bitcointalk.org/index.php?topic=822.0


Why now?  Is it standard practice to release such old warnings?

With wording like:
"allows remote attackers to bypass intended economic restrictions and create many bitcoins via a crafted Bitcoin transaction."
and
"Impact Type:Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service"

It's potentially damaging If people don't notice how old it is I would have thought.

@electricwings   BM-GtyD5exuDJ2kvEbr41XchkC8x9hPxdFd
1603613914
Hero Member
*
Offline Offline

Posts: 1603613914

View Profile Personal Message (Offline)

Ignore
1603613914
Reply with quote  #2

1603613914
Report to moderator
1603613914
Hero Member
*
Offline Offline

Posts: 1603613914

View Profile Personal Message (Offline)

Ignore
1603613914
Reply with quote  #2

1603613914
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1603613914
Hero Member
*
Offline Offline

Posts: 1603613914

View Profile Personal Message (Offline)

Ignore
1603613914
Reply with quote  #2

1603613914
Report to moderator
1603613914
Hero Member
*
Offline Offline

Posts: 1603613914

View Profile Personal Message (Offline)

Ignore
1603613914
Reply with quote  #2

1603613914
Report to moderator
niko
Hero Member
*****
Offline Offline

Activity: 756
Merit: 500


There is more to Bitcoin than bitcoins.


View Profile
August 14, 2012, 12:20:09 AM
 #2

Good catch, julz. I have mixed feelings about this, but currently lean towards "great!" - essentially, a US government agency is recommending Bitcoin users to upgrade to the latest clients. 
Bitcoin is listed there with the likes of Cisco. I like.

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
rjk
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


1ngldh


View Profile
August 14, 2012, 12:21:34 AM
 #3

Those CVE numbers were issued a while back, but I guess they only just got around to publishing the actual vulnerability?

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
BkkCoins
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1002


firstbits:1MinerQ


View Profile WWW
August 14, 2012, 02:53:32 AM
 #4

Maybe it took 2 years for the bureaucracy to decide that Bitcoin was ok for them to comment on or publish about. That could be a good sign. Or it's part of a new ramping up of disinformation against Bitcoin.

niko
Hero Member
*****
Offline Offline

Activity: 756
Merit: 500


There is more to Bitcoin than bitcoins.


View Profile
August 14, 2012, 04:24:46 AM
 #5

Maybe it took 2 years for the bureaucracy to decide that Bitcoin was ok for them to comment on or publish about. That could be a good sign. Or it's part of a new ramping up of disinformation against Bitcoin.

NIST is about as close as you can get to a "friendly government" in the US. Their findings are of course in the public domain, but also - unlike many other agencies - in most cases directly applicable to real life.

Unless new information emerges soon, I'd call this a good sign, even if it's slow and confusing in some ways.

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!