Feed for tag: cve-2018-17144

Bitmex Research Launched a Fork Monitoring Website

Saturday Nov 10, 2018

by Chakib

briefs blockchain devtools

BitMEX research developed a fork monitoring tool that can be used to monitor network and protocol upgrades for soft and hard forks for Bitcoin and BitcoinCash. They plan to include different implementations of Bitcoin nodes such as Bcoin, BTCD and Libbitcoin which might be helpful to detect consensus bugs such as CVE-2018-17144 that was discovered last September. They also announced that the source code for the tool will be made available soon.

Thursday Oct 11, 2018

by Bitcoin Optech

front event core blockchain

Content originally published by BitcoinOptech on newsletter #16.

Introduction

The fifth Scaling Bitcoin conference was held Saturday and Sunday in Tokyo, Japan. In the sections below, we provide brief overviews to some of the talks we think might be most interesting to this newsletter’s readers, but we also recommend watching the complete set of videos provided by the workshop organizers or reading the transcripts provided by Bryan Bishop.

Thursday Sep 27, 2018

by Chakib Benziane

front core security

On Mon, 17 Sep 2018, an anonymous encrypted disclosure message was sent to the BitcoinCore team by a user under the pseudonymous of beardnbobies. The message disclosed a Denial Of Service bug and a potential inflation bug

A summary of the HoneyBadger conference

Wednesday Sep 26, 2018

by Omar Wagih

front event core lightning

The Baltic Honeybadger conference is the first major event in Latvia dedicated to Bitcoin and the technologies built around it. This year’s second edition panelists included major Bitcoin developers like Brian bishop, Matt Corallo and Eric Voskuil, Cryptography specialists like Adam Back and Peter Todd, CEOs like Elizabeth Stark and Eric Lombrozo and many others. Here’s a summary of the two-day panels …

Commit Activity For Thursday, Sep 20

Thursday Sep 20, 2018

bulletin

Notable issues and merges on Bitcoin Core, LND and c-lightning.

Bitcoin Core #14248 and #14249:

This was a fix to a denial-of-service vulnerability (CVE-2018-17144) exploitable by miners that has been discovered in Bitcoin Core versions 0.14.0 up to 0.16.2. It is recommended to upgrade any of the vulnerable versions to 0.16.3 as soon as possible. The fix was backported to the 0.16 branch.

Bitcoin Core #7965:

This week a long-standing issue that tracked the removal of code handling whether the wallet is compiled in the libbitcoin_server component was closed by the merge of #14168.

This issue is part of an ongoing long-term effort to separate the wallet related code from the server code, along with a number of issues such as #10973(separate wallet from node whose PR is still being reviewed) and #14180(Run all tests even if wallet is not compiled) which will provide many benefits such as easier code maintenance, more straightforward way to test individual components and overall could help for a more secure software if the wallet component is moved to its own process.

LND #1843

The configuration option --noencryptwallet that was originally intended only for testing has been renamed to --noseedbackup and has been marked as deprecated. The help text for the option has been updated to mostly uppercase warning text:

If true, NO SEED WILL BE EXPOSED AND THE WALLET WILL BE ENCRYPTED USING THE DEFAULT PASSPHRASE – EVER. THIS FLAG IS ONLY FOR TESTING AND IS BEING DEPRECATED.

This is intended for for users who might be using this option without realizing the real risk of losing money when using it.

NOTE: Any users that are actively using noencryptwallet will have to switch any scripts/confs to use noseedbackup as a result of this PR, though no further modification should be required.

LND #1516

This merge adds support for the v3 onion services available through Tor’s control port available since Tor v0.3.3.6. This will allow LND to automatically create and set up v3 onion services in addition to its exsiting v2 automation. For this to work users must have a running Tor service along side LND.

c-lightning #1963:

A series of patches that improve the cli and its help command by showing the command usage in the output. It also allows to verify a command without running it by using the check command:

lightning-cli check newaddr bech32

The above will check the parameter but won’t create a new address. It will just respond with “ok”.

Tuesday Sep 18, 2018

bulletin core security

IMPORTANT The bug fixed in 0.16.3 is more severe than was previously made public. Full node users are advised to upgrade as soon as possible to Bitcoin Core 0.16.3. The releases can be found on bitcoin core website. Make sure to verify the binaries before using them. Stored funds are not at risk, there is however a small probability for a chainsplit. In the event of a chainsplit, transactions could be reversed even after a long time after they were fully confirmed.

bulletin

categories

resources

Support Us

Hosting and maintaining BTW is a single person's work and it takes time and resources. Since we don't display ads, show us your support by making a donation via Lightning or other methods.

You can freely connect to our mainnet lightning node. The connection details are on the node's page.

send us some lightning love