Heart bleed

[kurt]

http://heartbleed.com

How can Namecoin help ?

[virtual_master]

https://bitcointalk.org/index.php?topic=561751.0
Bitcoin and all Bitcoin based altcoins are also affected.
Two-thirds of the Web is vulnerable to eavesdropping with this bug.

Some operating system distributions that have shipped with potentially vulnerable OpenSSL version:

Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4
Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11
CentOS 6.5, OpenSSL 1.0.1e-15
Fedora 18, OpenSSL 1.0.1e-4
OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) and 5.4 (OpenSSL 1.0.1c 10 May 2012)
FreeBSD 10.0 - OpenSSL 1.0.1e 11 Feb 2013
NetBSD 5.0.2 (OpenSSL 1.0.1e)
OpenSUSE 12.2 (OpenSSL 1.0.1c)

Operating system distribution with versions that are not vulnerable:

Debian Squeeze (oldstable), OpenSSL 0.9.8o-4squeeze14
SUSE Linux Enterprise Server
FreeBSD 8.4 - OpenSSL 0.9.8y 5 Feb 2013
FreeBSD 9.2 - OpenSSL 0.9.8y 5 Feb 2013
FreeBSD Ports - OpenSSL 1.0.1g (At 7 Apr 21:46:40 2014 UTC)

[georgem]

So a new bitcoin version 0.9.1 was released to counter this OpenSSL problem.
A few people have already reported stolen BTC.

https://bitcointalk.org/index.php?topic ... msg6132507

When is the next namecoin wallet version ready?

[domob]

So a new bitcoin version 0.9.1 was released to counter this OpenSSL problem.
A few people have already reported stolen BTC.

https://bitcointalk.org/index.php?topic ... msg6132507

When is the next namecoin wallet version ready?

As far as I can tell, Namecoin is not affected in the way Bitcoin Core 0.9 was. The only way for an attacker to compromise a Namecoin wallet would be if you run RPC over SSL (rpcssl=1 in namecoin.conf) and allow public access to RPC. Both are very non-standard things, so most of the users will be safe. The problematic thing in Bitcoin Core 0.9 was the payment protocol.

However: forum.namecoin.info seems vulnerable, so it should be patched & the TLS keys reissued ASAP!

[pmc]

My linux packages for Debian/openSUSE/Ubuntu at http://software.opensuse.org/download.h ... e=namecoin use the system openssl libraries, i. e. as soon as your system libraries have been updated, namecoin is safe.

Packages for CentOS/Fedora/RHEL use static openssl and are currently being re-built with openssl-1.0.1g.

[John Kenney]

The forum keeps redirecting me to http:// links. Thanks for allowing my forum account to be possibly easily compromised with plain text login & session keys.

[MWD]

The forum keeps redirecting me to http:// links. Thanks for allowing my forum account to be possibly easily compromised with plain text login & session keys.

Is that sarcasm at the people running this forum? That's not really fair.

Sure, they're not the most proactive bunch when it comes to website administration....They lost namecoin.bit, are having trouble getting namecoin.org back from one of their own, and couldn't remember who holds the SSL keys for this site. But they did jump on trying to fix this site from heartbleed pretty damn quick.

It's not just this site. The whole Internet is scrambling to patch this.

MWD

[domob]

The forum keeps redirecting me to http:// links. Thanks for allowing my forum account to be possibly easily compromised with plain text login & session keys.

Yes, that's an annoyance. If you are looking for a work-around, try HTTPS Everywhere with a custom rule. Not trivial to set up (also not hard, though), and works perfectly for me.