Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping:
http://arstechnica.com/security/2014/03 ... sdropping/
How does it affect .bit SSL/TLS support ?
Crytical crypto bug in Linux
-
- Posts: 541
- Joined: Mon May 20, 2013 12:03 pm
- Contact:
Crytical crypto bug in Linux
http://namecoinia.org/
Calendars for free to print: 2014 Calendar in JPG | 2014 Calendar in PDF Protect the Environment with Namecoin: 2014 Calendar in JPG | 2014 Calendar in PDF
BTC: 15KXVQv7UGtUoTe5VNWXT1bMz46MXuePba | NMC: NABFA31b3x7CvhKMxcipUqA3TnKsNfCC7S
Calendars for free to print: 2014 Calendar in JPG | 2014 Calendar in PDF Protect the Environment with Namecoin: 2014 Calendar in JPG | 2014 Calendar in PDF
BTC: 15KXVQv7UGtUoTe5VNWXT1bMz46MXuePba | NMC: NABFA31b3x7CvhKMxcipUqA3TnKsNfCC7S
Re: Crytical crypto bug in Linux
From http://www.coindesk.com/serious-linux-f ... sdropping/ :
Convergence/FreeSpeechMe uses firefox' libs (NSS).
Other than that, we are affected the same way with server daemons using gnuTLS (apache, php, etc).
=> Namecoin servers have been updated.
Namecoin uses crypto++.Explained Garzik:
“The gnuTLS bug is pretty bad, but very few use gnuTLS in the bitcoin community. OpenSSL is standard.”
Garzik indicated that the use of OpenSSL mitigates a fork risk that is present when using other competing libraries for key software, such as gnuTLS.
He also stated that projects using OpenSSL, Mozilla NSS, Crypto++ or another crypto library are not impacted by the bug.
Convergence/FreeSpeechMe uses firefox' libs (NSS).
Other than that, we are affected the same way with server daemons using gnuTLS (apache, php, etc).
=> Namecoin servers have been updated.
NamecoinID: id/khal
GPG : 9CC5B92E965D69A9
NMC: N1KHAL5C1CRzy58NdJwp1tbLze3XrkFxx9
BTC: 1KHAL8bUjnkMRMg9yd2dNrYnJgZGH8Nj6T
Register Namecoin domains with BTC
My bitcoin Identity - Send messages to bitcoin users
Charity Ad - Make a good deed without paying a cent
GPG : 9CC5B92E965D69A9
NMC: N1KHAL5C1CRzy58NdJwp1tbLze3XrkFxx9
BTC: 1KHAL8bUjnkMRMg9yd2dNrYnJgZGH8Nj6T
Register Namecoin domains with BTC
My bitcoin Identity - Send messages to bitcoin users
Charity Ad - Make a good deed without paying a cent
-
- Posts: 541
- Joined: Mon May 20, 2013 12:03 pm
- Contact:
Re: Crytical crypto bug in Linux
Yeah.khal wrote:From http://www.coindesk.com/serious-linux-f ... sdropping/ :Namecoin uses crypto++.Explained Garzik:
“The gnuTLS bug is pretty bad, but very few use gnuTLS in the bitcoin community. OpenSSL is standard.”
Garzik indicated that the use of OpenSSL mitigates a fork risk that is present when using other competing libraries for key software, such as gnuTLS.
He also stated that projects using OpenSSL, Mozilla NSS, Crypto++ or another crypto library are not impacted by the bug.
Convergence/FreeSpeechMe uses firefox' libs (NSS).
Other than that, we are affected the same way with server daemons using gnuTLS (apache, php, etc).
=> Namecoin servers have been updated.
Good to know also:
Ankur Nandwani, a developer at Bitmonet, suggested hosted wallet users and the users of bitcoin exchanges would be most affected, but stated that there are easy protections to prevent issues.
“In both cases, an attacker can sniff users credentials, when users are trying to log-in to their account. To reduce the probability of online wallets and exchange credentials from being compromised, it is really important that everyone use two-factor authentication.”
Nandwani said that the bug is evidence that bitcoin users should reduce their reliance on online wallets and exchanges.
http://namecoinia.org/
Calendars for free to print: 2014 Calendar in JPG | 2014 Calendar in PDF Protect the Environment with Namecoin: 2014 Calendar in JPG | 2014 Calendar in PDF
BTC: 15KXVQv7UGtUoTe5VNWXT1bMz46MXuePba | NMC: NABFA31b3x7CvhKMxcipUqA3TnKsNfCC7S
Calendars for free to print: 2014 Calendar in JPG | 2014 Calendar in PDF Protect the Environment with Namecoin: 2014 Calendar in JPG | 2014 Calendar in PDF
BTC: 15KXVQv7UGtUoTe5VNWXT1bMz46MXuePba | NMC: NABFA31b3x7CvhKMxcipUqA3TnKsNfCC7S