BREAKING - Critical Crypto Security Bug: Linux, Bitcoin Client Apps At Risk
A security vulnerability has been discovered in the standard Linux gnuTLS package.Both the Bitcoin daemon and wallet client are unaffected, but some third party client applications are dependent on this package for cryptographic library interaction. As a result all altcoin client applications using gnutls are also affected. GnuTLS is a package that references the openssl library and is used by most Linux and Open Source applications for socket encryption. Linux distributions ranging from Debian to Ubuntu and Red Hat are at risk of eavesdropping in a similar manner to the recent Mac OSX bug....
Related News
This note summarises the dangers inherent in the Linux distribution packaging model for Bitcoin, and forms a request from upstream maintainers to not distribute Bitcoin node software as part of distribution package repositories without understanding the special requirements of Bitcoin. Distributors typically unbundle internal libraries and apply other patches for a variety of generally good reasons, including ensuring that security-critical fixes can be applied once, rather than multiple times for many different packages. In most cases, the common distribution packaging policy has many....
A security flaw in a key cryptographic program has been revealed in the Linux gnuTLS package, an optional component for third-party bitcoin and altcoin client applications. The gnuTLS SSL library is included in many open-source packages such as those in Red Hat, Ubuntu and Debian distributions of Linux. Originally discovered during an audit of gnuTLS for Red Hat, the effects of the flaw are wide-reaching for developers. Explained Ars Technica in its report: "[The] attacks circumvent the most widely used technology to prevent eavesdropping on the Internet, thanks to an extremely critical....
Unlike commercial operating systems such as Windows or Mac OS X, Linux stands alone because of its unique nature. One of the major benefits of using this OS is that it is open source, meaning that the underlying source code may be used, modified, and distributed as its users see fit. There are very specialized flavors of Linux such as Bedrock, which can utilize the benefits of various other Linux distributions. Then there are companies like SuSE that provide enterprise-grade Linux for those, mainly corporations, looking for a high degree of stability in server functionality. But why is it....
For many years, a lot of people assumed Linux was one of the most secure operating systems in the world. Due to its smaller market share, and completely different codebase from Windows, Linux has been rather safe from major virii and malware. However, there is one simple exploit that lets an assailant breach a Linux machine by pressing the backspace 28 times in a row. Two Spanish security researchers discovered this strange – and very unusual – Linux bug by tapping a specific key more than once in quick succession. Unlike in most cases where computers are involved, smashing the same button....
The National Vulnerability Database has issued a critical security advisory about a major vulnerability in GNU Bourne Again Shell (Bash). GNU Bash is the command-line shell used in most operating systems based on Linux and Unix - including MacOS. A Red Hat security advisory said: "This issue is especially dangerous as there are many possible ways Bash can be called by an application,". The GNU Bash vulnerability was first discovered by Stephane Schazelas. Arstechnica writes: ... is related to how Bash processes environmental variables passed by the operating system or by a program calling....