Domain: qntra.net
Stories and comments across the archive that link to qntra.net.
Stories · 4
-
Incident Raises Concerns About a More Formal Spec For Bitcoin
An anonymous reader writes: Aberrant treatment of transactions by Bitcoin miners has renewed concerns that Bitcoin as a protocol may need a stronger specification. OpenBSD savior and Bitcoin entrepreneur Mircea Popescu raised this issue back in 2013 that the current attitude of "the code is the spec" was introducing fragility and harming Bitcoin's vital decentralization. While a lot of fuss has been made about the maximum blocksize, perhaps formalizing the protocol and breaking the current mining cartel is a more urgent and serious problem. The debate going on resurrects many of Datskovskiy's early concerns about Bitcoin's fragility including mining as a necessary bug, but a bug nonetheless. -
Red Hat, Google Disclose Severe Glibc DNS Vulnerability; Patched But Widespread
An anonymous reader writes: Today Google's online security team publicly disclosed a severe vulnerability in the Gnu C Library's DNS client. Due to the ubiquity of Glibc, this affects an astounding number of machines and software running on the internet, and raises questions about whether Glibc ought to still be the preferred C library when alternatives like musl are gaining maturity. As one example of the range of software affected, nearly every Bitcoin implementation is affected. Reader msm1267 adds some information about the vulnerability, discovered independently by security researchers at Red Hat as well as at Google, which has since been patched: The flaw, CVE-2015-7547, is a stack-based buffer overflow in the glibc DNS client-side resolver that puts Linux machines at risk for remote code execution. The flaw is triggered when the getaddrinfo() library function is used, Google said today in its advisory. "A back of the envelope analysis shows that it should be possible to write correctly formed DNS responses with attacker controlled payloads that will penetrate a DNS cache hierarchy and therefore allow attackers to exploit machines behind such caches," Red Hat said in an advisory. It's likely that all Linux servers and web frameworks such as Rails, PHP and Python are affected, as well as Android apps running glibc. -
Bitcoin Trader Agrees To Work For Police In Plea Agreement
An anonymous reader writes: Florida Bitcoin trader Pascal Reid, who was arrested in a February 2014 sting operation as part of his plea agreement, promised to carry out 20 sessions of law enforcement training in Bitcoin as well as serve as a consultant in criminal cases involving Bitcoin. This is in addition to 90 days in jail with credit for time served and a $500 reimbursement to the State of Florida for the expense of prosecuting him. Qntra has a write up on the case and the full text of the draft plea agreement. -
Court Order: Butterfly Labs Bitcoins To Be Sold
MrBingoBoingo writes In a new development in the case against Butterfly Labs, the court overseeing the case has ordered bitcoins held by Butterfly Labs to be turned over to the court-appointed temporary receiver. The order also gives the receiver authorization to convert the bitcoins "to cash on a systematic and reasoned basis." The justification for this measure is at least to ostensibly create reserves with which refunds for Butterfly Labs' customers may be paid.