Bitcoin Core Version 0.9.1 Fixes Heartbleed Vulnerability

heartbleed vulnerability patch released

Newly Released Bitcoin Core Version 0.9.1 addressed the Heartbleed OpenSSL vulnerability, also known as CVE-2014-0160. The vulnerability has been patched by major bitcoin exchanges in a matter of hours.

In case you missed it, Heartbleed is a pretty big deal in the security community. The crypto bug in OpenSSL (an open-source implementation of the SSL and TLS internet security protocols that encrypt and secure internet traffic) has opened up two thirds of the web to eavesdropping. It was uncovered earlier this week and many observers described it as nothing short of catastrophic.

Bitcoin players quick to address Heartbleed

Luckily the news quickly translated into industry-wide action: patches are being implemented across the world as we speak.

Bitcoin exchanges and wallets are targeted by hackers on a daily basis, so serious bitcoin outfits keep track of zero day exploits, new attack vectors and a host of other vulnerabilities.

The Bitcoin Core team says version 0.9.1 is a maintenance release to fix an urgent vulnerability (ie Heartbleed), and all users should upgrade as soon as possible. Most have heeded the call and as a result the vast majority of major bitcoin sites and exchanges have implemented the fix.

What is Heartbleed all about?

OpenSSL is the most popular code library for HTTPS encryption. It is not used by Microsoft IIS, so Windows-based systems cannot be directly affected.

While this is good news for most desktop users out there, IT departments would rather have it the other way around. OpenSSL is used on Linux, BSD and numerous custom server platforms. Mac OS X is affected, too. The bug does not affect all versions of OpenSSL, either. Some major banks like Chase and Schwab rely on Microsoft IIS. Others rely on Linux/Apache, Java and other systems.

Ars Technica reports the bug is the result of a “mundane coding error” in OpenSSL. The bug essentially allows attackers to gain access to chunks of private computer memory that handles the OpenSSL process.

The contents of said memory chunks may include authentication credentials or even private keys that can undermine the website’s entire cryptographic certificate.

Hence, website operators need to patch their servers with OpenSSL version 1.0.1g and update their security certificates. The problem is that the OpenSSL patch is just the first step. Users need to think about replacing their X.509 certificates once they apply the OpenSSL update.

All admins and users are advised to change their passwords as a precaution as activity is traceless, and this scale of vulnerability is unprecedented in OpenSSL.

Source: coindesk.com

Bitcoin Core Version 0.9.1 Fixes Heartbleed Vulnerability

Related articles

Hacker Returns 255 BTC Taken from Blockchain Wallets

Hacker Returns 255 BTC Taken from Blockchain Wallets

A white hаt hacker whо wаѕ аblе tо tаkе 255 BTC frоm Blockchain wallets fоllоwing a security flaw earlier thiѕ week hаѕ returned thе funds. Bitcoin Talk member ‘johoe’, аn account 1.5 years оld but with оnlу 21 posts, hаd аlwауѕ stated thаt hе оr ѕhе wаѕ taking thе funds fоr safekeeping аnd wоuld return […]

purse.io $10000 guarantee

Purse.io offers Customer Protection Guarantee

Purse.io announced plans to offer a $10,000 guarantee plan to protect users from any costs related to purchasing items through its website. The program, launched on 7th January, will also be available retrospectively to users who report incidents on any transactions done earlier. Andrew Lee, CEO of the American start up stated, “Our payment circulation […]

Leave a Reply

Your email address will not be published. Required fields are marked *

*