Bitcoin Core Version 0.9.1 Fixes Heartbleed Vulnerability

heartbleed vulnerability patch released

Newly Released Bitcoin Core Version 0.9.1 addressed the Heartbleed OpenSSL vulnerability, also known as CVE-2014-0160. The vulnerability has been patched by major bitcoin exchanges in a matter of hours.

In case you missed it, Heartbleed is a pretty big deal in the security community. The crypto bug in OpenSSL (an open-source implementation of the SSL and TLS internet security protocols that encrypt and secure internet traffic) has opened up two thirds of the web to eavesdropping. It was uncovered earlier this week and many observers described it as nothing short of catastrophic.

Bitcoin players quick to address Heartbleed

Luckily the news quickly translated into industry-wide action: patches are being implemented across the world as we speak.

Bitcoin exchanges and wallets are targeted by hackers on a daily basis, so serious bitcoin outfits keep track of zero day exploits, new attack vectors and a host of other vulnerabilities.

The Bitcoin Core team says version 0.9.1 is a maintenance release to fix an urgent vulnerability (ie Heartbleed), and all users should upgrade as soon as possible. Most have heeded the call and as a result the vast majority of major bitcoin sites and exchanges have implemented the fix.

What is Heartbleed all about?

OpenSSL is the most popular code library for HTTPS encryption. It is not used by Microsoft IIS, so Windows-based systems cannot be directly affected.

While this is good news for most desktop users out there, IT departments would rather have it the other way around. OpenSSL is used on Linux, BSD and numerous custom server platforms. Mac OS X is affected, too. The bug does not affect all versions of OpenSSL, either. Some major banks like Chase and Schwab rely on Microsoft IIS. Others rely on Linux/Apache, Java and other systems.

Ars Technica reports the bug is the result of a “mundane coding error” in OpenSSL. The bug essentially allows attackers to gain access to chunks of private computer memory that handles the OpenSSL process.

The contents of said memory chunks may include authentication credentials or even private keys that can undermine the website’s entire cryptographic certificate.

Hence, website operators need to patch their servers with OpenSSL version 1.0.1g and update their security certificates. The problem is that the OpenSSL patch is just the first step. Users need to think about replacing their X.509 certificates once they apply the OpenSSL update.

All admins and users are advised to change their passwords as a precaution as activity is traceless, and this scale of vulnerability is unprecedented in OpenSSL.

Source: coindesk.com

Bitcoin Core Version 0.9.1 Fixes Heartbleed Vulnerability

Related articles

Dell Receives $50K Hardware Order Paid in Bitcoin

Dell Receives $50K Hardware Order Paid in Bitcoin Lеѕѕ thаn a month аftеr it firѕt began accepting bitcoin, Dell hаѕ received 85 BTC (over $50,000) fоr a PowerEdge server order. It’s nоt knоwn еxасtlу whо рlасеd thе order, but ѕinсе Dell’s off-the-shelf Poweredge servers range frоm $299 intо thе thousands, ѕоmеоnе likеlу nоw hаѕ a […]

Jean Baptiste Graftieaux Joins Bitstamp

PayPal Exec to Become Compliance Lead at Bitstamp

PayPal chief compliance officer (CCO) Jean-Baptiste Graftieaux hаѕ revealed thаt hе hаѕ left hiѕ сurrеnt position аt thе global payments giant tо join оnе оf thе largest bitcoin exchanges bу USD trading volume, Bitstamp. Graftieaux served аѕ a director аnd CCO оf PayPal’s Europe, Middle Eаѕt аnd Africa (EMEA) division fоr mоrе thаn fivе years, […]

Leave a Reply

Your email address will not be published. Required fields are marked *

*