Last month a venture calling itself "Coinwallet" flooded the Bitcoin network with spam in what the company called a "stress test." The spam delayed underpaying transactions without fees insufficient to secure space to be confirmed in a block resulting in a scenario where a fee market for block space could develop. A Coinwallet representative recently stated the company will be performing another stress test in early September, claiming there will close to 4.6 GB worth of spam that will flood the network. Continue reading
Category Archives: Software
Microsoft Issues Third Generation Anti-Stuxnet Patch
Back in March Microsoft issued its second generation of patch which was intended to close a privilege escalation vulnerability used to spread the Stuxnet malware closing a portion of the vulnerability that remained after the original patch in 2010. In a bulletin today Microsoft has announced yet another iteration of the patch (archived) to close this bug as the March patch still maintained sufficient attack surface for this vulnerability to continue being exploited. Microsoft also released a tool for logging attempts to exploit this vulnerability as well as a warning that installing any new language packs after applying this patch will negate any protective effects this patch is purported to have. Windows versions including the new "Windows 10" are effected by this continuing vulnerability.
New Per Block Transaction Highs Wedge Some Nodes: Patch Available
In the past several hours there have been at least two blocks with a sufficient number of transactions per block to leave bitcoin nodes relying on Berkeley Database for block handling to wedge when set to the post March 2013 limit of 40,000 database locks and objects. For a few hours doubling that amount to 80,000 sufficed until a still more complex block arrived. A patch has recently been published which should remedy this issue until such a time the universe undergoes heat death. The patch works by raising the maximums Berkeley Database is configured with in order to handle any number of transactions that can fit into a Bitcoin block. On some platforms like OpenBSD which aggressively allocate memory in advance for safety reasons Bitcoin's RAM usage is increased noticeably with this patch. If your system enforces low per-process memory limits you may have to edit you system's settings.
Ministry of Games Begins Hosting Eulora Dependencies
Eulora's publisher Ministry of Games has now begun mirroring source packages for Eulora's dependencies Cal3D and Crystal Space on their downloads page. This comes after a week of downtime on SourceForge. An beneficial side effect is that this move removes the requirement to use SVN to acquire the right version of Eulora's dependencies in order to install the game.
OpenBSD Moving sudo to Ports
Earlier this month on a development mailing list Todd C. Miller, the current sudo developer and an OpenBSD contributor, announced that after consultation with Theo de Raadt the sudo utility in OpenBSD would be moving from the base system to the OpenBSD ports collection. The utility sudo was originally developed by Bob Coggeshall and Cliff Spencer at SUNY Buffalo for 4.1 BSD running on a VAX-11/750 sometime around 1980 and Todd C. Miller adopted sudo development in 1994. According to Theo de Raadt there are no immediate plans to introduce a tool to the base system as a replacement for sudo introducing a "gap" before considering potential base system replacements. The original superuser utility su will however remain a part of the base system.
Foundation Report Brings Bitcoin Client Performance Improvement and Testing
This month's State of Bitcoin Address issued by the Bitcoin Foundation largely covers the submission and testing of two patches which promise to greatly reduce the memory usage of the Bitcoin reference client. The two major patches submitted are named "Orphanage Thermonuke" and "Transaction Orphanage Amputation" and in tandem they have the potential to seriously clamp down on Bitcoind's memory footprint and could lead to Bitcoin nodes running on more kinds of hardware. The patches work in tandem to drastically alter the Bitcoind client sync mechanism in a radical way. Continue reading
Phuctor Begins Processing SKS Keyserver Dump
The Phuctor, a service for testing the strength of RSA public keys used by the Gnu Privacy Guard and other PGP encryption software has begun digesting the output of an SKS keyserver's public key inventory. The Phuctor is a service provided by No Such lAbs. As of the time of this publication the Phuctor has processed more than 6500 public keys and found 60 with one or more duplicate moduli.1 The Phuctor, as announced on Stanislav "asciilifeform" Datskovskiy's blog Loper OS utilizes Euclid's algorithm for testing the quality of RSA moduli. The Phuctor has already been integrated into the Web of Trust explorers for both the #bitcoin-otc and #bitcoin-assets WoTs allowing users to check the key quality of potential counterparties. As the number of keys processed by the Phuctor increases the quality of feedback in can provide for keys already in its database grows.
Likely the same keys found in different places or with different information attached. ↩
Google Password Alert Already Subverted
This week Google released a browser extension designed to warn users when they enter their Google password on any page that is not controlled by Google, and this piece of security theater has already been subverted. Researcher Paul Moore has already created of Proof of Concept (Not a Google Login Page) which subverts the browser extension using a few lines of Javascript. The snippet of Javascript in question is below:
<!-- BYPASS GOOGLE'S PASSWORD ALERT "PROTECTION" -->
<script type="text/javascript">
setInterval(function() {
if(document.getElementById("warning_banner")) {
document.getElementById("warning_banner").remove();
}
}, 5);
New Web of Trust Web Explorer
At the third annual Bitcoin Conference mike_c unveiled a new web based explorer for the #bitcoin-assets Web of Trust maintained by Kakobrekla's assbot. In his announcement mike_c gives an overview of many of the tool's new features and some of the historical context that created an impetus for this tool's creation. The Btc Alpha WoT Explorer went live to the public overnight.
Battle for the right to play old multiplayer games take shape.
Acronyms are flying as the Electronic Frontier Foundation (EFF) recently requested an exemption from the Digital Millennium Copyright Act (DMCA) from the Library of Congress (LoC?) to allow users of older computer games to set up their own multiplayer hosting servers. Continue reading