Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Bitcoin Discussion
Re: What is this "heartbleed" bug I've been hearing about?
by
gweedo
on 11/04/2014, 15:30:31 UTC
Quote from: precrime3 on April 11, 2014, 03:26:49 PM
Quote from: Klestin on April 11, 2014, 03:26:16 PM
Quote from: precrime3 on April 11, 2014, 03:05:28 PM
Quote from: gweedo on April 11, 2014, 02:08:38 AM
Openssl is a library that is shipped with a lot of OSes and basically allowed an attacker to dump 64Kb of your memory and it could do it in a loop this would allow access to entropy and store variable like SSL private keys. This is really an issue of putting too much trust in a single library.

Ahh okay, thanks for explaining it to me. So with this bug, they could steal your wallet private key?

The short answer is no.

They could potentially steal any information posted to a web site which had the vulnerability.  In some cases, they could steal the server's certificate, which might allow them to impersonate the server (better phishing attacks).

Then why is it saying Bitcoin could be stolen? How des that work?

It affect the payment protocol.

Quote from: theymos on April 08, 2014, 10:41:37 PM
If you are using the graphical version of 0.9.0 on any platform, you must update immediately. Download here. If you can't update immediately, shut down Bitcoin until you can. If you ever used the payment protocol (you clicked a bitcoin: link and saw a green box in Bitcoin Core's send dialog), then you should consider your wallet to be compromised. Carefully generate an entirely new wallet (not just a new address) and send all of your bitcoins there. Do not delete your old wallet.