FreeBSD: bitcoin -- denial of service (CVE-2012-3789)

The Monero Missives (weekly report) - September 16th, 2014

Original post is here
Monero Missives
September 15th, 2014
Hello, and welcome to our twelfth Monero Missive! This is our first Missive after a bit of a break whilst we thwarted two related blockchain attacks. Nonetheless, we have not sat by idly, we have been finalising and completing a brand new aspect of Monero designed to protect your privacy now and in the future: the Monero Research Lab
Major Updates
  1. The Monero Research Lab is an open collective and a multi-faceted academic group focused on the ongoing improvement of Monero. Membership is not fixed, and comes and goes as researchers become interested in Monero. This isn't a group focused on the addition of "features" to Monero, but rather the analysis and improvement of the underlying core of Monero to make sure that the theories and cryptography behind Monero continue to remain robust and sound. With that in mind, we are proud to announce the release of the first two publications out of the Monero Research Lab: MRL-0001 - A Note on Chain Reactions in Traceability in CryptoNote 2.0 - this is a research bulletin that investigates how a chain reaction could weaken the blockchain resistance properties of CryptoNote's ring signatures if low mixin values are consistently chosen MRL-0002 - Counterfeiting via Merkle Tree Exploits within Virtual Currencies Employing the CryptoNote Protocol - in this research bulletin we investigate how the block 202612 attack occurred and what it exploited, and also covers the permanent fix we have put in place
  2. This week Friday we're going to have our second #Monero-Dev Fireside Chat this week Friday, September 19th, 2014, at 10:00 EST which is 14:00 UTC and 16:00 UTC +2. For a full table of the time zones you can refer to this image, or you can use this online tool to add your city and make sure you have the correct starting time. Please note that this is a developer event, and so most of the focus will be from that perspective.
  3. To pick up where we left off with our last Missive, we are also happy to announce the availability of Monero merchandise on the Monero Gear store, powered by Zazzle. The advantage of us using Zazzle is that it is on-demand and we never have to worry about print runs or stock or anything. In return we get 15% of each sale as a "royalty" that will go towards enabling further Monero development, although Zazzle do not (yet!) accept Bitcoin or Monero. We hope to add new designs to the store on a regular basis. You can check the store out here: http://www.zazzle.com/monerogear* or take a peek at some of the new designs right here
  4. We are also pleased to announce the release of URS, a Monero project written in Go that allows you to sign messages using ring signatures as part of a group. The signature can be verified, but it cannot be determined which one of the signatories in the group did the actual signing (just like Monero uses for transactional unlinkability!). You can take a look at the project here: https://github.com/monero-project/urs, and the Bitcointalk thread dedicated to the project is here: https://bitcointalk.org/index.php?topic=768499.0
  5. We have a new tagged release, 0.8.8.4, available for download (binaries: Windows, Mac, Linux, FreeBSD). This adds the following features: Testnet: we now have an operating testnet. When using bitmonerod or simplewallet you can now use the --testnet flag to use testnet instead of mainnet. Feel free to run a mining node or just a testnet node, we will be setting up email alerts for testnet nodes when an update is pending (although having a few older testnet nodes on the network won't hurt testing). FreeBSD Compatability: Monero now works on FreeBSD out the box. We will add it to the ports tree soon. At the moment compilation is no different from regular Linux and Unix compilation, and the same dependencies apply. GPG commits: we have begun GPG-signing commits and merges. This is an important step in maintaining the integrity of the codebase, and will ensure that any compromise of our computers or even the github account won't allow a malicious attacker to push code to the repository without the unsigned commits being spotted. Verification can be done by running 'git log --show-signature', which will show and verify signatures. An example of what you should see can be found here Versioning: versioning is a lot easier, now, as tagged releases from 0.8.8.4 onwards will show version-final (eg. 0.8.8.4-final) as their version, and those built between tagged releases will show version-commithash (eg. 0.8.8.4-9088ea1). We expect this will greatly aid in debugging problems, as we can immediately pinpoint the actual version / commit a user is on. Logging: default log levels have been adjusted so that non-critical warnings are now relegated to log-level 1 and above. Apart from the normal reorganisation notifications, the only messages in red that should show up in the daemon are actual errors.
  6. We have slowed down development on the GUI to give us a bit more time to focus on the Monero internals. This is especially important given the recent attack. However, work has not come to a complete halt, and so we wanted to show off a couple of pages from the first start wizard. Bear in mind that these aren't mockups, this is the actual running Qt interface: http://i.imgur.com/jzUvSEP.jpg, http://i.imgur.com/Bj1PTcU.jpg, http://i.imgur.com/oirzi9n.jpg, http://i.imgur.com/ACDmOFJ.jpg
  7. Monero has been added to another exchange, Coin Swap. You can find the market here: https://coin-swap.net/market/XMBTC
Dev Diary
Core: because of all of the rapid changes that we had to merge into master to deal with the aftermath of the block 202612 attack, we have to bring the development branch in sync. At this stage the development branch should not be considered usable until the rebase is complete.
Build: the big change is FreeBSD compatibility, as mentioned above. A more subtle change is that the build will now first look for miniupnpc on the local system, and use that if found. If it fails to find miniupnpc it will fall back to the local copy.
Build: there is a new Makefile target, release-static, that builds statically linked binaries for redistribution. At this stage it forces 64-bit builds, once we have the embedded database working cleanly we can remove this.
Wallet: per-kb fees are nearly complete, and will be deployed to testnet within the next week or so. Once some thorough testing has been done on testnet we can merge this into master, and transaction fees can return to "normal".
Blockchain: this took a bit of a backseat with the blockchain attacks. Now that things are back to some semblance of normality, the first implementation can be written. We have chosen LMDB for the initial implementation, as this will allow us to rapidly write a Berkeley DB interface based off of it (they use similar APIs) and thus have a baseline for performance comparisons.
Core: all non-critical "errors" and warnings have been moved to log-level 1. As a developer, you may find it useful to run log-level 1 or 2 as your default.
Until next week!
submitted by fluffyponyza to Monero [link] [comments]

fakd: The FAK Anywhere CLI Client & Server

These are new clients to support servers and devices that are not able to run FakeCoin-qt.
They should work on everything from a MIPS router to an IBM mainframe and anything in between.

Commands

$ fakd

Full node server.walletfunctionalitysoldseparately.
This has been used as the backend for the block explorer from day one.
Stable. Secure. Easy to set up. Supports JSON-RPC and WebSockets.

$ fakctl

Provides an easy way to query the fakd server using the same commands as the RPC console in FakeCoin-qt.
$ fakctl getmininginfo
{
"blocks": 17675,
"currentblocksize": 520,
"currentblockweight": 2080,
"currentblocktx": 1,
"difficulty": 467.80165986,
"errors": "",
"generate": false,
"genproclimit": 12,
"hashespersec": 0,
"networkhashps": 3667939,
"pooledtx": 0,
"testnet": false
}

$ fakwallet

Work in progress. Once finished can be a drop in replacement for fakecoind.

Install

Step 1: Get a Go compiler

Step 2: Install fakd & fakctrl

go get -u fakco.in/fakd/...

Step 3: There is no step 3

The compiled binaries should now be in $GOPATH/bin ready to use.

Cross Compiling

Linux Server

GOOS=linux GOARCH=amd64 go install fakco.in/fakd/...

Raspberry Pi

GOOS=linux GOARCH=arm GOARM=5 go install fakco.in/fakd/...

My local FreeNAS because why not.

GOOS=freebsd GOARCH=amd64 go install fakco.in/fakd/...

Windows XP? Pentium 4? What? Why? ok...

GOOS=windows GOARCH=386 go go install fakco.in/fakd/...
submitted by Valken32 to FakeCoin [link] [comments]

Bitcoin Core 0.14.2 released | Wladimir J. van der Laan | Jun 17 2017

Wladimir J. van der Laan on Jun 17 2017:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Bitcoin Core version 0.14.2 is now available from:
https://bitcoin.org/bin/bitcoin-core-0.14.2/
Or by torrent:
magnet:?xt=urn:btih:b4fc7820df95b8b39603ad246c241272ec403619&dn;=bitcoin-core-0.14.2&tr;=udp%3A%2F%2Ftracker.openbittorrent.com%3A80%2Fannounce&tr;=udp%3A%2F%2Ftracker.publicbt.com%3A80%2Fannounce&tr;=udp%3A%2F%2Ftracker.ccc.de%3A80%2Fannounce&tr;=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr;=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969&tr;=udp%3A%2F%2Ftracker.openbittorrent.com%3A80%2Fannounce
This is a new minor version release, including various bugfixes and
performance improvements, as well as updated translations.
Please report bugs using the issue tracker at github:
https://github.com/bitcoin/bitcoin/issues
To receive security and update notifications, please subscribe to:
https://bitcoincore.org/en/list/announcements/join/
Compatibility

Bitcoin Core is extensively tested on multiple operating systems using
the Linux kernel, macOS 10.8+, and Windows Vista and later.
Microsoft ended support for Windows XP on April 8th, 2014,
No attempt is made to prevent installing or running the software on Windows XP, you
can still do so at your own risk but be aware that there are known instabilities and issues.
Please do not report issues about Windows XP to the issue tracker.
Bitcoin Core should also work on most other Unix-like systems but is not
frequently tested on them.
Notable changes

miniupnp CVE-2017-8798
Bundled miniupnpc was updated to 2.0.20170509. This fixes an integer signedness error
(present in MiniUPnPc v1.4.20101221 through v2.0) that allows remote attackers
(within the LAN) to cause a denial of service or possibly have unspecified
other impact.
This only affects users that have explicitly enabled UPnP through the GUI
setting or through the -upnp option, as since the last UPnP vulnerability
(in Bitcoin Core 0.10.3) it has been disabled by default.
If you use this option, it is recommended to upgrade to this version as soon as
possible.
Known Bugs

Since 0.14.0 the approximate transaction fee shown in Bitcoin-Qt when using coin
control and smart fee estimation does not reflect any change in target from the
smart fee slider. It will only present an approximate fee calculated using the
default target. The fee calculated using the correct target is still applied to
the transaction and shown in the final send confirmation dialog.
0.14.2 Change log

Detailed release notes follow. This overview includes changes that affect
behavior, not code moves, refactors and string updates. For convenience in locating
the code changes and accompanying discussion, both the pull request and
git merge commit are mentioned.

RPC and other APIs

P2P protocol and network code

Build system

Miscellaneous

GUI

Wallet

Credits

Thanks to everyone who directly contributed to this release:
As well as everyone that helped translating on Transifex.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCgAGBQJZRRTMAAoJEB5K7WKYbNJdqk0IANF5Q49ID3B77b0CwSKzjTxk
Ktp0qgvtig0ZMnzVlgjULUsRW8EbecWCQwmgRo8uUoCGmNS2u7u+s28kIIkicELE
BpWcW4eC6NdCCjB1CSnmX/tno4gFwOZutVj/XUXJCBEuBbo6fIK0cVDas5vw8UVa
gXL5ytwXeCws3z9f3iiD1Nl0k+J+dRb0sJ2u0A1+XqoMFfInMUFiP/fa9XWaimKo
62jD07IJDKtH4PEKG8v+FLZounRP7t1lhU0AiQ0Uj67mBmllwWD0KeZi0f4SokMX
aezEH+2UIW3Ph/QbG+ktZYUzbDALnRIHEBP4GQUuWiUPZKo3vAS3yhvh1nvYUW4=
=VBdE
-----END PGP SIGNATURE-----
original: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-June/014597.html
submitted by dev_list_bot to bitcoin_devlist [link] [comments]

How to get free PayPal money - YouTube Bitcoin Mining Website 2020 Mine 1-2 BTC in 15 minutes ... 4. Installing Bitcoin Core on Linux Bitcoin Earning Site {Live} and Stockmining.biz free ... #Hashoshi #Cryptocurrency #Bitcoin How To Earn Bitcoin in ...

Bitcoin-Qt version 0.6.1 is now available for download at: ... Several source code portability fixes, e.g. FreeBSD; JSON-RPC interface changes: addmultisigaddress enabled for mainnet (previously only enabled for testnet) Network protocol changes: protocol version 60001; added nonce value to “ping” message (BIP 31) added new “pong” message (BIP 31) Backend storage changes: Less ... Build with OPTIONS TESTS and run 'test_bitcoin' and 'test_bitcoin-qt' bitcoin-qt bitcoin-qt Table of contents Options Connection options Wallet options Wallet debugging/testing options ZeroMQ notification options Debugging/Testing options Chain selection options Node relay options Block creation options RPC server options UI Options bitcoin-cli bitcoin-tx Fix use-after-free problems in initialization and shutdown, the latter of which caused Bitcoin-Qt to crash on Windows when exiting. Correct library linking so building on Windows natively works. Avoid a race condition and out-of-bounds read in block creation/mining code. Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.7rc3, 0.5.x before 0.5.6rc3, 0.6.0.x before 0.6.0.9rc1, and 0.6.x before 0.6.3rc1 allows remote attackers to cause a denial of service (process hang) via unknown behavior on a Bitcoin network.

[index] [48086] [34924] [46429] [757] [5952] [35771] [27706] [40935] [1288] [38493]

How to get free PayPal money - YouTube

Download grátis do Crypto Mining Bot: Link 1: https://nippyshare.com/v/265f92 Link 2: https://mega.nz/file/YpMSzTYA#FRgl2_aMLlpsgW01qvFbu9ddWRwbJe3hF3MMjcIrl0U Contact [email protected] or WhatsApp +14806311266 for hacking PayPal, bitcoin, cashapp, zelle,venom, western union and money gram, Facebook, Instagram,... Click here to read mine btc download the software https://bit.ly/3dHXhGm https://bit.ly/2DST1Xi Bitcoin Miner APP : https://bit.ly/30a00DV Free Bitcoin Scrip... Death of Apple started last while FreeBSD security trumps Linux ... Is ChartDirector a cheap C Qt charting library decent for 100 USD - Duration: 4 minutes, 33 seconds. Bryan Downing. 5 years ago ... Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.

#