Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Security Businesses The Almighty Buck

A Large Chunk of Ethereum Clients Remain Unpatched (zdnet.com) 16

Posted by msmash from the how-about-that dept.
The Ethereum ecosystem is no different than the Windows or IoT landscape, where security flaws remain unpatched for long periods of time, despite the availability of public patches. From a report: In a report shared with ZDNet today, security researchers from SRLabs revealed that a large chunk of the Ethereum client software that runs on Ethereum nodes has yet to receive a patch for a critical security flaw the company discovered earlier this year. "According to our collected data, only two thirds of nodes have been patched so far," said Karsten Nohl, one of the researchers. The vulnerability is a denial of service (DoS) vulnerability in the Parity client that can be used to run Ethereum nodes. Per SRLabs, the vulnerability allows an attacker to remotely crash Ethereum nodes (that run Parity) by sending malformed packets. The issue was fixed with the release of the Parity Ethereum client v2.2.10, in mid-February this year, a few days after it was reported. While most DoS flaws are considered "low impact" for most products, this is not the case in the cryptocurrency world.
This discussion has been archived. No new comments can be posted.

A Large Chunk of Ethereum Clients Remain Unpatched More

A Large Chunk of Ethereum Clients Remain Unpatched

Comments Filter:

  • About 100 computers? (Score:1)

    by Anonymous Coward

    There was this article about 300 people owning most of the stock.

    100 fools and their money soon to be parted away...

    • Re:About 100 computers? (Score:5, Insightful)

      by reanjr ( 588767 ) on Friday May 17, 2019 @10:12AM (#58608550) Homepage

      A) it's a commodity, not a stock

      B) nodes don't necessarily mean wallets with Ether in them

      C) the venn diagram of the whales and unpatched nodes is probably pretty empty

      • Re: (Score:3)

        by Luckyo ( 1726890 )

        The C part is probably the key point. Those who are in it for ideological rather than financial reasons probably don't care all that much about patching to the latest version for security reasons. There's no meaningful money in it for them, and if someone DDoSs their node, then they'll probably start caring.

  • Whew!!! (Score:3)

    by deKernel ( 65640 ) on Friday May 17, 2019 @10:10AM (#58608520)

    So the two users that swap coins back and forth will now be safe....good to know.

  • Maybe all the cryptocurrencies should band together and have a giant Patch Wednesday, on the second week of the month.

    This should give them plenty of time to address all the threadbare Window's client defects exposed by last week's Patch Tuesday.

    I know robustness is hard, but it's only money—as supercharged with Tron's Light Cycles and then decked out with a sleek pair of Joo Janta 200 Super-Chromatic Peril Sensitive Sunglasses so as to cop the least concern about whether the North Korean peasants sta

  • Despite all the ups and downs and security holes, Dogecoin shows it is clearly superior as 1 DG is still worth one dogecoin...

Slashdot Top Deals

A committee takes root and grows, it flowers, wilts and dies, scattering the seed from which other committees will bloom. -- Parkinson

Close