A Large Chunk of Ethereum Clients Remain Unpatched (zdnet.com) 16
The Ethereum ecosystem is no different than the Windows or IoT landscape, where security flaws remain unpatched for long periods of time, despite the availability of public patches. From a report: In a report shared with ZDNet today, security researchers from SRLabs revealed that a large chunk of the Ethereum client software that runs on Ethereum nodes has yet to receive a patch for a critical security flaw the company discovered earlier this year. "According to our collected data, only two thirds of nodes have been patched so far," said Karsten Nohl, one of the researchers. The vulnerability is a denial of service (DoS) vulnerability in the Parity client that can be used to run Ethereum nodes. Per SRLabs, the vulnerability allows an attacker to remotely crash Ethereum nodes (that run Parity) by sending malformed packets. The issue was fixed with the release of the Parity Ethereum client v2.2.10, in mid-February this year, a few days after it was reported. While most DoS flaws are considered "low impact" for most products, this is not the case in the cryptocurrency world.
About 100 computers? (Score:1)
There was this article about 300 people owning most of the stock.
100 fools and their money soon to be parted away...
Re:About 100 computers? (Score:5, Insightful)
A) it's a commodity, not a stock
B) nodes don't necessarily mean wallets with Ether in them
C) the venn diagram of the whales and unpatched nodes is probably pretty empty
Re: (Score:3)
The C part is probably the key point. Those who are in it for ideological rather than financial reasons probably don't care all that much about patching to the latest version for security reasons. There's no meaningful money in it for them, and if someone DDoSs their node, then they'll probably start caring.
Whew!!! (Score:3)
So the two users that swap coins back and forth will now be safe....good to know.
Re: (Score:2)
Think of it as a financial terrarium sitting on someone's desk. Yeah, it's an ecosystem, but so tiny as to be inconsequential.
Re: (Score:2)
It is "cryptocurrency", "crypto" already is an abbreviation for "cryptography". Uneducated moron...
ETH is terrible (Score:2)
It's hard to sync a node, let alone actually build anything that any number of people use.
If it's good for anything, it's a great demonstrator of how NOT to build a dApp system based on blockchains.
Don't worry though! ETH 2.0 is coming. :rolleyes:
yet another software robustness gong show (Score:2)
Maybe all the cryptocurrencies should band together and have a giant Patch Wednesday, on the second week of the month.
This should give them plenty of time to address all the threadbare Window's client defects exposed by last week's Patch Tuesday.
I know robustness is hard, but it's only money—as supercharged with Tron's Light Cycles and then decked out with a sleek pair of Joo Janta 200 Super-Chromatic Peril Sensitive Sunglasses so as to cop the least concern about whether the North Korean peasants sta
Yet another reason to be in Dogecoin (Score:2)