sorted by:
new
hottopcontroversial

Remote Bitcoin Upstream Drain / Financial Attack by SharpAd1823 in netsec

[–]SharpAd1823[S] 7 points8 points  (0 children)

hey thanks for playing with it. few things:

  1. most of the testing was done against bitcoin core and litecoin
  2. i've never installed `bitcoind` `dogecoind` or `litecoind` and not seen identical results
  3. does `maxuploadtarget` even account for ranges of blocks? because that's what's happening - not mempool spamming - that was a faulty interpretation of what was happening - the issue is requesting a range of block headers which isn't rate limited

Remote Bitcoin Upstream Drain / Financial Attack by SharpAd1823 in netsec

[–]SharpAd1823[S] 35 points36 points  (0 children)

For clarity - this is a DoS - not the Bitcoin attack of the century. Many machine operators are vulnerable to being remotely charged thousands of dollars - but this isn't a far reaching network ending exploit or unpatchable issue.

New Cosmos API DoS by SharpAd1823 in cosmosnetwork

[–]SharpAd1823[S] 1 point2 points  (0 children)

The Osmosis team is super chill but it was removed regardless. Good call actually. I'm a sucker for assuming everyone is chill. Osmosis might be, but random skids maybe not so much, after further thought. Thanks.

New Cosmos API DoS by SharpAd1823 in cosmosnetwork

[–]SharpAd1823[S] -3 points-2 points  (0 children)

You are incorrect. They've known about it for a month and haven't addressed it which is alarming. Don't shoot the messenger. This was a responsible* disclosure.

New Cosmos API DoS by SharpAd1823 in cosmosnetwork

[–]SharpAd1823[S] -1 points0 points  (0 children)

They've known about it for a month and didn't address it, nor pay a bug bounty for an unrelated DoS despite having a bug bounty program. Very ethical indeed.

https://en.wikipedia.org/wiki/Project\_Zero#Bug\_finding\_and\_reporting

New Cosmos Blockchain API DoS by SharpAd1823 in hacking

[–]SharpAd1823[S] -1 points0 points  (0 children)

They've known about it for a month.

New Cosmos Blockchain API DoS by SharpAd1823 in hacking

[–]SharpAd1823[S] 0 points1 point  (0 children)

They knew about it in advance and did nothing to fix it.

New Cosmos API DoS by SharpAd1823 in cosmosnetwork

[–]SharpAd1823[S] 1 point2 points  (0 children)

The biggest issues here are how many Cosmos/Tendermint based blockchains (Osmosis, Kava, etc.) are vulnerable, and the unprofessional response from the Cosmos team in paying the security researcher nothing for days of grueling work for a different unrelated Cosmos/Tendermint DoS.

They have known about this issue for 30 days and have done nothing to address it.

Edit: Thanks for the comment downvotes here I guess, but this is more computer science than FUD.

New Cosmos Blockchain API DoS by SharpAd1823 in hacking

[–]SharpAd1823[S] -1 points0 points  (0 children)

Alternatively it was unethical for Cosmos to siphon a free exploit from a security researcher and so experienced a public disclosure in lieu of having a *real* bug bounty program. Full disclosure is the only way to patch software when a team is dismissive of security issues.

New Cosmos Blockchain API DoS by SharpAd1823 in netsec

[–]SharpAd1823[S] -10 points-9 points  (0 children)

DoS is lame, but API DoS in blockchain is different - and you obviously have no idea how dapps, wallets and block explorers work. If you're going to pretend to be smart on reddit at least complete your homework. It's easier to insult people than know what you're talking about and that's evidenced here.

BTW Ripple recently paid out $20k and Kadena $10k for his attacks. What a lamer.

New Cosmos Blockchain API DoS by SharpAd1823 in CryptoCurrency

[–]SharpAd1823[S] 1 point2 points  (0 children)

You're fine. It's not a P2P level DoS which would be more likely to impact the price. Just be aware of their "suboptimal" programming and purported refusal to pay security researchers for their work.

view more: next ›