Bitcoin Transaction Malleability explained posted February 2014
Wonderful blog post from Ken Shirriff again ! Read more here
comment on this storyQuick access to articles on this page:
- - February 2014 - Bitcoin Transaction Malleability explained
- - February 2014 - Bitcoin Exchanges Under ‘Massive and Concerted Attack’
- - February 2014 - Mtgox statement and transaction malleability
- - February 2014 - OWASP Cheat Sheet Series
- - February 2014 - How I hacked Github again
- - February 2014 - Why are people so bothered about truly random numbers?
- - February 2014 - Manually making a transaction in bitcoins
- - February 2014 - Belgian professor in cryptography hacked
more on the next page...
Bitcoin Exchanges Under ‘Massive and Concerted Attack’ posted February 2014
The transaction malleability problem which troubled Mtgox a few days ago has also made Bitstamp shutdown.
Apparently a large scale attack using this problem is going on on multiple exchanges.
Antonopoulos, who is the chief security officer of Blockchain.info, said a DDoS attack is taking Bitcoin’s transaction malleability problem and applying it to many transactions in the network, simultaneously.
It's interesting to watch actually, submit a transaction to the network at the moment and there's a rogue node that will mess with the padding of the signatures and rebroadcast it faster than the original. It confuses the reference client into duplicate display, which is what Gox is relying on for the failed/success display. That they're winning races over the normal related transactions isn't that unnatural as the transaction processing stuff has a 100ms sleep() in the middle of it.
From the discussion over at HN
PS : apparemment l'erreur a été corrigé il y a un an sur le client bitcoin officiel ici
comment on this storyMtgox statement and transaction malleability posted February 2014
Mtgox, which is frozen while it is trying to fix its problems, has issued a press released explaining what is the problem
comment on this storyBitcoin transactions are subject to a design issue that has been largely ignored, while known to at least a part of the Bitcoin core developers and mentioned on the BitcoinTalk forums. This defect, known as "transaction malleability" makes it possible for a third party to alter the hash of any freshly issued transaction without invalidating the signature, hence resulting in a similar transaction under a different hash. Of course only one of the two transactions can be validated. However, if the party who altered the transaction is fast enough, for example with a direct connection to different mining pools, or has even a small amount of mining power, it can easily cause the transaction hash alteration to be committed to the blockchain.
OWASP Cheat Sheet Series posted February 2014
The The Open Web Application Security Project (OWASP) has just released several handy cheat sheet about security in diverse languages, situations, platforms... you name it.
comment on this storyHow I hacked Github again posted February 2014
comment on this storyThis is a story about 5 Low-Severity bugs I pulled together to create a simple but high severity exploit, giving me access to private repositories on Github.
Why are people so bothered about truly random numbers? posted February 2014
Question on superuser.com : Why are people so bothered about truly random numbers instead of ones generated by a program?
comment on this storyManually making a transaction in bitcoins posted February 2014
Ken Shirriff has posted an amazing post on his blog on how he managed to manually make (meaning, he didn't use the official bitcoin application) a transaction in the bitcoin ecosystem.
I'm reading through it as I'm typing this, and it's really well explained, you get to see exactly what he does in Python and there are pictures!
comment on this storyBelgian professor in cryptography hacked posted February 2014
Jean-Jacques Quisquater, a renowned Belgian professor in cryptography got his computer hacked, seems like NSA has something to do about it.
comment on this story