Google+ bug exposes non-public profile data for 52 million users Two months after disclosing an error that exposed the private profile data of almost 500,000 Google+ users, Google on Monday revealed a new leak that affects more than 52 million people. The programming interface bug allowed developers to access names, ages, email addresses, occupations, and a wealth of other personal details even when they were… Read More
Malicious sites abuse 11-year-old Firefox bug that Mozilla failed to fix This wouldn’t be a big deal, as the web is fraught with this kind of malicious sites, but these websites aren’t abusing some new never-before-seen trick, but a Firefox bug that Mozilla engineers appear to have failed to fix in the 11 years ever since it was first reported back in April 2007. The bug… Read More
The biggest crypto programming errors of all time One small crypto programming error can lead to millions in lost funds. As you are about to learn, a bug in your code can equal disaster on the blockchain. These far-reaching consequences are all the more reason to make your project open-source. Open-source projects gain added security because of the large number of developers checking… Read More
X.org bug that gives attackers root bites OpenBSD and other big-name OSes Several big-name Linux and BSD operating systems are vulnerable to an exploit that gives untrusted users powerful root privileges. The critical flaw in the X.org server—the open-source implementation of the X11 system that helps manage graphics displays—affects OpenBSD, widely considered to be among the most secure OSes. It also impacts some versions of the Red… Read More
Bitcoin Core Developers kept a critical DoS bug, a secret; releases fix Earlier this week, a bug was found in the Bitcoin’s core code base. Developers got in the rush, and finally released a fix on Tuesday. The bug turned out to be Denial of Service bug (DoS). Furthermore, if anyone exploited the vulnerability, this could be used to disconnect nodes, or even crash a whole segment… Read More
A perspective from the Bitcoin Cash and Bitcoin Unlimited developer who discovered CVE-2018–17144 Six hundred microseconds. That is about the time that Matt Corallo wanted to shave off of block validation with his pull request in 2016 to Bitcoin Core. 600µs is a lot less than what is saved with more efficient block propagation, like XThin, Compact Blocks, or now Graphene over typical links, especially those that are… Read More
Critical Bug Found in Bitcoin Core Invokes the Multiple Client Argument Over the last 24 hours, the cryptocurrency community has been discussing a critical vulnerability that was found in the Bitcoin Core (BTC) reference client. A bug introduced in Bitcoin Core version 0.14, that also affects all subsequent versions, could have caused a great majority of current Core nodes to crash. According to the developer’s Optech… Read More
A new CSS-based web attack will crash and restart your iPhone Sabri Haddouche tweeted a proof-of-concept webpage with just 15 lines of code which, if visited, will crash and restart an iPhone or iPad. Those on macOS may also see Safari freeze when opening the link. The code exploits a weakness in iOS’ web rendering engine WebKit, which Apple mandates all apps and browsers use,Haddouche told… Read More
New EOS Bug Steals Resources Directly From Users A new EOS bug has been discovered that allows users to use malicious code to steal RAM, which is a scarce resource in EOS blockchain. EOS,the fifth-largest cryptocurrency in terms of capitalization, has made headlines in connection with a new issue. A new EOS bug has been discovered that allows stealing resources directly from a… Read More
Debugging an evil Go runtime bug I’m a big fan of Prometheus and Grafana. As a former SRE at Google I’ve learned to appreciate good monitoring, and this combination has been a winner for me over the past year. I’m using them for monitoring my personal servers (both black-box and white-box monitoring), for the Euskal Encounter external and internal event infra,… Read More