Bitcoin Weekly 2014 April 9: The Heartbleed bug edition
For the web this week has been a huge gust of security news after an exploit discovered in a popular SSL encryption library–responsible for encrypting much of the web’s traffic–became well known. Due to the security-conscious nature of the Bitcoin community (and in no small part that bitcoin storage relies on strong security) this exploit, known as “Heartbleed”, became the center of activity.
In the wake of the exploit’s reveal, numerous exchanges, wallets, and services have patched, gone offline, suspended trades, logins, and etc. to make certain users, APIs, and web services affected had been fixed.
In the more staid news, the San Jose Quakes plan to accept bitcoins at their new stadium; and ad agency Joystick Interactive is giving a 20% discount to clients who pay with bitcoin. This and more in this week’s Bitcoin Weekly.
Heartbleed hits Bitcoin, community rebounds
Monday, an exploit affecting the popular OpenSSL encryption library became the news of the day. This bug, dubbed “Heartbleed” in particular had a massive impact on the Bitcoin community–a community which relies heavily on encryption and security and has seen numerous heists and other attacks.
As several Bitcoin-related services were vulnerable the entire community swiftly sprang into motion. Bitstamp went offline (but came back shortly), Bitfinex suspended withdrawals pending a patch, Blockchain.info patched a week ago, and LocalBitcoins is also patched. BTCjam suffered an actual heist of 42 BTC, which is still unfolding.
Coinbase has checked in with a blog post, “Coinbase is not vulnerable to this attack and will be taking extra precautions shortly to eliminate any further risks.” BitPay has also given notice that their service is unaffected (and patched) against Heartbleed.
Yesterday, Bitstamp went offline to patch against the Heartbleed bug; and then the site came back online. Logins are enabled, but withdrawals will remain suspended until sometime today. In a tweet, Bitstamp CEO Nejc Kodrič urged users to change their passwords out of an abundance of caution.
In all, the Bitcoin community reaction to the reporting of the OpenSSL Heartbleed bug has been swift and certain. Many prominent exchanges and payment services have made certain to patch their services and report back to the rest of the community. This sort of activity and the agility of action shows a level of maturity in the Bitcoin ecosystem that should make 2014 an interesting year.
Bitcoin Core version 0.9.1 released
Aligning with how agile the Bitcoin community is in general when it comes to security concerns, not only did the Heartbleed bug get the spotlight this week, Bitcoin Core got a patch almost immediately to fix it. The change to the Core is not a code change, instead it modifies dependencies to use a superior version of OpenSSL that lacks the exploit.
From the changelog:
No code changes were made between 0.9.0 and 0.9.1. Only the dependencies were changed.
– Upgrade OpenSSL to 1.0.1g. This release fixes the following vulnerabilities which can affect the Bitcoin Core software:
– CVE-2014-0160 (“heartbleed”)
A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server.– CVE-2014-0076
The Montgomery ladder implementation in OpenSSL does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.– Add statically built executables to Linux build
All users should upgrade.
San Jose Quakes to accept bitcoin at their new stadium
Bitcoin adoption is an interesting topic, and one that’s worth reporting on. So when the San Jose Quakes’s President Dave Kaval announced that the team would be taking BTC for tickets and merch, it was interesting to note.
Although the Quakes are not the first professional sports team to accept BTC (that honor goes to the Sacramento Kings) they are the newest to jump on the bandwagon. When it comes to electronic cash, bitcoins provide a powerful tool for payment on the go, highlight by Kaval’s thoughts on the matter of being able to pay at the door via mobile.
Professional sports could make for an interesting experiment for bitcoin acceptance and merchants not traditionally tied to the web.
Joystick Interactive accepting bitcoin payments
Adding to more bitcoin adoption, ad agency and media production company Joystick Interactive is now accepting payments in bitcoin from clients. Speaking to ForexMinute, CEO Chris Wilson said that one of the reasons bitcoin is being embraced by his company is because aside from being dedicated to creativity and innovation, Joystick Interactive sees bitcoin payments as much easier for his international clients.
Not simply willing to sit back and let the virtual currency flow in, Joystick Interactive is also starting a discount for clients who pay in bitcoin. With this promotion, clients who use BTC for media and advertising at the company will receive a 20% discount.
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU