Ethereum Security Still Ethereal, Has Yet To Appear After Hard Forks

The recent hard fork has failed to protect the ETH huffer ecosystem as yet another serious vulnerability was discovered in the Mist implementation, affecting all versions "including and prior to 0.8.6".

– From the Ethereum blog:

Mist is leaks (sic) some low level APIs which Dapps could use to gain access to the computers file system and read/delete files. This would only affect you if you navigate to an untrusted Dapp, which knows about this vulnerabilities and specifically tries to attack users. Upgrading Mist is highly recommended to prevent any exposure to attacks.

The severity of the bug is listed as high, and can be triggered by merely visiting a webpage containing malicious code or dapp. It finally occurred to the Mist developers that it might be a good idea to add the platform to the bug bounty program, whose fund is sure to be rapidly depleted considering the pace at which new bugs are discovered in this flaming-tire-in-a-shitpit of a platform. Pope Buterin inspired many lulz this week by tweeting "Who says Ethereum is "failing"? Pulling off HFs in 6 days b/w 5 clients with no consensus failures in 1 year is success to me." Consensus seems to be that he is now using scented rose-tinted glasses to cover up the offending smells that continuously emanate from the project.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>