Electrum critical vulnerability fixed

Vulnerability allowed attackers to get access to the resources of users through Javascript
09 January 2018   371

Electrum's bitcoin wallet team confirmed the existence of a critical vulnerability that allowed hackers to access the resources of users through Javascript. Urgently released updates are said to have solved this problem.

Malicious sites could steal the bitcoins when they visited, if the Electrum was launched at that time. Access to the tools was possible through the default JSON RPC interface, through which arbitrary console commands were transferred to hackers, including exporting keys.

Google researcher Tavis Ormandy drew attention to the bug on January 6, but there is evidence that he was aware of it, at least last year. Soon after the publication of Ormandy's message, the Electrum team began preparing the patch.

The most dangerous in this case were wallets without a password. A fairly complex password is supposed to guarantee relative security if the wallet owner did not make transactions at that time.

The vulnerability was partially corrected in version 3.0.4, and on Monday night, January 8, Electrum team posted version 3.05 of the purse, which is supposed to close the vulnerability more reliably.

In particular, the JSON RPC interface is disabled when the wallet graphical interface is running, and by default the password protection of the wallet is enabled.

Texas to host BitBlockBoom conference

Bitcoin, blockchain and cryptocurrency conference BitBlockBoom will be held on July 14 - 15 to discuss the disruptive technology
19 May 2018   46

Bitcoin, blockchain and cryptocurrency professionals are going to convene in Irving, TX on July 14 through July 15. Brightest minds in crypto will be talking about the true meaning of Bitcoin, the promise of a distributed ledgers, and the potential of decentralization. First wave of speakers are as follows:

The conference will be held at the Study USA. Here is what the event says about itself:

Invest in yourself. Learning about cryptocurrency today is like learning HTML in the 1990s. With the proper training you can have a career spanning decades. With the proper knowledge you can avoid scams and discover opportunities to prosper in this new industry.

The event is sponsored by Crypto Unicorn Money. To learn more about the event, you can visit the official page here.