Electrum critical vulnerability fixed

Vulnerability allowed attackers to get access to the resources of users through Javascript
09 January 2018   187

Electrum's bitcoin wallet team confirmed the existence of a critical vulnerability that allowed hackers to access the resources of users through Javascript. Urgently released updates are said to have solved this problem.

Malicious sites could steal the bitcoins when they visited, if the Electrum was launched at that time. Access to the tools was possible through the default JSON RPC interface, through which arbitrary console commands were transferred to hackers, including exporting keys.

Google researcher Tavis Ormandy drew attention to the bug on January 6, but there is evidence that he was aware of it, at least last year. Soon after the publication of Ormandy's message, the Electrum team began preparing the patch.

The most dangerous in this case were wallets without a password. A fairly complex password is supposed to guarantee relative security if the wallet owner did not make transactions at that time.

The vulnerability was partially corrected in version 3.0.4, and on Monday night, January 8, Electrum team posted version 3.05 of the purse, which is supposed to close the vulnerability more reliably.

In particular, the JSON RPC interface is disabled when the wallet graphical interface is running, and by default the password protection of the wallet is enabled.

Wyoming Passed Bill Exempting Utility Tokens from Securities Laws

The Wyoming House of Representatives has unanimously approved a bill exempting utility tokens from securities laws  
20 February 2018   71

On Monday, House Bill (HB) 70 passed the House 60 to 0 and will now head to the Senate. The bill exempts utility tokens from securities laws. This will attracts ICO’s launches to the state and will make the state a favorable environment for blockchain startups.

According to the bill, the utility token must meet three conditions:

  1. The token’s issuer must not market it as an investment;

  2. The token must be exchangeable for goods and services, for example, startups must have a working product or service at the time the tokens are issued;

  3. The token’s issuer must not actively make efforts to create a secondary market for the token by entering into a repurchase agreement or agreeing to locate buyers for the token.

It is important to note that there are four more cryptocurrency and blockchain-related bills currently moving through the Wyoming legislature.

HB 19 passed the House of Representatives on Monday and is now awaiting introduction in the Senate. The bill exempts cryptocurrency from the state’s money transmitter act.

HB 101 has passed its second reading in the House and, if it passes its final hearing, will then go to the Senate. This bill will allow companies to create and use blockchains for the purpose of storing records and conducting inter-office communication.

HB 126 has just passed its second reading in the House. It will allow the creation of series LLCs.

Senate File (SF) 111 passed a vote to introduce on Friday and is now headed to a committee hearing. This bill will exempt cryptocurrency assets from state property taxes.