Lately some users have reported their antivirus software telling them that my personal domain and other domains* hosting the Bitcoin DNS seeds “contain malware”, are “suspected of a trojan”, and such. This is probably true. These domains are specially designed so that they resolve not to a website, but to…

CVE-2018–20586 is a log injection vulnerability which allows any software with access to the RPC port to create fake or confusing entries in the debug log. Valid authentication (username/password/cookie) for the RPC service is NOT required to exploit this vulnerability, only the ability to connect to the RPC port (which…

CVE-2017–18350 is a buffer overflow vulnerability which allows a malicious SOCKS proxy server to overwrite the program stack on systems with a signed `char` type (including common 32-bit and 64-bit x86 PCs). The vulnerability was introduced in 60a87bce873ce1f76a80b7b8546e83a0cd4e07a5 (SOCKS5 support) and first released in Bitcoin Core v0.7.0rc1 in 2012 Aug…

CVE-2018–20587 is an Incorrect Access Control vulnerability that affects all currently released versions of Bitcoin Core, including the latest 0.17.1 (and probably future releases too), as well as Bitcoin Knots prior to 0.17.1.knots20181229. You may be affected by this issue if you have the RPC service enabled (default, with the…

What was going to happen (BIP148) A number of months ago, the community decided to coordinate the activation of Segwit on August 1st, rather than continue delegation of this coordination to the miners, who had collectively been stalling the upgrade. This proposal was numbered BIP148, and widely supported by Bitcoin users. There was fear that 51%…

Over the last several weeks, I’ve seen a lot of people promoting BIP148/UASF on social media. Just the other day, someone announced they’d purchased numerous Raspberry Pis to run BIP148 full nodes. However, do these things really help BIP148? Not really. At this point, probably almost everyone reading r/Bitcoin or…

The changes in Segwit2x’s beta can be divided into 5 categories. I’ll start with the simplest part: branding. “Bitcoin Core 0.14.1” has become “btc1 Core 1.14.3”. Not much to say about this (although it’s interesting to note it’s based on the old 0.14.1 rather than 0.14.2 …

BIP148 is happening beginning on August 1st, 2017. But what does that mean for the average user? For purposes of reading clarity, “legacy” means nodes not enforcing BIP148. Risks for both legacy and BIP148 nodes (and the wallets trusting them) If and only if BIP148 has minority hashrate support, there will be a chain split. Whether your node supports BIP148 or not…