Author: Aymeric Vitte 2019-11-10 00:23:03
Published on: 2019-11-10T00:23:03+00:00
Aymeric Vitte and LORD HIS EXCELLENCY JAMES HRMH had a conversation about the use of SOCKS proxy with Tor and its suitability for facilitating Bitcoin. Aymeric believes that using Bitcoin on the Tor network is not advisable, but using the Tor protocol for Bitcoin is useful for adding encryption and anonymity to the Bitcoin protocol. He recommends using node-Tor for this purpose. Aymeric also suggests that SOCKS proxy should be removed from Bitcoin core as it offers zero security. On the other hand, LORD HIS EXCELLENCY JAMES HRMH argues that Socks proxies have their use in controlled gateway infrastructure, and the Tor project is designed to allow anonymity and connection privacy. Thus, he believes that Tor connectivity should not be reduced. The discussion includes links to resources about Tor and its possible uses.They also discussed the disclosure of CVE-2017-18350, a buffer overflow vulnerability that allows malicious SOCKS proxy servers to overwrite the program stack on systems with a signed char type in Bitcoin Core v0.7.0rc1. The vulnerability was discovered by practicalswift in 2017 and disclosed to the security team on September 21. The fix for the vulnerability involved changing the dummy buffer to an explicitly unsigned data type, avoiding the conversion to/from a negative number. It was finally released in v0.15.1 on November 9, 2017. In 2019, the existence of the vulnerability was disclosed to the bitcoin-dev mailing list on June 22, followed by the disclosure of vulnerability details on November 8.The vulnerability existed since April 1, 2012, and was merged to the master git repository on May 8, 2012. It was published in v0.7.0rc1 on August 27, 2012, and released in v0.7.0 on September 17, 2012. Credit goes to practicalswift for discovering and providing the initial fix for the vulnerability, and Wladimir J. van der Laan for a disguised version of the fix as well as general cleanup to the at-risk code.In addition to Bitcoin Core, the email signature contains links related to Bitcoin and Zcash wallets, torrent blocklists, and anti-spy measures.
Updated on: 2023-06-13T22:12:49.482217+00:00