The Ethereum ecosystem is no different than the Windows or IoT landscape, where security flaws remain unpatched for long periods of time, despite the availability of public patches. See also Telemedicine, AI, and deep learning are revolutionizing healthcare (free PDF) In a report shared with ZDNet today, security researchers from SRLabs revealed that a large chunk of the Ethereum client software that runs on Ethereum nodes has not yet received a patch for a critical security flaw the company discovered earlier this year. “According to our collected data, only two thirds of nodes have been patched so far,” said Karsten Nohl, one of the researchers. Parity DOS flaw can lead to 51% attacks The vulnerability is a denial of service (DoS) vulnerability in the Parity client that can be used to run Ethereum nodes. Per SRLabs, the vulnerability allows an attacker to remotely crash Ethereum nodes (that run Parity) by sending malformed packets. The issue was fixed with the release of the Parity Ethereum client v2.2.10, in mid-February this year, a few days after it was reported. While most DoS flaws are considered “low impact” for most products, this is not the case in the cryptocurrency world. DoS flaws allow attackers to crash legitimate nodes. Attackers often exploit DoS vulnerabilities against blockchains to allow malicious nodes to gain a majority over legitimate ones. When attackers crash enough nodes, they can overwhelm the network and gain a 51% majority on the blockchain, giving them the ability to carry out double-spend attacks… [Read full story]
ZDNet is a business technology news website published by CBS Interactive, along with TechRepublic. The brand was founded on April 1, 1991, as a general interest technology portal from Ziff Davis and evolved into an enterprise IT-focused online publication owned by CNET Networks.