You are viewing a single comment's thread from:

RE: Denial of Service Vulnerability Fix

in #steem6 years ago

Thanks for the shoutout. It is rewarding to help deliver an update that benefits the entire ecosystem.

Steem on!

Sort:  

Looks like you, @netuouso, are the hero of the day. :) Kudos for actually being on the lookout for something wrong, finding the vulnerability and working to fix it. A perfect trifecta of work and effort.

Now, for those of us who can appreciate this, but aren't certain just what it all may have meant for the pending transaction queue had it been attacked, is there anything you can explain about it that would help me to better understand what you all fixed without making any disclosures that shouldn't be disclosed? If not, that's okay. I'm still thankful for all you did. :)

A Denial Of Service (DOS) attack is where someone does something to keep the servers busy doing unnecessary work to slow the system down and prevent others from being able to access the service of the server. It would seem that there was a way to cause the transaction que to loop or do some other work that would keep it busy for a lengthy period of time and this was now fixed to prevent such an attack.

Hey, @happyme.

Thanks for the reply.

Right, so just what could have been exploited by slowing down the transaction queue and keeping it busy? Would a DOS attack allow something else to occur, like getting to what was in the transaction queue? I guess I'm trying to understand the magnitude.

Generally, a DOS attack is simply so that the server is useless and nobody can use it. It is not a security risk on its own.

On a DPoS blockchain a DoS can be a GRAVE security threat.

I will leave the reader with an exercise in figuring out how shutting off the networks servers at will (potentially after fixing the issue locally) would be detrimental in a DPoS blockchain

Thanks for that clarification, but you are now using terms way over my head. As a non-programmer, I can only understand stuff as it is explained to me in layman's terms. As far as I know, DOS stands for denial of service, which translates to not being able to serve the clients trying to access the server. Beyond that, I'm as ignorant as one can be about security or anything else technical and haven't a clue what a DPoS blockchain is. D=? but I assume PoS = Proof of Stake, as opposed to Proof of Work (PoW)? How or why those make any difference is way over my head at this time.

Okay. Thank you. That's what I was wondering, so I appreciate that.

Not sure if you're into token collecting, but for answering my questions, I'm going to send some of these your way. Hopefully it works. :)

!ENGAGE 100

Well, I'll be darned... I already had 150 tokens in the wallet that I didn't even know about! I'm now having all sorts of crazy ideas floating around in my head about the uses for Steem-engine. Thanks again for the tokens and the link to the website!

No problem. Maybe @abh12345 sent the others your way? Always nice to find out you have more than you thought you did. :)

As far as the crazy ideas, go for it. Crazy ideas have a way of becoming the next big thing. :)

Yes, the other coins were from abh12345. I seem to recall some mention of his coins, but there was no link like I just saw from yours. Probably he used a direct transfer method from within the site.

I've been working on an idea, but this Steem-engine would be great for non-coders like me. I'll definitely be looking deeper into it when I have my idea fully fleshed out.

Sweet! Thank-you! My first engagement tokens.

Here are your ENGAGE tokens!

To view or trade ENGAGE go to steem-engine.com.

oh yeah @netuoso is great at breaking STEEM with no mention by the elite in control then they seem to make a false vulnerability to give another of steemit incs stooges a leg up

https://steemit.com/steem/@naturicia/nijeah-who-broke-the-blockchain

Why do you even continue to use Steem if it is such a conspiracy?

I am not affiliated with SteemIt, Inc in any way

conspiracy (noun)
a secret plan by a group to do something unlawful or harmful.

the structure of your sentence suggested you didn't understand what a conspiracy is.
and the reason for staying would be to do my best to ensure as few victims as possible get manipulated into the various wealth extractors

you have lied multiple times in the past the most significant being when you performed a super high-risk test on the platform that couldn't have destroyed the chain and when approached lied through your teeth to protect yourself

surprising with the integrity youve shown your not no 1 witness

You have a sad, sour life. Wonder who hurt you as a child but hopefully you are able to move beyond it. Stay strong @isacoin. Stay strong.

lol initiating the @nextgencrypto manipulation strategy when called out

🎁 Dear @isacoin,

SteemBet Seed round SPT sale is about to start in 2 days!

When our started the development of SteemBet Dice game, we couldn’t imagine that our game would go so viral and that SteemBet would become one of the pioneers in this field.

In order to give back to our beloved community, we’ll distribute 4000 STEEM to SPT holders immediately after Seed sale. Plus, investors in this earliest round will be given 60% more tokens as reward and overall Return on Investment is estimated at 300%!

Join the whitelist on SteemBet webiste now and start investing! Feel free to ask us anything on Discord https://discord.gg/tNWJEAD

spt-sale-2-day.jpg

Grenat work @netuoso! Thanks for being our protocol guardian angel.

Good work!

thank you!

Oh hey he comes out of hibernation to actually use the steem blockchain this month! haha
But thanks for the fix.

Wonder what is more important for me to be doing... Commenting and posting about my life and my dogs? Or spending time building a business and working towards improving the security and resilience of the Steem blockchain. Hrmmmmmmmmmmmm.

Thanks for spotting this and helping the team to deal with it. Perfect security is impossible, but I would hope the people will work together to make Steem more resilient

Thank you!