+-+-+ +-+ +-+-+-+-+
|G|O| |4| |H|I|V|E|
+-+-+ +-+ +-+-+-+-+

 --- A GOPHER-LIKE INTERFACE FOR HIVE BLOCKCHAIN ---

Security Patch Announcement

BY: @steemitdev | CREATED: Jan. 26, 2018, 9:37 p.m. | VOTES: 130 | PAYOUT: $0.00 | [ VOTE ]

[IMAGE: https://steemitimages.com/DQmRPJ5AMZ8E2Dubgz3qNyvrwM3mn3oHGkedNunxn1GCNGD/isolated-3077193_960_720.jpg]

Earlier this week, steemit was informed of a potential vulnerability in steemd that could lead to a denial of service attack in both the API and P2P layers of steemd, but has absolutely no impact on the cryptography securing the Steem blockchain.

This threat did not create any risk to Steem accounts or token balances, however, our engineers quickly located the problem and fixed it. The patch was deployed to steemit's Steem nodes within 24 hours of discovering the bug. We have contacted witnesses to update their seed and witness nodes to preserve the stability of the P2P network and are in the process of informing exchanges to ensure their continuous operation. The patch doesn't require a replay; Node operators should simply update and restart steemd.

At this time, we do not believe the vulnerability is being actively exploited in any sort of attack, however, we recommend anyone running a steemd node upgrade to the newest version of stable. This can be done via docker pull steemit/steem using our provided Docker image.

steemit devs

[IMAGE: https://steemitimages.com/DQmaXiMZSetmdDXR54vjhKcFY4FQUZf6hLrYdpxvDdyawK8/logo-steemit%402x.png]

TAGS: [ #steem ]

Replies

@princeyk | Jan. 26, 2018, 9:40 p.m. | Votes: 0 | [ VOTE ]

Wow, i am glad the probem was identified on time and fixed. Thanks for the important update

@sarahvain | Jan. 26, 2018, 9:43 p.m. | Votes: 1 | [ VOTE ]

Thank you for looking after the community, the investments and the tech!

@ausbitbank | Jan. 26, 2018, 9:43 p.m. | Votes: 18 | [ VOTE ]

My witness, backup witness, seed and rpc nodes have all been updated now :)

@firedream | Jan. 27, 2018, 4:48 p.m. | Votes: 1 | [ VOTE ]

Dear @ausbitbank;

I need any help to stop @grumpycat hurting innocent people.
We have to show that Steemit is bigger than any bully who is trying to impose his own rules by using his high SP on innocent people.
The post below is the summary of the situation :
https://steemit.com/life/@firedream/stop-the-grumpycat
Thank you for any help to stop the actions of @grumpycat.

Best Regards.
[IMAGE: https://steemitimages.com/DQmUVoLXAax1cDe9iWa1dC98Gc15fQ66FwKajroX1YoV8Dt/image.png]

FD.

@mignacio | Jan. 26, 2018, 9:43 p.m. | Votes: 1 | [ VOTE ]

That's a relief. Thanks for the info

@steevc | Jan. 26, 2018, 9:43 p.m. | Votes: 3 | [ VOTE ]

Good to hear you are on the case. Security is a constant battle and Steemit is sure to come under attack as it gets more popular. Some of us remember a previous assault. At least we had some other options to access the blockchain.

@ddrfr33k | Jan. 29, 2018, 8:37 p.m. | Votes: 1 | [ VOTE ]

It's like a game of whack-a-mole, isn't it? The moment you patch one hole, another one shows up...

@klye | Jan. 26, 2018, 9:47 p.m. | Votes: 12 | [ VOTE ]

All my servers and services have been updated with the updated code.

Good work Steem Team!

@swelker101 | Jan. 26, 2018, 9:51 p.m. | Votes: 17 | [ VOTE ]

Witness updated. Thanks

@drakos | Jan. 26, 2018, 9:51 p.m. | Votes: 7 | [ VOTE ]

All my servers already updated.

@yehey | Jan. 26, 2018, 9:53 p.m. | Votes: 5 | [ VOTE ]

Updated and running smoothly. Thank you for a quick turn around of fixing the issue.

All my witness servers are up to date.
Full STEEMING continue.

Cheers,
@yehey

@rival | Jan. 26, 2018, 9:57 p.m. | Votes: 5 | [ VOTE ]

Check, I update 3 hours ago my witness servers.

@sircork | Jan. 26, 2018, 9:57 p.m. | Votes: 8 | [ VOTE ]

My witness is updated. Thanks.

@sircork | Jan. 27, 2018, 4:08 a.m. | Votes: 3 | [ VOTE ]

Still an anonymous pussy tho, eh TT?

@eljuans | Jan. 26, 2018, 10:03 p.m. | Votes: 0 | [ VOTE ]

could you explain how to do this o.O!!!!!!!!!!!!!

@rifat | Jan. 26, 2018, 10:03 p.m. | Votes: 1 | [ VOTE ]

wow great news.

@masterwriter | Jan. 26, 2018, 10:03 p.m. | Votes: 0 | [ VOTE ]

Kudos to the engineers for a timely intervention.
We are unstoppable.

@adsactly-witness | Jan. 26, 2018, 10:03 p.m. | Votes: 11 | [ VOTE ]

Witness fully updated! Thank you!

@dakini5d | Jan. 26, 2018, 10:04 p.m. | Votes: 0 | [ VOTE ]

Thanks so much for keeping us informed as quickly as possible of threats to Steemd security. Much appreciated!

@detoye | Jan. 26, 2018, 10:12 p.m. | Votes: 0 | [ VOTE ]

Ok. We totally understand that there will always be security risks. Now we can rest assured that your security team is actively in control. We shall keep steeming

@guiltyparties | Jan. 26, 2018, 10:18 p.m. | Votes: 1 | [ VOTE ]

It's been done for a while now. Thanks for the official post.

@charitybot | Jan. 26, 2018, 10:22 p.m. | Votes: 0 | [ VOTE ]

This isn't responsible for the network slowing down for about half the day each day, is it? Bandwidth seems to get crushed around the same hours all the time.

@timcliff | Jan. 27, 2018, 7:25 a.m. | Votes: 0 | [ VOTE ]

Bandwidth is unrelated.

@mahdiyari | Jan. 26, 2018, 10:23 p.m. | Votes: 2 | [ VOTE ]

Already updated seed and witness nodes.
keep up the updates:P

@therealwolf | Jan. 26, 2018, 10:26 p.m. | Votes: 3 | [ VOTE ]

Witness updated!

@decomoescribir | Jan. 26, 2018, 10:35 p.m. | Votes: 1 | [ VOTE ]

Way to go, guys!

How can we explore the next steemit updates? I would like to know what you guys working at in the near future...

@timcliff | Jan. 27, 2018, 7:23 a.m. | Votes: 0 | [ VOTE ]

https://github.com/steemit

@decomoescribir | Jan. 27, 2018, 7:28 p.m. | Votes: 1 | [ VOTE ]

Thanks!!

@mejustandrew | Jan. 26, 2018, 10:56 p.m. | Votes: 0 | [ VOTE ]

A DoS is not so bad unless it lasts a lot. It is great to hear that it is fixed now, you are moving fast, guys, great job!

@oldtimer | Jan. 26, 2018, 11:01 p.m. | Votes: 0 | [ VOTE ]

good job guys.

@arcange | Jan. 26, 2018, 11:02 p.m. | Votes: 2 | [ VOTE ]

All my witness servers are updated.
Node servers used by SteemSQL and Steemitboard have been updated too

@juicy-shark | Jan. 26, 2018, 11:26 p.m. | Votes: 0 | [ VOTE ]

Cryptwo Witness node has been all updated

@bobinson | Jan. 26, 2018, 11:30 p.m. | Votes: 1 | [ VOTE ]

updated

@official-hord | Jan. 26, 2018, 11:37 p.m. | Votes: 0 | [ VOTE ]

Thanks for sharing this information.

@gunner12guage | Jan. 26, 2018, 11:53 p.m. | Votes: 0 | [ VOTE ]

Good thing your on top of things guys. Good job

@samrg472 | Jan. 26, 2018, 11:57 p.m. | Votes: 1 | [ VOTE ]

My server has been updated, thank you.

@anarcho-andrei | Jan. 27, 2018, 12:01 a.m. | Votes: 1 | [ VOTE ]

Both my main and back up witness nodes are updated and running. Thanks for the update!

@aggroed | Jan. 27, 2018, 12:32 a.m. | Votes: 2 | [ VOTE ]

All jacked up and good to go!

@funbobby51 | Jan. 27, 2018, 1:09 a.m. | Votes: 1 | [ VOTE ]

It's reassuring to hear that there was such a quick and robust response before this vulnerability was exploited, good job to everyone involved!

@pfunk | Jan. 27, 2018, 1:38 a.m. | Votes: 1 | [ VOTE ]

My nodes are updated.

@locikll | Jan. 27, 2018, 3:03 a.m. | Votes: 5 | [ VOTE ]

@Curie 's Witness/Seed has been updated, Cheers.

@veleje | Jan. 27, 2018, 3:19 a.m. | Votes: 0 | [ VOTE ]

Suggestion, could it be added a check, verification, who of witnesses did update and give us voters this information on that witness web page, so we voters can ask 'our' witness to do their job or we can take votes away from the ones not doing update. Could this be done?

@klye | Jan. 27, 2018, 3:36 a.m. | Votes: 3 | [ VOTE ]

|
@steemitdev Got a 32.75% Vote via @klye |
|:----:|
| Send any amount of STEEM or SBD Over 1.000 & Recieve a RANDOM @KLYE VOTEMake sure to include the link to your post in the memo field of the transfer!( Any amounts < 1.000 STEEM or SBD will be considered donations ) |
| Vote power is Generated via RNG (Random Number Generator) |

@liberosist | Jan. 27, 2018, 3:59 a.m. | Votes: 1 | [ VOTE ]

Updated.

@precise | Jan. 27, 2018, 4:03 a.m. | Votes: 1 | [ VOTE ]

witness server update, up and running.

@blocktrades | Jan. 27, 2018, 5:20 a.m. | Votes: 3 | [ VOTE ]

Blocktrades' witness node was updated.

@lahvista | Jan. 27, 2018, 5:27 a.m. | Votes: 1 | [ VOTE ]

I LOVE knowing that you guys are on it. Thank you.

@pouchon | Jan. 27, 2018, 5:32 a.m. | Votes: 1 | [ VOTE ]

Good job dev, good to catch this issue before it is too late.

@idowu-kunlere | Jan. 27, 2018, 5:51 a.m. | Votes: 0 | [ VOTE ]

Kudos to all the engineers working around the clock to keep the Steem/Steemit platform safe.

In these days of volatile digital vulnerabilities, your tasks are no easy jobs! You guys and ladies rock.

@wokejijasper | Jan. 27, 2018, 5:53 a.m. | Votes: 3 | [ VOTE ]

How do I update my witness please?

@timcliff | Jan. 27, 2018, 7:26 a.m. | Votes: 0 | [ VOTE ]

If you are not running a witness server, then you don’t have to worry about it.

@setapart | Jan. 27, 2018, 7:22 a.m. | Votes: 1 | [ VOTE ]

Thats a great news...at least we have wonderful engineers. Thanks for info

@bitgeek | Jan. 27, 2018, 7:48 a.m. | Votes: 0 | [ VOTE ]

Congratulations @steemitdev, this post is the most rewarded post (based on pending payouts) in the last 12 hours written by a User account holder (accounts that hold between 0.1 and 1.0 Mega Vests). The total number of posts by User account holders during this period was 2609 and the total pending payments to posts in this category was $11820.44. To see the full list of highest paid posts across all accounts categories, click here.

If you do not wish to receive these messages in future, please reply stop to this comment.

@statsmonkey | Jan. 27, 2018, 8:15 a.m. | Votes: 0 | [ VOTE ]

Congratulations, your post received one of the top 10 most powerful upvotes in the last 12 hours. You received an upvote from @thejohalfiles valued at 281.70 SBD, based on the pending payout at the time the data was extracted.

If you do not wish to receive these messages in future, reply with the word "stop".

@cranium | Jan. 27, 2018, 8:40 a.m. | Votes: 0 | [ VOTE ]

Any information that the system is safe in me is very encouraging.

@akbarsyekhi | Jan. 27, 2018, 11:26 a.m. | Votes: 0 | [ VOTE ]

I am glad to hear you in this case. Security is a constant battle and Steemit may be attacked as it gets more popular. Some of us remember the previous attacks. At least we have some other options to access the blockchain..

@palik | Jan. 27, 2018, 12:51 p.m. | Votes: 1 | [ VOTE ]

> Earlier this week, steemit was informed of a potential vulnerability in steemd that could lead to a denial of service attack in both the API and P2P layers of steemd, but has absolutely no impact on the cryptography securing the Steem blockchain

Who informed?
Where informed ?
Could you refer to an issue or PR, please.

@evol14life | Jan. 27, 2018, 2:53 p.m. | Votes: 1 | [ VOTE ]

.

@libertyranger | Jan. 27, 2018, 2:58 p.m. | Votes: 0 | [ VOTE ]

My witness node is now compliant with the update as per @someguy123 revision he posted for steem-in-abox
[IMAGE: https://steemitimages.com/DQmVmeXMHhWL23zo2x5HMwXthJ2xUwBHSywR5FiSLZGJdsZ/image.png]

@rondras | Jan. 27, 2018, 7:50 p.m. | Votes: 1 | [ VOTE ]

good that you guys take care of it.

@isnochys | Jan. 28, 2018, 1:39 p.m. | Votes: 0 | [ VOTE ]

Where are the release notes?
What has been changed?

@alphacore | Jan. 28, 2018, 9:25 p.m. | Votes: 0 | [ VOTE ]

is this the reason poloniex deposit is broken again?

@vvk | Jan. 30, 2018, 6:32 a.m. | Votes: 0 | [ VOTE ]

Can you please provide URL to commit which fixes the issue? It that related to latest fc library changes?

@vandumxx | Feb. 2, 2018, 7:09 a.m. | Votes: 0 | [ VOTE ]

thanks for the info!
hehehe
great help...
God bless!!!

@shanto24 | Feb. 16, 2018, 1:32 p.m. | Votes: 0 | [ VOTE ]

Please visit this link
i am sure changing your mind
https://steemit.com/respect/@shanto24/great-steemit-user-2-18

Thank you..👌

[ BACK TO TRENDING ] [ BACK TO MENU ]
CMD>