Mike Hearn [ARCHIVE] on Nostr: 📅 Original date posted:2015-01-28 📝 Original message:> > It is not "fear", it ...
📅 Original date posted:2015-01-28
📝 Original message:>
> It is not "fear", it is field experience.
>
> JSON has proven to be a bug generator for the reasons already stated.
>
To back Jeff up on this point, today we see this story:
http://www.theregister.co.uk/2015/01/27/trivial_hole_left_black_phones_open_to_plunder/
The maker of BlackPhone – a mobile marketed as offering unusually high
levels of security – has patched *a critical vulnerability that allows
hackers to run malicious code on the handsets*. Attackers need little more
than a phone number to send a message that can compromise the devices via
the Silent Text application.
"The SCIMP protocol encodes messages as JSON objects, which are then
transmitted to the remote party over XMPP," Dowd explained to *The Register*.
"*The flaw I discovered occurs during the deserialization of these JSON
objects*. It is *a type confusion vulnerability*, which when exploited
allows an attacker to overwrite a pointer in memory, either partially or in
full. This pointer is later manipulated by the program and also the system
allocator, allowing you to do things such as pass arbitrary pointers to
free()."
The C++/Java/Python protocol buffer implementations are used by Google for
all internal inter-server communication. Any similar exploit in them would
result in total bypass of their entire internal security and auditing
system by allowing you to run code as any user. The Google security team is
very good, the protobuf code is carefully reviewed and the format is
relatively constrained. The chances of there being any security problems in
the parsing code generated by the protobuf compilers is drastically
smaller. As BIP70 requests are parsed by security sensitive code, this
matters.
The vision for BIP70 has always been to be a foundation for many features.
We haven't really done much with it so far because there have always been
higher priorities. But I hope that if Bitcoin continues to be successful
and grows, one day payment requests will have many different features in
them and those will likely include many complex data structures.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20150128/ec7ad39e/attachment.html>;
📝 Original message:>
> It is not "fear", it is field experience.
>
> JSON has proven to be a bug generator for the reasons already stated.
>
To back Jeff up on this point, today we see this story:
http://www.theregister.co.uk/2015/01/27/trivial_hole_left_black_phones_open_to_plunder/
The maker of BlackPhone – a mobile marketed as offering unusually high
levels of security – has patched *a critical vulnerability that allows
hackers to run malicious code on the handsets*. Attackers need little more
than a phone number to send a message that can compromise the devices via
the Silent Text application.
"The SCIMP protocol encodes messages as JSON objects, which are then
transmitted to the remote party over XMPP," Dowd explained to *The Register*.
"*The flaw I discovered occurs during the deserialization of these JSON
objects*. It is *a type confusion vulnerability*, which when exploited
allows an attacker to overwrite a pointer in memory, either partially or in
full. This pointer is later manipulated by the program and also the system
allocator, allowing you to do things such as pass arbitrary pointers to
free()."
The C++/Java/Python protocol buffer implementations are used by Google for
all internal inter-server communication. Any similar exploit in them would
result in total bypass of their entire internal security and auditing
system by allowing you to run code as any user. The Google security team is
very good, the protobuf code is carefully reviewed and the format is
relatively constrained. The chances of there being any security problems in
the parsing code generated by the protobuf compilers is drastically
smaller. As BIP70 requests are parsed by security sensitive code, this
matters.
The vision for BIP70 has always been to be a foundation for many features.
We haven't really done much with it so far because there have always been
higher priorities. But I hope that if Bitcoin continues to be successful
and grows, one day payment requests will have many different features in
them and those will likely include many complex data structures.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20150128/ec7ad39e/attachment.html>;