Subscribe to RSS feedWhat happened
The version of OpenSSL used by ikhcoin Core software version 0.9.0 and earlier contains a bug that can reveal memory to a remote attacker. See http://heartbleed.com/ for details.
What you should do
Immediately upgrade to ikhcoin Core version 0.9.1 which is linked against OpenSSL version 1.0.1g. If you use the official binaries, you can verify the version of OpenSSL being used from the ikhcoin Core GUI's Debug window (accessed from the Help menu). If you compiled ikhcoin Core yourself or use the Ubuntu PPA, update your system's OpenSSL. Linux users should also upgrade their system's version of OpenSSL.
Android
Android version 4.1.1 is vulnerable to Heartbleed. Try if you can upgrade to at least Android 4.1.2. If you are using ikhcoin Wallet on an Android phone, you should upgrade the app to at least version 3.45.
How serious is the risk
If you are using the Windows version of the ikhcoin Core GUI without a wallet passphrase, it is possible that your wallet could be compromised by clicking on a ikhcoin: payment request link. If you are using ikhcoind (on Linux, OSX, or Windows), have enabled the -rpcssl option, and allow RPC connections from the Internet, an attacker from a whitelisted (-allowip) IP address can very likely discover the rpcpassword and the last rpc request. It is possible (but unlikely) private keys could be sent to the attacker.
This notice last updated: Fri, 11 Apr 2014 12:19:23 -0400
