sadly i am from reading her tweets it was 2 days ago https://twitter.com/SarahJamieLewis/status/1015395299035045890 seems the side tangle was stitched to the main tangle that took down all nodes. https://medium.com/@lewisfreiberg/whats-up-with-the-tangle-d825c692e7a8
looks like a total clusterfuq as they scrambled to update their security hole before it was exposed at blackhat, which they didnt do in time. reads like a dogs breakfast of a project https://twitter.com/matthew_d_green/status/1027198787448659969 kudos for fixing it but not being transparent and internal politics could make the whole thing implode.
every other coin in the top 10 has been more transparent. not sure i can site an example for another coin where a vulnerability was exposed, only partly fixed and the party that highlighted the vulnerability then being attacked. they have all been transparent about their code base and security, i would say these are fundamentals in any crypto and black hat to pwn the iota price even further after their presentation.
Bug bounties rewarding parties which find critical flaws are quite common. EOS has offered them, I think Nano maybe from memory and Dash are examples.
I don't think IOTA is not being transparent. Rather the team don't really know what they are doing, so they can't really communicate something they don't know. They openly say they don't know how it will work in the wild!
its more than a single (supposed) vulnerability. they admitted it and fixed it but are yet to fix it in the centralised coordinator node, which they now admit have been quietly trying to fix in the background. this will be the subject of the black hat presentation. definitely appear not to be a cohesive team, however they do at least acknowledge the vulnerability is serous.
Doesn’t matter that I don’t have the technical skills to understand or explain what the issue is. There’s enough comment from others pointing to a lack of honesty to satisfy myself.
The hallmark of a thinking individual is that they assess each issue on merit. I'm satisfied that IOTA is not for me as I'm satisfied that AGW is premised on shaky scientific ground. Let's focus on the topic and not on me.
think you have the blinkers on still they way i read this they acknowledge its a problem and are concerned about the blackhat presentation.
they are up for the crypto pwnies award at the blackhat conference, makes me think they are worried. also the fact that they are trying to update it, if they didnt see it as an issue why spend so much effort in changing it, especially before the blackhat? https://latacora.singles/2018/08/08/roca-vs-robot.html good luck to iota winning the pwnies award
enough to call it out in their conference. its a real issue, blackhat presentations dont just present 'zomg we think this could be a problem'. theres billions at stake here, total recklessness.
pwnies award nomination https://pwnies.com/nominations/ IOTA Curl-P Credit: Ethan Heilman and Neha Narula We are informed reliably by the community of IOTA token owners on Twitter of the following important facts: Because of the unique challenges of operating in the space of cryptographic tangles it is necessary to compute using balanced ternary, with trits and trytes instead of bidgets and bytes. 3 is closer to the universal optimum 2.71 than is 2. Balanced ternary is the future, and so the cryptocurrencies of the future need a hash function optimized for their number system. Only IOTA (ticker: MIOTA) provides that today, with its proprietary Curl hash. There is no truth to the claims of Heilman and Narula that Curl could be broken using a cryptanalysis technique discovered in the 1970s and taught to college sophomores. Curl is not vulnerable to differential cryptanalysis. It is not trivially possible to generate practical collisions for messages of the same length. The paper Heilman and Narula wrote was irresponsible and sensational and they should be disgraced publicly. Heilman and Narula did not send the IOTA team valid payments that pay different amounts but hash to the same Curl value. Even if they did, the IOTA team knew about those vulnerabilities all along. Obviously, Heilman and Narula paid Black Hat to present their research there. Hopefully, the IOTA foundation will pay more to present their side next year. IOTA prices are rallying, building on current gains, poised to pop, outperforming another top 10 cryptocurrencies rated by market value as per CoinMarketCap. Buy now!
lets see what they present at blackhat. facts: heilman and narula found the vulnerability, iota team acknowledged and changed it (including attacking them), except for their centralised controller and now argue internally that they havent fixed it in time for heilman and narulas blackhat presentation. do you still think its not a vulnerability? why did they update it?
might be time to bow out of this thread again and admit no amount of evidence will sway the believer.
ok ill bite, what was their reasoning for changing it? https://www.blackhat.com/us-18/brie...-forgeries-in-the-iota-signature-scheme-10891
reads just as i stated, the vulnerability was found and they patched it, bringing the whole network down for 3 days while it was upgraded. they intended to also fix the cetralised controller but for whatever reason they havent gotten around to it, hence the vulnerability still exists. their presentation at blackhat was last week, seems to have triggered the leak of their board meeting. not something i would want to be heavily invested in, risk profile is off the charts, you have bigger cojones than me.