On 07-Jun-16 3:54 PM, Matthew Toseland wrote: > Freenet build 1474 has been partially released. It includes a critical bugfix > for the "Frostbite" bug: if you visit a malicious key, downloads can stop > working. This is being actively exploited on Frost and Sone/WoT. Unloading > WoT / turning off Frost and restarting the node should make it work again.
This crack was an exploit of Freenet. Not of Frost. It affected both users of WoT and users of Frost. It should for that reason not be called 'Frostbite' but 'Freenetbite'. All users of both programs during the attack must upgrade to the repaired version of Freenet, build 1474 because their node is corrupted and can not be repaired. Users whose node is corrupted can not upgrade over Freenet, they must use the clearweb upgrading method. Shut down Freenet. Windows users must use the DOS command line, navigate to the Freenet folder: update.cmd Linux users need this command: "./update.sh" This was not just some bug in Freenet, this attack was the most severe attack on Freenet I have seen in over 10 years of using Freenet. This crack was damaging all nodes of everybody who used either the Web of Trust plugin, or Frost. I think the importance of this crack should be taken seriously. This time the anonymity of Freenet users has not been endangered, but an attack this effective may well expose all damaged nodes. Since downloading a malicious key was enough, this crack could have been applied to the key of a freesite or even to the key to download a particular file. I know this is no good advertizing of Freenet but this has happened. Please allow this anonymous message on the support list. _______________________________________________ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
