milksad
/
website-public
14
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Improve front page and navigation header links

This commit is contained in:
Christian Reitter 2024-02-13 15:27:14 +01:00
parent b5084bb9b5
commit 001af09770
4 changed files with 24 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
_includes/footer.html
View File

@ -1,3 +1,3 @@
<footer>
<span><a href="{{ site.url | relative_url }}/feed.xml">RSS</a>, <a href="https://git.distrust.co/milksad">Git</a><img src="/assets/base/milksad_bottle_transparent.svg" height="18px" alt="Milk Sad logo as icon"/></a></span>{{ site.footer }}
<span><a href="{{ site.url | relative_url }}/feed.xml">RSS</a>, <a href="https://git.distrust.co/milksad">Git</a>, <a href="{{ site.url | relative_url }}/lookup.html">old lookup</a> <img src="/assets/base/milksad_bottle_transparent.svg" height="18px" alt="Milk Sad logo as icon"/></a></span>{{ site.footer }}
</footer>

12
_includes/header.html
View File

@ -11,11 +11,13 @@
</li>
{%- for path in page_paths -%}
{%- assign my_page = site.pages | where: "path", path | first -%}
{%- if my_page.title -%}
<li><a href="{{ my_page.url | relative_url }}">
{{ my_page.title | escape }}
</a></li>
{%- endif -%}
{% unless my_page.exclude %}
{%- if my_page.title -%}
<li><a href="{{ my_page.url | relative_url }}">
{{ my_page.title | escape }}
</a></li>
{%- endif -%}
{%- endunless -%}
{%- endfor -%}
</ul>
</div>

25
index.md
View File

@ -19,7 +19,7 @@ A practical explanation of how weak entropy can ruin your day - and your savings
- We have reasons to believe some `Libbitcoin Explorer` versions before `3.0.0` also produce weak `bx seed` output in some system environments.
- Think of this as securing your online bank account with a password manager that creates a long random password, but it often creates the same passwords for every user. Malicious people have figured this out and drained funds on any account they can find.
## How?
### How?
<div style="float: left; margin-right:40px;margin-left:20px; margin-top:20px;margin-bottom:30px; width: 50%; display:table;">
<div style="display:table-row; justify-content: space-around;">
<img style="display: table-cell; vertical-align: middle;" width="25%" src="/assets/base/bx-mastering-bitcoin_left.jpg" />
@ -41,30 +41,35 @@ A practical explanation of how weak entropy can ruin your day - and your savings
- Why the silly "Milk Sad" name? Running `bx seed` on `3.x` versions with a system time of 0.0 always generates the following secret:
> milk sad wage cup reward umbrella raven visa give list decorate bulb gold raise twenty fly manual stand float super gentle climb fold park
## When?
### When?
The main theft occurred around 12 July 2023, although initial exploitation likely began at a smaller scale in May 2023.
A separate but similar vulnerability in another wallet software was detected in November 2022 and actively exploited shortly after, which may be the prequel to this story.
## Who?
### Who?
We did not identify who is behind the ongoing thefts from vulnerable wallets.
## Type
### Type
[CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)](https://cwe.mitre.org/data/definitions/338.html)
## Vendor
### Vendor
[Libbitcoin](https://github.com/libbitcoin)
## Further Reading
### Further Reading
See our [technical writeup](/disclosure.html) and [FAQ](/faq.html).
See our [technical writeup](/disclosure.html), [research updates](/updates.html) and [FAQ](/faq.html).
[CVE-2023-31290](https://nvd.nist.gov/vuln/detail/CVE-2023-31290) was a similar vulnerability in [Trust Wallet](
### Related Vulnerabilities
Trust Wallet:
- [CVE-2023-31290](https://nvd.nist.gov/vuln/detail/CVE-2023-31290) - [vendor advisory](
https://community.trustwallet.com/t/browser-extension-wasm-vulnerability-postmortem/750787
), see [Ledger Donjon's technical writeup](https://blog.ledger.com/Funds-of-every-wallet-created-with-the-Trust-Wallet-browser-extension-could-have-been-stolen/
).
) and [Ledger Donjon's technical writeup](https://blog.ledger.com/Funds-of-every-wallet-created-with-the-Trust-Wallet-browser-extension-could-have-been-stolen/
)
- [CVE-2024-23660](https://nvd.nist.gov/vuln/detail/CVE-2024-23660) - SECBIT Labs' [technical disclosure writeup](https://secbit.io/blog/en/2024/01/19/trust-wallets-fomo3d-summer-vuln/)
## Contact

1
lookup.md
View File

@ -2,6 +2,7 @@
title: /lookup
layout: home
permalink: /lookup.html
exclude: true
---
# Ride Closed 🚧