Last Few Weeks of Development Until Launch

you might have heard about the xmr html GUI having a security flaw that allowed an attacker to do any RPC command if the user went to a site with some special code.

Since iguana GUI is html based, this concerned me and I started investigating. linked up with ca333 who knows a ton about this sort of thing. What I learned was that in html space things are quite dangerous. For the convenience you have a much much much bigger attack surface.

Needless to say we had to improve the security for iguana GUI (if you are using any HTML based GUI it is advisable to make sure it is as secure as required). We finally figured out how to make the iguana html GUI as secure as a QT wallet. It did require some major additions to the baseline, but when security of your money is at stake, then we do what we have to do.

I just released the enhancements needed to the iguana core, so shortly the GUI will be able to utilize it and we can get an html wallet that is both easy to install/use and secure.

Now if your computer is infected with a keylogger or something like that, there isnt much that anything can do, even though with our approach it is somewhat resistant to keylogger. however a keylogger would open a different attack vector which might or might not be prevented based on usage. So, your system must be clean of keyloggers and such malware. In that case even if you browse to an injection attack site you will be protected. Generally speaking, best to not be browing to random sites when using an html wallet. However, if a banner ad leads to a page with injection codes…

The komodod side is in the final stretch. I rebased to the zcash bugfix version that improves performance and fixes some important protected mode bugs.

lots of progress on the assetchains, with over 40 chains now part of the komodo family. just a few more things to validate and I am actually now coding the DEX layer which will be a layer on top of the komodod and iguana core, so it is a nice flexible layer that will be relatively smooth to deploy, ie. just run it as a dapp

I thank everybody for their patience and maturity as we make improvements to the ICO site to accomodate BTCD holders. I know BTC peoples dont really care about such things, but please know that the tech is in the finalization process and this time is needed to get rid of the final showstopper issues.

I would say that a potential security breach via injection websites is pretty important to fix!

Assuming we can get the final two pax functionalities validated, we can mainnet with pax enabled. A fallback release would disable pax for the initial release and we would need to hardfork to enable it. Since the GUI for pax is not yet, it might not be a big deal either way. Personally I prefer to get all the hardforks out of the way while it is in “testnet” status.

In the next weeks you will see a lot of campaigning from the notary nodes operators and this shows that komodo is unique with a community responsive set of notary operators, instead of miners that are just silently mining. The proactive notary operators can and will bring in marketing for komodo in addition to helping expand the overall reach of komodo. Few people really understand the full scope of what komodo can do and the notary node operators are most of this few.


Bitcointalk Topic Entry

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

5 + 3 =