Mist, an ethereum browser, may be putting cryptocurrency private keys at risk.
The news about Mist came from a recently-published blog post by the Ethereum Foundation.
The threat rose from a newly discovered vulnerability, which the blog post classifies as “high severity.”
The said threat impacts all existing versions of the browser.
However, Mist browser compatible Ethereum Wallet is not affected, the post clarifies.
“Due to a Chromium vulnerability affecting all released versions of the Mist Browser Beta v0.9.3 and below, we are issuing this alert warning users not to browse untrusted websites with Mist Browser Beta at this time.
“Users of “Ethereum Wallet” desktop app are not affected,” the post made my Everton Fraga read.
As a result, Mist users are encouraged to shun “untrusted” websites.
They’re also advised to default to Ethereum Wallet to manage funds.
The vulnerability comes from the underlying software framework, Electron.
Electron’s wait in upgrading to a proper known security issues has led to several issues.
“Recently, Electron hasn’t kept up to date with Chromium, leading to an increasing potential attack surface as time passes,” the post explained.
As a result, the ethereum browser is thinking of migrating to a fork of Electron from Brave named Muon.
Muon is preferred since it has a more frequent release schedule.
The post clarified that the browser is still in beta mode.
He also warned that users that use the browser do so without warranty.
“The Mist Browser beta is provided on an “as is” and “as available” basis and there are no warranties of any kind, expressed or implied, including, but not limited to, warranties of merchantability or fitness of purpose,” Fraga said.
The developer described security as a “never-ending battle” in browser development, writing:
“making a browser (an app that loads untrusted code) that handles private keys is a challenging task.”
Fraga alos gave out a security checklist that users can apply. These were:
• Avoid keeping large quantities of ether or tokens in private keys on an online computer. Instead, use a hardware wallet, an offline device or a contract-based solution (preferably a mix of those).
• Back up your private keys — Cloud services are not the best option to store it.
• Do not visit untrusted websites with Mist.
• Do not use Mist on untrusted networks.
• Keep your day-to-day browser updated.
• Keep track of your Operating System and anti-virus updates.
• Learn how to verify file checksums
Sponsored by the Ethereum Foundation, Mist is the most popular ethereum browser for browsing decentralized applications (dapps).
- Illinois Blockchain Task Force Cites Uses for Blockchain in Government Operations 2 February 2018
- India’s Finance Minister Arun Jaitley Reiterates Stance on Cryptos 2 February 2018
- Commodity Futures Trading Commission Bolsters Bitcoin Futures Review 2 February 2018
- Shipping Giant UPS Lists Bitcoin as Potential Form of Payment in Locker Service 2 February 2018
- Bee Token ICO Investors Scammed Out of Almost $1 Million 2 February 2018
Ethereum4 days ago
Philippines Securities Regulator Issues Cease and Desist Order to ICO
Bitcoin3 days ago
Bitcoin Price Getting Weighed Down by Negative News
Business4 days ago
Tether Severs Ties with Audit Firm Friedman LLP
Blockchain4 days ago
NIST Publishes Blockchain Overview for Business Beginners