Connect with us


Mist Could Put Cryptocurrency Private Keys at Risk



mist ethereum

Mist, an ethereum browser, may be putting cryptocurrency private keys at risk.

The news about Mist came from a recently-published blog post by the Ethereum Foundation.

The threat rose from a newly discovered vulnerability, which the blog post classifies as “high severity.”

The said threat impacts all existing versions of the browser.

However, Mist browser compatible Ethereum Wallet is not affected, the post clarifies.

“Due to a Chromium vulnerability affecting all released versions of the Mist Browser Beta v0.9.3 and below, we are issuing this alert warning users not to browse untrusted websites with Mist Browser Beta at this time.

“Users of “Ethereum Wallet” desktop app are not affected,” the post made my Everton Fraga read.

As a result, Mist users are encouraged to shun “untrusted” websites.

They’re also advised to default to Ethereum Wallet to manage funds.

The vulnerability comes from the underlying software framework, Electron.

Electron’s wait in upgrading to a proper known security issues has led to several issues.

“The layer between Mist and Chromium, Electron, is a project led by GitHub that aims to ease the creation of cross-platform applications using JavaScript.

“Recently, Electron hasn’t kept up to date with Chromium, leading to an increasing potential attack surface as time passes,” the post explained.

As a result, the ethereum browser is thinking of migrating to a fork of Electron from Brave named Muon.

Muon is preferred since it has a more frequent release schedule.

The post clarified that the browser is still in beta mode.

He also warned that users that use the browser do so without warranty.

“The Mist Browser beta is provided on an “as is” and “as available” basis and there are no warranties of any kind, expressed or implied, including, but not limited to, warranties of merchantability or fitness of purpose,” Fraga said.

The developer described security as a “never-ending battle” in browser development, writing:

“making a browser (an app that loads untrusted code) that handles private keys is a challenging task.”

Security Checklist

Fraga alos gave out a security checklist that users can apply. These were:

• Avoid keeping large quantities of ether or tokens in private keys on an online computer. Instead, use a hardware wallet, an offline device or a contract-based solution (preferably a mix of those).

• Back up your private keys — Cloud services are not the best option to store it.

• Do not visit untrusted websites with Mist.

• Do not use Mist on untrusted networks.

• Keep your day-to-day browser updated.

• Keep track of your Operating System and anti-virus updates.

• Learn how to verify file checksums

Sponsored by the Ethereum Foundation, Mist is the most popular ethereum browser for browsing decentralized applications (dapps).

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Newsletter Subscription

Recent Posts



Copyright © 2017 Cryptal News

Translate »