Maybe i am misunderstanding the change notes but it seems to me that that the fix that has been implemented in the newest release (v3.0.4 ~ 9 hours ago) has disabled default CORS approval which means the vulnerability could still be exploited by code running on the local computer; obviously a password protected wallet goes a long way to mitigate the chance of compromise.
While this is the case with most software i am not sure why the RPC is being enabled by default when 95% of users would have no use for it and the ones that did would be proficient enough to enable this for use.
Thanks for the heads up. Interesting to see it was first reported in Nov 2017 and not until today where a POC confirmed it as such a high risk
@steempower as I told @blocktrades too, you are very active in the steemit community, always informing people on everything, and your posts on Bitshares are really impressive. They helped me understand many more things about it!
I also wanted to stop by you and send you a big shout of appreciation for your support in one of the previous chapters of the guide. It was a huge support, and it really helped together with @blocktrades , @lukestokes , @starkerz , @cryptographic , @stephenendal , to reach many more people as expected, I have not counted again but all the first 4 chapters have reached the hands of more than 2,500+ people reach and 280+ comments and questions, and this is already amazing for me, because my aim of helping many new users, new visitors and minnows to understand as much as possible about steemit and the steem blockchain is becoming true!
Speaking about the 11 Chapter full Steemit guide, I was wondering your what do you think about it, and what feedback can you give me to improve it even more. I mentioned @blocktrades in Part 6, you can see the comment I sent to @blocktrades a few messages down here.
I will mention a lot from you in the future chapter about Steem a part of a larger ecosystem, were I speak about Bitshares!
Here is what Chapter 5 I posted today is about, and a link to it:
Chapter 5 of 11: Learning some of the many "Other ways to Earn Rewards on the Steemit Platform & Steem Blockchain" - This is part 5 of the 11 Chapters (Full Guide) to help new people make their way on Steemit
https://steemit.com/steem/@gold84/chapter-5-of-11-learning-some-of-the-many-other-ways-to-earn-rewards-on-the-steemit-platform-and-steem-blockchain-this-is-part-5
Looking forward to hear from you, in any comments section, of this or any chapter! As I told @blocktraes , your knowledge and experience together with @lukestokes @timcliff @starkerz @stephenkendal has been inspiring me to continue with the series, and even add more value and additions to it.
Regards, @gold84
Yes, from what I gathered the fix is to avoid you going to a web page that then transferred money from your electrum wallet when you unlocked it. A rogue program on your local machine can always steal money from your wallet when you unlock it. It's why I upvoted the guy who suggested you should keep a crypto computer where you don't install much software.
Just disabling RPC wouldn't really protect you from a rogue program. As soon as you unlock your wallet, a rogue program with enough privilege can send keystrokes to your wallet to do whatever it wants...
Thanks for your post!
Please Follow, Upvote & Resteem my post to help us to travel & explore more
https://steemit.com/travel/@jonbee/travel-with-us-ep-01-kushtia-sugar-mills-kushtia-bangladesh-bd-steemian
I have read your post now and I try to protect it from fake programs thanks to comments you make.Thanks for sharing sir.. @bloctrades