In one of the comments in that article: "I can't wait until someone legally changes their name to one of these sequences and we find out that all sorts of government databases didn't have functioning backups..."

I think you could put the "EICAR Test String" easily in a lot of databases, maybe as the answer to a security question, a special "delivery instruction"...

http://www.eicar.org/86-0-Intended-use.html

It's detected by almost any antivirus product, on my work computer the corporate antivirus immediately quarantines a file with this content.

X 5 O ! P % @ A P [ 4 \ P Z X 5 (...)

Not EICAR because that has to be at the start of the file. But some other signature, sure.

From a comment on that issue:

>Just for fun, there's about 8000 reachable nodes on the network at the time of writing. Assuming that a large portion of the network is unreachable (NAT, filtering, intermittent, just not listening), it's probably safe to assume there's probably at least 50,000 nodes with the complete blockchain. If we XOR just the chainstate, we cause 50000 * 430 MB of disk writes, 50000 * 430 * 2 MB read and write combined, somewhere in the region of 43TB. If we XOR the entire blockchain on disk we cause 50000 * 21000 * 2 MB of IO, around 1.95PB of RW across the wider Bitcoin network. Incredible.

Just 8000 bitcoin nodes? So much for the People's Distributed Currency.

8000 nodes listening on IPv4. There's probably hundreds of thousands of non listening ones. Not every node is listening, not every wallet is a node. You can still be trustless even without a copy of the blockchain at hand.

Those are probably 'full nodes' to participate in the network as a miner or casual user you don't need to run a full node.

Yeah, but if there are just 8,000 nodes, suddenly it seems like it wouldn't be all that hard to hijack the network.

It's possible I misunderstand, and overestimate the value of full nodes.

You're basically right though, there are regular calls on /r/bitcoin for people to run a full node because the number has gone down recently. I decided set one up on my dedicated host due to one of these.

Interesting - I have been meaning to look into how the blockchain works (I missed the get-rich-quick rush and dismissed it all until heard Andreessen explain the reasons)

Anyway - what does being a full node entail?

Simply run bitcoin-qt or bitcoind all the time and make sure that you have port 8333 open to the outside world (if you have a router, this usually means forwarding 8333).

It takes a few hours to a half day for the node to catch up, depending on your bandwidth and CPU, but after that it requires relatively little processing time. But you do need ~20 GB of free hard drive space for the blockchain.

Non-mining nodes just hold and relay validated blocks, they don't do anything that can be hijacked.

Full nodes host the memory pool for the txid's - So they serve a purpose: Making transactions propagate over the network. And serve blocks to nodes that are not up-to-date (And clients).

This is an old trick. A little while ago someone was putting the EICAR test string in email subject lines, headers, inside PDF files, in mime headers, and in other random places. He managed to crash a lot of enterprise level AV solutions and email servers. If you want to be a dick, just copy and paste that string everywhere you can. The AV will treat it like a real threat.

That somewhat reminds me of this: http://en.wikipedia.org/wiki/BLIT_(short_story)

Isn't this just an arms race, though? What's to stop people from doing this again?

Every host would have a unique mask.

Doesn't this make it slightly more difficult bootstrap a new node when you can't just copy an existing installation?

You shouldn't use that anyway, that's a trust needing operation. A bootstrap.dat file is what you want, which wouldn't have the obfuscation applied.

it won't solve the problem, the joker can simply inject a string that becomes a virus signature after XOR.

If every client uses his own keystream, then not.