2/26/2023 0 Comments Tails electrum 3.1.3 fix![]() ![]() As gits7r described, this attack was a simple phishing attack. Just to touch on that before I respond to you gits7r, for years now it is fair to say that no O/S, especially any Windows O/S, is just not safe to run a hot wallet with any funds in them. Gits7r thank you for coming back to me and taking the time to accurately respond through what is a github forum full of people getting phished by this clever but equally callous attack resulting in novices loosing funds. Nothing we can do about these time wait periods. Some time has to pass when uploading a package to Debian, it goes through unstable. There are tickets on both, I am closely monitoring them and I assure you the version in Tails and Debian stable-backports will be upgraded. This issue actually has no scope here, but it's good that you opened it so interested people can have the confirmation that things are being taken care of. ![]() Not to mention the entire OS and other apps, it has absolutely nothing to do with them. As long as the phishing message is ignored and no malware is installed, not even Electrum is at risk, that version is OK to use. In Tails it's not so simple like in other OSes to install third party software, so Tails Electrum users are better of held back from doing such mistakes. In fact not even Electrum is affected, it requires action from the user to manually install a backdoored Electrum from an untrusted source without verifying signatures. Under any circumstances the entire OS is NOT affected, nor other applications. Other than this annoyance, there is no security risk. Except is somewhat annoying because you get warning messages all the times (from malicious servers the message with the phishing scam and the malware website to install a backdoored Electrum, and from honest servers the message we use to counter the phishing attack that your transaction was broadcasted but you should upgrade from because you are using a vulnerable version). The Electrum version currently used in Tails is safe to use. The problem is that Electrum displays is as rich text and adds more weight to the confusion. It's a phishing scam, that exists since the internet exists, and will continue to do so and target anything from wallets, online bank accounts, social media accounts, email accounts, etc. Electrum Debian package maintainer was offline for a period and will hopefully resume work by Mid February.Īs soon as Electrum is upgraded in Debian stable-backports, it is also automatically included in the next Tails release. ![]() At this moment, this is what we have in stable-backports. It has to be in debian stable-backports in order to be shipped with Tails. The situation of software shipped by default in Tails is a little bit different. I assume this is more of Tails developers job that Electrum, but as Tails has supported the Electrum project for years is it worth engaging with them to upgrade (if not done so already?) Secondly, will Tails version upgrade Electrum to current version now that Tails is using an unsafe version of Electrum which in theory could not only affect Electrum but also the whole Tails O/S ? I currently feel with so many issues regarding Electrum versions it is safer to continue to use old version on Tails - for now? "Error: Your transaction was still broadcasted but you are using an older version of Electrum that has a vulnerability. When broadcasting transactions on certain Electrum servers, a message saying something along the lines of: Hence, Tails is still shipping with Electrum 3.1.3. You can also use off-line signing of transactions with Tails, thus increasing security.ĭownsides to this is that the Electrum development has kept updating much faster than the Tails O/S can keep track of versions. ![]() If you dont use persistance in Tails, you would have to keep upgrading Electrum to latest version everytime you run Tails.so for now you are stuck on 3.1.3. Using Tails without persistance you get a fresh and secure copy of Electrum every time to use, and you are certain that the version is correct (provided you verified Tails in the first instance). On latest version of Tails (Build 3.12 release circa Jan 2019) is still shipping with Electrum 3.1.3 ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |