Pages:
Author

Topic: Critical Security Release: Please update to Electrum 3.0.5 (Read 956 times)

sr. member
Activity: 807
Merit: 423
So, to recap, if we upgrade to 3.0.5. we can run Electrum and browse the web or run other apps at the same time safely, with no worries, right?
Also, why Thomas is not speaking in this thread? This is one of the worst problems in the whole Electrum history and it's strange its main developer wrote nothing about that here on bitcointalk...

I opened another thread, which is pinned.
https://bitcointalksearch.org/topic/vulnerability-discovered-in-electrum-26-to-304-please-upgrade-2721388
LZ
legendary
Activity: 1722
Merit: 1072
P2P Cryptocurrency
I have windows view. When running version 3.0.5 of electrum, it gives me errors: in api-ms-win-crt-runtime-I1-1-0.dll and in python_dll.
You need to install KB2999226 (to install it you may also need to install the latest Service Pack).
legendary
Activity: 1896
Merit: 1353
So, to recap, if we upgrade to 3.0.5. we can run Electrum and browse the web or run other apps at the same time safely, with no worries, right?
Also, why Thomas is not speaking in this thread? This is one of the worst problems in the whole Electrum history and it's strange its main developer wrote nothing about that here on bitcointalk...

I opened another thread, which is pinned.
newbie
Activity: 33
Merit: 0
1) I have windows view. When running version 3.0.5 of electrum, it gives me errors: in api-ms-win-crt-runtime-I1-1-0.dll and in python_dll. I downloaded these dll, but the errors continue. Then I said that I have to download the pyqt5 program and its packages, but it's very complicated. It seems to me that version 3.0.5 is too complicated to install. What solutions can I have?

2) Version 2.9.3 I protected it with a password from the beginning. Should I update even if I put a password?

Thanks you so much
hero member
Activity: 2576
Merit: 883
Freebitco.in Support https://bit.ly/2I9BVS2
How do I check which electrum version I'm running? I followed the instructions at the electrum website to install 3.05.    What command can I type that will print the version number now, so I can be sure?

Just look at the top left of the window



Also the Help > About

sr. member
Activity: 807
Merit: 423
How do I check which electrum version I'm running? I followed the instructions at the electrum website to install 3.05.    What command can I type that will print the version number now, so I can be sure?
legendary
Activity: 3710
Merit: 1586
Hi
Use 3.0.3
What is the main danger? It is possible more in detail? If I use the wallet on a separate laptop without surfing on the Internet, for me there is still a threat?
+ ptotected by password strong

Providing there's a strong password your encrypted seed can be gathered but if the password is 15+ chars it can't be hacked.

It is recommended you upgrade but if you have a password and dont surf the web from that device there shouldn't be too much of a threat.

Encrypted seed cannot be gathered i.e. they cannot get at the cipher text . All they can do is attempt to guess your password via the json rpc interface. That is a slow process so it's not really going to crack any sort of reasonably strong password.
legendary
Activity: 3710
Merit: 1586
Can others confirm here 100 percent that downloading the electrum windows installer from the official website is safe?

People say to look at the signature but you dont need to look at it though right if its the actual website since everyone who downloads electrum the new version is downloading it directly from electrum website?





You should check the signature since websites can get hacked. There are also lots of fake websites out there. Checking the signature rules out all of this. Sure it's a bit of a bother to learn how to check the sig but once you've learned it you can keep doing it every time you update electrum. And you will have to update electrum because it gets new releases very often.
full member
Activity: 1792
Merit: 186
Can others confirm here 100 percent that downloading the electrum windows installer from the official website is safe?

People say to look at the signature but you dont need to look at it though right if its the actual website since everyone who downloads electrum the new version is downloading it directly from electrum website?


legendary
Activity: 3710
Merit: 1586
3.0.5 was just released which fixes this bug completely.

Very good!


So, to recap, if we upgrade to 3.0.5. we can run Electrum and browse the web or run other apps at the same time safely, with no worries, right?
Also, why Thomas is not speaking in this thread? This is one of the worst problems in the whole Electrum history and it's strange its main developer wrote nothing about that here on bitcointalk...

He and the other developers were busy fixing the bug. He's said he will put out a statement soon.

The bug mainly affects people with no password on their wallets. If you have any sort of strong password like 10+ mixed characters you are safe.
hero member
Activity: 1666
Merit: 565
This is kinda .... disappointing ... always air gap! though.

Ditto!  IMHO, air gap is more secure than a hardware wallet.

ok well, air gap is great, but don't you think that is much more easy to buy and use a hardware wallet than to create an air gap? I don't even know where to start...
hero member
Activity: 811
Merit: 512
Enhalo Mining
3.0.5 was just released which fixes this bug completely.

Very good!


So, to recap, if we upgrade to 3.0.5. we can run Electrum and browse the web or run other apps at the same time safely, with no worries, right?
Also, why Thomas is not speaking in this thread? This is one of the worst problems in the whole Electrum history and it's strange its main developer wrote nothing about that here on bitcointalk...
full member
Activity: 1792
Merit: 186
Hey all.  Just want to make sure of this.

So download electrum from the website using windows installer like i did previously.  When i do this, would i need to copy and paste my 12 word seed?  I have updated electrum few times when it was in the 2.x version but i don't recall if i need to?  For example when you want to install electrum on a new device, you would install electrum and then click on i already have a seed and then you type the seed etc.

Thanks.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
Hi
Use 3.0.3
What is the main danger? It is possible more in detail? If I use the wallet on a separate laptop without surfing on the Internet, for me there is still a threat?
+ ptotected by password strong

Providing there's a strong password your encrypted seed can be gathered but if the password is 15+ chars it can't be hacked.

It is recommended you upgrade but if you have a password and dont surf the web from that device there shouldn't be too much of a threat.
newbie
Activity: 14
Merit: 0
Hi
Use 3.0.3
What is the main danger? It is possible more in detail? If I use the wallet on a separate laptop without surfing on the Internet, for me there is still a threat?
+ ptotected by password strong
newbie
Activity: 2
Merit: 0
This is kinda .... disappointing ... always air gap! though.

Ditto!  IMHO, air gap is more secure than a hardware wallet.
newbie
Activity: 7
Merit: 0
Windows blocked the file soon as I tried to open it.

I don't know who to trust now, if even the official website files get blocked.

Also I get the pop up when I open Electrum wallet, http://puu.sh/yWxUb/329776e8f1.png .

your Malwarebyte is not blocking the official website! nor is it blocking Electrum!

what it is blocking is an Electrum server called "us01.hamster.science". and that is a false positive that only Malwarebyte blocks for some reason.
just go to your Network settings (you can click on the circle at the bottom right corner of the Electrum window) and change your server from there. choose any other ones and you are good to go.

Thankyou. Now to figure out where my coins are lol.
legendary
Activity: 3472
Merit: 10611
Windows blocked the file soon as I tried to open it.

I don't know who to trust now, if even the official website files get blocked.

Also I get the pop up when I open Electrum wallet, http://puu.sh/yWxUb/329776e8f1.png .

your Malwarebyte is not blocking the official website! nor is it blocking Electrum!

what it is blocking is an Electrum server called "us01.hamster.science". and that is a false positive that only Malwarebyte blocks for some reason.
just go to your Network settings (you can click on the circle at the bottom right corner of the Electrum window) and change your server from there. choose any other ones and you are good to go.
full member
Activity: 241
Merit: 100
Hi people, having Electrum running and surfing web simultaneous makes the security breach. right?

I wanna know the attacker can surf my hard drive too? has he/she any access to my appdata content too?

Can he/she steal the wallet files from AppData\Roaming\Electrum and other wallets from AppData\Roaming\ too Huh

Should i make a new wallets for altcoins that have been at AppData\Roaming? Have other altcoins wallets leaked from this security bug?
newbie
Activity: 1
Merit: 0
I used electrum to sign an address that I have stored on my Trezor, does anybody know if this would this make me vulnerable?  I don't want to move the coins if I don't have to, since I signed up for an airdrop and would lose my spot in the queue.

I feel like probably not, but better safe than sorry?
Pages:
Jump to: