Critical Security Release: Please update to Electrum 3.0.5

Millionero

sr. member

Activity: 807

Merit: 423

Quote from: ThomasV on January 11, 2018, 10:23:06 AM

Quote from: Niya on January 08, 2018, 03:50:14 PM

So, to recap, if we upgrade to 3.0.5. we can run Electrum and browse the web or run other apps at the same time safely, with no worries, right?
Also, why Thomas is not speaking in this thread? This is one of the worst problems in the whole Electrum history and it's strange its main developer wrote nothing about that here on bitcointalk...

I opened another thread, which is pinned.

https://bitcointalksearch.org/topic/vulnerability-discovered-in-electrum-26-to-304-please-upgrade-2721388

LZ

legendary

Activity: 1722

Merit: 1072

P2P Cryptocurrency

Quote from: pesetacoin33 on January 11, 2018, 09:27:39 AM

I have windows view. When running version 3.0.5 of electrum, it gives me errors: in api-ms-win-crt-runtime-I1-1-0.dll and in python_dll.

You need to install KB2999226 (to install it you may also need to install the latest Service Pack).

ThomasV

legendary

Activity: 1896

Merit: 1353

Quote from: Niya on January 08, 2018, 03:50:14 PM

So, to recap, if we upgrade to 3.0.5. we can run Electrum and browse the web or run other apps at the same time safely, with no worries, right?
Also, why Thomas is not speaking in this thread? This is one of the worst problems in the whole Electrum history and it's strange its main developer wrote nothing about that here on bitcointalk...

I opened another thread, which is pinned.

pesetacoin33

newbie

Activity: 33

Merit: 0

1) I have windows view. When running version 3.0.5 of electrum, it gives me errors: in api-ms-win-crt-runtime-I1-1-0.dll and in python_dll. I downloaded these dll, but the errors continue. Then I said that I have to download the pyqt5 program and its packages, but it's very complicated. It seems to me that version 3.0.5 is too complicated to install. What solutions can I have?

2) Version 2.9.3 I protected it with a password from the beginning. Should I update even if I put a password?

Thanks you so much

TheQuin

hero member

Activity: 2576

Merit: 883

Freebitco.in Support https://bit.ly/2I9BVS2

Quote from: Millionero on January 10, 2018, 08:59:44 AM

How do I check which electrum version I'm running? I followed the instructions at the electrum website to install 3.05. What command can I type that will print the version number now, so I can be sure?

Just look at the top left of the window

Also the Help > About

Millionero

sr. member

Activity: 807

Merit: 423

How do I check which electrum version I'm running? I followed the instructions at the electrum website to install 3.05. What command can I type that will print the version number now, so I can be sure?

Abdussamad

legendary

Activity: 3682

Merit: 1580

Quote from: jackg on January 08, 2018, 08:25:26 AM

Quote from: xbtboss on January 08, 2018, 07:29:05 AM

Hi
Use 3.0.3
What is the main danger? It is possible more in detail? If I use the wallet on a separate laptop without surfing on the Internet, for me there is still a threat?
+ ptotected by password strong

Providing there's a strong password your encrypted seed can be gathered but if the password is 15+ chars it can't be hacked.

It is recommended you upgrade but if you have a password and dont surf the web from that device there shouldn't be too much of a threat.

Encrypted seed cannot be gathered i.e. they cannot get at the cipher text . All they can do is attempt to guess your password via the json rpc interface. That is a slow process so it's not really going to crack any sort of reasonably strong password.

Abdussamad

legendary

Activity: 3682

Merit: 1580

Quote from: jerry0 on January 08, 2018, 07:37:02 PM

Can others confirm here 100 percent that downloading the electrum windows installer from the official website is safe?

People say to look at the signature but you dont need to look at it though right if its the actual website since everyone who downloads electrum the new version is downloading it directly from electrum website?

You should check the signature since websites can get hacked. There are also lots of fake websites out there. Checking the signature rules out all of this. Sure it's a bit of a bother to learn how to check the sig but once you've learned it you can keep doing it every time you update electrum. And you will have to update electrum because it gets new releases very often.

jerry0

full member

Activity: 1750

Merit: 186

Can others confirm here 100 percent that downloading the electrum windows installer from the official website is safe?

People say to look at the signature but you dont need to look at it though right if its the actual website since everyone who downloads electrum the new version is downloading it directly from electrum website?

Abdussamad

legendary

Activity: 3682

Merit: 1580

Quote from: Niya on January 08, 2018, 03:50:14 PM

Quote from: Abdussamad on January 07, 2018, 07:54:48 PM

3.0.5 was just released which fixes this bug completely.

Very good!

So, to recap, if we upgrade to 3.0.5. we can run Electrum and browse the web or run other apps at the same time safely, with no worries, right?
Also, why Thomas is not speaking in this thread? This is one of the worst problems in the whole Electrum history and it's strange its main developer wrote nothing about that here on bitcointalk...

He and the other developers were busy fixing the bug. He's said he will put out a statement soon.

The bug mainly affects people with no password on their wallets. If you have any sort of strong password like 10+ mixed characters you are safe.

asdlolciterquit

hero member

Activity: 1666

Merit: 565

Quote from: Mordaz on January 08, 2018, 06:55:51 AM

Quote from: jubalix on January 07, 2018, 03:54:17 AM

This is kinda .... disappointing ... always air gap! though.

Ditto! IMHO, air gap is more secure than a hardware wallet.

ok well, air gap is great, but don't you think that is much more easy to buy and use a hardware wallet than to create an air gap? I don't even know where to start...

Niya

hero member

Activity: 811

Merit: 512

Enhalo Mining

Quote from: Abdussamad on January 07, 2018, 07:54:48 PM

3.0.5 was just released which fixes this bug completely.

Very good!

So, to recap, if we upgrade to 3.0.5. we can run Electrum and browse the web or run other apps at the same time safely, with no worries, right?
Also, why Thomas is not speaking in this thread? This is one of the worst problems in the whole Electrum history and it's strange its main developer wrote nothing about that here on bitcointalk...

jerry0

full member

Activity: 1750

Merit: 186

Hey all. Just want to make sure of this.

So download electrum from the website using windows installer like i did previously. When i do this, would i need to copy and paste my 12 word seed? I have updated electrum few times when it was in the 2.x version but i don't recall if i need to? For example when you want to install electrum on a new device, you would install electrum and then click on i already have a seed and then you type the seed etc.

Thanks.

jackg

copper member

Activity: 2856

Merit: 3071

https://bit.ly/387FXHi lightning theory

Quote from: xbtboss on January 08, 2018, 07:29:05 AM

Hi
Use 3.0.3
What is the main danger? It is possible more in detail? If I use the wallet on a separate laptop without surfing on the Internet, for me there is still a threat?
+ ptotected by password strong

Providing there's a strong password your encrypted seed can be gathered but if the password is 15+ chars it can't be hacked.

It is recommended you upgrade but if you have a password and dont surf the web from that device there shouldn't be too much of a threat.

xbtboss

newbie

Activity: 14

Merit: 0

Hi
Use 3.0.3
What is the main danger? It is possible more in detail? If I use the wallet on a separate laptop without surfing on the Internet, for me there is still a threat?
+ ptotected by password strong

Mordaz

newbie

Activity: 2

Merit: 0

Quote from: jubalix on January 07, 2018, 03:54:17 AM

This is kinda .... disappointing ... always air gap! though.

Ditto! IMHO, air gap is more secure than a hardware wallet.

Ghostdoggoz

newbie

Activity: 7

Merit: 0

Quote from: pooya87 on January 08, 2018, 12:08:21 AM

Quote from: Ghostdoggoz on January 07, 2018, 08:05:43 PM

Windows blocked the file soon as I tried to open it.

I don't know who to trust now, if even the official website files get blocked.

Also I get the pop up when I open Electrum wallet, http://puu.sh/yWxUb/329776e8f1.png .

your Malwarebyte is not blocking the official website! nor is it blocking Electrum!

what it is blocking is an Electrum server called "us01.hamster.science". and that is a false positive that only Malwarebyte blocks for some reason.
just go to your Network settings (you can click on the circle at the bottom right corner of the Electrum window) and change your server from there. choose any other ones and you are good to go.

Thankyou. Now to figure out where my coins are lol.

pooya87

legendary

Activity: 3472

Merit: 10611

Quote from: Ghostdoggoz on January 07, 2018, 08:05:43 PM

Windows blocked the file soon as I tried to open it.

I don't know who to trust now, if even the official website files get blocked.

Also I get the pop up when I open Electrum wallet, http://puu.sh/yWxUb/329776e8f1.png .

your Malwarebyte is not blocking the official website! nor is it blocking Electrum!

what it is blocking is an Electrum server called "us01.hamster.science". and that is a false positive that only Malwarebyte blocks for some reason.
just go to your Network settings (you can click on the circle at the bottom right corner of the Electrum window) and change your server from there. choose any other ones and you are good to go.

Potent

full member

Activity: 241

Merit: 100

Quote from: Potent on January 07, 2018, 05:49:12 PM

Hi people, having Electrum running and surfing web simultaneous makes the security breach. right?

I wanna know the attacker can surf my hard drive too? has he/she any access to my appdata content too?

Can he/she steal the wallet files from AppData\Roaming\Electrum and other wallets from AppData\Roaming\ too Huh

Should i make a new wallets for altcoins that have been at AppData\Roaming? Have other altcoins wallets leaked from this security bug?

tehol_bedict

newbie

Activity: 1

Merit: 0

I used electrum to sign an address that I have stored on my Trezor, does anybody know if this would this make me vulnerable? I don't want to move the coins if I don't have to, since I signed up for an airdrop and would lose my spot in the queue.

I feel like probably not, but better safe than sorry?

Topic: Critical Security Release: Please update to Electrum 3.0.5 (Read 947 times)