Critical Security Release: Please update to Electrum 3.0.5 - page 3.

vlom

legendary

Activity: 1498

Merit: 1117

Quote from: gishab56 on January 07, 2018, 09:03:34 AM

Oh shit!

I have 13.5BTC in my Electrum wallet with passwords protected but not very strong. i haven't claimed any forks yet. I use windows 10 with a licensed Kaspersky security. what are best advices for me?

if you really have 13.5 BTC then i would buy a hardware wallet.
https://www.ledgerwallet.com or https://trezor.io.

gishab56

newbie

Activity: 28

Merit: 0

Oh shit!

I have 13.5BTC in my Electrum wallet with passwords protected but not very strong. i haven't claimed any forks yet. I use windows 10 with a licensed Kaspersky security. what are best advices for me?

BitcoinSupremo

copper member

Activity: 1442

Merit: 529

Quote from: inastorytold on January 07, 2018, 07:55:10 AM

Apologies for basic question, but just wanted to check the following:

I have an older version (2.8.x)
I have not split my forked coins - everything has been untouched for some time.
Am I correct in thinking I can just download the latest version and it will open my current wallet by default, leaving all forked coins intact and accessible until I manage to stop being such a luddite and learn how to separate them?

Thanks in advance.

I was in the same situation as you , I had version 2.9.3 sitting around from a lot of time so I just installed the latest version from the official electrum website and I checked my balance and my settings, everything was untouched so I guess I am safe. Still I have not a big amount in my electrum wallet as I keep majority of my coins in Ledger HW.1 hardware wallet.

TheQuin

hero member

Activity: 2576

Merit: 883

Freebitco.in Support https://bit.ly/2I9BVS2

Quote from: inastorytold on January 07, 2018, 07:55:10 AM

Apologies for basic question, but just wanted to check the following:

I have an older version (2.8.x)
I have not split my forked coins - everything has been untouched for some time.
Am I correct in thinking I can just download the latest version and it will open my current wallet by default, leaving all forked coins intact and accessible until I manage to stop being such a luddite and learn how to separate them?

Thanks in advance.

Yes, that would work fine. Always make sure you have written down your seed phrase before upgrading just in case. You'll find instructions on how to split the coins on this board of the forum when you're ready to do it. If you're not using Electrum then there is also no hurry to upgrade. Just don't open the old Electrum and surf the web at the same time.

inastorytold

newbie

Activity: 2

Merit: 0

Apologies for basic question, but just wanted to check the following:

I have an older version (2.8.x)
I have not split my forked coins - everything has been untouched for some time.
Am I correct in thinking I can just download the latest version and it will open my current wallet by default, leaving all forked coins intact and accessible until I manage to stop being such a luddite and learn how to separate them?

Thanks in advance.

schyter

sr. member

Activity: 385

Merit: 257

Open to any CryptoBusiness idea you have for Ghana

Let me get something straight.

I simply installed v 3.0.4 to overwrite current version
Is this appropriate??

Or do i have to completely uninstall the old version, and then reinstall the new v 3.0.4 and then do a restore of the wallet

DooMAD

legendary

Activity: 3948

Merit: 3191

Leave no FUD unchallenged

Quote from: MCLXS411 on January 07, 2018, 07:32:51 AM

If you update to 3.0.4., is there still a threat ?

By their very nature, vulnerabilities like this can only be patched once they're discovered. 3.0.4 fixes this threat, but there could always be others. Always remember that there's an entire internet full of potentially dangerous people out there who would much rather see some Bitcoin in their wallet rather than yours. It's ultimately your responsibility to secure the computers or devices that you use to store your funds. Human nature means it's easy to get complacent about security, but that leads to breaches and potential loss of your funds. Always be vigilant. Keep backups, use strong passwords, be wary of browsing the internet with JavaScript fully enabled, don't allow your devices to be infected with keyloggers or other malware, don't leave large sums in a single wallet, and consider things like cold storage, multisig and paper wallets.

schyter

sr. member

Activity: 385

Merit: 257

Open to any CryptoBusiness idea you have for Ghana

Quote from: audaciousbeing on January 07, 2018, 06:55:35 AM

I don't know about the technicalities or how they are to hack the software with all the mnemonics attached. When I saw the flash message early in the day, I upgraded immediately and my wallet is already password protected. I hope everything is safe and everyone is able to stop panicking especially those who are not on the forum to read the warning and the progress that has been made. Electrum is one wallet that to a large extent has been able to create a niche for itself and I think vulnerability at this time will tarnish the over the years reputation.

You are right.
1. I am protected by a decent wallet password
2. I only use mozilla browser
3. I have upgraded to the v3.0.4

Nevertheless, this vulnerability is getting into my head too much.
Its image has already been tarnished with me and it may be the same with other people and is likely to last for years.
I love electrum though for its light-weight feature and other features as well.

Maybe i should give electrum a second chance

MCLXS411

newbie

Activity: 19

Merit: 0

If you update to 3.0.4., is there still a threat ?

jackg

copper member

Activity: 2856

Merit: 3071

https://bit.ly/387FXHi lightning theory

Quote from: Darooghe on January 07, 2018, 07:04:30 AM

Should we install new version and make new seeds then transfer all old balances to new one?
Who pays the fee?

That's unnecessary, theymos states here and there is also a little insight into what would happen if you had been hacked and how to notice it. If you do want a clean wallet, you can transfer to your new wallet. Don't expect a dev to pay for your fees though as it's open source and "offered with no warranty". If you had a password set on your wallet, it should be more difficult to hack your wallet using json responses from a server.

Quote from: macit800 on January 07, 2018, 07:09:39 AM

I use 3.0.1 version. Is there a guide or video where I can see how to upload to a new version?

Providing you have your seed written down, just run through the next install and put your seed into it when asked.

macit800

member

Activity: 322

Merit: 40

“The Premier Digital Asset Management Ecosystem”

I use 3.0.1 version. Is there a guide or video where I can see how to upload to a new version?

Darooghe

sr. member

Activity: 1120

Merit: 255

Should we install new version and make new seeds then transfer all old balances to new one?
Who pays the fee?

audaciousbeing

hero member

Activity: 1330

Merit: 569

I don't know about the technicalities or how they are to hack the software with all the mnemonics attached. When I saw the flash message early in the day, I upgraded immediately and my wallet is already password protected. I hope everything is safe and everyone is able to stop panicking especially those who are not on the forum to read the warning and the progress that has been made. Electrum is one wallet that to a large extent has been able to create a niche for itself and I think vulnerability at this time will tarnish the over the years reputation.

schyter

sr. member

Activity: 385

Merit: 257

Open to any CryptoBusiness idea you have for Ghana

Quote from: asdlolciterquit on January 07, 2018, 06:12:02 AM

Quote from: Abdussamad on January 06, 2018, 08:46:26 PM

A new release was made to mitigate the impact of this bug: https://github.com/spesmilo/electrum/issues/3374

See release notes here: https://github.com/spesmilo/electrum/compare/fdd10bfb6083%5E...063ec0a758dd

Download from electrum.org/#download

one important question: you say "mitigate". So 3.0.4 version doesn't solve completely this bug?

kind of.
but it was just a quick fix.
They removed CORS till they release update which will protect the JSON RPC with password

aoluain

legendary

Activity: 2436

Merit: 1362

Quote from: oseventwenty on January 07, 2018, 06:03:32 AM

All my wallets have a strong password, and I only use electrum on a Linux machine.

Am I pretty safe?

Quote from: tryer12 on January 07, 2018, 05:43:04 AM

Say I didn't touch my wallet or entered the password while the computer was connected to the internet, Am I considered safe? And If I don't touch it now untill I actually feel like I have to move some funds should I update to 3.0.4 and just use my normal wallet using the passphrase? So basically if I don't leave my electrum software on while in browser I'm basically safe?

as from the announcement by theymos if we dont use the electrum wallet without upgrading
it will be fine and if we have a strong passphrase set up we are marginally less at risk.
Lets see how this pans out but a safe bet would be to upgrade as per above advice.

**THANKS TO THEYMOS AND THE ADMINISTRATORS FOR ALL THE BACKGROUND WORK THAT GOES INTO THE WORKINGS OF THE FORUM AND FOR KEEPING EVERYONE SAFE!!

DooMAD

legendary

Activity: 3948

Merit: 3191

Leave no FUD unchallenged

Quote from: asdlolciterquit on January 07, 2018, 06:12:02 AM

one important question: you say "mitigate". So 3.0.4 version doesn't solve completely this bug?

My understanding is that since the exploit utilises CORS, 3.0.4 simply disables CORS until a more permanent solution is found. It will make your wallet safe, but it's more of a stopgap than a solution. I think they use the word "mitigate" because it's possible some wallets may have already been compromised if they didn't have a password. This update obviously won't be able to undo any damage that has already been done.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Very bad news for Electrum users,there is a fix but I think in process of upgrade many may become victims of phishing sites which are shown sometimes at the top of search results like add from Google.So use only legit Electrum site : https://electrum.org/#home

I use Electrum only in combination with Ledger,is old version of Electrum can in any way compromise Ledger?I think answer is no,but I know that Electrum v3 is not working on Windows 7&8,any info is this fixed with 3.0.4 version?

If you use ElectronCash there is also upgrade to 3.1.1 with note that old version are not safe,probably Electrum for LTC&DASH need update too and before that it is not advisable to use them.

asdlolciterquit

hero member

Activity: 1666

Merit: 565

Quote from: Abdussamad on January 06, 2018, 08:46:26 PM

A new release was made to mitigate the impact of this bug: https://github.com/spesmilo/electrum/issues/3374

See release notes here: https://github.com/spesmilo/electrum/compare/fdd10bfb6083%5E...063ec0a758dd

Download from electrum.org/#download

one important question: you say "mitigate". So 3.0.4 version doesn't solve completely this bug?

oseventwenty

member

Activity: 294

Merit: 29

All my wallets have a strong password, and I only use electrum on a Linux machine.

Am I pretty safe?

tryer12

member

Activity: 147

Merit: 10

Say I didn't touch my wallet or entered the password while the computer was connected to the internet, Am I considered safe? And If I don't touch it now untill I actually feel like I have to move some funds should I update to 3.0.4 and just use my normal wallet using the passphrase? So basically if I don't leave my electrum software on while in browser I'm basically safe?

Topic: Critical Security Release: Please update to Electrum 3.0.5 - page 3. (Read 947 times)