Author

Topic: Just checking if I am under attack (Read 188 times)

HCP
legendary
Activity: 2086
Merit: 4363
February 07, 2019, 04:23:14 PM
#10
electrum receives messages from server and show users in its way. Why servers can show messages?
Because that was the design decision they made originally... it could have been simple convenience, it could have been because they wanted the server to have the flexibility to be able to send different "error" messages without needing to update the client (so as to provide backwards compatibility) should the need arise in the future.

Was it a poor design? In hindsight, yes.. absolutely it was
Is there anything they can do about the past? No
Is there anything they can do about the future? Yes, they already have... client has been patched to prevent arbitrary messages from bad servers... and server code has been modded so "good" servers can warn older clients to update (as per the example in the OP)
legendary
Activity: 2758
Merit: 6830
February 07, 2019, 04:14:04 PM
#9
electrum receives messages from server and show users in its way. Why servers can show messages?
In those - now old - versions, they could show an error to tell the user what happened when there was an issue when broadcasting the tx.

The problem is that they could show their own custom errors and make it appear at Electrum even when the transaction should have been sent without any issues. Since Electrum didn’t filter the messages, the owner of the server could just make the transaction fail and show whatever he wants.

It has been fixed now. Electrum only shows predefined erros, and when a server wants to make their own custom error, it shows “Unknown error” instead of the customized text set by the owner.

legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
February 07, 2019, 07:10:34 AM
#8
-snip-
Quote
In order to reach users of vulnerable versions, we have started to use the same vulnerability, and to direct them to electrum.org.
Well, that's news to me.
But still, the hacker can use the same message with a link displayed as "electrum.org" pointed to a new fake electrum URL.
If the user is still using a vulnerable version, better ignore any error message and just directly browse and download from the official site to be safe.

-edit- Or edit the context into something like: "Ignore any error messages like this and download from the usual place: electrum.org" or "Ignore any direct link from error messages (like this) and download from the usual place: electrum.org"

because virus is a software and windows is created to run softwares. But electrum is not created to show messages from server
If you think you have a better idea(s) to help ThomasV and the developers, just open a pull request or bug report on Github to discuss your proposals.
HCP
legendary
Activity: 2086
Merit: 4363
February 07, 2019, 06:05:29 AM
#7
why servers can show message? Electrum developers should disable that from the first version
Why can windows run virus? microsoft should disable that from the first version Roll Eyes

What you're asking for just isn't possible. It is well known within the software development industry that there will always be bugs and exploits, regardless of how hard you try to make something 100% bug and/or exploit free. Seemingly innocent design choices can and do come back to haunt developers when some hacker figures out a new exploit of a flaw in the original design.

It is very easy, with hindsight, to say the developers should have foreseen the dangers of allowing rich text error messages to be displayed... but they can't be expected to think of ALL scenarios and possibilities.

Also, if you think about it... it took 6 1/2 years from when Electrum was released for this flaw to be exploited... that is how "non-obvious" this exploit was.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
February 07, 2019, 06:04:51 AM
#6
this seems to be an electrum server which is using the same phishing attack technique to warn you about the vulnerability and direct you to download the latest version...

It is message from good Electrum server which is intended to users who still have older versions, under 3.3.3. If you remember few days ago I ask you is this possible that Electrum use same technique as hackers to warn users, and they do it now. It is officially posted on their website :

]
The problem is: the famous phishing attack uses and displayed the original site on the error message too but you will be redirected to the fake electrum github page.
It's the same hacker, apparently, he must have been informed about the latest news here in the electrum board and just enabled broadcasting of txs and reconstructed his fake error message to be like "that" (you're using a vulnerable version...) since it will not be displayed as intended in the latest version.

Nobody was redirected to fake Electrum download on GitGub, user need to click on link and download fake version. So it is about basic understanding how things should work, and if you know that only link for safe download is official site why you will use any other source? If your bank send you message to burn all your money, would you do it or do you call the bank and check what is going on?

As you can see it is not same hacker, you did not check official page of Electrum and you give false information.
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
February 07, 2019, 12:08:39 AM
#5
Well, as long as they don't ask you to download from website other than electrum.org, they're probably a good guy.
The problem is: the famous phishing attack uses and displayed the original site on the error message too but you will be redirected to the fake electrum github page.
It's the same hacker, apparently, he must have been informed about the latest news here in the electrum board and just enabled broadcasting of txs and reconstructed his fake error message to be like "that" (you're using a vulnerable version...) since it will not be displayed as intended in the latest version.
(A clever guy, I'll give him that)

To Mods, I request a pinned message regarding an "Urgent or Mandatory" update to electrum 3.3.3.
sr. member
Activity: 910
Merit: 351
February 06, 2019, 11:46:42 PM
#4
How nice, so a server is trying to alert people that they're running a version of old Electrum but using the same technique as the phishing attack. No wonder many people believe they're under attack. Well, as long as they don't ask you to download from website other than electrum.org, they're probably a good guy.
legendary
Activity: 3472
Merit: 10611
February 06, 2019, 09:35:31 PM
#3
this seems to be an electrum server which is using the same phishing attack technique to warn you about the vulnerability and direct you to download the latest version to prevent it from happening in case you connected to a malicious server and saw the malicious message instead.

just ignore the message but upgrade your wallet by downloading it from the same place you always downloaded your wallet (electrum.org) and make sure to check its signature.
legendary
Activity: 3710
Merit: 1586
February 06, 2019, 06:09:23 PM
#2
Upgrade to the latest version from electrum.org
sr. member
Activity: 1192
Merit: 260
Tryig to survive in this harsh world
February 06, 2019, 05:28:16 PM
#1
Hello,

I am on Electrum 3.06, I get this message as of Feb 6, 2019. My last transaction on Feb 1, 2019 didn't get this message, I am here checking if it's a normal message or am I under a phishing attack.


Thank you.
Jump to: