Bitcoin Forum
April 03, 2020, 05:59:31 AM *
News: Latest Bitcoin Core release: 0.19.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Just checking if I am under attack  (Read 135 times)
codehtcmail
Sr. Member
****
Offline Offline

Activity: 938
Merit: 251

Tryig to survive in this harsh world


View Profile
February 06, 2019, 10:28:16 PM
 #1

Hello,

I am on Electrum 3.06, I get this message as of Feb 6, 2019. My last transaction on Feb 1, 2019 didn't get this message, I am here checking if it's a normal message or am I under a phishing attack.


Thank you.
1585893571
Hero Member
*
Offline Offline

Posts: 1585893571

View Profile Personal Message (Offline)

Ignore
1585893571
Reply with quote  #2

1585893571
Report to moderator
1585893571
Hero Member
*
Offline Offline

Posts: 1585893571

View Profile Personal Message (Offline)

Ignore
1585893571
Reply with quote  #2

1585893571
Report to moderator
Best ratesfor crypto
EXCHANGE
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1585893571
Hero Member
*
Offline Offline

Posts: 1585893571

View Profile Personal Message (Offline)

Ignore
1585893571
Reply with quote  #2

1585893571
Report to moderator
Abdussamad
Legendary
*
Online Online

Activity: 2422
Merit: 1262



View Profile
February 06, 2019, 11:09:23 PM
 #2

Upgrade to the latest version from electrum.org
pooya87
Legendary
*
Offline Offline

Activity: 1960
Merit: 2533


Remember tonight for it's the beginning of forever


View Profile
February 07, 2019, 02:35:31 AM
 #3

this seems to be an electrum server which is using the same phishing attack technique to warn you about the vulnerability and direct you to download the latest version to prevent it from happening in case you connected to a malicious server and saw the malicious message instead.

just ignore the message but upgrade your wallet by downloading it from the same place you always downloaded your wallet (electrum.org) and make sure to check its signature.

elda34b
Sr. Member
****
Offline Offline

Activity: 602
Merit: 336


View Profile
February 07, 2019, 04:46:42 AM
 #4

How nice, so a server is trying to alert people that they're running a version of old Electrum but using the same technique as the phishing attack. No wonder many people believe they're under attack. Well, as long as they don't ask you to download from website other than electrum.org, they're probably a good guy.
nc50lc
Legendary
*
Online Online

Activity: 910
Merit: 1119


Self-proclaimed Genius ㊙️


View Profile WWW
February 07, 2019, 05:08:39 AM
 #5

Well, as long as they don't ask you to download from website other than electrum.org, they're probably a good guy.
The problem is: the famous phishing attack uses and displayed the original site on the error message too but you will be redirected to the fake electrum github page.
It's the same hacker, apparently, he must have been informed about the latest news here in the electrum board and just enabled broadcasting of txs and reconstructed his fake error message to be like "that" (you're using a vulnerable version...) since it will not be displayed as intended in the latest version.
(A clever guy, I'll give him that)

To Mods, I request a pinned message regarding an "Urgent or Mandatory" update to electrum 3.3.3.

Lucius
Legendary
*
Offline Offline

Activity: 1736
Merit: 1629


⚔Fortis Fortuna Adiuvat⚔


View Profile WWW
February 07, 2019, 11:04:51 AM
 #6

this seems to be an electrum server which is using the same phishing attack technique to warn you about the vulnerability and direct you to download the latest version...

It is message from good Electrum server which is intended to users who still have older versions, under 3.3.3. If you remember few days ago I ask you is this possible that Electrum use same technique as hackers to warn users, and they do it now. It is officially posted on their website :

Quote
Warning: Versions of Electrum older than 3.3.3 are vulnerable to a phishing attack, where malicious servers are able to display a message asking users to download a fake version of Electrum. Do not download software updates from another source than electrum.org. In order to reach users of vulnerable versions, we have started to use the same vulnerability, and to direct them to electrum.org.

]
The problem is: the famous phishing attack uses and displayed the original site on the error message too but you will be redirected to the fake electrum github page.
It's the same hacker, apparently, he must have been informed about the latest news here in the electrum board and just enabled broadcasting of txs and reconstructed his fake error message to be like "that" (you're using a vulnerable version...) since it will not be displayed as intended in the latest version.

Nobody was redirected to fake Electrum download on GitGub, user need to click on link and download fake version. So it is about basic understanding how things should work, and if you know that only link for safe download is official site why you will use any other source? If your bank send you message to burn all your money, would you do it or do you call the bank and check what is going on?

As you can see it is not same hacker, you did not check official page of Electrum and you give false information.

HCP
Legendary
*
Offline Offline

Activity: 1288
Merit: 2301

<insert witty quote here>


View Profile
February 07, 2019, 11:05:29 AM
 #7

why servers can show message? Electrum developers should disable that from the first version
Why can windows run virus? microsoft should disable that from the first version Roll Eyes

What you're asking for just isn't possible. It is well known within the software development industry that there will always be bugs and exploits, regardless of how hard you try to make something 100% bug and/or exploit free. Seemingly innocent design choices can and do come back to haunt developers when some hacker figures out a new exploit of a flaw in the original design.

It is very easy, with hindsight, to say the developers should have foreseen the dangers of allowing rich text error messages to be displayed... but they can't be expected to think of ALL scenarios and possibilities.

Also, if you think about it... it took 6 1/2 years from when Electrum was released for this flaw to be exploited... that is how "non-obvious" this exploit was.

nc50lc
Legendary
*
Online Online

Activity: 910
Merit: 1119


Self-proclaimed Genius ㊙️


View Profile WWW
February 07, 2019, 12:10:34 PM
Last edit: February 07, 2019, 12:26:58 PM by nc50lc
 #8

-snip-
Quote
In order to reach users of vulnerable versions, we have started to use the same vulnerability, and to direct them to electrum.org.
Well, that's news to me.
But still, the hacker can use the same message with a link displayed as "electrum.org" pointed to a new fake electrum URL.
If the user is still using a vulnerable version, better ignore any error message and just directly browse and download from the official site to be safe.

-edit- Or edit the context into something like: "Ignore any error messages like this and download from the usual place: electrum.org" or "Ignore any direct link from error messages (like this) and download from the usual place: electrum.org"

because virus is a software and windows is created to run softwares. But electrum is not created to show messages from server
If you think you have a better idea(s) to help ThomasV and the developers, just open a pull request or bug report on Github to discuss your proposals.

ETFbitcoin
Legendary
*
Offline Offline

Activity: 1960
Merit: 2306

Use SegWit and enjoy lower fees.


View Profile WWW
February 07, 2019, 06:01:07 PM
 #9

because virus is a software and windows is created to run softwares. But electrum is not created to show messages from server

But the developer must create it to show reason Electrum server can't broadcast the transaction (such as too low fees, invalid script, input already spent, etc.)

Or do you think left user wondering why his/her transaction can't be broadcasted is good trade-off?

TryNinja
Legendary
*
Offline Offline

Activity: 1330
Merit: 1911



View Profile
February 07, 2019, 09:14:04 PM
 #10

electrum receives messages from server and show users in its way. Why servers can show messages?
In those - now old - versions, they could show an error to tell the user what happened when there was an issue when broadcasting the tx.

The problem is that they could show their own custom errors and make it appear at Electrum even when the transaction should have been sent without any issues. Since Electrum didn’t filter the messages, the owner of the server could just make the transaction fail and show whatever he wants.

It has been fixed now. Electrum only shows predefined erros, and when a server wants to make their own custom error, it shows “Unknown error” instead of the customized text set by the owner.


HCP
Legendary
*
Offline Offline

Activity: 1288
Merit: 2301

<insert witty quote here>


View Profile
February 07, 2019, 09:23:14 PM
 #11

electrum receives messages from server and show users in its way. Why servers can show messages?
Because that was the design decision they made originally... it could have been simple convenience, it could have been because they wanted the server to have the flexibility to be able to send different "error" messages without needing to update the client (so as to provide backwards compatibility) should the need arise in the future.

Was it a poor design? In hindsight, yes.. absolutely it was
Is there anything they can do about the past? No
Is there anything they can do about the future? Yes, they already have... client has been patched to prevent arbitrary messages from bad servers... and server code has been modded so "good" servers can warn older clients to update (as per the example in the OP)

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!