I have just seen another
newbie who seems to having fallen for that old electrum phishing
vulnerability. Shouldn't the team be doing more than just warning users not to download or use the older versions that are vulnerable to the attack?
A DOS attack is being executed against the older wallet versions to try to prevent them from connecting to any servers. This won't be 100% effective and people can still seep through the cracks
How about?
1. Making the older versions of electrum that are vulnerable to the attack obsolete or unusable for transactions until users are forced to get the more secure newer versions?
Not possible. DOS is the best that they can do. The design of Electrum doesn't introduce any way for outsiders to modify the older Electrum client.
2. Make the
download links of the older vulnerable versions inaccessible.
No one would download the older version when there is a new one available. I don't see why it would be dangerous to leave the older versions in a less accessible place. Still, that's a decent suggestion, maybe they can put a little readme to warn the users.
Newbies are newbies. Most even probably don't know that there is such a vulnerability in the older versions of Electrum. I think they need a little more protection from the attack.
DOS is probably the best that they can do. People should always verify their downloads before doing anything with it.