jerry0 (OP)
|
|
November 22, 2020, 12:25:51 AM |
|
Quick question. Whenever I log into ledger live and enter my password, many times, it would show a message of ledger live x version is available for update. Many times i just click on download now. Sometimes i delay it for a bit but eventually do it.
That is always safe right from when you open ledger live? Thus no virus/malware could ever show up on this like compared to with electrum?
|
|
|
|
Maus0728
Legendary
Offline
Activity: 2030
Merit: 1582
|
|
November 22, 2020, 08:12:57 AM |
|
Yes, its totally safe as long as you are using the latest update regardless if you've skipped some previous updates, it is not the same with electrum and so far I haven't seen such kind of malware/virus attached on the Ledger Live update. It's kinda irritating though since almost every time they have a new update and still you can notice some bug especially on the transaction history and their graph . Anyhow, you can see all the update on their github. [1] https://github.com/LedgerHQ/ledger-live-desktop/releases
|
|
|
|
Husna QA
Legendary
Offline
Activity: 2450
Merit: 3037
Payment Gateway Allows Recurring Payments
|
|
November 22, 2020, 09:31:59 AM |
|
-snip- That is always safe right from when you open ledger live? Thus no virus/malware could ever show up on this like compared to with electrum?
To be safer, you should also install an antivirus. Usually, in the updated version (Ledger Live or other software), there are bug fixes for the previous version even though it is minor, besides the possibility that there are also new bugs that appear. If it's only a minor update, I think it's still safe even if you don't install the latest update. If the update is quite critical, especially regarding hardware security, you should update to the latest version immediately. https://www.ledger.com/enhancing-the-ledger-nano-xs-security
|
|
|
|
bob123
Legendary
Offline
Activity: 1624
Merit: 2481
|
|
November 23, 2020, 09:05:35 AM |
|
If you are paranoid, why don't you just check whether there has been an update released prior to downloading it? Takes less than a minute to check github. Is there a reason to use ledger live regularly? If the update is quite critical, especially regarding hardware security, you should update to the latest version immediately.
OP is talking about the ledger live updates. Security patches for the HW wallet won't be transmitted via these updates. You are referring to firmware updates (of the hw wallet). And i agree with you. If something critical has been patched, installing it should be priority.
|
|
|
|
Husna QA
Legendary
Offline
Activity: 2450
Merit: 3037
Payment Gateway Allows Recurring Payments
|
|
November 23, 2020, 10:20:27 AM Last edit: May 18, 2023, 06:37:37 AM by Husna QA |
|
OP is talking about the ledger live updates. Security patches for the HW wallet won't be transmitted via these updates. You are referring to firmware updates (of the hw wallet). And i agree with you. If something critical has been patched, installing it should be priority.
As in the following example, when I updated the Ledger Nano X firmware (1.2.4-2), I needed Ledger Live Desktop (v2.8.0 +). So, updating Ledger Live to the latest version must be done to get hardware wallet firmware updates. -snip- this firmware update will only be available to you through Ledger Live Desktop. -snip- To install the latest firmware version, you’ll need to use the latest version of Ledger Live (v2.8.0+). -snip-
|
|
|
|
Pmalek
Legendary
Offline
Activity: 2940
Merit: 7536
Playgram - The Telegram Casino
|
|
November 24, 2020, 12:00:43 AM |
|
So far there have never been problems with updating Ledger Live and getting infected with viruses or malware. There was an update a few months ago that caused congestion on their servers and users experienced different issues. I remember that if you clicked the update/download button, nothing would happen for several minutes. Instinctively, many people would try it a few more times. That would just cause several instances of the same upload being downloaded which eventually crashed the app and it didn't work. The only way to get through that was to click on the button once, and let it be. Eventually, it would start the download. Alternatively, you can just wait a few more days, and perform the update when the servers aren't as busy.
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
[/
|
|
|
jerry0 (OP)
|
|
November 27, 2020, 06:05:56 AM |
|
OKay so everytime there is a new ledger live update, there is message of update available. You click it and it downloads. Then you click install.
Does anyone have the link to the actual date of every single ledger live update? I know someone posted a link to every firmware update the nano ledger has had... and also the date of each update.
Okay so are you saying its not possible for the social engineering message that happened with electrum... to happen with ledger live? Or its still possible?
|
|
|
|
Rath_
aka BitCryptex
Legendary
Offline
Activity: 1876
Merit: 3139
|
|
November 27, 2020, 09:05:31 AM |
|
Does anyone have the link to the actual date of every single ledger live update?
You have been already given a link in the first post to their GitHub where you can see all the updates. Okay so are you saying its not possible for the social engineering message that happened with electrum... to happen with ledger live? Or its still possible?
Extremely unlikely. Ledger forces you to their own servers for everything transaction related. Someone would have to compromise their servers and find a way to send a custom message to users. I haven't checked the code, but the messages are probably hard-coded. As for the updates, Ledger Live verifies each downloaded update using Ledger's public key, so there is nothing to worry about as long as you have downloaded it from a legitimate source for the first time.
|
|
|
|
bob123
Legendary
Offline
Activity: 1624
Merit: 2481
|
|
November 27, 2020, 12:09:00 PM |
|
Okay so are you saying its not possible for the social engineering message that happened with electrum... to happen with ledger live? Or its still possible?
"Not possible" is a very strong phrase. It is possible, definitely. But an attacker would need to compromise ledgers server, their private key and basically the whole company. The probability for that is.. pretty low to say at least. You definitely shouldn't worry about this.
|
|
|
|
The Cryptovator
Legendary
Offline
Activity: 2394
Merit: 2221
Signature space for rent
|
|
November 28, 2020, 03:48:50 PM |
|
I had the same question. The Ledger software had been asking for an update, instead of click on the update button I directly reinstall the software again from Ledger official website. Then it was fine, but after a few days again asking for an update. Still, I didn't update, I was worried about what happened with Electrum users. But I believe there are very few chances to hack Ledger software. Anyway, I like to stay safe, I would like to reinstall the software by confirming the original website/source.
|
Signature Space for Rent
|
|
|
Pmalek
Legendary
Offline
Activity: 2940
Merit: 7536
Playgram - The Telegram Casino
|
|
November 28, 2020, 08:36:18 PM |
|
The Ledger software had been asking for an update, instead of click on the update button I directly reinstall the software again from Ledger official website. Why do you have to uninstall and reinstall it? You can just install it from the official site and update your current version. When you click on the install and download button in Ledger Live, it also doesn't uninstall the software, it just performs an update. Or just download the most recent release from their github > https://github.com/LedgerHQ/ledger-live-desktop/releases and update it that way.
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
[/
|
|
|
The Sceptical Chymist
Legendary
Offline
Activity: 3514
Merit: 6984
Top Crypto Casino
|
|
November 28, 2020, 10:49:02 PM |
|
so far I haven't seen such kind of malware/virus attached on the Ledger Live update.
Nah, me neither and I wouldn't expect to if I'm clicking an update link on the Ledger Live screen. If that started happening somehow, forget about it. Ledger users would likely sail them out the window and into the swimming pool. Lately it seems like there have been a ton of updates, but none of them seem to improve LL to any significant extent. Anyway, I'm not all that concerned about it, since I have almost nothing on my Ledger right now. It is possible, definitely. But an attacker would need to compromise ledgers server, their private key and basically the whole company. The probability for that is.. pretty low to say at least.
You definitely shouldn't worry about this.
I agree, but you might not be aware of how much of a worry-wart jerry0 is. He strikes me as a person living in complete fear--at least as far as hardware wallets and crypto are concerned. It's extremely difficult to allay his fears about things going wrong, even if the chance of it happening is nearly infinitesimal.
|
|
|
|
Pmalek
Legendary
Offline
Activity: 2940
Merit: 7536
Playgram - The Telegram Casino
|
|
November 30, 2020, 01:48:44 PM |
|
Lately it seems like there have been a ton of updates, but none of them seem to improve LL to any significant extent. Anyway, I'm not all that concerned about it, since I have almost nothing on my Ledger right now. That is true, but that is because they aren't even focusing on improving and correcting bugs. They are introducing new features and services, without making that what they have better and safer. Now you can sell bitcoin through their expensive partner sites. They removed the BCH fork announcement, added some info about the ongoing phishing campaign instead. A crypto lending service is now also available. So their focus is somewhere else unfortunately, not on improving their existing features.
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
[/
|
|
|
|