summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorsajolida <sajolida@pimienta.org>2019-03-19 18:04:57 +0000
committersajolida <sajolida@pimienta.org>2019-03-19 18:04:57 +0000
commit364003d9f713116322cae18017289cd69399ae67 (patch)
tree27be97e97ca169f590ea6e9c13da6e9056b5e9c8
parent5adf329dd545ad87d0283c52e9750a12a73885ef (diff)
Explain the Electrum phishing attack and its consequences in Tails (#16565)
-rw-r--r--wiki/src/doc/anonymous_internet/electrum.mdwn6
-rw-r--r--wiki/src/doc/anonymous_internet/electrum/phishing.inline.mdwn25
-rw-r--r--wiki/src/news/version_3.13.mdwn4
-rw-r--r--wiki/src/support/known_issues.mdwn4
4 files changed, 39 insertions, 0 deletions
diff --git a/wiki/src/doc/anonymous_internet/electrum.mdwn b/wiki/src/doc/anonymous_internet/electrum.mdwn
index fd91067..5a517e7 100644
--- a/wiki/src/doc/anonymous_internet/electrum.mdwn
+++ b/wiki/src/doc/anonymous_internet/electrum.mdwn
@@ -26,6 +26,12 @@ For an explanation of how Bitcoin works in simple terms, read
[The In-Depth Guide to Bitcoin That Won’t Leave You
Frustrated](https://www.vpnmentor.com/blog/ultimate-guide-bitcoin/).
+<div class="bug">
+
+[[!inline pages="doc/anonymous_internet/electrum/phishing.inline" raw="yes" sort="age"]]
+
+</div>
+
<div class="caution">
<p>Bitcoin is <a href="https://bitcoin.org/en/faq#is-bitcoin-anonymous">not
diff --git a/wiki/src/doc/anonymous_internet/electrum/phishing.inline.mdwn b/wiki/src/doc/anonymous_internet/electrum/phishing.inline.mdwn
new file mode 100644
index 0000000..65639e4
--- /dev/null
+++ b/wiki/src/doc/anonymous_internet/electrum/phishing.inline.mdwn
@@ -0,0 +1,25 @@
+<p><strong><span class="application">Electrum</span> in Tails cannot connect
+anymore to Electrum servers.</strong></p>
+
+<p>The version of <span class="application">Electrum</span> in Tails is
+vulnerable to a <a href="https://github.com/spesmilo/electrum/issues/4968">phishing
+attack that tricks people in updating to a malicious version of
+<span class="application">Electrum</span></a> which is not distributed from the
+official Electrum website.</p>
+
+<p><strong>You are safe unless you try to do the malicious update
+manually.</strong></p>
+
+<p>To prevent this phishing attack, all trustworthy
+<span class="application">Electrum</span> servers now prevent
+older versions from connecting to them.</p>
+
+<p>Unfortunately, newer versions of <span class="application">Electrum</span>
+are not available in Debian and cannot be integrated easily in Tails. Given the
+lack of maintenance of Electrum in Debian, we are still
+<a href="http://lists.autistici.org/message/20190319.170700.b3b5bf1f.en.html">assessing
+what is best to do in Tails</a>.</p>
+
+<p>Until then, your wallet is not lost and you can restore it from its seed
+using an <a href="https://electrum.org/#download">up-to-date version of
+Electrum</a> outside of Tails.</p>
diff --git a/wiki/src/news/version_3.13.mdwn b/wiki/src/news/version_3.13.mdwn
index 76b42e6..acf922e 100644
--- a/wiki/src/news/version_3.13.mdwn
+++ b/wiki/src/news/version_3.13.mdwn
@@ -61,6 +61,10 @@ For more details, read our [[!tails_gitweb debian/changelog desc="changelog"]].
# Known issues
+### Electrum is outdated and cannot connect to servers
+
+[[!inline pages="doc/anonymous_internet/electrum/phishing.inline" raw="yes" sort="age"]]
+
### Tails fails to start a second time on some computers ([[!tails_ticket 16389]])
On some computers, after installing Tails to a USB stick,
diff --git a/wiki/src/support/known_issues.mdwn b/wiki/src/support/known_issues.mdwn
index 7833dd5..710c236 100644
--- a/wiki/src/support/known_issues.mdwn
+++ b/wiki/src/support/known_issues.mdwn
@@ -851,3 +851,7 @@ To fix this problem, add `intel_idle.max_cstate=1` to the
If the sound output does not work on an Acer Aspire One laptop, add
`snd-hda-intel.model=acer-aspire` to the [[startup
options|/doc/first_steps/startup_options/#boot_loader_menu]].
+
+## Electrum is outdated and cannot connect to servers
+
+[[!inline pages="doc/anonymous_internet/electrum/phishing.inline" raw="yes" sort="age"]]