summaryrefslogtreecommitdiffstats
path: root/wiki/src/doc
diff options
context:
space:
mode:
authorsajolida <sajolida@pimienta.org>2019-03-19 18:04:57 +0000
committersajolida <sajolida@pimienta.org>2019-03-19 18:04:57 +0000
commit364003d9f713116322cae18017289cd69399ae67 (patch)
tree27be97e97ca169f590ea6e9c13da6e9056b5e9c8 /wiki/src/doc
parent5adf329dd545ad87d0283c52e9750a12a73885ef (diff)
Explain the Electrum phishing attack and its consequences in Tails (#16565)
Diffstat (limited to 'wiki/src/doc')
-rw-r--r--wiki/src/doc/anonymous_internet/electrum.mdwn6
-rw-r--r--wiki/src/doc/anonymous_internet/electrum/phishing.inline.mdwn25
2 files changed, 31 insertions, 0 deletions
diff --git a/wiki/src/doc/anonymous_internet/electrum.mdwn b/wiki/src/doc/anonymous_internet/electrum.mdwn
index fd91067..5a517e7 100644
--- a/wiki/src/doc/anonymous_internet/electrum.mdwn
+++ b/wiki/src/doc/anonymous_internet/electrum.mdwn
@@ -26,6 +26,12 @@ For an explanation of how Bitcoin works in simple terms, read
[The In-Depth Guide to Bitcoin That Won’t Leave You
Frustrated](https://www.vpnmentor.com/blog/ultimate-guide-bitcoin/).
+<div class="bug">
+
+[[!inline pages="doc/anonymous_internet/electrum/phishing.inline" raw="yes" sort="age"]]
+
+</div>
+
<div class="caution">
<p>Bitcoin is <a href="https://bitcoin.org/en/faq#is-bitcoin-anonymous">not
diff --git a/wiki/src/doc/anonymous_internet/electrum/phishing.inline.mdwn b/wiki/src/doc/anonymous_internet/electrum/phishing.inline.mdwn
new file mode 100644
index 0000000..65639e4
--- /dev/null
+++ b/wiki/src/doc/anonymous_internet/electrum/phishing.inline.mdwn
@@ -0,0 +1,25 @@
+<p><strong><span class="application">Electrum</span> in Tails cannot connect
+anymore to Electrum servers.</strong></p>
+
+<p>The version of <span class="application">Electrum</span> in Tails is
+vulnerable to a <a href="https://github.com/spesmilo/electrum/issues/4968">phishing
+attack that tricks people in updating to a malicious version of
+<span class="application">Electrum</span></a> which is not distributed from the
+official Electrum website.</p>
+
+<p><strong>You are safe unless you try to do the malicious update
+manually.</strong></p>
+
+<p>To prevent this phishing attack, all trustworthy
+<span class="application">Electrum</span> servers now prevent
+older versions from connecting to them.</p>
+
+<p>Unfortunately, newer versions of <span class="application">Electrum</span>
+are not available in Debian and cannot be integrated easily in Tails. Given the
+lack of maintenance of Electrum in Debian, we are still
+<a href="http://lists.autistici.org/message/20190319.170700.b3b5bf1f.en.html">assessing
+what is best to do in Tails</a>.</p>
+
+<p>Until then, your wallet is not lost and you can restore it from its seed
+using an <a href="https://electrum.org/#download">up-to-date version of
+Electrum</a> outside of Tails.</p>