The electrum and Electrum-LTC versions below 3.3.3 are vulnerable to phishing attacks in which a malicious server displays a message asking the user to download the fake Electrum. To prevent user exposure, versions older than 3.3 can no longer connect to public servers and must be upgraded. Do not download software updates from sources other than electrum.org and electrum-ltc.org.
SSL certificate-related trust relationships to obtain VPN credentials to gain remote access to the victim's network.
[iOS] Bypass Instagram SSL Certificate Pinning for iOS
Extended verification certificate EV SSL
Sometimes there are cases when a client checks for an HTTPS certificate (as shown by the fact that the agent tool is normal if it does not replace the SSL certificate, and the client network is abnormal if the SSL certificate is replaced).
A clone site masquerading as an Electrum SV wallet has emerged. The cloning site has nothing to do with electrum SV and is designed to steal tokens and create chaos in the BSV community.
This trend is more pronounced and certain as GDPR and cybersecurity laws are enacted, but "security" also presents new challenges for SSL/TLS certificate management.
Contact the certificate service provider to renew the SSL certificate, it is not clear that the previous certificate information needs to be queried at the certificate service provider.
The Electrum team has announced the attack in an official tweet, saying that "this is an ongoing phishing attack on Electrum users" and reminding users to check the authenticity of the client's source before logging in. The team published its official website, and electrum clients downloaded elsewhere may be problematic.
Alias alias records.
First to buy a reliable USB stick, he prefers to use Samsung's USB stick. Then activate permanent storage as instructed to set a password that is easy to remember, such as "December 2018: Don't forget!" "。 Then create an electrum wallet with a pre-installed app, write down the keys with paper and pen, and check them several times.
curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option
The U.S. Department of Homeland Security (DHS) reports that the North Korean government is using a Trojan variant called HOPLIGHT. The report analyzes nine malicious executables, seven of which belong to proxy applications that mask traffic between malware and remote operators. The agent uses a valid gonggongSSL certificate to generate a pseudo-TLS handshake session, disguising a network connection to a remote malicious actor. One of the files contains a public SSL certificate, and payload of the file appears to be encoded with a password or key. The remaining files do not contain any public SSL certificates, but attempt to outbound connections and drop four files, which contain primarily IP addresses and SSL certificates.
Original title: Slow Fog: Analysis of Pseudo Electrum Harpoon Fishing Attacks
Earlier this month, Electrum detected a DoS attack on its network, allegedly launched by a malicious botnet with more than 140,000 machines, designed to provide Electrum to users.
Distributed open key structures use specific SSL (secure socket layer) certificates instead of passwords. The purpose of SSL certificates is to provide secure encoded messages between Internet browsers and websites. It is almost impossible for an attacker to enter with a forged certificate.
Wallet, Coldlar, Electrum, Huobi.
The Electrum team has announced the attack in an official tweet, saying that "this is an ongoing phishing attack on Electrum users" and reminding them to check the authenticity of the client's source before logging in. The team published its official website, and the Electrum clients downloaded elsewhere may be problematic.
electrum need open alias or ssl certificate
The experience of the giants and the increasing number of certificate expirations illustrate the conclusion that traditional means alone will not solve the SSL certificate management challenges that enterprises are currently facing.
Another upgrade under study is the release of a new version of the Electrum-LTC desktop wallet. Electrum-LTC is an SPV wallet that can be used in Windows, Linux, and OS X operating systems.
Electrum is a well-known light wallet for Bitcoin that adds new features such as server authentication using SSL to prevent MITM attacks. So unlike other Bitcoin light wallets, Electrum cannot communicate directly with different versions of Bitcoin full nodes, and each startup connects to electrumserver to communicate, and electrum.