mirror of
https://github.com/monero-project/monero-site.git
synced 2024-12-14 20:36:34 +02:00
Merge !1154
Warning banner + blog post about compromised binaries See merge request monero-project/monero-site!1154
This commit is contained in:
commit
512d225382
7
_includes/warning.html
Normal file
7
_includes/warning.html
Normal file
@ -0,0 +1,7 @@
|
||||
<div class="upgrade-container">
|
||||
<input id="upgrade-toggle" type="checkbox">
|
||||
<div class="upgrade-content">
|
||||
<p><label class="upgrade-x" for="upgrade-toggle"></label><b>Warning:</b> The binaries listed on this page were compromised for a short time. Users are suggested to take action. Please <a href="{{ site.baseurl }}{% post_url 2019-11-19-warning-compromised-binaries %}"><u>click here</u></a> for details.</p>
|
||||
</div>
|
||||
|
||||
|
@ -4,6 +4,7 @@
|
||||
{% include head.html %}
|
||||
|
||||
<body>
|
||||
{% include warning.html %}
|
||||
<div class="page-wrapper">
|
||||
{% include header.html %}
|
||||
{{content}}
|
||||
|
17
_posts/2019-11-19-warning-compromised-binaries.md
Normal file
17
_posts/2019-11-19-warning-compromised-binaries.md
Normal file
@ -0,0 +1,17 @@
|
||||
---
|
||||
layout: post
|
||||
title: "Warning: The binaries of the CLI wallet were compromised for a short time"
|
||||
summary: The binaries available on this website were compromised for a short time
|
||||
tags: [announcements]
|
||||
author: ErCiccione
|
||||
---
|
||||
|
||||
Yesterday [a GitHub issue about mismatching hashes coming from this website](https://github.com/monero-project/monero/issues/6151) was opened. A quick investigation found that the binaries of the CLI wallet had been compromised and a malicious version was being served. The problem was immediately fixed, which means the compromised files were online for a very short amount of time. The binaries are now served from another, safe, source. [See the reddit post by core team member binaryfate](https://www.reddit.com/r/Monero/comments/dyfozs/security_warning_cli_binaries_available_on/).
|
||||
|
||||
It's strongly recommended to anyone who downloaded the CLI wallet from this website between Monday 18th 2:30 AM UTC and 4:30 PM UTC, to check the hashes of their binaries. If they don't match the official ones, delete the files and download them again. <b>Do not run the compromised binaries for any reason</b>.
|
||||
|
||||
We have two guides available to help users check the authenticity of their binaries: <a href="{{site.baseurl}}/resources/user-guides/verification-windows-beginner.html">Verify binaries on Windows (beginner)</a> and <a href="{{site.baseurl}}/resources/user-guides/verification-allos-advanced.html">Verify binaries on Linux, Mac, or Windows command line (advanced)</a>. Signed hashes can be found here: https://getmonero.org/downloads/hashes.txt.
|
||||
|
||||
The situation is being investigated and updates will be provided soon.
|
||||
|
||||
<i>The Monero community</i>
|
Loading…
Reference in New Issue
Block a user