Commit 512d2253 authored by luigi1111's avatar luigi1111

Merge !1154

Warning banner + blog post about compromised binaries

See merge request !1154
parents 286b2a04 bad2fc78
<div class="upgrade-container">
<input id="upgrade-toggle" type="checkbox">
<div class="upgrade-content">
<p><label class="upgrade-x" for="upgrade-toggle"></label><b>Warning:</b> The binaries listed on this page were compromised for a short time. Users are suggested to take action. Please <a href="{{ site.baseurl }}{% post_url 2019-11-19-warning-compromised-binaries %}"><u>click here</u></a> for details.</p>
</div>
......@@ -4,6 +4,7 @@
{% include head.html %}
<body>
{% include warning.html %}
<div class="page-wrapper">
{% include header.html %}
{{content}}
......
---
layout: post
title: "Warning: The binaries of the CLI wallet were compromised for a short time"
summary: The binaries available on this website were compromised for a short time
tags: [announcements]
author: ErCiccione
---
Yesterday [a GitHub issue about mismatching hashes coming from this website](https://github.com/monero-project/monero/issues/6151) was opened. A quick investigation found that the binaries of the CLI wallet had been compromised and a malicious version was being served. The problem was immediately fixed, which means the compromised files were online for a very short amount of time. The binaries are now served from another, safe, source. [See the reddit post by core team member binaryfate](https://www.reddit.com/r/Monero/comments/dyfozs/security_warning_cli_binaries_available_on/).
It's strongly recommended to anyone who downloaded the CLI wallet from this website between Monday 18th 2:30 AM UTC and 4:30 PM UTC, to check the hashes of their binaries. If they don't match the official ones, delete the files and download them again. <b>Do not run the compromised binaries for any reason</b>.
We have two guides available to help users check the authenticity of their binaries: <a href="{{site.baseurl}}/resources/user-guides/verification-windows-beginner.html">Verify binaries on Windows (beginner)</a> and <a href="{{site.baseurl}}/resources/user-guides/verification-allos-advanced.html">Verify binaries on Linux, Mac, or Windows command line (advanced)</a>. Signed hashes can be found here: https://getmonero.org/downloads/hashes.txt.
The situation is being investigated and updates will be provided soon.
<i>The Monero community</i>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment