Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Sunday September 04 2016, @05:04PM   Printer-friendly
from the macs-never-get-viruses dept.

Arthur T Knackerbracket has found the following story:

A. It appears that on or about August 28, 2016, unauthorized access was gained to our [TransmissionBT's] website server. The official Mac version of Transmission 2.92 was replaced with an unauthorized version that contained the OSX/Keydnap malware. The infected file was available for download somewhere between a few hours and less than a day. Additional information about the malware is available here and here.

A. The infected file was removed from the server immediately upon discovering its existence, which was less than 24 hours after the file was posted to the website. To help prevent future incidents, we have migrated the website and all binary files from our current servers to GitHub. Other services, which are currently unavailable, will be migrated to new servers in the coming days. As an added precaution, we will be hosting the binaries and the website (including checksums) in two separate repositories.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Disagree) by Anonymous Coward on Sunday September 04 2016, @05:27PM

    by Anonymous Coward on Sunday September 04 2016, @05:27PM (#397444)

    Unsigned executable? Check. No checksum on file download? Check. Reputation permanently scarred? Check.

    I can't wait until installing applications on your system no longer requires me to trust the source. The app stores of Android and iOS figured this out long ago. You can download a random file from an APK mirror and Android will check it for authenticity before installing it. Windows and Mac will install any old executable that asks the user's permission.

    Starting Score:    0  points
    Moderation   +1  
       Insightful=1, Disagree=1, Total=2
    Extra 'Disagree' Modifier   0  

    Total Score:   1  
  • (Score: 0) by Anonymous Coward on Sunday September 04 2016, @05:48PM

    by Anonymous Coward on Sunday September 04 2016, @05:48PM (#397447)

    This is not the first time their stuff was infected with malware, just the first them it applied to OSX. They had no reputation so to speak.

  • (Score: 4, Interesting) by Subsentient on Sunday September 04 2016, @05:53PM

    by Subsentient (1111) on Sunday September 04 2016, @05:53PM (#397448) Homepage Journal

    Windows warns you if something's publisher is unverifiable, and Linux package managers usually check if the package is signed.
    I will fight anything that tries to keep me from doing what I want with my PC to the death.

    They can have my homebrew Linux system when they pry it from my cold, dead hands.

    --
    "It is no measure of health to be well adjusted to a profoundly sick society." -Jiddu Krishnamurti
  • (Score: 5, Insightful) by Nerdfest on Sunday September 04 2016, @06:38PM

    by Nerdfest (80) on Sunday September 04 2016, @06:38PM (#397459)

    There's "trusted source", and Apple's iOS "We're the only source". Sadly, I think Windows will be heading that way as well, as Microsoft wants their 30%.
    I'd just like to send to send a big thanks to all of you iOS supporters that funded the end of open computing.

  • (Score: 0) by Anonymous Coward on Sunday September 04 2016, @07:39PM

    by Anonymous Coward on Sunday September 04 2016, @07:39PM (#397474)

    The real bad part is that it was signed with a stolen key. That means that there was no warning by Gatekeeper about an untrusted executable. As far as it is concerned, all programs from "identified developers" are the same. I really think they should follow the Windows route and tell you who signed it. At least that way, heads up users can detect the problem earlier. I know I've double checked installers I've downloaded when they are signed by "Tim Kosse, open source developer" or some other unexpected name.

    • (Score: 0) by Anonymous Coward on Sunday September 04 2016, @08:23PM

      by Anonymous Coward on Sunday September 04 2016, @08:23PM (#397490)

      That we live in an era that we can no longer trust anything we run, and the alternative is to allow for adware to exist and enforcement of adware via validation and authentication via multiple big-brothers...

      I can't shove the internet back into the bottle, but I can try to find something else to do for fun.

      I already know that closing the barn door won't bring the cows and horses back. Anything still in the barn isn't trying to cause problems outside anyway.

      • (Score: 0) by Anonymous Coward on Sunday September 04 2016, @09:06PM

        by Anonymous Coward on Sunday September 04 2016, @09:06PM (#397504)

        EF is going to fuck the cows, and eat the horses.

        • (Score: 0) by Anonymous Coward on Sunday September 04 2016, @09:34PM

          by Anonymous Coward on Sunday September 04 2016, @09:34PM (#397514)

          That's ass backwards.

          • (Score: 0) by Anonymous Coward on Sunday September 04 2016, @10:04PM

            by Anonymous Coward on Sunday September 04 2016, @10:04PM (#397531)

            Whatever happens, I still feel milked and they didn't even ask my name -- they just took my wallet, with my ID and money, tipped their hat and left. The barn door is still open and now I am getting advertisements where there used to be none before!

  • (Score: 1, Informative) by Anonymous Coward on Sunday September 04 2016, @08:42PM

    by Anonymous Coward on Sunday September 04 2016, @08:42PM (#397498)

    Windows and Mac will install any old executable that asks the user's permission.

    Since OS X 10.8 (Mountain Lion, July 2012) Apple has had a default setting of only allowing signed applications to run. You have to change this setting in order for an unsigned application to be run the first time.

  • (Score: 2) by Runaway1956 on Sunday September 04 2016, @09:04PM

    by Runaway1956 (2926) Subscriber Badge on Sunday September 04 2016, @09:04PM (#397502) Journal

    To be fair, just about any OS will do the same. It asks user's permission, and user says "alright", then the system asks for root password, and if user knows root's password, things progress much like Windows or Mac.