For those Mac users who are unfamiliar with objective-see... Their free security tools for MacOS are a boon to the community. I think that they are right up there with "little snitch" and the like, especially since they spare the user the typical IDS data overload.
I not longer use macOS, but Block Block looks pretty interesting. I couldn't tell from their website, but is it intended to eventually be a commercial product once out of beta? I didn't seem like it was open source.
Not at all.
"Objective-See was created to provide simple, yet effective OS X security tools. Always free of charge - no strings attached!" [0]
At the moment you may support him @patron [1]
I think hosting the Handbrake, (and Transmission) binaries on the GitHub releases page of the repo would be harder to compromise than their own servers.
That makes sense. They're already an open source project, it could save them bandwidth, and if Github did have a security issue they could probably get information out faster as well (and it'd probably affect more software).
If everyone hosts on GitHub and it goes away like Google's source code repository or codeplex then a big chunk of the internet goes away. Especially when it comes to old abandoned repos. Not only that but we could end up with another story like the SourceForge story.
Also if GitHub goes down and everything is hosted there then the internet stops working as well. Remember how broken the internet was when that DNS outage happened a few months ago?
This is a bit alarmist. If github went away or became like Sourceforge of old then we could just move to something else or do self-hosting again. Lose a chunk of the internet by moving popular software like Handbrake to GitHub? how could that happen? Most multiplatform open source software like this have copies of their source code across thousands of linux distribution mirrors.
Also, google code never went away. It just stopped working as an active platform, but Google still keeps the archive of what already existed there, to this day:
> At that time, CodePlex.com will start serving a read-only lightweight archive that will allow you to browse through all published projects – their source code, downloads, documentation, license, and issues – as they looked when CodePlex went read-only. You’ll also be able to download an archive file with your project contents, all in common, transferrable formats like Markdown and JSON. Where possible, we’ll put in place redirects so that existing URLs work, or at least redirect you to the project’s new homepage on the archive. And, the archive will respect your “I’ve moved” setting, if you used it, to direct users to the current home of your project.
If there is anything to lose after GitHub's shutdown at some distant point in the future, it probably won't be something people cared for.
"Don't use a very valuable, and more secure service, because of possible distant future, very tiny harm" doesn't sound like a convincing argument. You take "risks" every day in your life. Driving your car is a risk. In the US there's 12 deaths per 100k people per year on the roads, and that's only counting deaths, not crippling injuries. But it's valuable enough that you end up taking it, as living without a car is difficult in many places. Life is about calculated risks and using GitHub is not exactly at the top of the risk pyramid.
These are YARA rules, see https://virustotal.github.io/yara/ for a short description. The 'all of them' in the rule refers to the list of strings above it; it means that all those strings should be present in the binary for the rule to match.
It's only "fake" in that the real Handbrake doesn't need to install extra codecs—it's a real authentication dialog. They are just hoping to catch the user off guard and unaware so they can install the persistent malware agent.
Could use a hardware LED to inform user key input is secure. Could also reserve part of the screen for OS messages.
This prevents hostile apps from stealing your root password, but doesn't stop them from tricking you into giving them root access (which is nearly as bad).
The only actual counter-measure would be to take the extra step and calculate the SHASUM of the binary.
The shasum need to be digitally signed with a valid signature otherwise it can be manipulated as well.
ps. Ofc tools like littlesnitch and blockblock help, but keeping track of all the applications that try to access the internet is kinda hard these days, especially on a user machine.
Yeah, really silly that the legitimate binary for Handbrake isn't signed. Sure, if the intruder had compromised the hosting server then they might have also compromised the signing cert, but that's still an extra step.
that's the reason why i install most mac programs that come from a website into user programs.
this only works for programs that don't add stuff to the system of course.
