Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Desktops (Apple) IOS Programming Security

App Maker's Code Stolen in Malware Attack (bbc.com) 73

Mac and iOS software developer Panic has had the source code for several of its apps stolen. An anonymous reader writes: Panic founder Steven Frank said in a blog post that it happened after he downloaded an infected copy of the video encoding tool Handbrake. He said there was no sign that any customer data was accessed and that Panic's web server was not affected. Users have been warned to download Panic's apps only from its website or the Apple App Store. Panic is the creator of web editing and file transfer apps Coda and Transmit, and the video game Firewatch. On May 2, Handbrake was hacked, with the Mac version of the app on one of the site's download servers replaced by a malicious copy. In what Mr Frank called "a case of extraordinarily bad luck", he downloaded the malicious version of Handbrake and launched it "without stopping to wonder why Handbrake would need admin privileges... when it hadn't before. And that was that, my Mac was completely, entirely compromised in three seconds or less."
This discussion has been archived. No new comments can be posted.

App Maker's Code Stolen in Malware Attack

Comments Filter:
  • by ganjadude ( 952775 ) on Thursday May 18, 2017 @12:03PM (#54441953) Homepage
    seems to fit perfectly right now
    • Don't Panic (Score:1, Troll)

      by Daetrin ( 576516 )
      "Users have been warned to download Panic's apps only from its website or the Apple App Store."

      At this point i think the better advise is simply:
      Don't [use] Panic
    • Anyone remember the old game Apple Panic?

  • by SuperKendall ( 25149 ) on Thursday May 18, 2017 @12:05PM (#54441971)

    Although as he said you might wonder why a video encoder would need admin access to a computer, I have to admit that I myself would have been taken in by this from a lifetime of being conditioned that various video players always seem to need system access...

    That made Handbrake a really good target for malware as it was more likely people would not question admin access nearly as much.

  • by Anonymous Coward

    Certain computers never getting hacked, malware, or virused up?

    • by ilsaloving ( 1534307 ) on Thursday May 18, 2017 @12:46PM (#54442279)

      Certain computers never getting hacked, malware, or virused up?

      Except that has never ever been true, except to the OS zealots who tie their personal identity to their chosen platform like some weird religious devotee.

      It's funny, I've gotten into arguments on slashdot for this exact thing, by people who were so offended when said that their favourite OS (no matter what it is) isn't a perfect panacea. They went so far as to accuse me that I "don't know security" because, for example, I disagreed that just using FreeBSD didn't make that automagically immune to security threats.

      What happened to Mr. Frank is a perfect example of what I was talking about. It doesn't matter how secure you think your OS is, because there is *always* a way to compromise it. Even if your OS isn't directly exploitable, an application you run on top of it may be. If not, the meatspace component certainly still is.

      All it takes is a single mistake, a single lapse in judgment for something potentially catastrophic to happen.

      There is no such thing as perfect security. All you can do is put up more barriers than a malicious actor has the patience to tear down. That includes appropriate training for people. Anyone who tells you different is either grossly misinformed, or is trying to sell you something.

      • Agreed in general. However, in that precise case, it is not true.

        Windows has always had a model of "download whatever you find on the internet and run it". So most people only know that model and that hurts (when you download handbrake).

        On Linux (and progressively MacOS), you would almost never download something from a website and execute it. You download software with yum or apt and that should make sure that (unless it is compromised, but it is much harder) :

        • - The software will work well with the re
        • You are absolutely correct. The attack footprint on various *NIX systems is definitely lower than it is for Windows.

          But there is a huge difference between "certain software are more dangerous than others" and "my favourite software is completely immune!"

          I just wanted people to understand that no matter what OS you use, you *still* need to be mindful of security. If a Linux system is running some version of httpd that turns out to have a zero day vulnerability, you're still at risk, for example. Maybe you

        • by Anonymous Coward

          We call those special repositorys thst you need to go to for software to install walled gardens. Unix and the Mac OS are special, in that there isn't as robust an ABI so much software won't run. You can call it a virtue or a weakness.

          Years ago I remember being in the cashier's line at a CompUSA. There was a crying young boy behind me in the line. His mom was trying to explain that they had a mac and couldn't run the game that he wanted.

      • There is no such thing as perfect security.

        Well, there is - but you won't like it.

        Step 1. Disconnect computer power cable.
        Step 2. Physically destroy all storage devices.

      • It doesn't matter how secure you think your OS is, because there is *always* a way to compromise it... There is no such thing as perfect security.

        I'm glad you put this. Although, my preferred way of saying it is, "security" is not the about making unauthorized access impossible. Short of completely and irrevocably destroying something, you can't make unauthorized access to it impossible. Security is about making unauthorized access difficult, dangerous, easily discovered, and otherwise unappealing.

        If you want to get more precise (and don't mind a little complication) it's about achieving a favorable balance between "making it difficult for unauth

  • But... (Score:1, Flamebait)

    by msauve ( 701917 )
    How can this happen? We're always being told there's no malware on Macintosh.
    • by AHuxley ( 892839 )
      https://objective-see.com/blog... [objective-see.com] has a good blog on that topic.
  • .... they told me that Macs are immune

  • Reports are that all of Linus's code has also been posted to the Internet.

  • That's what Time Machine backups are for dummy. Of course you make backups. Right??

  • Macs are susceptible to malware? My world view is shattered.

    • Macs are susceptible to malware? My world view is shattered.

      Deliberately downloading malware infected software and installing it after being warned not to will compromise any system? My world view is shattered.

If mathematically you end up with the wrong answer, try multiplying by the page number.

Working...