BitTorrent Client Transmission Again Victimized by OS X Malware

[baryon]

Just another reason to hate constant software updates in general. If there isn't a serious problem with the app, it should not be updated unless they came up with a really great new feature that's worth updating for. Which isn't the case for Transmission.

If it ain't broke, don't fix it, unless a new feature is extremely, obviously necessary, but even then, don't do that more often than necessary.

 

[Naaaaak]

How much chance does a small developer stand against hacking that rises to the sophistication level of state sponsored cyber warfare

Clean install and air gap the dev machine. Test on another machine with network permissions that boots off of a clean image or is a VM. Distribute via https and post a SHA256 hash of the binary (or whatever the security kids default to these days) emitted from the dev machine. Periodically, automatically verify the download hash and kill the server if it differs from expectations. Only allow server access via SSH, and use strong, unique passwords that are updated frequently everywhere else.

 

[GeneralChang]

There's a big world of possibilities when you don't restrict yourself to Apple's little walled playground.

For the record, you can play in Apple's playground and still do all of that other stuff as well. Best of both worlds.

 

[rGiskard]

Clean install and air gap the dev machine. Test on another machine with network permissions that boots off of a clean image or is a VM. Distribute via https and post a SHA256 hash of the binary (or whatever the security kids default to these days) emitted from the dev machine. Periodically, automatically verify the download hash and kill the server if it differs from expectations. Only allow server access via SSH, and use strong, unique passwords that are updated frequently everywhere else.

All bets are off once the adversary has physical access.

 

[Mascots]

Being in the App Store does not prevent an app from being malicious. The review process is fallible and some bad things have slipped through.

Sandboxing prevents apps from accessing or writing to any directory users do not explicitly authorize. Even then, if the binary was still infected in some way, it could still write infected files to the directory the user authorized. The only thing sandboxing would stop would be the spread of the infected files to non-confined directories.

Being in the App Store would have prevented this from happening because it wasn't the actual app that was targeted, it was the distribution server which started handing out tainted editions. Thus, if it were available through the App Store, that tainted edition wouldn't have made it into the distribution channel...

 

[farleysmaster]

Just another reason to hate constant software updates in general. If there isn't a serious problem with the app, it should not be updated unless they came up with a really great new feature that's worth updating for. Which isn't the case for Transmission.

If it ain't broke, don't fix it, unless a new feature is extremely, obviously necessary, but even then, don't do that more often than necessary.

3 updates since July 2014 (including one to remove the previous hack), and the last post before yours pointed out that updating through the app would have prevented this issue, and it only would have affected people downloading through the site.

 

[SeaFox]

For the record, you can play in Apple's playground and still do all of that other stuff as well. Best of both worlds.

Buying a movie on iTunes and then buying a physical release of it to do the other stuff is a waste of money when the latter will cover all uses.

 

[jblagden]

Buying a movie on iTunes and then buying a physical release of it to do the other stuff is a waste of money when the latter will cover all uses.

Yeah. That’s what the Tune4Mac DRM ripper is for - ripping DRM from iTunes videos so they can be played on non-Apple devices.

 

[GeneralChang]

Buying a movie on iTunes and then buying a physical release of it to do the other stuff is a waste of money when the latter will cover all uses.

Uh, yeah. So what I do is I buy the blu-ray release of a movie, which almost always includes a digital copy, and then I redeem that digital copy on iTunes. So I get the simplicity and convenience of iTunes in the cloud with the security and confidence of owning physical media. Usually for about $20.

On occasion you can get a blu-ray without a digital copy for a few dollars less, but that's not the norm anymore, and paying $3 extra so I can have an anywhere-accessible digital copy of the movie without any setup or administration on my part is worth it to me.

And if I decide to ditch iTunes for whatever reason, I'll still have the physical media so I can rip it and host it DRM free on a custom streaming server of my own. So, you know. Playing in the playground and outside of it. Best of both worlds, works very well for me.

 

[AtomicGrog]

Ssh.. The first rule on Usenet - we don't talk about Usenet.

Usenet is dieing... it has other challenges.

 

[SeaFox]

Uh, yeah. So what I do is I buy the blu-ray release of a movie, which almost always includes a digital copy, and then I redeem that digital copy on iTunes. So I get the simplicity and convenience of iTunes in the cloud with the security and confidence of owning physical media. Usually for about $20.

YMMV on the "comes with digital copy" part. I have 128 blu-ray SKU's, but only seven iTunes videos that came with a mere three of those purchases (two were movie trilogy collections), plus six more where the digital copies were UV-only. But then, lots of my blu-rays were purchased for half what Apple wants for iTMS copies, or are from distributors that don't do digital copies at all (Shout, Anchor Bay, Criterion). I'd rather rip myself and have more control over the final encode.

 

[GeneralChang]

YMMV on the "comes with digital copy" part. I have 128 blu-ray SKU's, but only seven iTunes videos that came with a mere three of those purchases (two were movie trilogy collections), plus six more where the digital copies were UV-only. But then, lots of my blu-rays were purchased for half what Apple wants for iTMS copies, or are from distributors that don't do digital copies at all (Shout, Anchor Bay, Criterion). I'd rather rip myself and have more control over the final encode.

Uh, boy, I'll say my milage may vary. To be fair, I was talking about recent releases, not blu-ray releases of older movies, and I'm also talking about the last three or four years specifically. But I haven't seen a single movie I was interested in buying hit shelves in that time that didn't have a "blu-ray w/ digital copy" version, in which the digital copy was service agnostic (redeemable on Amazon, iTunes, UV, Google Play, etc).

So it sounds like you've had a completely different experience than me, which is fine. But it is still possible to play in Apple's playground and outside of it for a reasonable price, even if that doesn't resonate with your use case.

 

[saudor]

it's the one with the shark icon right?

I think so.. i just cant remember 100% since i changed the icon. But it was labelled "ad free"

 

[jblagden]

Transmission, while polished and stable, hasn't seen any feature updates in years. Even the logo feels outdated.

Any recommendations for a good alternative with a genuine mac feel.

What do you guys download with these BitTorrent clients?

 

[Weaselboy]

What do you guys download with these BitTorrent clients?

So you are just going through old threads to troll? Nothing better to do?