Slashdot Mirror

← Back to Stories (view on slashdot.org)

App Maker's Code Stolen in Malware Attack (bbc.com)

Posted by msmash on from the security-woes dept.

Mac and iOS software developer Panic has had the source code for several of its apps stolen. An anonymous reader writes: Panic founder Steven Frank said in a blog post that it happened after he downloaded an infected copy of the video encoding tool Handbrake. He said there was no sign that any customer data was accessed and that Panic's web server was not affected. Users have been warned to download Panic's apps only from its website or the Apple App Store. Panic is the creator of web editing and file transfer apps Coda and Transmit, and the video game Firewatch. On May 2, Handbrake was hacked, with the Mac version of the app on one of the site's download servers replaced by a malicious copy. In what Mr Frank called "a case of extraordinarily bad luck", he downloaded the malicious version of Handbrake and launched it "without stopping to wonder why Handbrake would need admin privileges... when it hadn't before. And that was that, my Mac was completely, entirely compromised in three seconds or less."

1 of 73 comments (clear)

  1. Re:Whatever happened to by ilsaloving · · Score: 4, Informative

    Certain computers never getting hacked, malware, or virused up?

    Except that has never ever been true, except to the OS zealots who tie their personal identity to their chosen platform like some weird religious devotee.

    It's funny, I've gotten into arguments on slashdot for this exact thing, by people who were so offended when said that their favourite OS (no matter what it is) isn't a perfect panacea. They went so far as to accuse me that I "don't know security" because, for example, I disagreed that just using FreeBSD didn't make that automagically immune to security threats.

    What happened to Mr. Frank is a perfect example of what I was talking about. It doesn't matter how secure you think your OS is, because there is *always* a way to compromise it. Even if your OS isn't directly exploitable, an application you run on top of it may be. If not, the meatspace component certainly still is.

    All it takes is a single mistake, a single lapse in judgment for something potentially catastrophic to happen.

    There is no such thing as perfect security. All you can do is put up more barriers than a malicious actor has the patience to tear down. That includes appropriate training for people. Anyone who tells you different is either grossly misinformed, or is trying to sell you something.