Changes between Initial Version and Version 1 of Ticket #52146


Ignore:
Timestamp:
Sep 1, 2016, 12:15:37 AM (8 years ago)
Author:
larryv (Lawrence Velázquez)
Comment:

Trac requires full email addresses.

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #52146

    • Property Cc khindenburg removed
    • Property Summary changed from transmission: change port file to new download location to transmission @2.92_0: switch to GitHub
    • Property Owner changed from macports-tickets@… to khindenburg@…
    • Property Version changed from 2.3.4 to
    • Property Keywords update dowload location removed
    • Property Type changed from update to defect
  • Ticket #52146 – Description

    initial v1  
    1 __Quote from [https://transmissionbt.com/keydnap_qa/]:__
     1Quote from [https://transmissionbt.com/keydnap_qa/]:
    22
    33----
    4 '''Q. What happened?'''
    5 
    6 A. It appears that on or about August 28, 2016, unauthorized access was gained to our website
    7 server. The official Mac version of Transmission 2.92 was replaced with an unauthorized version that contained the OSX/Keydnap malware. The infected file was available for download somewhere between a few hours and less than a day. Additional information about the malware is available [http://www.welivesecurity.com/2016/08/30/osxkeydnap-spreads-via-signed-transmission-application/ here] and [http://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry-credentials/ here].
    8 
    9 '''Q. What steps have been taken following the incident?'''
    10 
    11 A. The infected file was removed from the server immediately upon discovering its existence, which was less than 24 hours after the file was posted to the website. To help prevent future incidents, we have migrated the website and all binary files from our current servers to [https://github.com/transmission GitHub]. Other services, which are currently unavailable, will be migrated to new servers in the coming days. As an added precaution, we will be hosting the binaries and the website (including checksums) in two separate repositories.
    12 
    13 '''Q. Am I at risk?'''
    14 
    15 A. The infected file was available for download from our website for less than a day, and the file was not available through the auto-update mechanism. Steps to check for, and remove, an infection are available [http://transmissionbt.com/keydnap_removal/ here].
    16 
    17 '''Q. Can you share any more information about this incident?'''
    18 
    19 A. We are in the process of investigating the incident and will share any relevant information that we discover here.
     4  Q: What happened?::
     5    A: It appears that on or about August 28, 2016, unauthorized access was gained to our website server. The official Mac version of Transmission 2.92 was replaced with an unauthorized version that contained the OSX/Keydnap malware. The infected file was available for download somewhere between a few hours and less than a day. Additional information about the malware is available [http://www.welivesecurity.com/2016/08/30/osxkeydnap-spreads-via-signed-transmission-application/ here] and [http://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry-credentials/ here].
     6  Q: What steps have been taken following the incident?::
     7    A: The infected file was removed from the server immediately upon discovering its existence, which was less than 24 hours after the file was posted to the website. To help prevent future incidents, we have migrated the website and all binary files from our current servers to [https://github.com/transmission GitHub]. Other services, which are currently unavailable, will be migrated to new servers in the coming days. As an added precaution, we will be hosting the binaries and the website (including checksums) in two separate repositories.
     8  Q: Am I at risk?::
     9    A: The infected file was available for download from our website for less than a day, and the file was not available through the auto-update mechanism. Steps to check for, and remove, an infection are available [http://transmissionbt.com/keydnap_removal/ here].
     10  Q: Can you share any more information about this incident?::
     11    A: We are in the process of investigating the incident and will share any relevant information that we discover here.
    2012
    2113'''If you have any questions or information about the incident, please send an email to security@transmissionbt.com.'''