Transmission 2.90 and ransomware

[Osiris]

Y'all probably heard of the problems of Apple users with transmission 2.90 containing ransomware.
Apparently the OFFICIAL version contained the malware.
Since the current version of the pbi is that same 2.90 version, could you guys please update it.
Giving me the creeps, tbh.

 

[Ericloewe]

I answered this already, but here's some information (not FUD).

• The affected version of Transmission was only available on their site and was only the Mac version
• This kind of stuff generally comes from a trusted repository, on FreeBSD
• Even if it somehow infected me (if I used Transmission, which I don't), I'd just laugh my ass out and send an email to the malware developers telling them how fscking stupid they are.
  • Fscking snapshots! They make this a minor inconvenience. My commute today was 50x more painful than a hypothetical attack like this.
    
  • Transmission runs in a Jail on FreeNAS
  • ZFS snapshots cannot be created or destroyed by jailed applications, unless the dataset was explicitly delegated to the jail

Additionally, "we guys" are mostly responsible for absolutely zero percent of Transmission on FreeNAS. You'll have to contact whoever maintains the port (and plugin, if it exists).

 

[Yatti420]

Its the mac vers.. Nothing to see here.. If it made it into trusted repos that's kind of scary.. This is typically why you avoid third party repos & add-ons etc.. Can't be avoided if you donwload it via a legitimate update.. Idn how you would on MAC though unless its an official update..

 

[Ericloewe]

Its the mac vers.. Nothing to see here.. If it made it into trusted repos that's kind of scary.. This is typically why you avoid third party repos & add-ons etc.. Can't be avoided if you donwload it via a legitimate update.. Idn how you would on MAC though unless its an official update..

Well, it hit the website, which sounds like a softer target. Along the lines of "applied social engineering on some Indian call center guy who works for GoDaddy", instead of "signed the software with the key expected by the repository".

They did sign the application with a Mac app store certificate, from what I understand, but it was one they'd gotten from signing up as developers, which has since been revoked by Apple.

 

[Osiris]

About you not being responsible for the 'port' ... I would assume the maintainer of the pbi might read this forum and upgrade the pbi to the latest port.
Snapshots. I could indeed roll back to the snapshot where transmission was fine, but the infected windows/mac clients in my domain might not.
While I'm fond of your sarcasm, you actually gave me a good explanation.

May we meet again in Shub Nigguraths pit!

 

[Yatti420]

Yes lets put this to rest.. Running transmission over FreeNAS is safe.. Just don't run it on a mac if worried..

 

[pirateghost]

About you not being responsible for the 'port' ... I would assume the maintainer of the pbi might read this forum and upgrade the pbi to the latest port.

PBI is not inherent to FreeNAS. The maintainer likely doesn't use FreeNAS at all.