Archive for May 8, 2017

Monday, May 8, 2017

After 19 Years, CMU Switches From Cyrus IMAP to Exchange/Gmail

Carnegie Mellon (via Hacker News):

In fall 2016, Computing Services began a multi-phased project to decommission the Cyrus email service as part of an effort to provide modern, industry standard, cost-effective email and calendar solutions.

The email and calendar services offered to campus have undergone a number of changes over the past several years. Many administrative departments have transitioned to Exchange providing an integrated solution with mobile support and advanced scheduling functionality; and in 2013, G Suite @ CMU became the default email service for undergraduate students.

brongondwana:

Cyrus development will not be affected by this. While CMU has been running Cyrus, and employing one of the key developers, FastMail has a team dedicated to supporting the biggest open source project that we use. We have a new developer starting on Wednesday next week as well as Ken from CMU who has agreed to keep working on Cyrus as a FastMail employee and representing the project at conferences.

See also: Cyrus IMAP server.

Apple Updates Workflow

Juli Clover:

Apple-owned Workflow was updated to version 1.7.4 today, re-introducing features that were removed when Apple acquired the app and adding new Apple Music actions.

[…]

When Apple purchased Workflow, the Workflow team said app integrations and the Gallery would be updated on a regular basis, but a later report suggested Apple planned no more updates. Based on today’s update, which adds new features, that report was incorrect.

Though two new actions have been re-introduced, there are still features missing from the Workflow app. Maps actions are restricted to Apple Maps, and translating text only works with Microsoft's translation services. Other previous app actions, including Uber, Telegram, and LINE, are still unavailable.

Previously: Apple Acquires Workflow.

foreach Using Objective-C Generics

Peter Steinberger shares an Objective-C macro that lets you write foreach (object, collection), where object gets the proper type based on the collection’s type parameter. The benefits: you save space and typing vs. a standard for loop, yet you still get static checking and auto-completion. The code ends up looking like my macro from the old days before NSFastEnumeration and for…in loops.

Update (2017-05-15): Peter Steinberger:

I wrote a header that overrides mutable/Copy to pass along types+generic type data in Objective-C.

HandBrake Proton Trojan

HandBrake (Hacker News, MacRumors):

Anyone who has downloaded HandBrake on Mac between [02/May/2017 14:30 UTC] and [06/May/2017 11:00 UTC] needs to verify the SHA1 / 256 sum of the file before running it.

Anyone who has installed HandBrake for Mac needs to verify their system is not infected with a Trojan. You have 50/50 chance if you’ve downloaded HandBrake during this period.

[…]

Downloads via the applications built-in updater with 1.0 and later are unaffected. These are verified by a DSA Signature and will not install if they don’t pass.

Patrick Wardle:

So yah, when run, the infected Handbrake application:

  1. unzips Contents/Resources/HBPlayerHUDMainController.nib to /tmp/HandBrake.app
. This ‘nib’ is a password protected zip file who’s password is: qzyuzacCELFEYiJ52mhjEC7HYl4eUPAR1EEf63oQ5iTkuNIhzRk2JUKF4IXTRdiQ
  2. launches (opens) /tmp/HandBrake.app

Once the /tmp/HandBrake.app is launched, it displays a (fake) authentication popup - which is how the malware attempts to elevate its privileges[…]

Thomas Reed:

The fact that the malware requests an admin password yet installs all components in user space where no admin password is needed was initially puzzling, but that password request is actually not a system-generated prompt. It’s a phishing dialog displayed by the malware to obtain your password, which will be sent in clear text to api[DOT]handbrake[DOT]biz, the command & control (C&C) server for this malware.

[…]

This is a general-purpose backdoor with all the usual backdoor functionality. In addition, it appears this malware is exfiltrating the entire keychain, with all passwords. Thus, if you’re infected, the first priority should be changing all your online passwords. (After ensuring that your computer is free of infection, of course! Never change passwords on a device that may still be infected.)

Howard Oakley:

Apple has, over the last twenty-four hours or so, pushed another update to the XProtect data for macOS Sierra and, presumably, El Capitan.

Last year, something similar happened with Transmission, also from Eric Petit. However, the hacked Transmission was signed for Gatekeeper, whereas the hacked HandBrake was unsigned, like the normal HandBrake.

HandBrake:

The HandBrake Team is independent of the Tranmission Developers. The projects share history in the sense that the same author created these apps but he is not part of the current HandBrake team of developers.

We do not share our virtual machines with the Transmission project.

Update (2017-05-17): Steven Frank (Hacker News):

In a case of extraordinarily bad luck, even for a guy that has a lot of bad computer luck, I happened to download HandBrake in that three day window, and my work Mac got pwned.

Long story short, somebody, somewhere, now has quite a bit of source code to several of our apps.