
OS X/Keydnap spreads via signed Transmission application - anon1385
http://www.welivesecurity.com/2016/08/30/osxkeydnap-spreads-via-signed-transmission-application/
======
thoreauway
This is the 2nd time Transmission has been compromised this year.

Previously:
[https://news.ycombinator.com/item?id=11234589](https://news.ycombinator.com/item?id=11234589)

~~~
Someone
And, possibly, still the first time their website was compromised.

If so, chances are we will see this happen again. Adding a payload to an open
source project and signing it with a new key is not rocket science.

------
yladiz
I love Transmission, although nowadays I rarely use it. But this is really
disconcerting to have happened twice this year, which means the developers
aren't really doing well on the security front. Since it's open source, why
don't they just move to Github Pages for hosting and Github for development?
(Gitlab is great too!) Self hosting Trac and website, plus self hosted Jenkins
from my understanding, leaves so many attack vectors.

------
pop8row9
The Windows version of Transmission-qt does not allow one to completely
disable seeding. Little bellwethers go a long way in identifying poor
applications.

