Strange favicon

Everything related to MakeMKV
Post Reply
xuzegay
Posts: 5
Joined: Sat Feb 17, 2018 4:35 pm

Strange favicon

Post by xuzegay »

is the momentary /favicon.ico just some gimmick or have you been hacked? - just asking before I sudo make install and run....

Image
xuzegay
Posts: 5
Joined: Sat Feb 17, 2018 4:35 pm

Re: Strange favicon

Post by xuzegay »

So according to the waybackmachine this change was made at some time after the 4th of February 2018. The current version 1.12.0 of MakeMKV was released on the 3.2.2018...

Image
Image
Woodstock
Posts: 9914
Joined: Sun Jul 24, 2011 11:21 pm

Re: Strange favicon

Post by Woodstock »

Very strange... it looks like the original icon with the rastering screwed up.
MakeMKV Frequently Asked Questions
How to aid in finding the answer to your problem: Activating Debug Logging
xuzegay
Posts: 5
Joined: Sat Feb 17, 2018 4:35 pm

Re: Strange favicon

Post by xuzegay »

I just noticed that there exists a pgp signed checksum file at https://www.makemkv.com/download/makemkv-sha-1.12.0.txt

After adding the PGP public keys I found on a trustworthy key server (https://pgp.mit.edu/pks/lookup?search=makemkv&op=index)

Code: Select all

>> gpg --import gpgpubkey_mike.txt
gpg: key 70A11937AAD047B1: "Mike Chen <mike@makemkv.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
gpg --import gpgpubkey_makemkv.txt 
gpg: key 94E3083A18042697: "MakeMKV (signature) <support@makemkv.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
A pgp integrity check failed on the checksum file:

Code: Select all

>> gpg --verify makemkv-sha-1.12.0.txt
gpg: Signature made Sun 04 Feb 2018 00:39:06 CET
gpg:                using DSA key 94E3083A18042697
gpg: Good signature from "MakeMKV (signature) <support@makemkv.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 2ECF 2330 5F1F C0B3 2001  6733 94E3 083A 1804 2697
Woodstock
Posts: 9914
Joined: Sun Jul 24, 2011 11:21 pm

Re: Strange favicon

Post by Woodstock »

virustotal.com says the hash code of the download linke is 275dfc084beb5ae37b76b5debb28b1ccf81886af469eed0c4556ec591ed5a816, which matches what is in makemkv-sha-1.12.0.txt.

Are your running a SHA256 hash on the EXE file? An SHA256 hash value isn't the same as a PGP signature.
MakeMKV Frequently Asked Questions
How to aid in finding the answer to your problem: Activating Debug Logging
xuzegay
Posts: 5
Joined: Sat Feb 17, 2018 4:35 pm

Re: Strange favicon

Post by xuzegay »

(offtopic: my post is not showing)
ontopic:
The sha256 sums agree perfectly! The problem is that the pgp signature of the file containing the reference hashsums seems to be corruted. Therefore the given reference hashsums are not trustworthy...
xuzegay
Posts: 5
Joined: Sat Feb 17, 2018 4:35 pm

Re: Strange favicon

Post by xuzegay »

Ok, problem solved...

Code: Select all

>> gpg --verify makemkv-sha-1.12.0.txt 
gpg: Signature made Sun 04 Feb 2018 00:39:06 CET
gpg:                using DSA key 94E3083A18042697
gpg: Good signature from "MakeMKV (signature) <support@makemkv.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 2ECF 2330 5F1F C0B3 2001  6733 94E3 083A 1804 2697
The important part is

Code: Select all

gpg: Good signature from "MakeMKV (signature) <support@makemkv.com>" [unknown]
The reason for the warning is that I have not signed your public key I retrieved from https://pgp.mit.edu/pks/lookup?search=makemkv&op=index with my private key. Therefore your public key is not trusted....

p.s. I only need pgp ever so often - it would be nice i you had a short instruction on how to properly verify...
Woodstock
Posts: 9914
Joined: Sun Jul 24, 2011 11:21 pm

Re: Strange favicon

Post by Woodstock »

xuzegay wrote:(offtopic: my post is not showing)
Most links will push your message into the moderation queue until a moderator checks them. Links to makemkv.com can be done without getting "queued", but using the URL button on the editor is pretty much guaranteed to call for moderation. As will quoting a message that had links.

And, if you edit a message that passed moderation before, it gets kicked back into the queue. :roll:

The result, though, has been a significant reduction in the amount of spam posted here.
MakeMKV Frequently Asked Questions
How to aid in finding the answer to your problem: Activating Debug Logging
Post Reply