Hello, welcome to the Thursday, May 18th, 2017 edition of the Sancent Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from San Diego, California.

Last week I mentioned how the OS10 video conversion application handbrake was compromised and then infected with a version of the

proton backdoor. Well, often these incidents are very abstract and impact isn't really all that

clear. In this case, however, there is a nice follow-up from Panic Incorporated, or well, maybe not

so nice for these people, because while they develop various iOS apps, the developer

at Panic downloaded one of the compromised versions of handbrake during the time that it was infected.

And before the infection was made public, someone had already downloaded his source code using compromised git credentials.

The attacker who stole the source code then demanded a ransom to not release it to the public.

Now, Panic isn't too concerned about such a release, but is somewhat concerned about possible backdoor versions of its software, given the history of this particular group.

Now, Panic has decided not to pay the ransom, probably a smart move on their part, because

little really confirmation here that the attacker will not do anything bad with the code

after the ransom is paid.

But they already have invalidated the old developer ID so it can no longer be used to, for

example, sign any malicious software.

And missed recently updated its password guidance.

You may have seen this in the news last week.

Something many felt was long overdue as past guidance, for example, did not address adequately

how really passwords are compromised these days.

And one of the big problems, of course course these days are passwords shared between sites.

Richard today wrote a post summarizing some of these changes. One of the most publicized

and probably most important issue that was addressed in this new guidance is that regular

...