• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Newest BOINC client available on official site - trojaned???

VirtualLarry

VirtualLarry

No Lifer
Just wondering. Since I know that the newest BOINC client is now UNSIGNED, and presumably, compiled by a third-party and uploaded there. I just know that my main OCed G4400 Skylake boxed was apparently recently compromised, along with my Paypal. I found IIS installed and running, but the management utilities were disabled.

Anyways, there are a few common programs / utilities that are UNSIGNED, which is a very real risk.

The NSA has the capability to inject malware / secret trojans into downloads, as they happen.Signed code (hopefully) prevents this.

It is irresponsible of software developers of major apps, to not provide signed code.

I'm going through my other programs, that I've freshly downloaded. ImgBurn, downloaded from the official ImgBurn site / mirror (not another mirror listed on their site), is also UNSIGNED.

So, possibly that was / is a vector too.

Just a warning.

I do have some of the previous versions of BOINC, that ARE signed, on my NAS. I guess I'll be pulling those out to re-install.

I haven't, and won't, install Flash Player or Java or Adobe Reader. So those couldn't have been the vector, although Skype uses an embedded version of Flash Player to display ads.

Just a heads-up. It's a dangerous world out there.

Edit: BOINC Manager 7.6.9 is SIGNED. If you can find a copy.
boinc_7.6.9_windows_x86_64.exe
 
Last edited:
Last time I tried to install a new version of ImgBurn, it came with a lot of crapware. I'm still using a fairly old version for that reason. You were likely compromised either by that, or through a browser, or through a direct hack. (Is your router clean?)
 
Well a few months back Team Viewer had a data breach. There is a reddit discussion on it. TV didn't email people to let them know. So, users had hackers logging into systems without users knowledge.

Due to data breaches recently (Yahoo, DLH, who know how many others) I have had several of my accounts attempted to login. Hotmail, yahoo, Steam, Team Viewer, Netflix, Hulu, Walmart, and a few others. All because they got the login info from the data breach and was trying to use the same logins at other sites. Most people these days recycle logins so once you have that, you can just start guessing at what sites they use. I have at least one friend that had their Walmart account drained but luckily caught it in time when they got the email confirming the shipping address. You can check your email at this site https://haveibeenpwned.com/ to see if it has been part of some of the data breaches that are known.
 
VirtualLarry said:
Says "good news - no pwnage found".
Click to expand...

Even if there is "no pwnage found" its still good to follow good security practices and especially use 2FA. Also SMS is NOT 2FA. Use Authy, Google Authenticator or even a physical key like a YubiKey, which can cost upto US$50
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top