www.makemkv.com

Posted: **Sat Feb 17, 2018 4:39 pm**

is the momentary /favicon.ico just some gimmick or have you been hacked? - just asking before I sudo make install and run....

Posted: **Sat Feb 17, 2018 4:58 pm**

So according to the waybackmachine this change was made at some time after the 4th of February 2018. The current version 1.12.0 of MakeMKV was released on the 3.2.2018...

Posted: **Sat Feb 17, 2018 10:52 pm**

Very strange... it looks like the original icon with the rastering screwed up.

Posted: **Sat Feb 17, 2018 10:55 pm**

I just noticed that there exists a pgp signed checksum file at https://www.makemkv.com/download/makemkv-sha-1.12.0.txt

After adding the PGP public keys I found on a trustworthy key server (https://pgp.mit.edu/pks/lookup?search=makemkv&op=index)

Code: Select all

>> gpg --import gpgpubkey_mike.txt
gpg: key 70A11937AAD047B1: "Mike Chen <mike@makemkv.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
gpg --import gpgpubkey_makemkv.txt 
gpg: key 94E3083A18042697: "MakeMKV (signature) <support@makemkv.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

A pgp integrity check failed on the checksum file:

Code: Select all

>> gpg --verify makemkv-sha-1.12.0.txt
gpg: Signature made Sun 04 Feb 2018 00:39:06 CET
gpg:                using DSA key 94E3083A18042697
gpg: Good signature from "MakeMKV (signature) <support@makemkv.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 2ECF 2330 5F1F C0B3 2001  6733 94E3 083A 1804 2697

Posted: **Sat Feb 17, 2018 11:03 pm**

virustotal.com says the hash code of the download linke is 275dfc084beb5ae37b76b5debb28b1ccf81886af469eed0c4556ec591ed5a816, which matches what is in makemkv-sha-1.12.0.txt.

Are your running a SHA256 hash on the EXE file? An SHA256 hash value isn't the same as a PGP signature.

Posted: **Sat Feb 17, 2018 11:08 pm**

(offtopic: my post is not showing)
ontopic:
The sha256 sums agree perfectly! The problem is that the pgp signature of the file containing the reference hashsums seems to be corruted. Therefore the given reference hashsums are not trustworthy...

Posted: **Sat Feb 17, 2018 11:27 pm**

Ok, problem solved...

Code: Select all

>> gpg --verify makemkv-sha-1.12.0.txt 
gpg: Signature made Sun 04 Feb 2018 00:39:06 CET
gpg:                using DSA key 94E3083A18042697
gpg: Good signature from "MakeMKV (signature) <support@makemkv.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 2ECF 2330 5F1F C0B3 2001  6733 94E3 083A 1804 2697

The important part is

Code: Select all

gpg: Good signature from "MakeMKV (signature) <support@makemkv.com>" [unknown]

The reason for the warning is that I have not signed your public key I retrieved from https://pgp.mit.edu/pks/lookup?search=makemkv&op=index with my private key. Therefore your public key is not trusted....

p.s. I only need pgp ever so often - it would be nice i you had a short instruction on how to properly verify...

Posted: **Sat Feb 17, 2018 11:51 pm**

xuzegay wrote:(offtopic: my post is not showing)

Most links will push your message into the moderation queue until a moderator checks them. Links to makemkv.com can be done without getting "queued", but using the URL button on the editor is pretty much guaranteed to call for moderation. As will quoting a message that had links.

And, if you edit a message that passed moderation before, it gets kicked back into the queue.

The result, though, has been a significant reduction in the amount of spam posted here.

www.makemkv.com

Strange favicon

Strange favicon

Re: Strange favicon

Re: Strange favicon

Re: Strange favicon

Re: Strange favicon

Re: Strange favicon

Re: Strange favicon

Re: Strange favicon