<FULL LOG> below.Rufus version: x.y.z - I have NOT removed any part of it.Additionally (if applicable):
(✓) button to compute the MD5, SHA1 and SHA256 checksums, which are therefore present in the log I copied. I confirmed, by performing an internet search, that these values match the ones from the official image.Hello,
Despite my issue isn't fully about Rufus at all (indeed it is - just not in the "typical" manner) I couldn't work around the problem.
Right after the "wiki incident", my computer started acting slightly different. I've done a full virus scan, including an MBR and a rootkit test, nothing has been found.
Am I just paranoid or is it really likely to get infected by visiting a "possibly infected" GitHub repository?
I also have concerns about the source code integrity as the "hacker" has managed to take over the entire account, virtually enabling him/her to replace the source code silently with malware...
Should the source code hosted on GitHub be considered compromised now?
Am I just paranoid or is it really likely to get infected by visiting a "possibly infected" GitHub repository?
You are paranoid. The wiki is opened to everybody, so of course, any __idiot__ can replace it with messages of _"I am l33t haxx0r"_ if they want, and it doesn't mean that have done anything remotely smart (if anything, it just demonstrates their utter stupidity, as github will ban their account from defacing the wiki of another's).
I also have concerns about the main code integrity as the "hacker" has managed to take over the entire account
They didn't. They just edited the wiki. The wiki is left open for a reason, because it presents no risk (it's sanitized HTML), and because of the nature or git/github, you will leave clear tracks of what you are doing...
virtually enabling him/her to replace the source code silently with malware...
They can't do that. Nobody stole any credentials here, so they have had no possibility of altering the code (which is __A LOT__ more protected from alteration than the wiki, which, again, and as opposed to the code is fully open for anyone to edit). Besides due to the nature of git, any alteration __will__ be detected. And furthermore, the executable on the website are digitally signed (with credentials that never leave a dedicated security token, and therefore are neither stored on github nor the akeo.ie website), therefore, even if someone somehow managed to modify the code, they wouldn't be able to produce an executable that would have my signature.
In other words, you are paranoid. Some idiot thought they could pretend they were a hacker from doing something __anybody__ else can do (even you), but the open area they defaced has no connection, even remotely, to the code or the executable. There was no hack, and nothing was compromised.
But please feel free to clone the git repository (since any changes, even malicious, will be super evident) or check the digital signature of the executable you download from the website if you still are concerned, as, if you have the relevant knowledge, they should be more than enough to confirm what I am saying above.
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue if you think you have a related problem or query.
Most helpful comment
You are paranoid. The wiki is opened to everybody, so of course, any __idiot__ can replace it with messages of _"I am l33t haxx0r"_ if they want, and it doesn't mean that have done anything remotely smart (if anything, it just demonstrates their utter stupidity, as github will ban their account from defacing the wiki of another's).
They didn't. They just edited the wiki. The wiki is left open for a reason, because it presents no risk (it's sanitized HTML), and because of the nature or git/github, you will leave clear tracks of what you are doing...
They can't do that. Nobody stole any credentials here, so they have had no possibility of altering the code (which is __A LOT__ more protected from alteration than the wiki, which, again, and as opposed to the code is fully open for anyone to edit). Besides due to the nature of git, any alteration __will__ be detected. And furthermore, the executable on the website are digitally signed (with credentials that never leave a dedicated security token, and therefore are neither stored on github nor the akeo.ie website), therefore, even if someone somehow managed to modify the code, they wouldn't be able to produce an executable that would have my signature.
In other words, you are paranoid. Some idiot thought they could pretend they were a hacker from doing something __anybody__ else can do (even you), but the open area they defaced has no connection, even remotely, to the code or the executable. There was no hack, and nothing was compromised.
But please feel free to clone the git repository (since any changes, even malicious, will be super evident) or check the digital signature of the executable you download from the website if you still are concerned, as, if you have the relevant knowledge, they should be more than enough to confirm what I am saying above.