Potential problem with MKVToolNix 2016-08-03

Everything related to MakeMKV
Post Reply
Woodstock
Posts: 10673
Joined: Sun Jul 24, 2011 11:21 pm

Potential problem with MKVToolNix 2016-08-03

Post by Woodstock »

If you are following any recommendation about using MKVToolNix from this forum, be aware that, at this time, the site they are hosted on has been compromised, and MAY be serving up a version of their program that is contaminated with malware. Quoting Slashdot stories like this one is always fraught with the potential for being wrong, but...
At least some applications on Fosshub, a free project hosting service appear to have been compromised, according to several reports. (Update: Fosshub has acknowledged the hack.) ...

Some popular apps that have links to FossHub that may be infected include: Audacity, WinDirStat, qBittorrent, MKVToolNix, Spybot Search&Destroy, Calibre, SMPlayer, HWiNFO, MyPhoneExplorer, and IrfanView.

....
If you downloaded MKVToolNix prior to this week, you should be fine. If not, keep an eye out for updates to the stories before downloading a new copy.
dealio
Posts: 9
Joined: Sun Oct 05, 2014 3:12 am

Re: Potential problem with MKVToolNix 2016-08-03

Post by dealio »

Having read through the forum comments on BatchMKV, I'd love to try it out as it seems it will be a huge enhancement to the MakeMKV blu-ray ripping process. MakeMKV does a great job, but BatchMKV adds a lot I'd like to try.

Problem: BatchMKV requires MKVToolNix and the site where it is hosted has reported been compromised - all files, according to what I read on slashdot. I saw no update that indicates that the hosting site is now clean. So where to get a KNOWN clean copy of MKVToolNix? Any ideas?

Thanks
David
Woodstock
Posts: 10673
Joined: Sun Jul 24, 2011 11:21 pm

Re: Potential problem with MKVToolNix 2016-08-03

Post by Woodstock »

By now, the files should have been replaced.

However, it turns out that not all the projects listed on Fosshub (the compromised site) are actually the official download sources for those projects. For example, there is a Fosshub handbrake site, which has nothing to do with the handbrake project.

https://mkvtoolnix.download/ is the official download site for mkvtoolnix, and that's where I download my copies from. Version 9.4.0 was released a couple of weeks ago (after the Fosshub breach).

But I would still check the hash of the download file against what is listed as "official", and scan it with your favorite virus checker!
dealio
Posts: 9
Joined: Sun Oct 05, 2014 3:12 am

Re: Potential problem with MKVToolNix 2016-08-03

Post by dealio »

Thanks for your help! I figured out how to download directly from the site, and then, since its new to me, I had to figure out how to compute a hash (I used FCIV from MS). The SHA1 hashes matched, so I'm comfortable that I have a good file.

Thanks,
David
Post Reply