Prey 0.5.2: Keeping it tough

0.5.2 is out! A while ago we pushed this release update which includes a couple of security enhancements, lots of code cleanups and a small fix for On-Demand mode, as some people were having trouble switching back to On-Interval after going to stand-by mode. Lets take a deeper look at the changelog:

  • Response encryption: Prey now supports 128 bit AES decryption for response bodies, which means that all data sent by the Control Panel will be encrypted with a salted secret key, rending theoretical man-in-the-middle attacks impossible. We’ll be deploying this gradually during the next days!
  • We also added a check to prevent malitious code execution through config values in the response XML. (Issue #85)
  • Better way of knowing if On-Demand is still active or not, using timestamps from the keepalive pings sent by the server. This should fix the issue that prevented some users from switching back to Interval mode.
  • Lots of code cleanups, removed duplicate or unused stuff. We’re also switching backticks for $() calls, which is much easier to read.
  • Small improvements to the auto update process.
  • Initial support for Prey to be run as a non-root user. On Ubuntu we were able to run as a third user with some sudo permissions. Once we get it working on Mac we’ll switch over and not run Prey as root any more (yes, we heard you guys).
  • Support for SMTP servers which don’t require authentication. Simply leave the SMTP user/pass fields blank and you’re set. Passwords with spaces should also work.
  • Added a simple SMTP user/pass verification routing in check mode (Standalone users).

That’s about it! For the full commit list check out the comparison view on Github. As always, any questions or comments are welcome.

Happy hunting!