Python - Invalid Code Signature

Hi,
So I am running Little Snitch and am just wondering if the warnings LS is providing regarding Python not having a valid code signature are anything to be concerned about. Python has also been trying to connect to localhost at shutdown and trying to call out at other unusual times, not just once on startup after launching Indigo. I don't get this error otherwise, but always on Python, even when connecting to your valid servers.

"Python" has no code signature. The executable can be maliciously modified without being detected.

Final question: How do I change the url of my reflector if I'm concerned it is too identifying? It appears passwords are sent in the clear?

Thanks,

Also, jst curious, where can I find a list of connections that I should allow Indigo and Python to access? ie. Python is pretty powerful stuff if it can navigate through multiple firewalls! Running El Capitan 10.11.6

indigodomo.com
(reflector name).indigodomo.net - port xxx, etc.
localhost


Thanks,

[matt (support)]

The Indigo Server uses python for some of its functionality (version checking, some actions and commands, etc.), and all plugins run in their own python process space. The python version Indigo uses is the default one macOS ships with. Apple didn't sign the binary which is why you see the error, but it is understandable why they don't sign it (since it is an entire programming language/framework not an app).

On the Indigo Server side you might see python calls out for version checking and license activation (https to indigodomo.com), and to build the reflector secure connection. Indigo's Web server also runs on python, so by default that will be listening in on port 8176 (for incoming HTTP commands). Plugins (and python scripts executed by Indigo) will try to connect to localhost on port 1176 (by default) for communicating to the Indigo Server.

If you want to post screen captures like you did above for anything Indigo or Python related I should be able to tell you if it is from Indigo and what it is doing. Of course some of the alerts Little Snitch is throwing might be because of 3rd party plugins and their access to Python's networking stack.

Email us your current and desired reflector name and we'll modify it for you. Indigo uses HTTP Digest authentication which does not send passwords in the clear. Additionally, when using a remote reflector all Web traffic – both to and from your server, and to / from our datacenter reflector server – is encrypted.

So I’m updating this thread as this may be related. This is an FYI, Indigo seems to be working fine under the following conditions when used with Ubiquiti Network Equipment...

Ubiquiti has included a new IPS/IDS intrusion detection system (in beta) in recent updates of the controller software for Unifi equipment. I can connect remotely to Indigo just once with that system turned on but then Indigo ultimately loses the connection. So I guess it’s working! IPS (intrusion prevention) won’t allow me to connect remotely through the reflector at all. “IDS” (just detection) allows me to get through some of the time.

However, the security gateway itself flips out and disconnects from the Unifi controller. At least its starting to appear Indigo’s reflector may be involved. Just a strong hunch at this point based on casual testing. I’ve attempted to inform Ubiquiti.

Here is some info on their Intrusion Prevention System. It may be possible at some point to identify “safe” intrusions like Indigo. (And also Security Spy for that matter - connections to that show up as a trojan attack alert in the logs) Indigo does not show up as an alert. Which could ultimately be a bad thing if the same techniques are used maliciously.

UniFi - USG: Configuring Intrusion Prevention/Detection System (IPS/IDS) – Ubiquiti Networks Support and Help Center
https://help.ubnt.com/hc/en-us/articles ... m-IPS-IDS-

If I should post this in a new thread, let me know. Thanks

I would put it I to the UniFi discussion.




Sent from my iPhone using Tapatalk

For what it's worth, I have IPS/IDS enabled on a USG Pro 4 and have never had any trouble connecting to Indigo via Touch or remote client.

Did you fiddle with the IPS/IDS default settings by any chance?

Nope, just the magic on button for IDS.