Israelis use Free Software to inject malware to blogs
tomerc at gmail.com
Tue Jan 24 13:02:25 IST 2012
Why do you think that intentional security holes are breaking the GPL? The
GPL has a section about malicious activities? I don't remember that the GPL
having a section REQUIRING users to contribute their changes back upstream,
neither encoding some of the code in base64 as the coder can say that
base64 is actually optimizing their code in terms of making it more
portable, for example.
On Tue, Jan 24, 2012 at 12:30, Ira Abramov <Ira at abramov.org> wrote:
> Tomer, the TOS is a GPL violation but could be forgiven as a
> misunderstanding. were it not for the proven injection of malicious,
> obfuscated code. read the post I linkd to. this is not a naiive mistake,
> it's an intentional security hole. It's not only breaking the GPL, It
> breaks also Israeli law, and probably local laws in other countries where
> WP blogs may be hosted for Israelis. This must not be ignored by our
> On Tue, Jan 24, 2012 at 12:25, Tomer Cohen <tomerc at gmail.com> wrote:
>> base64_decode isn't the only evidence for some suspicious activities.
>> Others use some openssl functions to encrypt their code, and I guess there
>> are other options as well. It is better to always look into the code before
>> using it, especially when it comes from unknown/untrusted sources.
>> The Israeli WordPress theme scene is indeed very small, but they are not
>> well-educated about the meaning of GPL and what they should do after fixing
>> a bug in the code or customizing some code to have Hebrew support or
>> right-to-left. This is why I prefer to use the code from the original
>> maintainer and not forks made by people who change few words in the code
>> and ship it as their own creation without notifying the original
>> theme/plugin maintainers and contributing the code upstream.
>> The recent panic could be an opportunity to us to publish our thoughts
>> and ask coders to better behave in the Open Source scene.
>> On Tue, Jan 24, 2012 at 12:13, Ira Abramov <hamakor at ira.abramov.org>wrote:
>>> Read this: http://n2b.org/archives/2316
>>> If you have a Wordpress blog and you've used a Hebrew-converted theme
>>> from Mastergate, you probably have malware on your site.
>>> crude quick way to find potential problems: run ' grep
>>> "eval.*base64_decode" * -r ' on your web directories.
>>> The Israeli Free Software scene is small and we should go out in a
>>> unified strong declaration against such ethical/legal violations, possibly
>>> also a GPL violation. This pond is too small to piss in and stay
>>> unpunished. I say the responsible parties need to be named and condemned,
>>> and I personally hope one of the people affected would sue them as well.
>>> Discussions mailing list
>>> Discussions at hamakor.org.il
>> *Tomer Cohen*
>> Discussions mailing list
>> Discussions at hamakor.org.il
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Discussions