Israelis use Free Software to inject malware to blogs
nyh at math.technion.ac.il
Tue Jan 24 13:08:25 IST 2012
On Tue, Jan 24, 2012, Ira Abramov wrote about "Israelis use Free Software to inject malware to blogs":
> Read this: http://n2b.org/archives/2316
> If you have a Wordpress blog and you've used a Hebrew-converted theme from
> Mastergate, you probably have malware on your site.
Responding in English so that no evil Hebrew translator can take over my
> The Israeli Free Software scene is small and we should go out in a unified
> strong declaration against such ethical/legal violations, possibly also a
> GPL violation. This pond is too small to piss in and stay unpunished. I say
> the responsible parties need to be named and condemned, and I personally
> hope one of the people affected would sue them as well.
I think there are three separate issues:
1. If the code in question does something illegal (take secret data from
your site and mail it to the author, modifies your site in a way that
cannot be easily undone, etc.), this should be reported to the police.
2. If the code in question is misrepresented, i.e., promises to be only
Hebrew translation and in practice adds ads to your site, this person
can be sued.
3. It only becomes a GPL violation if he gave people modified version
without the source. However, according to that post you linked to, he
*did* provide source (albeit obfuscated in a very naive way), and this
fact allowed them to discover and undo what he did. Hooray for the
GPL! With binary-only malware, it's not usually so easy to understand
what happened. I think the Iranians are still puzzled with stuxnet ;-)
Anyway, malware masquerading as free software, or even real free
software injected with malicious changes, isn't a new thing
unfortunately. This is why responsible free software writers GPG-sign
their packages, why some version control systems (like git) make it
impossible to modify the code without a trail, and why most people
take most of their free software from a centralized, verified, source
(e.g., a Linux distribution) and not from "here and there".
If someone goes to some site he never heard of, and installs some code
patch (and just not a visual theme!) to the software running on his
server, I can't say he got what he deserved, but I guess I can say that
he should have seen this coming :(
Nadav Har'El | Tuesday, Jan 24 2012,
nyh at math.technion.ac.il |-----------------------------------------
Phone +972-523-790466, ICQ 13349191 |Red meat is not bad for you: fuzzy green
http://nadav.harel.org.il |meat is bad for you.
More information about the Discussions