On Tue, Jan 24, 2012, Ira Abramov wrote about "Israelis use Free Software to inject malware to blogs": > Read this: http://n2b.org/archives/2316 > > If you have a Wordpress blog and you've used a Hebrew-converted theme from > Mastergate, you probably have malware on your site.
Responding in English so that no evil Hebrew translator can take over my mail ;-) > The Israeli Free Software scene is small and we should go out in a unified > strong declaration against such ethical/legal violations, possibly also a > GPL violation. This pond is too small to piss in and stay unpunished. I say > the responsible parties need to be named and condemned, and I personally > hope one of the people affected would sue them as well. I think there are three separate issues: 1. If the code in question does something illegal (take secret data from your site and mail it to the author, modifies your site in a way that cannot be easily undone, etc.), this should be reported to the police. 2. If the code in question is misrepresented, i.e., promises to be only Hebrew translation and in practice adds ads to your site, this person can be sued. 3. It only becomes a GPL violation if he gave people modified version without the source. However, according to that post you linked to, he *did* provide source (albeit obfuscated in a very naive way), and this fact allowed them to discover and undo what he did. Hooray for the GPL! With binary-only malware, it's not usually so easy to understand what happened. I think the Iranians are still puzzled with stuxnet ;-) Anyway, malware masquerading as free software, or even real free software injected with malicious changes, isn't a new thing unfortunately. This is why responsible free software writers GPG-sign their packages, why some version control systems (like git) make it impossible to modify the code without a trail, and why most people take most of their free software from a centralized, verified, source (e.g., a Linux distribution) and not from "here and there". If someone goes to some site he never heard of, and installs some code patch (and just not a visual theme!) to the software running on his server, I can't say he got what he deserved, but I guess I can say that he should have seen this coming :( Nadav. -- Nadav Har'El | Tuesday, Jan 24 2012, [email protected] |----------------------------------------- Phone +972-523-790466, ICQ 13349191 |Red meat is not bad for you: fuzzy green http://nadav.harel.org.il |meat is bad for you. _______________________________________________ Discussions mailing list [email protected] http://hamakor.org.il/cgi-bin/mailman/listinfo/discussions
