help-octave
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [gnu.org #1502445] GNU Octave website hacked and links replaced with


From: Stephane Guillou
Subject: Re: [gnu.org #1502445] GNU Octave website hacked and links replaced with trojan-containing installer??
Date: Mon, 2 Mar 2020 10:43:35 +0000

OK I feel this is a false alarm now.

I understand better the redirecting of mirrors, and the mirror is indeed listed on https://www.gnu.org/prep/ftp.html

What got me worried was the Symantec security threat detected, and the dodginess of the website freedif.org (unmaintained, contact page is 404, Twitter account is suspended...)

I just checked that the installer from mirror.freedif.org with the .sig file from ftp.gnu.org, and it checks out, so I assume this is a case of a false positive on Symantec's part. Right?

Sorry about the overreaction! 🙂

Cheers

Stéphane Guillou (he / him)

   Technology trainer | Library

   UQ Ally Network member | Green Office representative

The University of Queensland | St Lucia | QLD 4072 Australia
p: (+61) 7 344 32705 | m: (+61) 4 68 37 37 48 | @: address@hidden


Please consider the environment and print this email only if necessary

From: Stephane Guillou <address@hidden>
Sent: Monday, 2 March 2020 6:41 PM
To: Ian Kelling via RT <address@hidden>
Subject: Re: [gnu.org #1502445] GNU Octave website hacked and links replaced with trojan-containing installer??
 
Hi Ian

Your reply doesn't seem to contain anything?

Cheers

Stéphane Guillou (he / him)

   Technology trainer | Library

   UQ Ally Network member | Green Office representative

The University of Queensland | St Lucia | QLD 4072 Australia
p: (+61) 7 344 32705 | m: (+61) 4 68 37 37 48 | @: address@hidden


Please consider the environment and print this email only if necessary

From: Ian Kelling via RT <address@hidden>
Sent: Monday, 2 March 2020 4:51 PM
To: Stephane Guillou <address@hidden>
Subject: [gnu.org #1502445] GNU Octave website hacked and links replaced with trojan-containing installer??
 
On Mon Mar 02 01:03:47 2020, address@hidden wrote:
> Hi there
>
> I'm not sure if I'm imagining things here but I am very suspicious:
>
> Just installed Octave on Windows 10 from
> https://www.gnu.org/software/octave/download.html
>
> I noticed that Symantec detected the security risk "Trojan.Gen.MBT" in
> a libsqlite library:
>
>
> Scan type: Auto-Protect Scan
>
> Event: Risk Found!
>
> Security risk detected: Trojan.Gen.MBT
>
> File: C:\Octave\Octave-5.2.0\mingw64\bin\libsqlite3-0.dll
>
> Location: C:\Octave\Octave-5.2.0\mingw64\bin
>
> Computer: LIBPF1FL7FE
>
> User: SYSTEM
>
> Action taken: Pending Side Effects Analysis : Access denied Date
> found: Monday, 2 March 2020  1:32:50 PM
>
> I looked at the installers locations, and they use ftpmirror.gnu.org
> instead of ftp.gnu.org<ftp://ftp.gnu.org>
>
> I looked at the website ftpmirror.gnu.org and it redirects to
> https://mirror.freedif.org/GNU/
>
> The website freedif.org looks very dodgy to me.
>
> Looks like all URLs in the windows download page have been replace
> with this.
>
> I am imagining things? What is going on here?
>
> Cheers
>
> ---
> Stéphane Guillou (he/him) -
>    Technology trainer (Library)
>    UQ Ally Network member | Green Office representative
> The University of Queensland | St Lucia | QLD 4072 Australia
> p: (+61) 7 344 32705 | m: (+61) 4 68 37 37 48 | @:
> address@hidden<mailto:address@hidden>
>
> Please consider the environment and print this email only if necessary

Sounds like a false positive to me. I suggest checking the
signature of the file you downloaded, there are some basic
instructions in the text at the top of https://ftp.gnu.org

--
Ian Kelling | Senior Systems Administrator, Free Software Foundation
GPG Key: B125 F60B 7B28 7FF6 A2B7  DF8F 170A F0E2 9542 95DF
https://fsf.org | https://gnu.org


reply via email to

[Prev in Thread] Current Thread [Next in Thread]