|
| From: | Stephane Guillou |
| Subject: | Re: [gnu.org #1502445] GNU Octave website hacked and links replaced with trojan-containing installer?? |
| Date: | Mon, 2 Mar 2020 10:43:35 +0000 |
|
OK I feel this is a false alarm now.
I understand better the redirecting of mirrors, and the mirror is indeed listed on
https://www.gnu.org/prep/ftp.html
What got me worried was the Symantec security threat detected, and the dodginess of the website freedif.org (unmaintained, contact page is 404, Twitter account is suspended...)
I just checked that the installer from mirror.freedif.org with the .sig file from
ftp.gnu.org, and it checks out, so I assume this is a case of a false positive on Symantec's part. Right?
Sorry about the overreaction! 🙂
Cheers
Stéphane Guillou (he / him) – Technology trainer | Library
UQ Ally Network member | Green Office representative The University of Queensland | St Lucia | QLD 4072 Australia Please consider the environment and print this email only if necessary From: Stephane Guillou <address@hidden>
Sent: Monday, 2 March 2020 6:41 PM To: Ian Kelling via RT <address@hidden> Subject: Re: [gnu.org #1502445] GNU Octave website hacked and links replaced with trojan-containing installer??
Hi Ian
Your reply doesn't seem to contain anything?
Cheers
Stéphane Guillou (he / him) – Technology trainer | Library
UQ Ally Network member | Green Office representative The University of Queensland | St Lucia | QLD 4072 Australia Please consider the environment and print this email only if necessary From: Ian Kelling via RT <address@hidden>
Sent: Monday, 2 March 2020 4:51 PM To: Stephane Guillou <address@hidden> Subject: [gnu.org #1502445] GNU Octave website hacked and links replaced with trojan-containing installer?? On Mon Mar 02 01:03:47 2020, address@hidden wrote:
> Hi there > > I'm not sure if I'm imagining things here but I am very suspicious: > > Just installed Octave on Windows 10 from > https://www.gnu.org/software/octave/download.html > > I noticed that Symantec detected the security risk "Trojan.Gen.MBT" in > a libsqlite library: > > > Scan type: Auto-Protect Scan > > Event: Risk Found! > > Security risk detected: Trojan.Gen.MBT > > File: C:\Octave\Octave-5.2.0\mingw64\bin\libsqlite3-0.dll > > Location: C:\Octave\Octave-5.2.0\mingw64\bin > > Computer: LIBPF1FL7FE > > User: SYSTEM > > Action taken: Pending Side Effects Analysis : Access denied Date > found: Monday, 2 March 2020 1:32:50 PM > > I looked at the installers locations, and they use ftpmirror.gnu.org > instead of ftp.gnu.org<ftp://ftp.gnu.org> > > I looked at the website ftpmirror.gnu.org and it redirects to > https://mirror.freedif.org/GNU/ > > The website freedif.org looks very dodgy to me. > > Looks like all URLs in the windows download page have been replace > with this. > > I am imagining things? What is going on here? > > Cheers > > --- > Stéphane Guillou (he/him) - > Technology trainer (Library) > UQ Ally Network member | Green Office representative > The University of Queensland | St Lucia | QLD 4072 Australia > p: (+61) 7 344 32705 | m: (+61) 4 68 37 37 48 | @: > address@hidden<mailto:address@hidden> > > Please consider the environment and print this email only if necessary Sounds like a false positive to me. I suggest checking the signature of the file you downloaded, there are some basic instructions in the text at the top of https://ftp.gnu.org -- Ian Kelling | Senior Systems Administrator, Free Software Foundation GPG Key: B125 F60B 7B28 7FF6 A2B7 DF8F 170A F0E2 9542 95DF https://fsf.org | https://gnu.org |
| [Prev in Thread] | Current Thread | [Next in Thread] |