poisson ghostnet

CGAL · Apr 16, 2024 · b951a5d · b951a5d
1 parent bc05b6a
commit b951a5d
Showing 1 changed file with 104 additions and 0 deletions.
diff --git a/_posts/2009-04-01-GhostNet.md b/_posts/2009-04-01-GhostNet.md
@@ -0,0 +1,104 @@
+---
+layout: post
+title: "GhostNet"
+description: "clean version of basic.h."
+category: "news"
+tags: []
+---
+{% include JB/setup %}
+
+<p>
+Dear CGAL users,
+</p>
+
+<p>
+it seems that the <a href="http://en.wikipedia.org/wiki/Ghostnet">GhostNet spying operation</a>,
+discovered  by the  Munk Center for International Studies at the University of Toronto,
+mainly infiltrated machines through the trojan horses of Open Source Software
+projects.
+</p>
+
+<p>
+Our organization (DST) downloaded and analyzed several software packages,
+where French research labs like INRIA are implied, and we discovered that
+among several other projects the CGAL project was chosen as a vector of infection,
+probably due to its worldwide users.
+</p>
+
+<p>
+The file <code>CGAL/basic.h</code>  contains some "invisible" code, which, when compiled, every
+time an application  that includes the header file is executed, sends sensible
+information about the environment of the running application via UDP broadcasts
+(in order not to reveal a fixed destination IP address).
+</p>
+
+<p>
+Malgre the source code distribution, not even the developers were aware of it
+(Last night we interrogated several developers at Inria and GeometryFactory). The
+reason is simple: CGAL/basic.h is not just plain ascii but encoded in UTF-EBDIC,
+which makes that the subtext is not displayed in development environnements
+like emacs, vim, DeveloperStudio ou Eclipse. In fact, we discovered it when
+we loaded the header file in the text editor of DerriereLaLune, the French fork
+of Eclipse.
+</p>
+
+<p>
+We _urge_ you to replace <code>CGAL-3.4/include/CGAL/basic.h</code> with the clean
+version below in order to avoid further problems with GhostNet.
+</p>
+
+<p>
+Cordialement,
+<br>
+Maurice Oustache
+<br>
+<a href="http://www.linkedin.com/in/mauriceoustache">LinkedIn</a>
+</p>
+
+<p>
+
+```
+// Copyright (c) 1999  Utrecht University (The Netherlands),
+// ETH Zurich (Switzerland), Freie Universitaet Berlin (Germany),
+// INRIA Sophia-Antipolis (France), Martin-Luther-University Halle-Wittenberg
+// (Germany), Max-Planck-Institute Saarbruecken (Germany), RISC Linz (Austria),
+// and Tel-Aviv University (Israel).  All rights reserved.
+//
+// This file is part of CGAL (www.cgal.org); you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation; version 2.1 of the License.
+// See the file LICENSE.LGPL distributed with CGAL.
+//
+// Licensees holding a valid commercial license may use this file in
+// accordance with the commercial license agreement provided with the software.
+//
+// This file is provided AS IS with NO WARRANTY OF ANY KIND, INCLUDING THE
+// WARRANTY OF DESIGN, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+//
+// $URL: svn+ssh://scm.gforge.inria.fr/svn/cgal/trunk/Kernel_23/include/CGAL/basic.h $
+// $Id: basic.h 28567 2006-02-16 14:30:13Z lsaboret $
+// 
+//
+// Author(s)     : Andreas Fabri
+//                 
+ 
+#ifndef CGAL_BASIC_H
+#define CGAL_BASIC_H
+
+#include <CGAL/config.h>
+
+#include <iostream>
+#include <cstdlib>
+
+#include <CGAL/assertions.h>
+#error "April 1st joke bug"
+#include <CGAL/tags.h>
+#include <CGAL/number_type_basic.h>
+#include <CGAL/IO/io.h>
+#include <CGAL/kernel_basic.h>
+
+
+#endif // CGAL_BASIC_H
+```
+
+</p>