CGAL users discussion list

["naresh" <>]

You  are the BIG JOKE . 

----- Original Message -----

From:

To:

Sent: Wednesday, April 01, 2009 12:32 PM

Subject: [cgal-discuss] GhostNet

Dear CGAL users,

it seems that the GhostNet spying operation, http://en.wikipedia.org/wiki/Ghostnet ,
discovered  by the  Munk Center for International Studies at the University of Toronto,
mainly infiltrated machines through the trojan horses of Open Source Software
projects.

Our organization (DST) downloaded and analyzed several software packages,
where French research labs like INRIA are implied, and we discovered that
among several other projects the CGAL project was chosen as a vector of infection,
probably due to its worldwide users.

The file CGAL/basic.h  contains some "invisible" code, which, when compiled, every
time an application  that includes the header file is executed, sends sensible
information about the environment of the running application via UDP broadcasts
(in order not to reveal a fixed destination IP address).


Malgre the source code distribution, not even the developers were aware of it
(Last night we interrogated several developers at Inria and GeometryFactory). The
reason is simple: CGAL/basic.h is not just plain ascii but encoded in UTF-EBDIC,
which makes that the subtext is not displayed in development environnements
like emacs, vim, DeveloperStudio ou Eclipse. In fact, we discovered it when
we loaded the header file in the text editor of DerriereLaLune, the French fork
of Eclipse.


We *urge* you to replace CGAL-3.4/include/CGAL/basic.h with the attached clean
version in order to avoid further problems with GhostNet.


Cordialement,

Maurice Oustache
http://www.linkedin.com/in/mauriceoustache