CGAL users discussion list

["Ruud op den Kelder" <>]

Thank you so much Mister Oustache, for saving us from that nasty
basic.h...! :P Maybe you should try your scam with some less educated
people...

> Dear CGAL users,
>
> it seems that the GhostNet spying operation,
> http://en.wikipedia.org/wiki/Ghostnet ,
> discovered  by the  Munk Center for International Studies at the
> University
> of Toronto,
> mainly infiltrated machines through the trojan horses of Open Source
> Software
> projects.
>
> Our organization (DST) downloaded and analyzed several software packages,
> where French research labs like INRIA are implied, and we discovered that
> among several other projects the CGAL project was chosen as a vector of
> infection,
> probably due to its worldwide users.
>
> The file CGAL/basic.h  contains some "invisible" code, which, when
> compiled,
> every
> time an application  that includes the header file is executed, sends
> sensible
> information about the environment of the running application via UDP
> broadcasts
> (in order not to reveal a fixed destination IP address).
>
>
> Malgre the source code distribution, not even the developers were aware of
> it
> (Last night we interrogated several developers at Inria and
> GeometryFactory). The
> reason is simple: CGAL/basic.h is not just plain ascii but encoded in
> UTF-EBDIC,
> which makes that the subtext is not displayed in development
> environnements
> like emacs, vim, DeveloperStudio ou Eclipse. In fact, we discovered it
> when
> we loaded the header file in the text editor of DerriereLaLune, the French
> fork
> of Eclipse.
>
>
> We *urge* you to replace CGAL-3.4/include/CGAL/basic.h with the attached
> clean
> version in order to avoid further problems with GhostNet.
>
>
> Cordialement,
>
> Maurice Oustache
> http://www.linkedin.com/in/mauriceoustache
>


-- 
RodK.nl
gamm.RodK.nl