-
Notifications
You must be signed in to change notification settings - Fork 711
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bad download links on Wiki #2554
Comments
Reverted to previous version. Looks to me like an attack. |
Thanks for letting us know. I reported this user to github: Looking into other changes of wiki, they also changed the other links on the page "Windows Quick Start". I reverted these too: If this is going to happen more frequently, we will have to restrict access to the wiki modifications. |
Looks like this has happened again - I downloaded and attempted to install the Windows 64bit installer, but it is pointing to this: https://github.com/qingfengmu/FreeRTOS/releases/download/V10.4.1/OpenSC-0.22.0_win64.zip This other installer appears to contain Redline Stealer |
Thanks for the notice. I reported the user and reverted the change again. |
I also changed the access to wiki editing only to members with push-permissions for now as it is hard to keep track of all the wiki changes. Lets keep the issue cool down a bit as it looks like targeted attack. |
For the record, I finally heard from github today and both malicious users are gone now. In any case, I think we either need to move the download links from wiki to README, where we have better control about the links or keep the wiki opened only for contributors somehow (now, it is possible to restrict only to the people with push-access). I am not very happy about restricting the contributions to wiki from our users, but really, it did not have a lot of contributions over the last years: |
I vote for restricted access to people with push-access. We can always grant rights to additional contributors. |
I agree, this is a serious issue. We were directing our customers to the wiki page to download OpenSC, which is needed by our software. I can only hope nobody caught a virus. |
I hope this was addressed. Having wiki is a great for collaboration, but it can not be used for such sensitive stuff as a download links. As a next steps, I would probably like to move the download links to README and open the wiki again if there is nobody against. |
The new links are in README now, I removed the links from wiki and directed readers to the README/main github page of opensc. I will keep it that way to see if people can get used to it at least some time after the next release and then I will try to re-open the wiki for everyone. |
FYI, 3 days ago something changed the download links again so I switched to wiki to contributor mode only and I am going to report these accounts. |
Whilie guiding a customer to install OpenSC, we determined that links that are on the wiki page https://github.com/OpenSC/OpenSC/wiki are pointing to a different site: https://www.ps3cfw.com/cool.php?item=76795368
The text was updated successfully, but these errors were encountered: