OpenSC icon indicating copy to clipboard operation
OpenSC copied to clipboard
verified publisher icon OpenSC

Bad download links on Wiki

Open DVSoftware opened this issue 3 years ago • 8 comments

Whilie guiding a customer to install OpenSC, we determined that links that are on the wiki page https://github.com/OpenSC/OpenSC/wiki are pointing to a different site: https://www.ps3cfw.com/cool.php?item=76795368

DVSoftware avatar May 16 '22 09:05 DVSoftware

Reverted to previous version. Looks to me like an attack.

CardContact avatar May 16 '22 14:05 CardContact

Thanks for letting us know. I reported this user to github:

https://github.com/OpenSC/OpenSC/wiki/Home/_compare/89040616af3a29c7283444e7f41aab62021fe05e...92486b212663f6bfb5bf10a6d45ab6ab6ebec1f8

Looking into other changes of wiki, they also changed the other links on the page "Windows Quick Start". I reverted these too:

https://github.com/OpenSC/OpenSC/wiki/_compare/1ea14b272208fa47b2e01150145a42690d0ef7b6...c3b3478ad45caf5c98205612ed672d567d5bc1f6

If this is going to happen more frequently, we will have to restrict access to the wiki modifications.

Jakuje avatar May 18 '22 07:05 Jakuje

Looks like this has happened again - I downloaded and attempted to install the Windows 64bit installer, but it is pointing to this: https://github.com/qingfengmu/FreeRTOS/releases/download/V10.4.1/OpenSC-0.22.0_win64.zip

This other installer appears to contain Redline Stealer

raleighsmvp avatar May 24 '22 15:05 raleighsmvp

Thanks for the notice. I reported the user and reverted the change again.

Jakuje avatar May 24 '22 15:05 Jakuje

I also changed the access to wiki editing only to members with push-permissions for now as it is hard to keep track of all the wiki changes. Lets keep the issue cool down a bit as it looks like targeted attack.

Jakuje avatar May 24 '22 15:05 Jakuje

For the record, I finally heard from github today and both malicious users are gone now. In any case, I think we either need to move the download links from wiki to README, where we have better control about the links or keep the wiki opened only for contributors somehow (now, it is possible to restrict only to the people with push-access). I am not very happy about restricting the contributions to wiki from our users, but really, it did not have a lot of contributions over the last years:

https://github.com/OpenSC/OpenSC/wiki/_history

Jakuje avatar May 25 '22 07:05 Jakuje

I vote for restricted access to people with push-access. We can always grant rights to additional contributors.

CardContact avatar May 25 '22 07:05 CardContact

I agree, this is a serious issue. We were directing our customers to the wiki page to download OpenSC, which is needed by our software. I can only hope nobody caught a virus.

DVSoftware avatar May 25 '22 21:05 DVSoftware

I hope this was addressed. Having wiki is a great for collaboration, but it can not be used for such sensitive stuff as a download links. As a next steps, I would probably like to move the download links to README and open the wiki again if there is nobody against.

Jakuje avatar Aug 30 '22 11:08 Jakuje

The new links are in README now, I removed the links from wiki and directed readers to the README/main github page of opensc. I will keep it that way to see if people can get used to it at least some time after the next release and then I will try to re-open the wiki for everyone.

Jakuje avatar Sep 21 '22 11:09 Jakuje

FYI, 3 days ago something changed the download links again so I switched to wiki to contributor mode only and I am going to report these accounts.

Jakuje avatar Mar 30 '23 09:03 Jakuje