[Clipart] Hacking attempt?

Bryce Harrington bryce at bryceharrington.org
Thu Dec 1 22:35:36 PST 2005


Hi Momo,

Sounds like a great idea, would you be interested in helping with this?
You're right that our current processes aren't scaling up well, and
quality is suffering.

Bryce

On Thu, Dec 01, 2005 at 10:07:41PM +0100, momo wrote:
> I agree, this could be a good way to handle the problem of malicious code, 
> but what I wanted to propose was also a "human quality control". In fact, I 
> see today that there is a lot of crap in the clipart (like broken or 0Kb 
> files), and lots of files missing keywords, so they are defacto unfindable 
> (pardon my english) and because of that unused (wich is almost the same as 
> inexistant).
> 
> So cleaning, controling and adding keywords to every file would be a great 
> improvement to the (poor) quality of today cliparts and at the same time an 
> possibility to filter potential hacks.
> 
> I really think we should do it because the clipart is growing fast and if 
> we keep it this way, one day we will end up with 1Gb of poor quality 
> clipart that no one would handle to open file by file to correct.
> 
> Also, there are lots of clipart files that should be deleted because of 
> their very poor quality or because they contain copyrighted graphics. Here 
> are some examples:
> - 
> http://openclipart.org/clipart/computer/icons/battery_snuatautisticido_04.svg 
> (doesn't really look like a battery...)
> - 
> http://openclipart.org/clipart/computer/icons/lemon-theme/mimetypes/exec_wine.svg 
> (MS logo)
> - 
> http://openclipart.org/clipart/computer/icons/lemon-theme/actions/samba.svg 
> (MS logo)
> - 
> http://openclipart.org/clipart/computer/icons/lemon-theme/apps/blender.svg 
> (Blenger logo)
> - 
> http://openclipart.org/clipart/computer/icons/lemon-theme/apps/firefox.svg 
> (Firefox logo, copyright Mozilla Corp.)
> - http://openclipart.org/clipart//unsorted/mygraph_john_rariden_01.svg (not 
> really a piece of clipart...)
> 
> By deleting crap, we could raise the overall quality of OpenClipart, so 
> more people and organisations would find it interesting to use or 
> distribute.
> 
> Thanks!
> 
> Mo.
> 
> ----- Original Message ----- 
> From: "Jurgentje" <jurgentje.linux at telenet.be>
> To: "momo" <momo at lumenstudio.net>
> Sent: Thursday, December 01, 2005 8:25 PM
> Subject: Re: [Clipart] Hacking attempt?
> 
> 
> >Ummm... pardon my simplicity...
> >
> >wouldn't it be enough to just check for proper extensions? I assume that 
> >even PHP code or some frikkin' DirectX code won't get executed remotely if 
> >the REAL extension is .svg?
> >
> >Just my 2 eurocent. ;)
> >
> >Jurgen.
> >
> >momo wrote:
> >>AAAA!!!! you killled Winnie the POOH!!! It's horrible!!! Poor Winnie!!!
> >>
> >>:)))))))
> >>
> >>Now seriously: I think that it is a very big problem we have here, and it 
> >>won't be the last attempt to attack or somehow "disturb" OpenClipart, so 
> >>I have a question: Is there a possibility to manually check the code for 
> >>each uploaded file? I mean creating a system where OpenClipart admins 
> >>would have the possibility to log in, and see all the uploaded files to 
> >>check them (check for malicious code, add keywords etc...) and then 
> >>approve (or delete) these files. Once approoved, the files would be 
> >>placed inside the clipart on the web and in the releases.
> >>
> >>After the Upload, the files would be just placed on the server (inside a 
> >>folder on FTP for example.) When approved, they will then be submitted to 
> >>the clipart. This way the first step (check and approoval/denial) will be 
> >>like some sort of buffer between the clipart and the "potentially 
> >>malicious" uploaders.
> >>
> >>Manually check the files is the only way to control the quality of the 
> >>submitted clipart and I personally am ready to do it if I'll have the 
> >>possibility.
> >>
> >>Thanks,
> >>
> >>Mo.
> >>
> >>
> >>
> >>----- Original Message ----- From: "Jon Phillips" <jon at rejon.org>
> >>To: <clipart at lists.freedesktop.org>
> >>Cc: <webmaster at adufo>
> >>Sent: Thursday, December 01, 2005 11:13 AM
> >>Subject: Re: [Clipart] Hacking attempt?
> >>
> >>
> >>>On Wed, 2005-11-30 at 16:02 -0800, Open Clip Art Library Feedback Form
> >>>wrote:
> >>>>Name: Arnaud GRANAL
> >>>>E-mail: webmaster at aduf.org
> >>>>
> >>>>
> >>>>Hello,
> >>>>
> >>>>I was looking for a clipart called "warning" on your website and I've
> >>>>found the following file:
> >>>>http://www.openclipart.org/incoming/winnie_the_pooh.svg.php
> >>>>
> >>>>This file seems to allow a remote attacker to execute commands on
> >>>>your serveur.
> >>>
> >>>I killed it!
> >>>
> >>>-- 
> >>>Jon Phillips
> >>>
> >>>San Francisco, CA
> >>>USA PH 510.499.0894
> >>>jon at rejon.org
> >>>http://www.rejon.org
> >>>
> >>>MSN, AIM, Yahoo Chat: kidproto
> >>>Jabber Chat: rejon at gristle.org
> >>>IRC: rejon at irc.freenode.net
> >>>
> >>>Inkscape (http://inkscape.org)
> >>>Open Clip Art Library (www.openclipart.org)
> >>>Creative Commons (www.creativecommons.org)
> >>>San Francisco Art Institute (www.sfai.edu)
> >>>
> >>>_______________________________________________
> >>>clipart mailing list
> >>>clipart at lists.freedesktop.org
> >>>http://lists.freedesktop.org/mailman/listinfo/clipart
> >>>
> >>
> >>_______________________________________________
> >>clipart mailing list
> >>clipart at lists.freedesktop.org
> >>http://lists.freedesktop.org/mailman/listinfo/clipart
> >
> >
> 
> _______________________________________________
> clipart mailing list
> clipart at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/clipart



More information about the clipart mailing list