[Clipart] Hacking attempt?

Jon Phillips jon at rejon.org
Thu Dec 15 22:42:58 PST 2005 

On Thu, 2005-12-01 at 22:35 -0800, Bryce Harrington wrote:
> Hi Momo,
> 
> Sounds like a great idea, would you be interested in helping with this?
> You're right that our current processes aren't scaling up well, and
> quality is suffering.

Yes Momo, we would like your help with this. Please email us back :)
Join up!

Jon


> On Thu, Dec 01, 2005 at 10:07:41PM +0100, momo wrote:
> > I agree, this could be a good way to handle the problem of malicious code, 
> > but what I wanted to propose was also a "human quality control". In fact, I 
> > see today that there is a lot of crap in the clipart (like broken or 0Kb 
> > files), and lots of files missing keywords, so they are defacto unfindable 
> > (pardon my english) and because of that unused (wich is almost the same as 
> > inexistant).
> > 
> > So cleaning, controling and adding keywords to every file would be a great 
> > improvement to the (poor) quality of today cliparts and at the same time an 
> > possibility to filter potential hacks.
> > 
> > I really think we should do it because the clipart is growing fast and if 
> > we keep it this way, one day we will end up with 1Gb of poor quality 
> > clipart that no one would handle to open file by file to correct.
> > 
> > Also, there are lots of clipart files that should be deleted because of 
> > their very poor quality or because they contain copyrighted graphics. Here 
> > are some examples:
> > - 
> > http://openclipart.org/clipart/computer/icons/battery_snuatautisticido_04.svg 
> > (doesn't really look like a battery...)
> > - 
> > http://openclipart.org/clipart/computer/icons/lemon-theme/mimetypes/exec_wine.svg 
> > (MS logo)
> > - 
> > http://openclipart.org/clipart/computer/icons/lemon-theme/actions/samba.svg 
> > (MS logo)
> > - 
> > http://openclipart.org/clipart/computer/icons/lemon-theme/apps/blender.svg 
> > (Blenger logo)
> > - 
> > http://openclipart.org/clipart/computer/icons/lemon-theme/apps/firefox.svg 
> > (Firefox logo, copyright Mozilla Corp.)
> > - http://openclipart.org/clipart//unsorted/mygraph_john_rariden_01.svg (not 
> > really a piece of clipart...)
> > 
> > By deleting crap, we could raise the overall quality of OpenClipart, so 
> > more people and organisations would find it interesting to use or 
> > distribute.
> > 
> > Thanks!
> > 
> > Mo.
> > 
> > ----- Original Message ----- 
> > From: "Jurgentje" <jurgentje.linux at telenet.be>
> > To: "momo" <momo at lumenstudio.net>
> > Sent: Thursday, December 01, 2005 8:25 PM
> > Subject: Re: [Clipart] Hacking attempt?
> > 
> > 
> > >Ummm... pardon my simplicity...
> > >
> > >wouldn't it be enough to just check for proper extensions? I assume that 
> > >even PHP code or some frikkin' DirectX code won't get executed remotely if 
> > >the REAL extension is .svg?
> > >
> > >Just my 2 eurocent. ;)
> > >
> > >Jurgen.
> > >
> > >momo wrote:
> > >>AAAA!!!! you killled Winnie the POOH!!! It's horrible!!! Poor Winnie!!!
> > >>
> > >>:)))))))
> > >>
> > >>Now seriously: I think that it is a very big problem we have here, and it 
> > >>won't be the last attempt to attack or somehow "disturb" OpenClipart, so 
> > >>I have a question: Is there a possibility to manually check the code for 
> > >>each uploaded file? I mean creating a system where OpenClipart admins 
> > >>would have the possibility to log in, and see all the uploaded files to 
> > >>check them (check for malicious code, add keywords etc...) and then 
> > >>approve (or delete) these files. Once approoved, the files would be 
> > >>placed inside the clipart on the web and in the releases.
> > >>
> > >>After the Upload, the files would be just placed on the server (inside a 
> > >>folder on FTP for example.) When approved, they will then be submitted to 
> > >>the clipart. This way the first step (check and approoval/denial) will be 
> > >>like some sort of buffer between the clipart and the "potentially 
> > >>malicious" uploaders.
> > >>
> > >>Manually check the files is the only way to control the quality of the 
> > >>submitted clipart and I personally am ready to do it if I'll have the 
> > >>possibility.
> > >>
> > >>Thanks,
> > >>
> > >>Mo.
> > >>
> > >>
> > >>
> > >>----- Original Message ----- From: "Jon Phillips" <jon at rejon.org>
> > >>To: <clipart at lists.freedesktop.org>
> > >>Cc: <webmaster at adufo>
> > >>Sent: Thursday, December 01, 2005 11:13 AM
> > >>Subject: Re: [Clipart] Hacking attempt?
> > >>
> > >>
> > >>>On Wed, 2005-11-30 at 16:02 -0800, Open Clip Art Library Feedback Form
> > >>>wrote:
> > >>>>Name: Arnaud GRANAL
> > >>>>E-mail: webmaster at aduf.org
> > >>>>
> > >>>>
> > >>>>Hello,
> > >>>>
> > >>>>I was looking for a clipart called "warning" on your website and I've
> > >>>>found the following file:
> > >>>>http://www.openclipart.org/incoming/winnie_the_pooh.svg.php
> > >>>>
> > >>>>This file seems to allow a remote attacker to execute commands on
> > >>>>your serveur.
> > >>>
> > >>>I killed it!
> > >>>
> > >>>-- 
> > >>>Jon Phillips
> > >>>
> > >>>San Francisco, CA
> > >>>USA PH 510.499.0894
> > >>>jon at rejon.org
> > >>>http://www.rejon.org
> > >>>
> > >>>MSN, AIM, Yahoo Chat: kidproto
> > >>>Jabber Chat: rejon at gristle.org
> > >>>IRC: rejon at irc.freenode.net
> > >>>
> > >>>Inkscape (http://inkscape.org)
> > >>>Open Clip Art Library (www.openclipart.org)
> > >>>Creative Commons (www.creativecommons.org)
> > >>>San Francisco Art Institute (www.sfai.edu)
> > >>>
> > >>>_______________________________________________
> > >>>clipart mailing list
> > >>>clipart at lists.freedesktop.org
> > >>>http://lists.freedesktop.org/mailman/listinfo/clipart
> > >>>
> > >>
> > >>_______________________________________________
> > >>clipart mailing list
> > >>clipart at lists.freedesktop.org
> > >>http://lists.freedesktop.org/mailman/listinfo/clipart
> > >
> > >
> > 
> > _______________________________________________
> > clipart mailing list
> > clipart at lists.freedesktop.org
> > http://lists.freedesktop.org/mailman/listinfo/clipart
> _______________________________________________
> clipart mailing list
> clipart at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/clipart
> 
-- 
Jon Phillips

San Francisco, CA
USA PH 510.499.0894
jon at rejon.org
http://www.rejon.org

MSN, AIM, Yahoo Chat: kidproto
Jabber Chat: rejon at gristle.org
IRC: rejon at irc.freenode.net

Inkscape (http://inkscape.org)
Open Clip Art Library (www.openclipart.org)
Creative Commons (www.creativecommons.org)
San Francisco Art Institute (www.sfai.edu)

More information about the clipart mailing list