[Clipart] Hacking attempt?

momo momo at lumenstudio.net
Fri Dec 16 10:12:36 PST 2005


Hi!

Thank you Jon! Any informations about when will ccHost be adopted? Also, If 
some help with designing elements for the new website is needed, you can 
count on me!

By the way, it may be very usefull and user friendly to write on the index 
page of the website some more informations about Public Domain and what can 
users do with OpenClipart. I mean this is not the first time that someone 
asks if he can or cannot distribute, include, transform or sell 
openclipart's content. So I thought that enhancing these infos (already 
present on the site, but in a "condensed" form) would help potential users.

One more thing is that I will create some tiny banners (88px X 31px) that 
people could download and place on their websites and link to 
OpenClipart.org.

Thanks!

Mourad.



----- Original Message ----- 
From: "Jon Phillips" <jon at rejon.org>
To: "momo" <momo at lumenstudio.net>
Sent: Friday, December 16, 2005 6:32 PM
Subject: Re: [Clipart] Hacking attempt?


> On Fri, 2005-12-16 at 13:48 +0100, momo wrote:
>> Hi Jon!
>>
>> Thanks for the invitation to join the Openclipart team! :)
>>
>> Let me introduce myself: my name is Mourad Mokrane, 27 y.o., I live in
>> Prague and I am the art director of Lumen Design Studio
>> (www.lumenstudio.net), a Prague based web/print/corporate design studio.
>> I discovered Openclipart about 8 months ago and fell in love with this
>> project, because I found a lot of usefull stuff that we used in a few of 
>> our
>> projects. Also, I release under the Public Domain license some of the
>> graphics we create in our design studio, and upload them to Openclipart.
>> I really appreciate all the efforts of the openclipart team and would 
>> like
>> to be somehow usefull to the process, that's why I thought of the "human
>> quality control". If you need a helping hand, please let me know! I can
>> easily do the following:
>>
>> - check incoming submission's code (hacking)
>> - check and enhance/correct incoming submission's keywords
>> - check and enhance/correct incoming submission's graphics (optimise 
>> vectors
>> without changing the overall design of the graphics to decrease filesize,
>> ease the import of the graphics into other software, etc...)
>> - check incoming submissions for 0Kb filesize
>> - create graphic elements for the website's redesign (if needed)
>>
>> To create/edit SVG, I mainly use Inkscape (I try to participate to the 
>> beta
>> testing process of that fantastic sotware too) and Corel Draw.
>
> Cool! Welcome aboard! Yes, we need more creatives like yourself. We need
> more tools to allow you and others to edit current clipart. This is
> planned once we adopt ccHost. :)
>
> Anyhow, welcome aboard!
>
> Jon
>
>
>>
>>
>> ----- Original Message ----- 
>> From: "Jon Phillips" <jon at rejon.org>
>> To: "Bryce Harrington" <bryce at bryceharrington.org>
>> Cc: <clipart at lists.freedesktop.org>; "momo" <momo at lumenstudio.net>
>> Sent: Friday, December 16, 2005 7:42 AM
>> Subject: Re: [Clipart] Hacking attempt?
>>
>>
>> > On Thu, 2005-12-01 at 22:35 -0800, Bryce Harrington wrote:
>> >> Hi Momo,
>> >>
>> >> Sounds like a great idea, would you be interested in helping with 
>> >> this?
>> >> You're right that our current processes aren't scaling up well, and
>> >> quality is suffering.
>> >
>> > Yes Momo, we would like your help with this. Please email us back :)
>> > Join up!
>> >
>> > Jon
>> >
>> >
>> >> On Thu, Dec 01, 2005 at 10:07:41PM +0100, momo wrote:
>> >> > I agree, this could be a good way to handle the problem of malicious
>> >> > code,
>> >> > but what I wanted to propose was also a "human quality control". In
>> >> > fact, I
>> >> > see today that there is a lot of crap in the clipart (like broken or
>> >> > 0Kb
>> >> > files), and lots of files missing keywords, so they are defacto
>> >> > unfindable
>> >> > (pardon my english) and because of that unused (wich is almost the 
>> >> > same
>> >> > as
>> >> > inexistant).
>> >> >
>> >> > So cleaning, controling and adding keywords to every file would be a
>> >> > great
>> >> > improvement to the (poor) quality of today cliparts and at the same
>> >> > time an
>> >> > possibility to filter potential hacks.
>> >> >
>> >> > I really think we should do it because the clipart is growing fast 
>> >> > and
>> >> > if
>> >> > we keep it this way, one day we will end up with 1Gb of poor quality
>> >> > clipart that no one would handle to open file by file to correct.
>> >> >
>> >> > Also, there are lots of clipart files that should be deleted because 
>> >> > of
>> >> > their very poor quality or because they contain copyrighted 
>> >> > graphics.
>> >> > Here
>> >> > are some examples:
>> >> > -
>> >> > http://openclipart.org/clipart/computer/icons/battery_snuatautisticido_04.svg
>> >> > (doesn't really look like a battery...)
>> >> > -
>> >> > http://openclipart.org/clipart/computer/icons/lemon-theme/mimetypes/exec_wine.svg
>> >> > (MS logo)
>> >> > -
>> >> > http://openclipart.org/clipart/computer/icons/lemon-theme/actions/samba.svg
>> >> > (MS logo)
>> >> > -
>> >> > http://openclipart.org/clipart/computer/icons/lemon-theme/apps/blender.svg
>> >> > (Blenger logo)
>> >> > -
>> >> > http://openclipart.org/clipart/computer/icons/lemon-theme/apps/firefox.svg
>> >> > (Firefox logo, copyright Mozilla Corp.)
>> >> > - 
>> >> > http://openclipart.org/clipart//unsorted/mygraph_john_rariden_01.svg
>> >> > (not
>> >> > really a piece of clipart...)
>> >> >
>> >> > By deleting crap, we could raise the overall quality of OpenClipart, 
>> >> > so
>> >> > more people and organisations would find it interesting to use or
>> >> > distribute.
>> >> >
>> >> > Thanks!
>> >> >
>> >> > Mo.
>> >> >
>> >> > ----- Original Message ----- 
>> >> > From: "Jurgentje" <jurgentje.linux at telenet.be>
>> >> > To: "momo" <momo at lumenstudio.net>
>> >> > Sent: Thursday, December 01, 2005 8:25 PM
>> >> > Subject: Re: [Clipart] Hacking attempt?
>> >> >
>> >> >
>> >> > >Ummm... pardon my simplicity...
>> >> > >
>> >> > >wouldn't it be enough to just check for proper extensions? I assume
>> >> > >that
>> >> > >even PHP code or some frikkin' DirectX code won't get executed
>> >> > >remotely if
>> >> > >the REAL extension is .svg?
>> >> > >
>> >> > >Just my 2 eurocent. ;)
>> >> > >
>> >> > >Jurgen.
>> >> > >
>> >> > >momo wrote:
>> >> > >>AAAA!!!! you killled Winnie the POOH!!! It's horrible!!! Poor
>> >> > >>Winnie!!!
>> >> > >>
>> >> > >>:)))))))
>> >> > >>
>> >> > >>Now seriously: I think that it is a very big problem we have here,
>> >> > >>and it
>> >> > >>won't be the last attempt to attack or somehow "disturb" 
>> >> > >>OpenClipart,
>> >> > >>so
>> >> > >>I have a question: Is there a possibility to manually check the 
>> >> > >>code
>> >> > >>for
>> >> > >>each uploaded file? I mean creating a system where OpenClipart 
>> >> > >>admins
>> >> > >>would have the possibility to log in, and see all the uploaded 
>> >> > >>files
>> >> > >>to
>> >> > >>check them (check for malicious code, add keywords etc...) and 
>> >> > >>then
>> >> > >>approve (or delete) these files. Once approoved, the files would 
>> >> > >>be
>> >> > >>placed inside the clipart on the web and in the releases.
>> >> > >>
>> >> > >>After the Upload, the files would be just placed on the server
>> >> > >>(inside a
>> >> > >>folder on FTP for example.) When approved, they will then be
>> >> > >>submitted to
>> >> > >>the clipart. This way the first step (check and approoval/denial)
>> >> > >>will be
>> >> > >>like some sort of buffer between the clipart and the "potentially
>> >> > >>malicious" uploaders.
>> >> > >>
>> >> > >>Manually check the files is the only way to control the quality of
>> >> > >>the
>> >> > >>submitted clipart and I personally am ready to do it if I'll have 
>> >> > >>the
>> >> > >>possibility.
>> >> > >>
>> >> > >>Thanks,
>> >> > >>
>> >> > >>Mo.
>> >> > >>
>> >> > >>
>> >> > >>
>> >> > >>----- Original Message ----- From: "Jon Phillips" <jon at rejon.org>
>> >> > >>To: <clipart at lists.freedesktop.org>
>> >> > >>Cc: <webmaster at adufo>
>> >> > >>Sent: Thursday, December 01, 2005 11:13 AM
>> >> > >>Subject: Re: [Clipart] Hacking attempt?
>> >> > >>
>> >> > >>
>> >> > >>>On Wed, 2005-11-30 at 16:02 -0800, Open Clip Art Library Feedback
>> >> > >>>Form
>> >> > >>>wrote:
>> >> > >>>>Name: Arnaud GRANAL
>> >> > >>>>E-mail: webmaster at aduf.org
>> >> > >>>>
>> >> > >>>>
>> >> > >>>>Hello,
>> >> > >>>>
>> >> > >>>>I was looking for a clipart called "warning" on your website and
>> >> > >>>>I've
>> >> > >>>>found the following file:
>> >> > >>>>http://www.openclipart.org/incoming/winnie_the_pooh.svg.php
>> >> > >>>>
>> >> > >>>>This file seems to allow a remote attacker to execute commands 
>> >> > >>>>on
>> >> > >>>>your serveur.
>> >> > >>>
>> >> > >>>I killed it!
>> >> > >>>
>> >> > >>>-- 
>> >> > >>>Jon Phillips
>> >> > >>>
>> >> > >>>San Francisco, CA
>> >> > >>>USA PH 510.499.0894
>> >> > >>>jon at rejon.org
>> >> > >>>http://www.rejon.org
>> >> > >>>
>> >> > >>>MSN, AIM, Yahoo Chat: kidproto
>> >> > >>>Jabber Chat: rejon at gristle.org
>> >> > >>>IRC: rejon at irc.freenode.net
>> >> > >>>
>> >> > >>>Inkscape (http://inkscape.org)
>> >> > >>>Open Clip Art Library (www.openclipart.org)
>> >> > >>>Creative Commons (www.creativecommons.org)
>> >> > >>>San Francisco Art Institute (www.sfai.edu)
>> >> > >>>
>> >> > >>>_______________________________________________
>> >> > >>>clipart mailing list
>> >> > >>>clipart at lists.freedesktop.org
>> >> > >>>http://lists.freedesktop.org/mailman/listinfo/clipart
>> >> > >>>
>> >> > >>
>> >> > >>_______________________________________________
>> >> > >>clipart mailing list
>> >> > >>clipart at lists.freedesktop.org
>> >> > >>http://lists.freedesktop.org/mailman/listinfo/clipart
>> >> > >
>> >> > >
>> >> >
>> >> > _______________________________________________
>> >> > clipart mailing list
>> >> > clipart at lists.freedesktop.org
>> >> > http://lists.freedesktop.org/mailman/listinfo/clipart
>> >> _______________________________________________
>> >> clipart mailing list
>> >> clipart at lists.freedesktop.org
>> >> http://lists.freedesktop.org/mailman/listinfo/clipart
>> >>
>> > -- 
>> > Jon Phillips
>> >
>> > San Francisco, CA
>> > USA PH 510.499.0894
>> > jon at rejon.org
>> > http://www.rejon.org
>> >
>> > MSN, AIM, Yahoo Chat: kidproto
>> > Jabber Chat: rejon at gristle.org
>> > IRC: rejon at irc.freenode.net
>> >
>> > Inkscape (http://inkscape.org)
>> > Open Clip Art Library (www.openclipart.org)
>> > Creative Commons (www.creativecommons.org)
>> > San Francisco Art Institute (www.sfai.edu)
>> >
>> > _______________________________________________
>> > clipart mailing list
>> > clipart at lists.freedesktop.org
>> > http://lists.freedesktop.org/mailman/listinfo/clipart
>> >
>>
>>
> -- 
> Jon Phillips
>
> San Francisco, CA
> USA PH 510.499.0894
> jon at rejon.org
> http://www.rejon.org
>
> MSN, AIM, Yahoo Chat: kidproto
> Jabber Chat: rejon at gristle.org
> IRC: rejon at irc.freenode.net
>
> Inkscape (http://inkscape.org)
> Open Clip Art Library (www.openclipart.org)
> Creative Commons (www.creativecommons.org)
> San Francisco Art Institute (www.sfai.edu)
>
> 




More information about the clipart mailing list