We had several reports over the last few days of security warnings when visiting Graphicall.org. Browsers or Anti-virus software would spit out scary warnings about malicious content. The issue was in a Javascript file and it has been fixed.
If you don't know Graphicall: the Blender Foundation only releases periodic (more-or-less ;-) stable Blender builds. Graphicall hosts all kinds of builds: 'nightly' builds (from the latest Blender sourcecode), optimized builds and experimental builds with new features that haven't made it to the central Blender 'trunk' yet.
Peter Carrero writes:
According to jesterking, there was some suspicious extra code in some js files on the site. jk said it was fixed.
If you look at the google report on the warning, it says the last day that the suspicious code was found was on aug 13.
Well, it's a good thing that the code wasn't in their Blender builds!
Link
11 Comments
Yay! That's great news, I avoid anything that even sounds vaguely warned against I'm afraid, even with numerous how-to explanations on BA forums! :D
Great stuff have really missed downloading from Graphicall. Thanks a million Jester King.
millions of whining windows lusers can now sigh of relief.
BTW, the most harm javascript could do would be to read your passwords and send them somewhere else. Which is why I don't have sensitive passwords stored anywhere else besides my brain...
let's also not forget that it was suspicious, not malicious.....I hate the "red scare" syndrome that surrounded this whole thing...thanks Jester (first name here) for fixing it!
W00t! That was annoying, especially when I'm stuck in windows with this old ATI card.. :\
"Well, it’s a good thing that the code wasn’t in their Blender builds!"
Can't wait until blender runs reasonably fast on javascript ;)
@bozo
.... uhhh... what...? blender uses python scripts for a lot of its features... javascript is for webpages, and isnt commonly used for a scripting language in applications.
If someone had access to their webserver and uploaded shady js, who's to say they didn't also compromise the hosted builds?
icantellyou:
I can tell you, that what Bozo said, was a joke.
A very odd joke but still a joke.
Yay, finally back :D
Awww c'mon, it's not _that_ odd: The warning was due to some suspicious looking Javascript code, and the idea of javascript being part of the sources (from which 'builds' are built - python isn't really a part of that) seemed somehow funny to me (considering the age/speed of my computer)
Ok, it's not really funny anymore when a joke is explained, sorry :/
Thanks for updating on this Bart.
As a side note, a new, more feature complete (user wise, security wise) version of GraphicAll.org is on the making, should address many of this issues plus some feature requests, and the foundations for a bright future on the site.
Thank you once again.
GraphicAll.org Crew