BlenderNation

Advertisement

You're blocking ads, which pay for BlenderNation. Read about other ways to support us.

Graphicall security warning: fixed

11
By on Community

We had several reports over the last few days of security warnings when visiting Graphicall.org. Browsers or Anti-virus software would spit out scary warnings about malicious content. The issue was in a Javascript file and it has been fixed.

If you don't know Graphicall: the Blender Foundation only releases periodic (more-or-less ;-) stable Blender builds. Graphicall hosts all kinds of builds: 'nightly' builds (from the latest Blender sourcecode), optimized builds and experimental builds with new features that haven't made it to the central Blender 'trunk' yet.

Peter Carrero writes:

According to jesterking, there was some suspicious extra code in some js files on the site. jk said it was fixed.

If you look at the google report on the warning, it says the last day that the suspicious code was found was on aug 13.

Well, it's a good thing that the code wasn't in their Blender builds!

Link

About the Author

Avatar image for Bart Veldhuizen
Bart Veldhuizen

I have a LONG history with Blender - I wrote some of the earliest Blender tutorials, worked for Not a Number and helped run the crowdfunding campaign that open sourced Blender (the first one on the internet!). I founded BlenderNation in 2006 and have been editing it every single day since then ;-) I also run the Blender Artists forum and I'm Head of Community at Sketchfab.

11 Comments

  1. txrx on

    Yay! That's great news, I avoid anything that even sounds vaguely warned against I'm afraid, even with numerous how-to explanations on BA forums! :D

    Reply
  3. namekuseijin on

    millions of whining windows lusers can now sigh of relief.

    BTW, the most harm javascript could do would be to read your passwords and send them somewhere else. Which is why I don't have sensitive passwords stored anywhere else besides my brain...

    Reply
  4. Nowherebrain/JustinBarrett on

    let's also not forget that it was suspicious, not malicious.....I hate the "red scare" syndrome that surrounded this whole thing...thanks Jester (first name here) for fixing it!

    Reply
  6. Bozo on

    "Well, it’s a good thing that the code wasn’t in their Blender builds!"
    Can't wait until blender runs reasonably fast on javascript ;)

    Reply
  7. icanttellyou on

    @bozo

    .... uhhh... what...? blender uses python scripts for a lot of its features... javascript is for webpages, and isnt commonly used for a scripting language in applications.

    Reply
  8. asdf on

    If someone had access to their webserver and uploaded shady js, who's to say they didn't also compromise the hosted builds?

    Reply
  9. kram2301 on

    icantellyou:
    I can tell you, that what Bozo said, was a joke.
    A very odd joke but still a joke.

    Yay, finally back :D

    Reply
  10. Bozo on

    Awww c'mon, it's not _that_ odd: The warning was due to some suspicious looking Javascript code, and the idea of javascript being part of the sources (from which 'builds' are built - python isn't really a part of that) seemed somehow funny to me (considering the age/speed of my computer)
    Ok, it's not really funny anymore when a joke is explained, sorry :/

    Reply
  11. GraphicAll.org on

    Thanks for updating on this Bart.

    As a side note, a new, more feature complete (user wise, security wise) version of GraphicAll.org is on the making, should address many of this issues plus some feature requests, and the foundations for a bright future on the site.

    Thank you once again.
    GraphicAll.org Crew

    Reply

Leave A Reply

To add a profile picture to your message, register your email address with Gravatar.com. To protect your email address, create an account on BlenderNation and log in when posting a message.

Advertisement

×