Hello,
I want to raise a concern about the potential proliferation of viruses via Wikipedia. I'm new to the list, so I apologise in advance if this has already been covered.
The fact that any user can upload practically any content to Wikipedia, via [[Special:Upload file]] is a potential risk. It is relatively easy to disguise a hostile executable as a document or other ''encyclopedic'' content. While it is likely to be speedy deleted when eventually caught, there is a realistic chance that a few people will download it and be infected. This may potentially be a legal risk to Wikipedia too, if a virus causes severe damage and some lawyer claims there was "negligence" involved.
An even greater concern to me is the JPEG GDI+ Buffer Overrun exploit announced by Microsoft on September 14th.( http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx ). This exploit theoretically allows code to be run in various Microsoft products, including recent unpatched versions of Internet Explorer, ***just by viewing a malformed JPEG image***. This is a far greater concern, because any anon can upload a JPEG - perhaps even link it at the main page - and quickly infect many users. Theoretically.
Water works its ways through any cracks it finds; as Wikipedia grows and trolls look for new ways to disrupt the community (and a-hole virus authors look for quick ways to distribute their product), this risk to Wikipedia will probably increase.
This problem isn't just academic; at [[Vandalism in Progress]] a user recently reported getting a JPEG GDI+ exploit warning flag from his software firewall, pointing to a Wikimedia address. Maybe a false alarm, but who knows?
What do people have to say about this issue? Are my concerns unfounded? (I want to re-iterate that I'm new to the list, so apologies if this has all been covered already.)
Best wishes, FP.
Doug Fraser (fraserdw@xtra.co.nz) [041215 09:55]:
An even greater concern to me is the JPEG GDI+ Buffer Overrun exploit This problem isn't just academic; at [[Vandalism in Progress]] a user recently reported getting a JPEG GDI+ exploit warning flag from his software firewall, pointing to a Wikimedia address. Maybe a false alarm, but who knows? What do people have to say about this issue? Are my concerns unfounded? (I want to re-iterate that I'm new to the list, so apologies if this has all been covered already.)
Presumably virus scanning on uploads would be not too hard to implement. (Is something like this, ClamAV or similar, in place for the mail server?) And maybe a background scan running over the rest of the media databases.
- d.
On Wed, 15 Dec 2004 10:12:12 +1100, David Gerard fun@thingy.apana.org.au wrote:
Doug Fraser (fraserdw@xtra.co.nz) [041215 09:55]:
Presumably virus scanning on uploads would be not too hard to implement. (Is something like this, ClamAV or similar, in place for the mail server?) And maybe a background scan running over the rest of the media databases.
I'm not a developer, but if I remember correctly from IRC, automatic virus scanning of uploads is already implemented. And is it even possible to upload executables? That would be a gaping security hole.
--Slowking Man
On Wed, 15 Dec 2004 11:55:10 +1300, Doug Fraser fraserdw@xtra.co.nz wrote:
I want to raise a concern about the potential proliferation of viruses via Wikipedia. I'm new to the list, so I apologise in advance if this has already been covered.
I'm not sure it has been covered on this list, but the technical lists (wikitech-l and mediawiki-l) have been discussing this issue a fair amount lately. [To search the archives of all lists, put "site:mail.wikipedia.org <search terms>" into Google.]
The fact that any user can upload practically any content to Wikipedia, via [[Special:Upload file]] is a potential risk. It is relatively easy to disguise a hostile executable as a document or other ''encyclopedic'' content.
For this precise reason, it is now *only* possible to upload verified image files to Wikimedia sites; it is no longer possible to override the warning about "unsupported" filetypes. This was introduced after a text file exploiting a bug in IE (anything that "looks like" HTML is treated as HTML) was used to capture the information (including, at the time, passwords) from users' cookies.
An even greater concern to me is the JPEG GDI+ Buffer Overrun exploit announced by Microsoft on September 14th.( http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx ).
I can't remember the exact details of whether the verification being used would spot this particular exploit; it was certainly discussed, but I can't remember the final result.
This problem isn't just academic; at [[Vandalism in Progress]] a user recently reported getting a JPEG GDI+ exploit warning flag from his software firewall, pointing to a Wikimedia address. Maybe a false alarm, but who knows?
What do people have to say about this issue? Are my concerns unfounded?
No, your concerns are certainly not unfounded; as I say, we have already had one full-scale attack using an uploaded file, before the security was tightened. I'm not sure of the current reliability of spotting *malformed* images, but currently non-image uploads are completely disabled (I think Ogg Vorbis sound files are also allowed).
This is, of course, annoying for those who have genuine non-image content to upload (vector-based "source" files to allow others to edit uploaded images, for instance) and there is indeed work on integrating virus-scanning and other checks; see, for example, this MediaZilla entry: http://bugzilla.wikipedia.org/show_bug.cgi?id=898 As far as I know, no such check has yet been implemented.