[WikiEN-l] Wikipedia Virus Protection
Doug Fraser
fraserdw at xtra.co.nz
Tue Dec 14 22:55:10 UTC 2004
Hello,
I want to raise a concern about the potential proliferation of viruses via
Wikipedia. I'm new to the list, so I apologise in advance if this has
already been covered.
The fact that any user can upload practically any content to Wikipedia, via
[[Special:Upload file]] is a potential risk. It is relatively easy to
disguise a hostile executable as a document or other ''encyclopedic''
content. While it is likely to be speedy deleted when eventually caught,
there is a realistic chance that a few people will download it and be
infected. This may potentially be a legal risk to Wikipedia too, if a virus
causes severe damage and some lawyer claims there was "negligence" involved.
An even greater concern to me is the JPEG GDI+ Buffer Overrun exploit
announced by Microsoft on September 14th.(
http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx ). This
exploit theoretically allows code to be run in various Microsoft products,
including recent unpatched versions of Internet Explorer, ***just by viewing
a malformed JPEG image***. This is a far greater concern, because any anon
can upload a JPEG - perhaps even link it at the main page - and quickly
infect many users. Theoretically.
Water works its ways through any cracks it finds; as Wikipedia grows and
trolls look for new ways to disrupt the community (and a-hole virus authors
look for quick ways to distribute their product), this risk to Wikipedia
will probably increase.
This problem isn't just academic; at [[Vandalism in Progress]] a user
recently reported getting a JPEG GDI+ exploit warning flag from his software
firewall, pointing to a Wikimedia address. Maybe a false alarm, but who
knows?
What do people have to say about this issue? Are my concerns unfounded? (I
want to re-iterate that I'm new to the list, so apologies if this has all
been covered already.)
Best wishes, FP.
More information about the WikiEN-l
mailing list