Hello all,

Thought I would mention that the header description on the downloads 
page at csounds.com contains text that I cannot put in this email 
because it is rejected by the Bath list server if I do.... It may be a 
remnant of the previous hacking...

Cheers!!

Michael

-- 
http://www.perceptionfactory.com
http://www.rhoadesfineart.com

Thank you Michael, I will have a look at that right now.

John

Michael, to be clear -  you are referring to the header of csounds.com/downloads ?

I cannot find any offensive content, or script, in the html header or in the linked content....
Any more info that you can offer is super helpful at this point. 
Dr. Boulanger and I really appreciate any heads up on issues with the site as we prepare to make a major upgrade.

Thank you,

John Clements

Michael, to be clear -  you are referring to the header of csounds.com/downloads ?

I cannot find any offensive content, or script, in the html header or in the linked content....
Any more info that you can offer is super helpful at this point. 
Dr. Boulanger and I really appreciate any heads up on issues with the site as we prepare to make a major upgrade.

Thank you,

John Clements

On Thu, Feb 16, 2012 at 3:07 PM, J Clements <jclements77@gmail.com> wrote:

Thank you Michael, I will have a look at that right now.

John

On Feb 16, 2012 1:31 PM, "Michael Rhoades" <mrhoades@perceptionfactory.com> wrote:

Hello all,

Thought I would mention that the header description on the downloads page at csounds.com contains text that I cannot put in this email because it is rejected by the Bath list server if I do.... It may be a remnant of the previous hacking...

Cheers!!

Michael

--
http://www.perceptionfactory.com
http://www.rhoadesfineart.com



Send bugs reports to the Sourceforge bug tracker
          https://sourceforge.net/tracker/?group_id=81968&atid=564599
Discussions of bugs and features can be posted here
To unsubscribe, send email sympa@lists.bath.ac.uk with body "unsubscribe csound"

--
John Clements

jclements77@gmail.com
401-835-6050

-- 
http://www.perceptionfactory.com
http://www.rhoadesfineart.com 

Very helpful Michael.  Will track it down and keep you updated.  Thanks again,

John

I just tried the link and Norton flagged it as "Malicious Web Site
Blocked". Here's a link to their description:

http://safeweb.norton.com/report/show?url=http:%2F%2Fcsounds.com%2Fdownloads&product=NIS&version=19.5.0.145&layout=Retail&lang=0901&source=toolbar

David.

On Thu, Feb 16, 2012 at 3:57 PM, J Clements  wrote:
> Very helpful Michael.  Will track it down and keep you updated.  Thanks
> again,
>
> John
>
> On Feb 16, 2012 3:37 PM, "Michael Rhoades" 
> wrote:
>>
>> That is interesting. I tried on two different machines with two different
>> browsers, two different OS to make sure before I email the list about it. If
>> you use Firefox and tabs browse to the page and look at the description in
>> the top on the tab. The word Ciali$ is in it and if I do a page info on it
>> there is a long, two long sentences, regarding it.
>>
>> When I view the Page Source it is obvious in the > content= ...      section of the code.
>>
>> Hope this helps.
>>
>>
>>
>> On 2/16/12 3:30 PM, J Clements wrote:
>>
>> Michael, to be clear -  you are referring to the header of
>> csounds.com/downloads ?
>>
>> I cannot find any offensive content, or script, in the html header or in
>> the linked content....
>> Any more info that you can offer is super helpful at this point.
>> Dr. Boulanger and I really appreciate any heads up on issues with the site
>> as we prepare to make a major upgrade.
>>
>> Thank you,
>>
>> John Clements
>>
>> On Thu, Feb 16, 2012 at 3:07 PM, J Clements  wrote:
>>>
>>> Thank you Michael, I will have a look at that right now.
>>>
>>> John
>>>
>>> On Feb 16, 2012 1:31 PM, "Michael Rhoades"
>>>  wrote:
>>>>
>>>> Hello all,
>>>>
>>>> Thought I would mention that the header description on the downloads
>>>> page at csounds.com contains text that I cannot put in this email because it
>>>> is rejected by the Bath list server if I do.... It may be a remnant of the
>>>> previous hacking...
>>>>
>>>> Cheers!!
>>>>
>>>> Michael
>>>>
>>>> --
>>>> http://www.perceptionfactory.com
>>>> http://www.rhoadesfineart.com
>>>>
>>>>
>>>>
>>>> Send bugs reports to the Sourceforge bug tracker
>>>>           https://sourceforge.net/tracker/?group_id=81968&atid=564599
>>>> Discussions of bugs and features can be posted here
>>>> To unsubscribe, send email sympa@lists.bath.ac.uk with body "unsubscribe
>>>> csound"
>>>>
>>
>>
>>
>> --
>> John Clements
>>
>> jclements77@gmail.com
>> 401-835-6050
>>
>>
>>
>> --
>> http://www.perceptionfactory.com
>> http://www.rhoadesfineart.com

The malicious code is not visible via Safari on the Mac.

However, since my job is that of an IT manager, i have recently encountered a very similar problem with a web site, where there was a case of javascript injection, and the script was programmed in a way that it only showed up on IE and Firefox ONLY on Windows.

The reason (so to speak) is that the hacker had in mind the less-than-perfect security provided by some flavors of the Windows operating system,  and was used as a means to download and run some sort of virus on the client machine.

If this is the case, i think i have a very good idea on the cause and possible remedy. 

Panos




On Feb 17, 2012, at 12:12 AM, David wrote:

> I just tried the link and Norton flagged it as "Malicious Web Site
> Blocked". Here's a link to their description:
> 
> http://safeweb.norton.com/report/show?url=http:%2F%2Fcsounds.com%2Fdownloads&product=NIS&version=19.5.0.145&layout=Retail&lang=0901&source=toolbar
> 
> David.
> 
> On Thu, Feb 16, 2012 at 3:57 PM, J Clements  wrote:
>> Very helpful Michael.  Will track it down and keep you updated.  Thanks
>> again,
>> 
>> John
>> 
>> On Feb 16, 2012 3:37 PM, "Michael Rhoades" 
>> wrote:
>>> 
>>> That is interesting. I tried on two different machines with two different
>>> browsers, two different OS to make sure before I email the list about it. If
>>> you use Firefox and tabs browse to the page and look at the description in
>>> the top on the tab. The word Ciali$ is in it and if I do a page info on it
>>> there is a long, two long sentences, regarding it.
>>> 
>>> When I view the Page Source it is obvious in the >> content= ...      section of the code.
>>> 
>>> Hope this helps.
>>> 
>>> 
>>> 
>>> On 2/16/12 3:30 PM, J Clements wrote:
>>> 
>>> Michael, to be clear -  you are referring to the header of
>>> csounds.com/downloads ?
>>> 
>>> I cannot find any offensive content, or script, in the html header or in
>>> the linked content....
>>> Any more info that you can offer is super helpful at this point.
>>> Dr. Boulanger and I really appreciate any heads up on issues with the site
>>> as we prepare to make a major upgrade.
>>> 
>>> Thank you,
>>> 
>>> John Clements
>>> 
>>> On Thu, Feb 16, 2012 at 3:07 PM, J Clements  wrote:
>>>> 
>>>> Thank you Michael, I will have a look at that right now.
>>>> 
>>>> John
>>>> 
>>>> On Feb 16, 2012 1:31 PM, "Michael Rhoades"
>>>>  wrote:
>>>>> 
>>>>> Hello all,
>>>>> 
>>>>> Thought I would mention that the header description on the downloads
>>>>> page at csounds.com contains text that I cannot put in this email because it
>>>>> is rejected by the Bath list server if I do.... It may be a remnant of the
>>>>> previous hacking...
>>>>> 
>>>>> Cheers!!
>>>>> 
>>>>> Michael
>>>>> 
>>>>> --
>>>>> http://www.perceptionfactory.com
>>>>> http://www.rhoadesfineart.com
>>>>> 
>>>>> 
>>>>> 
>>>>> Send bugs reports to the Sourceforge bug tracker
>>>>>           https://sourceforge.net/tracker/?group_id=81968&atid=564599
>>>>> Discussions of bugs and features can be posted here
>>>>> To unsubscribe, send email sympa@lists.bath.ac.uk with body "unsubscribe
>>>>> csound"
>>>>> 
>>> 
>>> 
>>> 
>>> --
>>> John Clements
>>> 
>>> jclements77@gmail.com
>>> 401-835-6050
>>> 
>>> 
>>> 
>>> --
>>> http://www.perceptionfactory.com
>>> http://www.rhoadesfineart.com
> 
> 
> Send bugs reports to the Sourceforge bug tracker
>            https://sourceforge.net/tracker/?group_id=81968&atid=564599
> Discussions of bugs and features can be posted here
> To unsubscribe, send email sympa@lists.bath.ac.uk with body "unsubscribe csound"
> 

I wonder if obtaining a digital certificate (if there isn't one already) for the website would help reduce the flagging?

-----Original Message-----
From: Panos Katergiathis [mailto:eyeprotocol@gmail.com] 
Sent: Thursday, February 16, 2012 5:58 PM
To: csound@lists.bath.ac.uk
Subject: Re: [Csnd] Csounds Site


The malicious code is not visible via Safari on the Mac.

However, since my job is that of an IT manager, i have recently encountered a very similar problem with a web site, where there was a case of javascript injection, and the script was programmed in a way that it only showed up on IE and Firefox ONLY on Windows.

The reason (so to speak) is that the hacker had in mind the less-than-perfect security provided by some flavors of the Windows operating system,  and was used as a means to download and run some sort of virus on the client machine.

If this is the case, i think i have a very good idea on the cause and possible remedy. 

Panos




On Feb 17, 2012, at 12:12 AM, David wrote:

> I just tried the link and Norton flagged it as "Malicious Web Site
> Blocked". Here's a link to their description:
> 
> http://safeweb.norton.com/report/show?url=http:%2F%2Fcsounds.com%2Fdownloads&product=NIS&version=19.5.0.145&layout=Retail&lang=0901&source=toolbar
> 
> David.
> 
> On Thu, Feb 16, 2012 at 3:57 PM, J Clements  wrote:
>> Very helpful Michael.  Will track it down and keep you updated.  Thanks
>> again,
>> 
>> John
>> 
>> On Feb 16, 2012 3:37 PM, "Michael Rhoades" 
>> wrote:
>>> 
>>> That is interesting. I tried on two different machines with two different
>>> browsers, two different OS to make sure before I email the list about it. If
>>> you use Firefox and tabs browse to the page and look at the description in
>>> the top on the tab. The word Ciali$ is in it and if I do a page info on it
>>> there is a long, two long sentences, regarding it.
>>> 
>>> When I view the Page Source it is obvious in the >> content= ...      section of the code.
>>> 
>>> Hope this helps.
>>> 
>>> 
>>> 
>>> On 2/16/12 3:30 PM, J Clements wrote:
>>> 
>>> Michael, to be clear -  you are referring to the header of
>>> csounds.com/downloads ?
>>> 
>>> I cannot find any offensive content, or script, in the html header or in
>>> the linked content....
>>> Any more info that you can offer is super helpful at this point.
>>> Dr. Boulanger and I really appreciate any heads up on issues with the site
>>> as we prepare to make a major upgrade.
>>> 
>>> Thank you,
>>> 
>>> John Clements
>>> 
>>> On Thu, Feb 16, 2012 at 3:07 PM, J Clements  wrote:
>>>> 
>>>> Thank you Michael, I will have a look at that right now.
>>>> 
>>>> John
>>>> 
>>>> On Feb 16, 2012 1:31 PM, "Michael Rhoades"
>>>>  wrote:
>>>>> 
>>>>> Hello all,
>>>>> 
>>>>> Thought I would mention that the header description on the downloads
>>>>> page at csounds.com contains text that I cannot put in this email because it
>>>>> is rejected by the Bath list server if I do.... It may be a remnant of the
>>>>> previous hacking...
>>>>> 
>>>>> Cheers!!
>>>>> 
>>>>> Michael
>>>>> 
>>>>> --
>>>>> http://www.perceptionfactory.com
>>>>> http://www.rhoadesfineart.com
>>>>> 
>>>>> 
>>>>> 
>>>>> Send bugs reports to the Sourceforge bug tracker
>>>>>           https://sourceforge.net/tracker/?group_id=81968&atid=564599
>>>>> Discussions of bugs and features can be posted here
>>>>> To unsubscribe, send email sympa@lists.bath.ac.uk with body "unsubscribe
>>>>> csound"
>>>>> 
>>> 
>>> 
>>> 
>>> --
>>> John Clements
>>> 
>>> jclements77@gmail.com
>>> 401-835-6050
>>> 
>>> 
>>> 
>>> --
>>> http://www.perceptionfactory.com
>>> http://www.rhoadesfineart.com
> 
> 
> Send bugs reports to the Sourceforge bug tracker
>            https://sourceforge.net/tracker/?group_id=81968&atid=564599
> Discussions of bugs and features can be posted here
> To unsubscribe, send email sympa@lists.bath.ac.uk with body "unsubscribe csound"
> 



Send bugs reports to the Sourceforge bug tracker
            https://sourceforge.net/tracker/?group_id=81968&atid=564599
Discussions of bugs and features can be posted here
To unsubscribe, send email sympa@lists.bath.ac.uk with body "unsubscribe csound"