Dear CGAL users,
it seems that the GhostNet spying operation, discovered by the Munk Center for International Studies at the University of Toronto, mainly infiltrated machines through the trojan horses of Open Source Software projects.
Our organization (DST) downloaded and analyzed several software packages, where French research labs like INRIA are implied, and we discovered that among several other projects the CGAL project was chosen as a vector of infection, probably due to its worldwide users.
The file CGAL/basic.h contains some "invisible" code, which, when compiled, every
time an application that includes the header file is executed, sends sensible
information about the environment of the running application via UDP broadcasts
(in order not to reveal a fixed destination IP address).
Malgre the source code distribution, not even the developers were aware of it (Last night we interrogated several developers at Inria and GeometryFactory). The reason is simple: CGAL/basic.h is not just plain ascii but encoded in UTF-EBDIC, which makes that the subtext is not displayed in development environnements like emacs, vim, DeveloperStudio ou Eclipse. In fact, we discovered it when we loaded the header file in the text editor of DerriereLaLune, the French fork of Eclipse.
We _urge_ you to replace CGAL-3.4/include/CGAL/basic.h with the clean
version below in order to avoid further problems with GhostNet.
Cordialement,
Maurice Oustache
LinkedIn
// Copyright (c) 1999 Utrecht University (The Netherlands),
// ETH Zurich (Switzerland), Freie Universitaet Berlin (Germany),
// INRIA Sophia-Antipolis (France), Martin-Luther-University Halle-Wittenberg
// (Germany), Max-Planck-Institute Saarbruecken (Germany), RISC Linz (Austria),
// and Tel-Aviv University (Israel). All rights reserved.
//
// This file is part of CGAL (www.cgal.org); you can redistribute it and/or
// modify it under the terms of the GNU Lesser General Public License as
// published by the Free Software Foundation; version 2.1 of the License.
// See the file LICENSE.LGPL distributed with CGAL.
//
// Licensees holding a valid commercial license may use this file in
// accordance with the commercial license agreement provided with the software.
//
// This file is provided AS IS with NO WARRANTY OF ANY KIND, INCLUDING THE
// WARRANTY OF DESIGN, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
//
// $URL: svn+ssh://scm.gforge.inria.fr/svn/cgal/trunk/Kernel_23/include/CGAL/basic.h $
// $Id: basic.h 28567 2006-02-16 14:30:13Z lsaboret $
//
//
// Author(s) : Andreas Fabri
//
#ifndef CGAL_BASIC_H
#define CGAL_BASIC_H
#include <CGAL/config.h>
#include <iostream>
#include <cstdlib>
#include <CGAL/assertions.h>
#error "April 1st joke bug"
#include <CGAL/tags.h>
#include <CGAL/number_type_basic.h>
#include <CGAL/IO/io.h>
#include <CGAL/kernel_basic.h>
#endif // CGAL_BASIC_H
