If a website is infected, it doesn’t necessarily mean it’s gonna install something to your computer.
Most likely it just runs some nasty javascript that reads your browser cookies and sends them to the hacker or perhaps just uses your Internet connection to do other nasty stuff. Javascript can do quite much after all.
(Not talking about GraphicAll here but infected pages in general)
I had this happen to a website I worked on one time
someone had cracked the ftp password and edited index.html to contain an iframe that was setup so it wasn’t visible
the iframe contained a reference to a javascript on a machine in Russia ( I think, isn’t .ru the code for Russia?)
I fixed the problem and they changed all their passwords and it never happened again
I tried scanning to source from graphicall and didn’t see anything
If I get time I’ll take another look at it
Dave
When I went on graphicall a few days ago it tried to open something in RealPlayer (or something like that, I can’t remember exactly). It seemed a bit weird.
Isn’t that a bit paranoid for a bugtracker with an expired cert?
"Well, what could it be?
Nothing is asking for the password… Therefor, nothing could be installed without being seen… I guess… "
You guessed wrong. Stop guessing. You can’t use intuition to secure your computer.
"
Originally Posted by loopduplicate:
Don’t listen to the above advice. Don’t override!!!
I’m not talking about blender.org’s expired certificate, I’m talking about graphicall.org.
Do not overide the warning at Graphicall.org because it is a legitimate warning. As I said before, anyone with an internet connection (with experience in programming web pages) can change the contents of Graphicall.org because the php they used to program it is faulty.
To further illustrate my point, one day I went to graphicall.org to update a build that I posted there. I was able to update my build and change the comments of my post. But I soon realized that I did all that without even logging in.
I did not log in to my account at graphicall.org but I still was able to change the content there.
This means that anyone can add content there. Anyone can add a build there that has a maliciously compiled blender.exe, for example. You will then download the build that you thought was made by, Jesterking for example, but it was actually made by a hacker that put in a little extra code snippet that is never noticed by you.
Fair enough, but a hacker wouldn’t have to alter someone else’s post to upload an infected build, and anyone can make a .blend file with a python script packed into it.
Any .blend could be a security risk.
A hacker would have to alter someone else’s post in order to upload an infected build at graphicall.org and have others actually download it.
I’m not talking about .blend files, I’m talking about the program. You can infect .jpg, .doc, and tons of different files. That’s a different discussion.
This discussion is about graphicall.org letting anyone in the world post code there, including javascript and php code, without any oversight at all.
It is supposed to be a site that has members with accounts approved by the administrators. That way, you can download files from the same people any time you want a build. A trusted network of contributers. People have been downloading builds from DingTo, Jesterking, Fish, etc. for a long time and they trust that the builds are made with no malicious intent.
no problems with Chrome on Mac.
chrome on ubuntu 10.4 amd64 gave a warning too…which i ignored… 
I’m temporarily hosting my OS X builds here until this is resolved: https://sites.google.com/site/treatkor/Home/builds
I’m avoiding it here (on unix & windows boxes, call me paranoid) and updating my poorly out of date svn folder from bf svn compiling now. Tis a shame since there’s some interesting branches on there which I’m not able to build. 
Yay, Linux rules
This is a bit off topic. I created my own build but the revision number is not appearing on the splash screen.
It’s just an r’’.
how do i put the revision number there?
Hum!
Yes, i re-activated Javascript, lately, on my Mac… Wonder what that could do… 
EDIT: actually, i don’t really know what it could do if i uncheck the Javascript again… Doesn’t look like changing anything.
Hmm…
I tried to ignore the warning on graphicall. Then, the two build lists where replaced by the same warning again. However the autobuild on top of the page worked anyway…
@Kram1032
If you want take the risk, and are using Firefoxx, you need to go to the security options and untick the option to block attack sites. It should then view the page as normal and let you download. You just need to be aware that if it actually is infected with malware, or an attack site, you could be taking a risk
The safe browsing warnings are gone for me, so I’m uploading my builds again to graphicall.
surely you have some cookie and it automatically logs you in, no?
yeah, i think loopduplicate is confused about this. the options to edit a build do not even appear unless you are logged in. as far as i can tell anyway…