Wikipedia Used To Spread Virus

eldavojohn writes "The German Wikipedia has recently been used to launch a virus attack. Hackers posted a link to an all alleged fix for a new version of the blaster worm. Instead, it was a link to download malicious software. They then sent e-mails advising people to update their computers and directed them to the Wikipedia article. Since Wikipedia has been gaining more trust & credibility, I can see how this would work in some cases. The page has, of course, been fixed but this is nevertheless a valuable lesson for Wikipedia users."

first post!

[pazu13]

So, is this the first example of serious Wikipedia scandal, such as the introduction of widespread spam to email users, or the defrauding of ebay users by people claiming to sell sports memorabilia? Or is this just an example of shoddy editing? (I am rather inclined towards the former.)

Re:first post!

[Pink+Tinkletini]

No, there was an incident not too long ago in which a Wikipedia admin published the passwords of several contributors, but in such a manner that only trolls and vandals could read them. Then, when the problem was pointed out, other admins rushed to Wikipedia's defense, and the account information remained visible for almost a year before a Slashdot story was published, shaming Wikipedia into taking it down.

Reading the (frankly, indefensible) excuses and justifications by many Wikipedia admins in that Slashdot story was when I first started souring on Wikipedia. Yes, legitimate users really were affected, in that they had their username/password combos revealed to trolls and vandals. No, I don't know if they were ever notified.

in certain cases, this would be appropriate

[krell]

How better to teach about viruses than to have an actual virus found at the http://en.wikipedia.org/wiki/Virus entry?

Re:in certain cases, this would be appropriate

[topham]

really? you want everyone that's slightly curious to be able to download a virus?

Re:in certain cases, this would be appropriate

[The+Creator]

Yes.

Re:in certain cases, this would be appropriate

[dvice_null]

From the article:
> "if there really is a new threat on the internet, you're likely to hear about it first from the security companies, not an online encyclopedia."

Is that a challange?

Re:in certain cases, this would be appropriate

[Janek+Kozicki]

but with the source code too!

Re:in certain cases, this would be appropriate

[havenskate]

I actually see nothing wrong with this and it would be a useful resource.

When I was younger, I had a directory dedicated to viruses... Just in case I ever had someone I needed to get revenge on. hehe

Erm, maybe this isn't such a good idea after all...

Re:in certain cases, this would be appropriate

[flyingfsck]

Well, this is just another example of a large institution (Wikipedia) discriminating against Linux. Why don't they publish Windows and Linux viruses side by side, for an objective comparison?

Re:in certain cases, this would be appropriate

[krell]

"Why don't they publish Windows and Linux viruses side by side, for an objective comparison?"

Did you know that there is an entire version of Wikipedia that contains an encyclopedia of Mac viruses? Unfortunately during a server move, someone downloaded it to a 2k memory segment on a flash drive. Someone sneezed and it got lost in the carpet and has not been recovered yet.

Re:in certain cases, this would be appropriate

[Random+Destruction]

"This article is about a biological infectious particle; for the computer term, see computer virus."

I don't think that type of virus fits through these tubes.

If only it did...

Re:in certain cases, this would be appropriate

"Information wants to be free."

Re:in certain cases, this would be appropriate

[2008]

I used to keep a few zipped up and inactive just to make sure that my virus scanner was still working, and hadn't been e.g. disabled by a virus.

Re:in certain cases, this would be appropriate

You can always tell the late comers to the Mac game because they have this adorable notion that Macs were never the virus-ridden platform they used to be.

Re:in certain cases, this would be appropriate

[rtb61]

Speaking of M$ windows does that mean wikipedia is now no more or less reliable than the most used commercial operating system http://www.microsoft.com/windowsxp/home/eula.mspx ;-). They specifically do not warrant against the inclusion of viruses in the operating system.

Re:in certain cases, this would be appropriate

http://en.wikipedia.org/wiki/Computer_virus do have a link to http://vx.netlux.org/

Re:Still?

There was no danger of the blaster virus. It was simply malicious people claiming you needed to get a new release to protect from the most recent blaster virus. The malicious code they were hosting was not the blaster worm but rather newer virus technology.

I think I was pretty clear in the summary ...

come on

[Janek+Kozicki]

People with reasonable sense of life will not trust complete strangers. Any information from complete stranger (on the street, or from the wikipedia, what's the difference?) is just that - a information to consider. Ignore it, or verify if it's true before making some real use of it.

OTOH dumb people will always get what they deserve. They will screw their life by trusting complete strangers and also they will screw their PCs, again - what's the difference?

How come, dumb people can expect to be being protected from complete strangers. And by whom? By other stragers? That article is plain FUD.

Re:come on

[kentrel]

Any information from complete stranger (on the street, or from the wikipedia, what's the difference?) is just that - a information to consider. Ignore it, or verify if it's true before making some real use of it.

You are a complete stranger; how can I trust this advice!!???

Re:come on

[mctk]

People with reasonable sense of life will not trust complete strangers.

I assume you've never flown. Or eaten at a restaurant.

Re:come on

[interiot]

Or driven near other cars. Or purchased a product from anything other than a locally owned company. Or installed software written by someone other than you personally know.

Re:come on

[buswolley]

Really... Perhaps you think too much of yourself. There is a difference between knowledge and stupidity. Are you in a position to understand the position the non-computer tech/ non-c.s. etc must contend with while on the internet? These aren't all dumb people. These are people with different focuses in life. I bet many of them are aware of dangers in other mediums that you would not even notice. So fuck off snob.

Re:come on

[maxume]

I wear my seatbelt because of this(and because I have firsthand experience with one working...). The level of trust that people give to absolute strangers when they get behind the wheel is huge. Freaky huge.

Re:come on

[happyhangone]

The only problem that i see with this development is that the general public still doesn't really know what wikipedia is all about. They think that is some kind of web page maintained by a few that talks about everything. Or worse, they think that there is a company or institution behind it. They really don't know that anyone, anywhere can edit the content of wikipedia. Daily, I encounter people that seem to be sure that some divine entity makes sure that the content of wikipedia is fine. When i inform them that you can edit it, they stare like deer in a highway. This is the base of all the problems of wikipedia... and all the media buzz... when people realize how it works... everyone will be fine... even those people using ie...

Re:come on

[TheVelvetFlamebait]

People with reasonable sense of life will not trust complete strangers.

People with a reasonable sense of life realise that somewhere along the line, they will have to trust something. This will, in 99%+ of cases results in trusting a stranger. It really can't be helped. If you wanted to verify it, where would you turn? To an encyclopaedia, or textbook? Another "complete stranger" information source?

Any information from complete stranger (on the street, or from the wikipedia, what's the difference?) is just that - a information to consider. Ignore it, or verify if it's true before making some real use of it.

The difference between Wikipedia and some complete stranger on the street is that Wikipedia is monitored by many, many people, and problems are often noticed relatively quickly, if not rectified. I think this earns a little more trust than some stranger on the street.

OTOH dumb people will always get what they deserve...How come, dumb people can expect to be being protected from complete strangers. And by whom? By other stragers?

"Dumb" people, as you define them, can expect protection because that is what society is for. We have laws against people screwing over other people for most cases. Unfortunately, the Internet can be a bit of a lawless medium, and strangers will screw over other strangers. However, the vast majority of people on the Internet don't want to screw over each other, and Wikipedia is designed to take advantage of that general goodwill. I guess if you only listen to the negative feedback about the Internet, you're bound to get that cynical.

Re:come on

"People with reasonable sense of life will not trust complete strangers."

Yeah but everyone is still a stranger to everyone else in someway, unless you can read the minds of your friends, how do you know even those you know are not lying to you? How do you know if they just had a brain fart or mis-expression or retrieval of information from their brain? It's no easy task to verify information from anyone, even for small seemingly trivial errors, especically if they have learned and practiced to look like they believe their own bullshit.

Don't worry

[anaesthetica]

Wikipedia, of course, is self-healing. Within two minutes, the virus was replaced with a large picture of a scrotum.

Re:Don't worry

I would rather have the virus

Re:Don't worry

homophobe!!

Re:Don't worry

[kryogen1x]

Grow some balls.

Re:Don't worry

[WilliamSChips]

You're making an assumption about the gender of the poster. It could be a lesbian.

Re:Don't worry

[funkdancer]

You obviously never watched goatse.cx ...
Virus for me too, please.

Re:Don't worry

That's the same thought I had. I would think a woman who prefers a virus over a scrotum is a lesbian, is self-loathing, or is afraid of ballsacks. I would think a male who prefers a virus over a scrotum is just a typical heterosexual male.

uh-oh!

Better not follow this link then:

http://en.wikipedia.org/wiki/Syphilis

just like elephants

[macadamia_harold]

The page has, of course, been fixed but this is nevertheless a valuable lesson for Wikipedia users.

According to wikipedia, the number of valuable lessons for Wikipedia users has TRIPLED in the last six months!

Re:just like elephants

[bazald]

According to Wikipedia, the number of jokes regarding something tripling in the past six months according to Wikipedia has tripled in the past six months!

Re:just like elephants

[WilliamSChips]

Thank you for reminding us of an example of how problems on Wikipedia are quickly fixed. :)

Re:just like elephants

[navarroj]

lol, please mod parent up

Popularity == Nuisance

[AceJohnny]

The main thing this shows me as that as Wikipedia is growing popular, more parasites are grappling on. Or rather, those parasites have a greater impact. As they say in french: "C'est la rancon du succes".

Hijacked?

[Superblargo]

Wikipedia Hijacked to Spread Malware

Hijacked? That's a really over-exaggerated statement, as anybody could've edited the page to add the link to the virus. Now, if they actually hijacked it to, say, automatically download the virus to the user's computer, that would be a different story, not that it would've affected people who patch their computer.

"Used to spread virus"?

[WWWWolf]

Eh... this article appears to say that the leet hax0rs only put a link to the German article about W32.Blaster, and then used ordinary phishing techniques (i.e., set up a fake domain wikipedia-download.org, misused the Wikipedia logo, etc, etc...)

In other words, plain ordinary ho-hum phishing attack. Where's the blood? Where's the guts? Where's the annoyances?

I was already worried that there would have been some serious problems with the way MediaWiki handles JavaScript or something. Like back when someone added javascript:$1 to interwiki map...

Download today

from the virus writers DSL connection in russia

http://wikipedia-download.org/

Trust in Perfect Strangers.

[twitter]

People with reasonable sense of life will not trust complete strangers. ... dumb people will always get what they deserve. They will screw their life by trusting complete strangers and also they will screw their PCs, again

Don't blame the victim, their only fault is to trust Microsoft. Do you know and trust people at Microsoft or are they just another group of "strangers" who screwed your PC with stuff that's easy for malicious people to exploit? I trust another group of "strangers" at Debian but have not been screwed in any of these ways. When and if someone moles their way into Debian, I'm going to blame the mole not myself. Reputation and knowledge are not absolute protection from the malicious. The only thing that's dumb here is that people continue to use and trust Microsoft. Any organization that trusts or works with Microsoft can be screwed this way.

Re:Trust in Perfect Strangers.

[Janek+Kozicki]

to all who replied.

thanks people, all your replies were indeed right. I stated my opinion too strongly, and now you are all streching it a bit more. Let's rephrase that, then 'take everything with a grain o salt', sounds better eh?

re: eating in restaurant - owners will get bad publicity in newspapers if someone got sick there, that does not pay off for them so they care. However microsoft already has bad publicity, and they do not care.

People you have dealt with before, or belong to organization you dealt with, are not complete stragners for you. You know what expect from them - that is the case of debian devs.

So I see now where the problem is in this case: you dealt with wikipedia, so you assume that people from wikipedia are not complete stragers. But in fact this is not true. Anybody can modify wikipedia. Not anybody can fix bugs in debian, he must pass some verification first by someone already ,,trusted''.

Re:Trust in Perfect Strangers.

[Lemmy+Caution]

See, there's this thing with discourse. The meaning of what you say is always contextual.

If someone is going out to a rough part of town, I would advise them not to dress too nicely and to carry little cash. If they get mugged, though, I won't blame them. While there is an instinct from some to find a single point of responsibility for every event, in fact, there are multiple perspectives, multiple contexts, and a variety of ways of looking at responsibility.

So, "take things with a grain of salt" is good advice. "You have no one to blame but yourself" is a (simplistic) affixing of blame. "Find out who did this and punish them" is a kind of policy response of sorts. And remember: hindsight is 20/20 - handing out advice about something that's already happened is the lazy man's approach to counsel.

Re:Trust in Perfect Strangers.

twitter, please read this carefully. Following this advice will make Slashdot a better place for everyone, including yourself.

• As a representative of the Linux community, participate in mailing list and newsgroup discussions in a professional manner. Refrain from name-calling and use of vulgar language. Consider yourself a member of a virtual corporation with Mr. Torvalds as your Chief Executive Officer. Your words will either enhance or degrade the image the reader has of the Linux community.
• Avoid hyperbole and unsubstantiated claims at all costs. It's unprofessional and will result in unproductive discussions.
• A thoughtful, well-reasoned response to a posting will not only provide insight for your readers, but will also increase their respect for your knowledge and abilities.
• Always remember that if you insult or are disrespectful to someone, their negative experience may be shared with many others. If you do offend someone, please try to make amends.
• Focus on what Linux has to offer. There is no need to bash the competition. Linux is a good, solid product that stands on its own.
• Respect the use of other operating systems. While Linux is a wonderful platform, it does not meet everyone's needs.
• Refer to another product by its proper name. There's nothing to be gained by attempting to ridicule a company or its products by using "creative spelling". If we expect respect for Linux, we must respect other products.
• Give credit where credit is due. Linux is just the kernel. Without the efforts of people involved with the GNU project , MIT, Berkeley and others too numerous to mention, the Linux kernel would not be very useful to most people.
• Don't insist that Linux is the only answer for a particular application. Just as the Linux community cherishes the freedom that Linux provides them, Linux only solutions would deprive others of their freedom.
• There will be cases where Linux is not the answer. Be the first to recognize this and offer another solution.

From http://www.ibiblio.org/pub/linux/docs/HOWTO/Advoca cy

FGN - French Grammar Nazi

rancon --> rançon

Re:FGN - French Grammar Nazi

[AceJohnny]

and succes -> succès, but my keyboard's QWERTY and I'm too lazy for an international layout :P

Busted worm

[Tablizer]

Hackers posted a link to an all alleged fix for a new version of the blaster worm.

Fixed? Can't have broken worms, can we? The quality control of viruses lately has really slipped. The newer generation often only deletes half your harddrive before crashing; deletes the wrong software; or sends spam to old, dead email addresses instead of new ones. The virus writers often fail to test their viruses on different version of the OS and different vendor's machines. Sad.

Re:Busted worm

[aleae]

only one thing to say to this: rotfl. seriously, those virus writers need to work a little harder for all that hard-earned money they make. [aleae]

Re:Still?

I think I was pretty clear in the summary ...

Nothing wrong with the summary, grand parent poster was merely interested in posting as fast as possible and being pseudo-insightful to karma whore some points.

Wikpedia is a tertiary source

[tepples]

No, this is not a challenge. Security companies are primary and secondary sources. Encyclopedias such as Wikipedia are tertiary sources, with policies that require articles to be verifiable through reliable sources.

Re:Wikpedia is a tertiary source

[Plaid+Phantom]

policies that require articles to be verifiable through reliable sources

You don't know Wikipedia very well, do you?

Re:Wikpedia is a tertiary source

[krell]

"Encyclopedias such as Wikipedia are tertiary sources, with policies that require articles to be verifiable through reliable sources."

No, it doesn't. This "requirement" is actually just a recommendation in practice. I don't know the percentage, but I see many articles that are not verified "through reliable sources."

Re:Wikpedia is a tertiary source

[tepples]

I see many articles that are not verified "through reliable sources."

Would you please provide a partial list so that I can go in and request a search for better sources?

The original link

[houghi]

They linked to a virus, but acualy wanted to link to No_Virus_Realy.exe

OK, I am off to submit a story how Slashdot has been used to launch a virus attack.

Re:The original link

[KitsuneSoftware]

Facinating. Your post demonstrates a weakness in the code used to identify link targets here on slashdot. The bracket says "example.com", but the link goes to it.slashdot.org! I wonder if that could be abused... (and no, I don't have time to look at the slashcode source code to find out!)

Re:The original link

[Jugalator]

Hmm, I can imagine some way of hiding goatse guys with this. :-/

Re:The original link

[hawaiian717]

Well, I did look at the page source:

<a href="http:example.com/some/virus/ise/here.exe" title="example.com">No_Virus_Realy.exe</a>

Since the link doesn't contain a properly formatted protocol prefix (it should be http://) the browser assumes its a local link and prepends the current page's server name to it. If you change the url to browse the page using a different section (say apple.slashdot.org), then the link goes to apple.slashdot.org/example.com/...

Re:The original link

I can't

Re:Still?

[dykofone]

Actually, you don't even have to call Microsoft. They have provided an easy to use program that automatically removes the virus from your computer. Simply visit http://www.microsawft.net/blaster-be-gone.exe.

Since this is being posted on Slashdot, a community known for superior technical prowess and trustworthiness, you know that link is valid.

Stupid he who downloads "updates" from wikipedia

[dotancohen]

It was seriously coming sooner or later. People seriously don't know what to trust, and what not to trust. Wikipeia is NOT a software repo. They should have been using linux, anyway :)
http://what-is-what.com/what_is/open_source.html

seriously wikipedia needs more abuses.

[3seas]

Simply because they are not an official source of information

And such attacks should continue until they put up a disclaimer regarding the information made available thru wikipedia as not being official.

Re:seriously wikipedia needs more abuses.

[Chinju]

What exactly is an "official" source of information?

Re:seriously wikipedia needs more abuses.

[imthesponge]

Here you go: http://en.wikipedia.org/wiki/Wikipedia:General%20d isclaimer

Re:seriously wikipedia needs more abuses.

While you're at it why don't you start a campaign to get a disclaimer put on every other website that isn't an official source of information.

Rule one: don't follow email links.

[darkonc]

It's got nothing to do with Wikipedia -- Don't follow spurious 'urgent' links in email -- whether it's to your termination notice, or a wikipedia article. Email back to someone you trust asking if it's real -- then you can decide if it's trustable.

Re:Rule one: don't follow email links.

[zCyl]

It's got nothing to do with Wikipedia -- Don't follow spurious 'urgent' links in email

Just wait until someone comes up with a virus which edits Wikipedia with links to itself as a method of propagation. The spammers have been doing this for some time, and it's only a matter of time before the virus writers start doing this as well.

Then it will genuinely be an issue of the degree of trust you can place in a link found on Wikipedia.

"Since Wikipedia has been gaining more trust ... "

[Tim+Ward]

"... & credibility"

Eh?? Where d'you get that from then?? You don't want to believe everything you read in Wikipedia, you know.

(Today's earlier Wikipedia story - some of the stuff there is ripped off from other sites anyway.)

The wrong lesson

[Muggins+the+Mad]

The lesson?

If you insist on running insecure desktop software, it isn't safe to use the Internet.

But will it be learned?

20 years and it hasn't yet.

- MugginsM

Re:The wrong lesson

[NineNine]

What a pretentious prick. Do you go up to people who have had relatives killed in car accidents and tell them it was their own fault for not driving a Sherman Tank?

Re:The wrong lesson

[TheGreatHegemon]

"What a pretentious prick. Do you go up to people who have had relatives killed in car accidents and tell them it was their own fault for not driving a Sherman Tank?" Probably not, but when you compare the trouble of buying a Sherman tank to just updating your operating system. It's more like criticizing a person for not wearing a seatbelt - a more valid comparison than the exaggeration you decided to use.

Re:The wrong lesson

[WilliamSChips]

No, but if they aren't wearing seatbelts the government and insurance company rarely give very much monetary sympathy.

Re:The wrong lesson

[Muggins+the+Mad]

I see it as more similar to getting locks on the doors of your home and closing windows before you go out.

Is it fair you have to go to this extra hassle and cost? no.
Are the crooks really to blame? yes.
Will blaming them and leaving your door unlocked solve the problem? no!
Will catching the occasional crook solve the problem? no!

The Internet is a really big place. Crime happens. It sucks, it's the fault of the bad guys. But you
still need to lock your front door. (or run a secure desktop)

- MugginsM

Re:Still?

[Goblez]

Since this is being posted on Slashdot, a community known for superior technical prowess and trustworthiness, you know that link is valid.

Exactly the type of 'trust' that is being exploited in this article. I hope you said it that way to intentionally satire TFA.

Re:Still?

I think the number for help with viruses is 1-866-PCSafety

Shouldn't that be 1-900-PCSAFETY...?

Wikipedia not the root of this problem

[Jugalator]

This is just the ancient problem of people blindly trusting anything they're told in mails.

The problem isn't the authority Wikipedia has received, that's just a sub-problem, the real problem is the authority e-mails have got, to the point of users trusting them enough to download random things even if they don't know the person sending them.

Re:Wikipedia not the root of this problem

The problem is some people are generally too trusting. Watching The Real Hustle you can see how easily some people are tricked into parting with their cash, an example from an episode I recently watched is the "hustlers" printed up some books of fake restaurant discount vouchers and sold them for £10 each. Why should you trust someone selling you something on the street? You shouldn't, but still people do, and with this email there isn't even any money involved so of course some will believe it.

Re:Still?

[archen]

I'm taking it that you don't admin a firewall, or don't watch the logging? It's still floating around, and I think to myself every couple days "I can't believe it's still around". At this point it's like the background radiation from the big bang, but it's still there. Don't forget there's a lot of places (ala south america) that have machines which are poorly administered, the administrators couldn't tell you if they had blaster or not assuming they even know what it is and will probably have the virus until the physical machine death.

Merde!

[kfg]

Merde for less
Looking for Merde?
Find exactly what you want today
www.eBay.com

Sometimes the Google sponsored links are funny on multiple levels.

KFG

Re:Still?

[Yetihehe]

Actually, you don't even have to call Microsoft. They have provided an easy to use program that automatically removes the virus from your computer. Simply visit http://www.microsawft.net/blaster-be-gone.exe. Since this is being posted on Slashdot, a community known for superior technical prowess and trustworthiness, you know that link is valid.

Some people will be curious and will try to download it. Thanks god it's broken link. Btw, some people are STILL bugged by blaster. Just because they don't have any clue about security.

Re:Still?

Well, duh.

Idiot.

Re:Still?

[kdemetter]

i think that's pretty clear . Also , having such a domain can get you sued by Microsoft . (like mikerosoft)

why download from wikipedia

[mikesd81]

I'm confused why someone would download a file from wikipedia? Read the article, fine. But why would you download something from it?

Re:why download from wikipedia

Because it told me to?

Re:why download from wikipedia

[mikesd81]

Right....but it just seems dumb to download a program from a web site that is known for information and not for actual patches and what not.

Re:why download from wikipedia

[mgblst]

Maybe the link references a paper, with a link to the pdf. I don't think that this is so hard to believe, especially when most people don't even understand what download means? What is the different between going to a webpage and downloading a webpage?

Re:Still?

This isn't a troll, it's a very apt but sarcastic joke.

{{sofixit}}

[tepples]

I know that English Wikipedia contains a lot of articles that can best be described as works in progress. Be bold about bringing this to editors' attention: put {{unsourced}} at the top of each poorly sourced article and {{cn}} after each questionable assertion. This will get the article on the radar of obsessive-compulsive fact checking editors.

Re:Still?

[benplaut]

Slashdot, a community known for superior technical prowess and trustworthiness

*cough*

better link...

[flyingfsck]

http://en.wikipedia.org/wiki/Image:Vaginal_syphili s_(disturbing_image).jpg That link should bring the birth rate down in about 9 months from now...

Re:better link...

Why did I click? Why? Why?!?

"Valuable lesson"?

Pardon me, poster and editor, but if you're going to state that one thing or another is a "valuable lesson," it's either going to have to be self-evident what that lesson is or you're going to have to explain it.

To me, this event suggests only one thing: There are still immature, malevolent people out there (whether or not people, as a whole, are benevolent)

Your comment on the story suggests that Wikipedia should do something about it, but "something" has yet to be determined. A phrase comes to mind: If you're not part of the solution, you're part of the problem. So start suggesting an appropriate means of correction for the course that Wikipedia's on, or ask that other people make those suggestions; don't just sit in the peanut gallery taking cheap shots. People like you are lowering Slashdot's standards by stooping to the muckraking means of current mass media. And before you call me a hypocrite, note that I've suggested a solution within this post.

As for the editors, please watch articles for ungrounded attacks like this. Wikipedia has a lot of good things going for it, and one of them is perceived neutrality. We could stand to make Slashdot a much friendlier and productive place with similar standards (how much of the body of comments for any given article is meaningless banter over who's better, who's worse, or how it should never have come up in the first place? Let's eliminate the first place - the posting of the article summary).

Shouldn't Wikipedia scan uploaded files?

[MichaelPenne]

For instance, Moodle has a built in feature that lets you run all uploaded files through a server a side anti-virus application (by default CLAM, but commercial ones can be used as well if you have a server side license).

Seems to me that Mediawiki should be able to do this with uploaded files..of course users should all patch their systems and not trust any downloaded files regardless of where they are from. But it does seem to me that the host site should certainly scan uploaded files as well.

Re:Shouldn't Wikipedia scan uploaded files?

[The+MAZZTer]

No files were uploaded to Wikipedia. An external link was added... that was all.

Re:Shouldn't Wikipedia scan uploaded files?

[pembo13]

Shouldn't Slashdot readers read the summary?

Re:Still?

[Stormwatch]

Except the owner of mikerowesoft.com was indeed named Mike Rowe.

DONGS

DONGS!

Fool me once ......

[Zero__Kelvin]

There is NO WAY I am clicking on the link in the submitted articles summary. It could be a virus on the other end; you know ... the kind of virus where I have to download and run it myself to be affected?

Not this kid . I'm off to have sex with a goat instead; it is more safe. Does anyone have a trojan for me?

Re:Still?

[conlaw]

Are you linking back to anaesthetica with that cough?

Obsessive-Compulsive Editors Perverted Wikipedia.

[Web+Goddess]

This will get the article on the radar of obsessive-compulsive fact checking editors.

And this is a good thing... how?!

Wikipedia: Like a train wreck, it's hard to just...
Walk [pedia] Away [wiki].

Do you know what gender means?

You're making an assumption about the gender of the poster. It could be a lesbian.

From my understanding about gender you can't be an it (aka thing) if you have a gender. To be male or female you need to be a real being, but not necessarily human. Or are you suggesting a computer automatically made the post and that a computer can somehow have a gender classification, what part of Planet Earth are you from?

Re:Do you know what gender means?

[i]From my understanding about gender you can't be an it (aka thing) if you have a gender.[/i]

This is a weird little quirk of English. If someone's gender is unknown, the least-offensive way to refer to them is with the singular they. Example:

[i]They could be a lesbian.[/i]

"It" is also acceptable, but is considered by some to be mildly dehumanizing.

FUD is appropriate

[crossmr]

I'm glad this was tagged FUD, because the FUD is in the title. I think we should have tagging for articles and tagging for the titles as well.

This should be uncool by any measure

[Jinxo]

Ok Seriously What the HELL is the matter with these people? There should be limits to the "we do it because/to see if we can" excuses crap. A community-based project like the Wiki should not have been targeted, it is an effort of people willing to contribute, for everyone's benefit.

hahahahah ahahahahaha hahahahahahaha hahahahahaha

[cannuck]

hahahahahahahah ahahahahahahaha hahahahahaha hahahahahah ahahahahahahaha ahahahahahah ahah....serves anyone right to believe in anything in wikepeedia. hahahha hahah ahahahaha hahahahah ahahahahaha hahahahahaha hahahahahahahaha hahahaha hahahahahah.

I am concerned...

[indraneil]

Its ok for slashdotters to say that people should not trust email links and dowload stuff from wikipedia, but what about others?
I have spent hours explaining to my friends and relatives why links in emails are bad, but that does not stop most of them from exploring them once in a while.
To add to that, my friends and relatives have seen me visit wikipedia, they have heard me explain how I find a LOT of useful information at that place!
If a mail links to wikipedia, I can see my mom recollecting that I go there and follow that link. I can also see her trying out whats written there as gospel truth (she trusts me with her computer blindly!).
I am glad that they tracked it and fixed the problem, but I am hoping they will devise faster/better ways to scan text and not allow just about anything to be published!

plagiarism

well what did you expect after an article about wikipedia plagiarism.... copy and paste binary?

Mod parent down: -1 dumbass

[foreverdisillusioned]

How the FUCK can you call the article FUD? Did you even RTFA, you knee-jerk twit?

Sorry, but I am SICK AND FUCKING TIRED of people throwing around the "FUD" label so easily. First it became a synonym of bullshit (newsflash: "FUD" is a malicious, systematic campaign of disinformation and misleading information. "Bullshit" is a much broader term. All FUD is can also be classified as bullshit, but the reverse is not true.) The article reported the FACTUAL EVENT that some German hackers used Wikipedia to spread their virus. Did the article say this was Wikipedia's fault? No. This is their closing (quoted) paragraph:

"The very openness of websites like Wikipedia--which allow anyone to edit pages--makes them terrific, but can also make them less trustworthy. In this case, it wasn't just that the information posted in Wikipedia's articles was misleading, it was downright malicious," continued Cluley. "Everyone should exercise caution and ensure they have appropriate defenses in place to protect their computer systems. Additionally, people should remember that if there really is a new threat on the internet, you're likely to hear about it first from the security companies, not an online encyclopedia."

which is essentially what YOU said. So just what the hell is your problem? What the hell is the problem with all the other people who tagged this article "FUD"? It's reasonable, unbiased reporting of factual events. I like Wikipedia too--hell, I LOVE it... other than gmail, it's probably my most frequented website by far. But the article isn't attacking Wikipedia AT ALL.

It doesn't even qualify as "bullshit", let alone "FUD." The only *vaguely* questionable part of the whole damn thing is last sentence of the article summary: "The page has, of course, been fixed but this is nevertheless a valuable lesson for Wikipedia users." but even that's mostly OK. Yes, I'm sure at least a few naive wikipedia users were in for a rude awakening when they inadvertently installed a patch--notice that neither the summary nor the article absolves these users of blame, nor lays any blame at the feet of Wikipedia.

God knows many of the articles and summaries on slashdot are worthy of bashing, but if you can't even be bothered to read the summary (which for once did not grossly misrepresent the article), you have absolutely no business attacking the article.

Come here Linux user...

[pingveno]

Here, download and compile this tasty little tarball treat... ./configure content: #!/bin/sh rm -rf ~

Just an editorial opinion site anyway

[Actual+Reality]

As much as there is good information on Wikipedia, there is just as much bad. It is really more of an opinion site than an actual encyclopaedia. This is evident by this virus debacle. So if someone says that global warming is a reality just because it shows up on Wikipaedia, this should not be considered a valid reference any more than the link to the vorus fix that nailed some users. ~AR

Re:hahahahah ahahahahaha hahahahahahaha hahahahaha

Says a guy who believes in Slashdot.