Cruisers Forum
 


Reply
  This discussion is proudly sponsored by:
Please support our sponsors and let them know you heard about their products on Cruisers Forums. Advertise Here
 
Thread Tools Search this Thread Rate Thread Display Modes
Old 05-11-2020, 00:56   #1
Registered User

Join Date: Jul 2010
Location: Hannover - Germany
Boat: Amel Sharki
Posts: 2,545
Bogus Pull Requests to OpenCPN

The absolutely rock bottom has been hit now. Hackers try to break the code at github.
Attached Thumbnails
Click image for larger version

Name:	Tiefpunkt.png
Views:	226
Size:	174.3 KB
ID:	226453  
CarCode is offline   Reply With Quote
Old 05-11-2020, 08:10   #2
Marine Service Provider
 
bdbcat's Avatar

Join Date: Mar 2008
Posts: 7,437
Re: OpenCPN hacked

All...
Related Pull Request has been Closed.
OpenCPN is under positive github control. No unauthorized code changes have been made.


Thanks for watching
Dave
bdbcat is online now   Reply With Quote
Old 06-11-2020, 04:45   #3
Registered User

Join Date: Feb 2016
Posts: 143
Re: OpenCPN hacked

Would you mind changing the title so that it is less clickbaity and more informative, like "Bogus Pull Requests to OpenCPN"?

At least to me "hacked" means that somebody succeeded in something. No need to cause unnecessary alarm.
teppokurki is offline   Reply With Quote
Old 06-11-2020, 05:17   #4
Moderator
 
Pete7's Avatar

Cruisers Forum Supporter

Join Date: Aug 2009
Location: Solent, England
Boat: Moody 31
Posts: 18,551
Images: 22
Re: Bogus Pull Requests to OpenCPN

Done,

Pete
Pete7 is offline   Reply With Quote
Old 06-11-2020, 08:45   #5
Registered User

Join Date: Jul 2010
Location: Hannover - Germany
Boat: Amel Sharki
Posts: 2,545
Re: Bogus Pull Requests to OpenCPN

Quote:
Originally Posted by Pete7 View Post
Done,
Pete
Would you like to inform the thread opener when you alter his text?
Otherwise you risk to violate some laws and that might be expensive for you.
CarCode is offline   Reply With Quote
Old 06-11-2020, 12:06   #6
Registered User

Join Date: Jul 2020
Posts: 12
Re: Bogus Pull Requests to OpenCPN

Translating the Chinese using Google Translate shows someone trying to do some tests and accidentally creating a pull request:

整合前版本至5.2.x,以后可用此分支开发 means "Integrate the previous version to 5.2.x, and use this branch for development in the future"

编译时使用z.txt内的命令 means "Use the commands in z.txt when compiling"
xentac is offline   Reply With Quote
Old 06-11-2020, 15:02   #7
Registered User
 
StuM's Avatar

Cruisers Forum Supporter

Join Date: Nov 2013
Location: Port Moresby,Papua New Guinea
Boat: FP Belize Maestro 43 and OPBs
Posts: 12,891
Re: Bogus Pull Requests to OpenCPN

Quote:
Originally Posted by CarCode View Post
Would you like to inform the thread opener when you alter his text?
Otherwise you risk to violate some laws and that might be expensive for you.

You may like to check who owns CF and the rules you agreed to when you subscribed
StuM is offline   Reply With Quote
Old 07-11-2020, 01:06   #8
Registered User

Join Date: Jul 2010
Location: Hannover - Germany
Boat: Amel Sharki
Posts: 2,545
Re: Bogus Pull Requests to OpenCPN

Quote:
Originally Posted by StuM View Post
You may like to check who owns CF and the rules you agreed to when you subscribed
What do you think will happen when someone change, alter or modify the text of a message in Facebook, Twitter or similiar media especially in these days ?


OpenCPN has been always a target of hackers perhaps because its security is so weak. 4 years ago the web pages of opencpn.org has been hacked already:
Attached Thumbnails
Click image for larger version

Name:	OCPNhack.jpg
Views:	96
Size:	405.6 KB
ID:	226576  
CarCode is offline   Reply With Quote
Old 07-11-2020, 15:38   #9
Registered User
 
StuM's Avatar

Cruisers Forum Supporter

Join Date: Nov 2013
Location: Port Moresby,Papua New Guinea
Boat: FP Belize Maestro 43 and OPBs
Posts: 12,891
Re: Bogus Pull Requests to OpenCPN

Quote:
Originally Posted by CarCode View Post
What do you think will happen when someone change, alter or modify the text of a message in Facebook, Twitter or similiar media especially in these days ?

"Public discussion about moderation or moderator decisions is not allowed. If a moderator deletes or edits one of your posts and you disagree with the action, contact the moderator concerned."
StuM is offline   Reply With Quote
Old 07-11-2020, 16:31   #10
Moderator
 
Pete7's Avatar

Cruisers Forum Supporter

Join Date: Aug 2009
Location: Solent, England
Boat: Moody 31
Posts: 18,551
Images: 22
Re: Bogus Pull Requests to OpenCPN

Quote:
Originally Posted by CarCode View Post
Would you like to inform the thread opener when you alter his text?
Otherwise you risk to violate some laws and that might be expensive for you.
Feel free to advise me of the rules I violated and which country they apply to.

Meanwhile a fellow member made a suggestion to make your post more accurate and I agreed. As a CF moderator I then made the change. End of story.

Pete
Pete7 is offline   Reply With Quote
Old 07-11-2020, 16:46   #11
CF Adviser
 
Pelagic's Avatar

Join Date: Oct 2007
Boat: Van Helleman Schooner 65ft StarGazer
Posts: 10,280
Re: Bogus Pull Requests to OpenCPN

So could someone please explain to the layman, what this Chinese interference means and if they were to succeed in the future, are OpenCPN users vulnerable in what ways?

Living in Asia, this is not just a theoretical question.
Pelagic is offline   Reply With Quote
Old 07-11-2020, 17:58   #12
Marine Service Provider
 
bdbcat's Avatar

Join Date: Mar 2008
Posts: 7,437
Re: Bogus Pull Requests to OpenCPN

Pelagic...
In lay terms:
1. A github account holder tried (accidentally?) to modify the OCPN source code.
2. The OCPN source code is under positive github control, meaning that no changes can be made to the code without my explicit approval of the changes. Such approval only happens after a review of the specific changes requested.
3. So, no changes to the source code were made. The system worked as it should.


4. At no time were the distributed Releases of OCPN touched. These are also under my direct and explicit control.


So, I would not be unduly worried about unauthorized tampering with OCPN internals. In any event, the OCPN core code base is all open source, and is available for public inspection and analysis by anyone, at any time.


Thanks
Dave
bdbcat is online now   Reply With Quote
Old 08-11-2020, 15:12   #13
Registered User
 
rgleason's Avatar

Join Date: Mar 2012
Location: Boston, MA
Boat: 1981 Bristol 32 Sloop
Posts: 17,698
Images: 2
Re: Bogus Pull Requests to OpenCPN

Carcode wrote:
"4 years ago the web pages of opencpn.org has been hacked already"


Carcode I do not recall seeing this problem and I was on the website almost every day.
rgleason is offline   Reply With Quote
Old 09-11-2020, 01:19   #14
Registered User

Join Date: Jul 2010
Location: Hannover - Germany
Boat: Amel Sharki
Posts: 2,545
Re: Bogus Pull Requests to OpenCPN

Quote:
Originally Posted by rgleason View Post
Carcode I do not recall seeing this problem and I was on the website almost every day.
I am fortunately able to make screenshots and to store them.
CarCode is offline   Reply With Quote
Reply

Tags
opencpn, enc

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenCPN Homepage hacked CarCode OpenCPN 69 06-09-2016 05:02
Hacked Again capn_billl General Sailing Forum 13 12-12-2011 08:26
FYI - SailNet Hacked Yachts66 Flotsam & Sailing Miscellany 21 08-09-2010 22:33

Advertise Here


All times are GMT -7. The time now is 19:29.


Google+
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Social Knowledge Networks
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2024, vBulletin Solutions, Inc.

ShowCase vBulletin Plugins by Drive Thru Online, Inc.