From owner-freebsd-questions@FreeBSD.ORG  Fri Dec  9 15:35:44 2011
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3EC5E1065670
	for <freebsd-questions@freebsd.org>;
	Fri,  9 Dec 2011 15:35:44 +0000 (UTC)
	(envelope-from xaero@xaerolimit.net)
Received: from mail-fx0-f54.google.com (mail-fx0-f54.google.com
	[209.85.161.54])
	by mx1.freebsd.org (Postfix) with ESMTP id D09928FC08
	for <freebsd-questions@freebsd.org>;
	Fri,  9 Dec 2011 15:35:43 +0000 (UTC)
Received: by faak28 with SMTP id k28so1201237faa.13
	for <freebsd-questions@freebsd.org>;
	Fri, 09 Dec 2011 07:35:42 -0800 (PST)
Received: by 10.180.102.4 with SMTP id fk4mr11573360wib.15.1323444942355; Fri,
	09 Dec 2011 07:35:42 -0800 (PST)
MIME-Version: 1.0
Received: by 10.216.255.70 with HTTP; Fri, 9 Dec 2011 07:35:21 -0800 (PST)
From: Chris Brennan <xaero@xaerolimit.net>
Date: Fri, 9 Dec 2011 10:35:21 -0500
Message-ID: <CANLX3yhxwO-ExLOFpXJOJ5n6B0shtEz8FN_7sQZSeOf12_pKwA@mail.gmail.com>
To: FreeBSD Questions <freebsd-questions@freebsd.org>, 
	Debain User <debian-user@lists.debian.org>
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: 
Subject: OT: C|Net's Download.com adware, spyware, malware hijinkx.
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Dec 2011 15:35:44 -0000

Sorry for the cross post I hadn't seen any chatter about this on the lists.
It
would seem that Download.com got caught with their pants down and were
re-wrapping F/OSS with their own installer and bundling adware, spyware
and malware with it.

NMap's author, over at insecure.org got pretty hot about it and has
collected
considerable information on the topic since he learned about it on Monday.

http://insecure.org/news/download-com-fiasco.html

http://seclists.org/nmap-hackers/2011/5

http://seclists.org/nmap-hackers/2011/6

Again, sorry for the cross post, but I know how I would feel if this were
done
to me (I'd be pretty pissed!) So flame me later for cross-posting and if
your a
software developer who also makes software for Windows users, then go and
check your stuff if it's listed on download.com.

So far, paint.net's software, VLC, NMap and emergeDesktop were affected.
Being a part of emergeDesktop's community, I know the author their has
instructed the community to not download his software from download.com,
I'm not sure what steps have been taken for paint.net and VLC though.

> --
> Chris Brennan
> A: Yes.
> >Q: Are you sure?
> >>A: Because it reverses the logical flow of conversation.
> >>>Q: Why is top posting frowned upon?
> http://xkcd.com/84/ | http://xkcd.com/149/ | http://xkcd.com/549/
> GPG: D5B20C0C (6741 8EE4 6C7D 11FB 8DA8  9E4A EECD 9A84 D5B2 0C0C)
------------------------------------------------------------------------