Prising open a sarcophagus in the British Museum might give you a bit more than you bargained for.
Documents laced with malware have been found in WikiLeaks.org's cache of files obtained from hacked CIA wannabe Stratfor. Intelligence biz Stratfor was ransacked by Jeremy Hammond in late 2011, and its email archives passed to whistleblowing website WikiLeaks in early 2012. The Julian Assange™-led organization soon began …
"Wieder says he's been trying to contact the whistleblowing website to get the data cleaned up. He argues that you wouldn't expect a reputable news source to host malicious files, so WikiLeaks – which seeks to hold power to account – shouldn't either."
Well, there's your problem - assuming that WikiLeaks is anything other than an exercise in Assange's ongoing self-aggrandizement.
El Reg has verified that the documents identified by Wieder are dangerous. It's possible there are more infected files lurking in WikiLeaks' databases of unfiltered data.
Everything leaking truth is dangerous to sysadmins in systems built on spinning propaganda which is infected and inflected, El Reg.
And, in this particular field of endeavour, moving on from ….
“It's a beautiful thing, the destruction of words.” ― George Orwell, 1984
…… is it a destructive thing, creation with words which are truly disruptive, but a thing of beauty to boot, nevertheless, for the freedom that all truths deliver.
* And corrupt juntas and fiat ponzi power elite brotherhoods too.
If you're referring to the TrueType one from the tail end of last year, I think the actual vuln was in the way that certain Microsoft products parsed crafted TrueType files, so I'm not sure the same exploit would work against other vendors implementations of the TrueType standard. But don't hold me to that.
I'm fairly "Well, duh" about the whole thing. News flash: there's probably malware in the Hacking Team files too. *Everybody's* mail spool would be found to contain malware if it was dumped en masse, even if only in the spam folder, and all the usual warnings about being wary of email attachments don't suddenly stop applying just because you're reading someone else's email rather than your own.
I also think it's entirely proper for Wikileaks to host the files verbatim and unredacted nor altered in any way from their original state. That is precisely its mission - which you may disagree with for moral, political, or philosophical reasons, but that's a separate discussion, and in its own terms, this is definitely the way Wikileaks should be doing what it does, and it should not get into the business of editing or censoring the files it leaks.
Biting the hand that feeds IT © 1998–2022