Blind Bargains

Some Window-Eyes Users Greeted with Unexpected Message after Security Breach


Some Window-Eyes 9 users received an unexpected pop-up message earlier today, the result of a security breach on the company's App Central repository. AN updated copy of one of the default scripts was posted to the website by someone who maliciously hacked the server. AI Squared quickly defused the problem, though some users may need to go and redownload the GW Toolkit app. No personal data stored on your computer is believed to be at risk. We've included more info on how to fix the problem and a statement issued by AI Squared below.

Users who had automatic app updates turned on and also who restarted Window-Eyes during the few hours when the malicious app was posted, received a surprising message which read, "Greetings on behalf of the Islamic state The time of repentence is here Please contact GW Micro for further information."  Please contact GW Micro for further information."

Of course the message did not originate from AI Squared.

Users who received this app will need to manually update it to the correct an current version. Here's a knowledge base article on how to do this.

Shortly after the breach, AI Squared released a statement on the incident which we've included below.

Dear Window-Eyes Users,
First we want to apologize for the unfortunate messages that some of you may have seen this morning. We wanted to take a minute to address what happened and explain how we plan on preventing this in the future.
We released App Central in 2008 as a central repository for Window Eyes Apps, documentation and related resources. App Central was built as a community resource, from the beginning we wanted all Window-Eyes users to be able to contribute and benefit from each others efforts. We're proud of what we accomplished - App Central today contains over 299 apps and more are added all the time. 
Sometime early this morning a user with familiarity with Window-Eyes and the App Central environment breached out security and posted an update to GW Toolkit. Users who downloaded the update were exposed to some unfortunate messages. Our analysis shows that no permanent changes were made to your Window-Eyes installation and, if you update to GW Toolkit version 8.5.9 the problems you may be experiencing should be resolved. Instructions on how to manually update your Apps is at the following KB article 
www.gwmicro.com/kb2062

We have changed passwords and security on our systems that run App Central and we've turned off developer updates to apps for the time being. In the next few days we'll be performing an internal security audit to determine what steps we can take to prevent something like this from happening again. 
Rest assured that we take security seriously and we'll be implementing these steps in a logical, ordered fashion.
Once again, our apologies and thank you for your patience on this matter. 
The Ai Squared Team
Category: News

No one has commented on this post.

You must be logged in to post comments.

Username or Email:
Password:
Keep me logged in on this computer

Or Forgot username or password?
Register for free

J.J. Meddaugh is an experienced technology writer and computer enthusiast. He is a graduate of Western Michigan University with a major in telecommunications management and a minor in business. When not writing for Blind Bargains, he enjoys travel, playing the keyboard, and meeting new people.


Copyright 2006-2019, A T Guys, LLC.