From what I can discern, the GWToolkit is encrypted. This hack
experience this morning, does that mean the encryption of apps that
AISquared offers has been broken? Or, was the hack only done in the XML
or any of the other files in the package?
David
On 1/16/2015 4:17 PM, Aaron Smith wrote:
Dear Window-Eyes Users,
First we want to apologize for the unfortunate messages that some of
you may have seen this morning. We wanted to take a minute to address
what happened and explain how we plan on preventing this in the future.
We released App Central in 2008 as a central repository for Window
Eyes Apps, documentation and related resources. App Central was built
as a community resource, from the beginning we wanted all Window-Eyes
users to be able to contribute and benefit from each others efforts.
We're proud of what we accomplished - App Central today contains over
299 apps and more are added all the time.
Sometime early this morning a user with familiarity with Window-Eyes
and the App Central environment breached out security and posted an
update to GW Toolkit. Users who downloaded the update were exposed to
some unfortunate messages. Our analysis shows that no permanent
changes were made to your Window-Eyes installation and, if you update
to GW Toolkit version 8.5.9 the problems you may be experiencing
should be resolved. Instructions on how to manually update your Apps
is at the following KB article www.gwmicro.com/kb2062
<http://www.gwmicro.com/kb2062>
We have changed passwords and security on our systems that run App
Central and we've turned off developer updates to apps for the time
being. In the next few days we'll be performing an internal security
audit to determine what steps we can take to prevent something like
this from happening again.
Rest assured that we take security seriously and we'll be implementing
these steps in a logical, ordered fashion.
Once again, our apologies and thank you for your patience on this matter.
The Ai Squared Team
