- From: McCloy-Kelley, Liisa <lmccloy-kelley@penguinrandomhouse.com>
- Date: Tue, 29 May 2018 19:05:39 +0000
- To: Bill McCoy <bmccoy@w3.org>, 'George Kerscher' <kerscher@montana.com>, 'AUDRAIN LUC' <LAUDRAIN@hachette-livre.fr>, 'Bill Kasdorf' <kasdorf.bill@gmail.com>
- CC: 'Jeff Jaffe' <jeff@w3.org>, 'W3C Publishing Steering Committee' <public-publishing-sc@w3.org>, 'Karen Myers' <karen@w3.org>, 'Alan Bird' <alan.bird@w3.org>, 'Ralph Swick' <swick@w3.org>, "'W3C Team Digital Publishing'" <team-dig-publishing@w3.org>, 'Coralie Mercier' <coralie@w3.org>, 'W3C Comm Team' <w3t-comm@w3.org>, 'Vivien Lacourba' <vivien@w3.org>, 'Systems Team' <w3t-sys@w3.org>, 'Dave Gunn' <Dave@Outervations.com>, "'Sarah Hilderley'" <shilderley@gmail.com>
- Message-ID: <5E56D925-1095-4088-A694-E4C25BC6F15B@penguinrandomhouse.com>
Bill- Thanks for the update. This sounds like a good plan. Liisa From: Bill McCoy <bmccoy@w3.org> Organization: W3C Date: Tuesday, May 29, 2018 at 1:21 PM To: George Kerscher <kerscher@montana.com>, 'AUDRAIN LUC' <LAUDRAIN@hachette-livre.fr>, 'Bill Kasdorf' <kasdorf.bill@gmail.com> Cc: 'Jeff Jaffe' <jeff@w3.org>, 'W3C Publishing Steering Committee' <public-publishing-sc@w3.org>, 'Karen Myers' <karen@w3.org>, 'Alan Bird' <alan.bird@w3.org>, 'Ralph Swick' <swick@w3.org>, 'W3C Team Digital Publishing' <team-dig-publishing@w3.org>, 'Coralie Mercier' <coralie@w3.org>, 'W3C Comm Team' <w3t-comm@w3.org>, 'Vivien Lacourba' <vivien@w3.org>, 'Systems Team' <w3t-sys@w3.org>, 'Dave Gunn' <Dave@Outervations.com>, 'Sarah Hilderley' <shilderley@gmail.com> Subject: RE: EPUBZone - hacked / disposition? (URGENT) Resent-From: <public-publishing-sc@w3.org> Resent-Date: Tuesday, May 29, 2018 at 1:21 PM Hi, Just an update. With some detective work help from Dave Gunn, systems manager for DAISY, the new owner was tracked down and I was successful in getting them to immediately remove the copyrighted material from the home page of the new epubzone.org (you may need to refresh your browser to see the changes). I’m still working on getting the copyrighted material removed from the sub-pages on accessibility and EPUB 3 but expect that to happen as well. So that’s probably as good as can be hoped for, since we don’t have the resources to mount any kind of real legal effort about this anyway. Given that no one had updated the old epubzone.org since Jan 2017, over 16 months ago (the old site can still be seen at [1]). It was already quite stale, and no one had stepped up to take it on and there was no plan in place for community maintenance (it was an experiment in the first place, and arguably we had failed to build critical mass of community with it at IDPF). So at this point even though it would certainly have been preferable not to have let the domain expire (again I take full responsibility for having let this slip through the cracks) I am going to assume we don’t want to do anything other than, at some point archive the old site at a subdomain somewhere / relocate any specific resources/articles that we want to preserve. I will continue to work with George Kerscher of DAISY on that since most of the content that’s significant is accessibility-related and the former editor of EPUBZone Sarah Hilderley is now working for DAISY. As well I’m pursuing buying the domain back from the new owner for a nominal fee (e.g. $100), just in case and to minimize any further impact, but so far no dice. --Bill [1] https://web.archive.org/web/20180202153738/http://epubzone.org<https://web.archive.org/web/20180202153738/http:/epubzone.org> From: Bill McCoy <bmccoy@w3.org> Sent: Saturday, May 26, 2018 11:34 AM To: 'George Kerscher' <kerscher@montana.com>; 'AUDRAIN LUC' <LAUDRAIN@hachette-livre.fr>; 'Bill Kasdorf' <kasdorf.bill@gmail.com> Cc: 'Jeff Jaffe' <jeff@w3.org>; 'W3C Publishing Steering Committee' <public-publishing-sc@w3.org>; 'Karen Myers' <karen@w3.org>; 'Alan Bird' <alan.bird@w3.org>; 'Ralph Swick' <swick@w3.org>; 'W3C Team Digital Publishing' <team-dig-publishing@w3.org>; 'Coralie Mercier' <coralie@w3.org>; 'W3C Comm Team' <w3t-comm@w3.org>; 'Vivien Lacourba' <vivien@w3.org>; 'Systems Team' <w3t-sys@w3.org> Subject: RE: EPUBZone - hacked / disposition? (URGENT) Hi, unfortunately it appears that epubzone.org domain was not renewed (I believe the last renewal didn’t come to me due to my no longer getting IDPF emails but it’s still on my that this didn’t happen) and we are past the grace period to re-renew. It appears that rather than a hacked server we have someone who scraped some content from the old site and is legitimately providing the site based on their valid domain registration. They are of course violating our copyright to the old material and as well arguably violating the EPUB trademark registration (but that’s a US-only registration and a relatively weak one in terms of our ability to enforce it given the generic uses and other abused out there). This can be verified because none of the DB-backed parts of the old website such as the EPUB resources are available. Since there is no organization for “EPUBZone” nor did we register this as a trademark we have only a weak case that we should retain the domain based on these factors. We could attempt to wrest it back but it would be a long shot IMO (IANAL though). So I suggest that simply I email them (their domain info is masked by GoDaddy but I believe I can get something through via them) asking that they immediately cease using all material from the former epubzone.org since that is copyrighted information, chances of that working are slim but I think it’s worth doing. We could archive for posterity the legitimate epubzone CMS-based Drupal website, which we still can access and which apparently was not hacked after all, somewhere else such as w3.org/publishing/epubzone_archive. Again apologies that we let this one slip by. --Bill From: George Kerscher <kerscher@montana.com<mailto:kerscher@montana.com>> Sent: Friday, May 25, 2018 6:40 PM To: 'AUDRAIN LUC' <LAUDRAIN@hachette-livre.fr<mailto:LAUDRAIN@hachette-livre.fr>>; 'Bill Kasdorf' <kasdorf.bill@gmail.com<mailto:kasdorf.bill@gmail.com>> Cc: 'Jeff Jaffe' <jeff@w3.org<mailto:jeff@w3.org>>; 'Bill McCoy' <bmccoy@w3.org<mailto:bmccoy@w3.org>>; 'W3C Publishing Steering Committee' <public-publishing-sc@w3.org<mailto:public-publishing-sc@w3.org>>; 'Karen Myers' <karen@w3.org<mailto:karen@w3.org>>; 'Alan Bird' <alan.bird@w3.org<mailto:alan.bird@w3.org>>; 'Ralph Swick' <swick@w3.org<mailto:swick@w3.org>>; 'W3C Team Digital Publishing' <team-dig-publishing@w3.org<mailto:team-dig-publishing@w3.org>>; 'Coralie Mercier' <coralie@w3.org<mailto:coralie@w3.org>>; 'W3C Comm Team' <w3t-comm@w3.org<mailto:w3t-comm@w3.org>>; 'Vivien Lacourba' <vivien@w3.org<mailto:vivien@w3.org>>; 'Systems Team' <w3t-sys@w3.org<mailto:w3t-sys@w3.org>> Subject: RE: EPUBZone - hacked / disposition? (URGENT) Hi, Sarah, who maintained the site for the IDPF now works for DAISY. Should DAISY step in to help? There is probably a short term solution that involves getting rid of the hacks and malware, and restoring to a previously good state. Then there is the longer term issue of what to do with this resource. Sarah does not have a current login and we would need to get this figured out to resolve issues. Perhaps set up a call quickly to make some decisions to prevent the black ey. Best George Best George From: AUDRAIN LUC <LAUDRAIN@hachette-livre.fr<mailto:LAUDRAIN@hachette-livre.fr>> Sent: Friday, May 25, 2018 4:37 PM To: Bill Kasdorf <kasdorf.bill@gmail.com<mailto:kasdorf.bill@gmail.com>> Cc: Jeff Jaffe <jeff@w3.org<mailto:jeff@w3.org>>; Bill McCoy <bmccoy@w3.org<mailto:bmccoy@w3.org>>; W3C Publishing Steering Committee <public-publishing-sc@w3.org<mailto:public-publishing-sc@w3.org>>; Karen Myers <karen@w3.org<mailto:karen@w3.org>>; Alan Bird <alan.bird@w3.org<mailto:alan.bird@w3.org>>; Ralph Swick <swick@w3.org<mailto:swick@w3.org>>; W3C Team Digital Publishing <team-dig-publishing@w3.org<mailto:team-dig-publishing@w3.org>>; Coralie Mercier <coralie@w3.org<mailto:coralie@w3.org>>; W3C Comm Team <w3t-comm@w3.org<mailto:w3t-comm@w3.org>>; Vivien Lacourba <vivien@w3.org<mailto:vivien@w3.org>>; Systems Team <w3t-sys@w3.org<mailto:w3t-sys@w3.org>> Subject: Re: EPUBZone - hacked / disposition? (URGENT) +1 Le 25 mai 2018 à 21:28, Bill Kasdorf <kasdorf.bill@gmail.com<mailto:kasdorf.bill@gmail.com>> a écrit : Shutting it down, redirecting, and archiving a pre-hack version seems like something that could be done right away, even if there is some prospect for somebody taking it on in the future. The main things are 1) we don't want to spread malware, 2) we need people to know it's out of date and where the better resources are, and 3) we need to an archivable version for whatever future purpose. I say do it now..--Bill K Bill Kasdorf Principal, Kasdorf & Associates, LLC Founding Partner, Publishing Technology Partners<https://pubtechpartners.com/> kasdorf.bill@gmail.com<mailto:kasdorf.bill@gmail.com> +1 734-904-6252 ISNI: http://isni.org/isni/0000000116490786<http://isni.org/isni/0000000116490786> ORCiD: https://orcid.org/0000-0001-7002-4786<https://orcid.org/0000-0001-7002-4786?lang=en> On Fri, May 25, 2018 at 2:06 PM, Jeff Jaffe <jeff@w3.org<mailto:jeff@w3.org>> wrote: Adding Comm and SysTeam folks - who might want to weigh in. Jeff On 5/25/2018 1:42 PM, Bill McCoy wrote: Hi Pub SC folks, Sarah Hilderley who was coordinator for EPUBZone pre IDPF-W3C combination recently noticed and reported that the site seems to have been hacked, showing non-related content and ads. Looks moderately benign but not good and there may be nastier malware lurking under the surface (so if you visit http://www.epubzone.org/<http://www.epubzone.org/> don’t click on anything!!). This website and domain was an explicit part of asset transfer from IDPF to W3C. Early last year (immediately after combination) W3C Comm team didn’t feel it made sense for us to maintain it as a separate identity given the resource cost of so doing, so it’s just been getting stale while it was unclear what to do with it. Given the hack, we now urgently need to decide and execute on a transition. We could shut it down altogether, for example redirecting the URL to w3.org/publishing<http://w3.org/publishing>, we could statically archive it (presumably an earlier backup as untangling the malware from the Drupal CMS could be challenging) as is planned with IDPF.org<http://IDPF.org> (at the moment IDPF.org<http://IDPF.org> is hosted on the same infrastructure as epubzone.org<http://epubzone.org> so we are just lucky it hasn’t been hacked too… yet – that’s a ticking fuse as it the ongoing hosting cost), or we could identify a third party who wanted to take it on as an independent site (so far in my understanding no one has offered to do that, but we haven’t proactively asked anyone either). I believe W3C management isn’t fussed about the direction as long as within the parameters that it won’t have ongoing cost to W3C since we’d rather direct our limited resources elsewhere. This was an agenda topic at a SC call a while back but I believe it was a call I had to miss and the minutes didn’t note anything specific. So I don’t know if it was discussed or if not if anyone has any strong opinions about it. We could temporarily take the site down to avoid spreading malware and if there’s no consensus relatively immediately I think that’s the path we should take to avoid spreading malware and giving EPUB a black eye. Thanks, --BillM
Received on Tuesday, 29 May 2018 19:06:23 UTC