gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
76793 Posts in 13502 Topics by 1651 Members - Latest Member: Arnold99 November 27, 2024, 11:52:21 am
*
gfx*gfx
gfx
WinMX World :: Forum  |  Discussion  |  WinMx World News  |  ISP Attempt To Block File-Sharing Ends in Epic Failure (in full)
gfx
gfxgfx
 

Author Topic: ISP Attempt To Block File-Sharing Ends in Epic Failure (in full)  (Read 736 times)

0 Members and 1 Guest are viewing this topic.

Offline DaBees-Knees

  • WMW Team
  • *****
http://torrentfreak.com/isp-attempts-to-block-file-sharing-ends-results-in-epic-failure-100614/

Quote
In response to the country’s “3 strikes” Hadopi legislation, last week a French ISP began offering a service to block file-sharing on customer connections for ‘just’ 2 euros per month. It didn’t take long for awful vulnerabilities in the system to be found which breached not only the privacy of subscribers, but exposed them to new security threats.

France’s big, bad, scary Hadopi legislation and the systematic tracing, monitoring, reporting and disconnecting of file-sharers is all but here, so it seems there’s no better time for other companies to start making money from it.

Last week saw French ISP Orange take the opportunity to start providing a service which, at least on the surface, is designed to put the minds of subscribers at rest. For a 2 euro per month payment, Orange is offering a service which “allows you to control the activity of computers connected to your internet line, from downloading ‘illegally’ using peer-to-peer networks. You can protect up to three computers connected to the same internet line.”

The software, which is Windows-only, runs in the background and utilizes a blacklist maintained and updated by Orange. Precisely what is on that blacklist remains a secret.

“Our solution is intended primarily for parents who want to make sure their children do nothing illegal on P2P networks,” the company said in a statement to French media last week while adding that just because the software is running, it doesn’t mean that users are fully protected against legal action under Hadopi.

History tells us that whenever a company gets involved in anti-piracy action, they leave themselves open to being probed. Several anti-piracy companies and groups have seen their systems examined and even hacked over the years, and Orange is no different.

Bluetouff has documented his findings on the Orange system and they are pretty surprising.

Using WireShark to sniff the output of the software on his location network, Bluetouff was able to identify an IP address used by the software to obtain its updates.

“The software communicates with a remote server, a Java servlet actually located on the ip 195.146.235.67,” he explains.

Nothing too out of the ordinary there – except that all information is not only being transmitted in the clear but all information on that server is public (via
http://195.146.235.67/status), meaning that every user had their IP addresses exposed to the public. But it doesn’t stop there.



Whoever set up the security on the server admin panel didn’t do a very good job. The username was set to ‘admin’ and the password set to ‘admin’ too. This morning that gaping hole was still open.



TorrentFreak is informed that people have accessed the server and have discovered that it’s possible to send malware to anyone using the software which makes a bit of a joke out of Orange when it claims: “The software runs in the background to ensure your safety without disrupting the important tasks that you perform”

“People don’t know whether to laugh or cry,” Astrid Girardeau from TheInternets.fr told TorrentFreak. “Because it is a new Hadopi fail. And because, Christine Albanel, the ex-Minister of Culture, is now the executive of communication, for… Orange.”

A total shambles and a security risk to users.  8)



Offline GhostShip

  • Ret. WinMX Special Forces
  • WMW Team
  • *****
Re: ISP Attempt To Block File-Sharing Ends in Epic Failure (in full)
« Reply #1 on: June 15, 2010, 07:12:18 am »
A "shambles" is the correct word to use but what can we expect from "suits" who take their customers money and try to spend as little of it as possible on technical staff.

WinMX World :: Forum  |  Discussion  |  WinMx World News  |  ISP Attempt To Block File-Sharing Ends in Epic Failure (in full)
 

gfxgfx
gfx
©2005-2024 WinMXWorld.com. All Rights Reserved.
SMF 2.0.19 | SMF © 2021, Simple Machines | Terms and Policies
Page created in 0.012 seconds with 22 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!