French ISP Offers to Block File-Sharing, Exposes Users to Attack

June 15, 2010 -

In response to the implementation of France’s “Hadopi” or three-strikes law, which targets illegal file sharers, a French ISP began offering its customers a service that would block file-sharing on their connections, but the software came with its own problems.

Orange was the ISP offering the service, for the small price of two Euros per month, and it was intended to allow users to “control the activity of computers connected to your internet line” by blocking access to an unknown series of blacklisted sites and addresses.

Unfortunately though, according to Torrent Freak, the Windows-only software, as detailed by a techie named Bluetouff, communicated with a public server that still had the default username and password of admin/admin. Oops.

Torrent Freak that it was:

... informed that people have accessed the server and have discovered that it’s possible to send malware to anyone using the software which makes a bit of a joke out of Orange when it claims: “The software runs in the background to ensure your safety without disrupting the important tasks that you perform”

Also, in an additional twist, the former French Minister of Culture, Christine Albanel, is now employed at orange as Executive of Communication.


Comments

Re: French ISP Offers to Block File-Sharing, Exposes Users ...

How do people pull off stupid stuff like this? When I load Windows server applications I dont even use the local service account as the service account, I make a unique user for the services just so this kind of stupidity can not leveraged by a malicious user.

Sorry but this is security 101 stuff. The person who loaded this software needs to be terminated.

Re: French ISP Offers to Block File-Sharing, Exposes Users ...

 I am not following how this would make a differnce in this case.  It sounds like the sever application itself had the default username and password, so creating a unique user on the server would have no impact on the hole.

On the client side, I doubt most users are going to build a jail for a service that their ISP probably tells them to install via 'double click setup and never worry again'.

Re: French ISP Offers to Block File-Sharing, Exposes Users ...

he said that he creates a customized account and uses that as the administrator in place of the default account, essentially replacing it.

 
Forgot your password?
Username :
Password :

Poll

Should 'Hatred' have been removed from Steam Greenlight?:

Shout box

You're not permitted to post shouts.
MaskedPixelantehttp://uplay.ubi.com/#!/en-US/events/uplay-15-days You can win FREE GAMES FOR A YEAR! Unfortunately, they're Ubisoft games.12/18/2014 - 6:29pm
Papa MidnightAh, so it was downtime. I've been seeing post appear in my RSS feed, but I was unable to access GamePolitics today across several ISPs.12/18/2014 - 6:06pm
james_fudgeSorry for the downtime today, folks.12/18/2014 - 5:54pm
PHX Corphttp://www.craveonline.com/gaming/articles/801575-sony-refuses-offer-refund-playstation-game-fraudulently-purchased-hacker Sony Refuses to Offer Refund for PlayStation Game Fraudulently Purchased by Hacker12/18/2014 - 1:43pm
NeenekoMakes sense to me, and sounds kinda cool. One cool thing about Minecraft is the meta game, you can implement other game types within its mechanics. There are servers out there with plots, an episodic single player one sound kinda cool12/18/2014 - 11:07am
MaskedPixelantehttps://mojang.com/announcing-minecraft-story-mode/ Umm... what?12/18/2014 - 10:24am
NeenekoThat would make sense. Theaters probably can not afford the liability worry or a drop in ticket sales from worried people. Sony on the other hand can take a massive writeoff, and might even be able to bypass distribution contracts for greater profit.12/18/2014 - 10:03am
ConsterNeeneko: I thought they cancelled it because the major cinema franchises were too scared of terrorist attacks to show the film?12/18/2014 - 9:55am
Neeneko@Wonderkarp - there is still a lot of debate regarding if the movie was a motive or not. Unnamed officials say yes, the timeline says no.12/18/2014 - 9:10am
NeenekoSomething does not smell right though, Sony is no stranger to being hacked, so why cancel this film? For that matter, they are still not giving in to hacker's original demands as far as I know.12/18/2014 - 9:06am
PHX Corp@prh99 Not to mention the Dangerous Precedent that sony's hacking scandal just set http://mashable.com/2014/12/17/sony-hackers-precedent/12/18/2014 - 8:25am
Matthew WilsonI hope its released to netflix or amazon12/18/2014 - 12:11am
prh99Basically they've given every tin pot dictator and repressive regime a blue print how to conduct censorship abroad. The hecklers veto wins again. At least when it comes to Sony and the four major theater chains.12/17/2014 - 11:55pm
MaskedPixelante"It's not OUR fault that our game doesn't work, it's YOUR fault for having so many friends."12/17/2014 - 9:48pm
Matthew Wilsonapparently tetris did not work because he has a full friends list12/17/2014 - 9:21pm
WonderkarpSo Sony cancelled the release of the Interview. was it ever confirmed that the Sony hacking was done because of that specific movie?12/17/2014 - 8:54pm
MaskedPixelanteWow, Ubisoft went four for four, I didn't think it was actually possible.12/17/2014 - 8:37pm
MechaTama31Oh, ok, I was mixing up "on Greenlight" and "Greenlit".12/17/2014 - 8:23pm
Matthew Wilson@phx you beat me to it. how do you screw up tetris?! my ubisoft this is just stupid. no one should ever preorder a ubisoft game again! ps people should never preorder any game regardles of dev.12/17/2014 - 6:28pm
PHX Corphttp://www.ign.com/videos/2014/12/17/what-the-heck-is-wrong-with-tetris-ps4 I give up on ubisoft12/17/2014 - 6:01pm
 

Be Heard - Contact Your Politician