French ISP Offers to Block File-Sharing, Exposes Users to Attack

June 15, 2010 -

In response to the implementation of France’s “Hadopi” or three-strikes law, which targets illegal file sharers, a French ISP began offering its customers a service that would block file-sharing on their connections, but the software came with its own problems.

Orange was the ISP offering the service, for the small price of two Euros per month, and it was intended to allow users to “control the activity of computers connected to your internet line” by blocking access to an unknown series of blacklisted sites and addresses.

Unfortunately though, according to Torrent Freak, the Windows-only software, as detailed by a techie named Bluetouff, communicated with a public server that still had the default username and password of admin/admin. Oops.

Torrent Freak that it was:

... informed that people have accessed the server and have discovered that it’s possible to send malware to anyone using the software which makes a bit of a joke out of Orange when it claims: “The software runs in the background to ensure your safety without disrupting the important tasks that you perform”

Also, in an additional twist, the former French Minister of Culture, Christine Albanel, is now employed at orange as Executive of Communication.


Comments

Re: French ISP Offers to Block File-Sharing, Exposes Users ...

How do people pull off stupid stuff like this? When I load Windows server applications I dont even use the local service account as the service account, I make a unique user for the services just so this kind of stupidity can not leveraged by a malicious user.

Sorry but this is security 101 stuff. The person who loaded this software needs to be terminated.

Re: French ISP Offers to Block File-Sharing, Exposes Users ...

 I am not following how this would make a differnce in this case.  It sounds like the sever application itself had the default username and password, so creating a unique user on the server would have no impact on the hole.

On the client side, I doubt most users are going to build a jail for a service that their ISP probably tells them to install via 'double click setup and never worry again'.

Re: French ISP Offers to Block File-Sharing, Exposes Users ...

he said that he creates a customized account and uses that as the administrator in place of the default account, essentially replacing it.

 
Forgot your password?
Username :
Password :

Shout box

You're not permitted to post shouts.
WonderkarpI didnt know we were talking about Capitalism. What do mass shootings have to do with trade and industry that is controlled by private owners for profit?01/25/2015 - 3:28pm
ConsterYou do realize that what you're doing right now isn't what capitalism means, right?01/25/2015 - 2:39pm
WonderkarpActual Thing, Never Proven :P We All Know That You Dont Need Evidence For Something To Be Real, Huh.01/25/2015 - 9:40am
ConsterAh, that explains it - since the second thing you named is an actual thing, I wasn't sure if you were being sarcastic.01/25/2015 - 7:39am
WonderkarpConster, I was quoting Anita Sarkeesian01/24/2015 - 10:39pm
ZippyDSMleeodd its not wanting to post half the time 0-o01/24/2015 - 10:21pm
ZippyDSMleetest01/24/2015 - 10:21pm
ConsterWonderkarp: did the US actually bomb Japan back to traditional values? My history lessons were eurocentric, so I wouldn't know.01/24/2015 - 9:39pm
ZippyDSMleeeffect like confusion,ect. QTEs are a gimmick that can easily be shallow because you are looking to mess with conditioned responses and nothing messes with them more than random gameplay changes..01/24/2015 - 7:58pm
ZippyDSMleeWonderkarp: They tried to be natural with God Of Wars QTE’s, sometimes it felt random which I hate the most in QTEs. The way you interface with gameplay (press X to get X result) should never rely on randomly generated mechanics unless it’s a status01/24/2015 - 7:57pm
Andrew EisenI've passed your comment on.01/24/2015 - 5:45pm
Neo_DrKefkaHey GamePolitics staff can you guys work out the way the ads are delivered via mobile? Sometimes any attempt to do anything on this site automatically forwards you to download "Flappy bird" on a shady site or another thing. It just hijacks my Safari01/24/2015 - 3:47pm
WonderkarpI feel like the only good QTEs were the ones in the God of War series. I dont know why though.. maybe its the visceral carnage01/24/2015 - 1:13pm
ZippyDSMleeprh99: QTEs are dumb I ever understood the need for them outside being cheap and wanting to pad mechanics with scripted events that use only a few buttons.01/24/2015 - 12:58pm
InfophileAnd a more detailed breakdown of expenses here: http://imgur.com/L46SUMw01/24/2015 - 12:42pm
InfophileFor anyone still complaining about where the funding for Tropes vs. Women went: https://www.dropbox.com/s/q4z6qa561roidh5/femfreq_annualreport2014.pdf?dl=0 (page 16) Not that this will actually stop claims of fraud, but it's good to have a counter.01/24/2015 - 12:38pm
prh99Linux kernel patch breaks Witcher 2. Apparently it was a wrapped Windows version instead of native port. http://m.slashdot.org/story/21270301/24/2015 - 11:12am
prh99I am not a fan of QTEs. Toggle joystick to break away from an enemy is ok...01/24/2015 - 12:26am
Goth_Skunk@WonderKarp: *fistbump*01/24/2015 - 12:00am
ZippyDSMleeIts like they took the fiction from soemthing else and tried to impose it on the Turok IP 0-o01/23/2015 - 10:14pm
 

Be Heard - Contact Your Politician