French ISP Offers to Block File-Sharing, Exposes Users to Attack

June 15, 2010

In response to the implementation of France’s “Hadopi” or three-strikes law, which targets illegal file sharers, a French ISP began offering its customers a service that would block file-sharing on their connections, but the software came with its own problems.

Orange was the ISP offering the service, for the small price of two Euros per month, and it was intended to allow users to “control the activity of computers connected to your internet line” by blocking access to an unknown series of blacklisted sites and addresses.

Unfortunately though, according to Torrent Freak, the Windows-only software, as detailed by a techie named Bluetouff, communicated with a public server that still had the default username and password of admin/admin. Oops.

Torrent Freak that it was:

... informed that people have accessed the server and have discovered that it’s possible to send malware to anyone using the software which makes a bit of a joke out of Orange when it claims: “The software runs in the background to ensure your safety without disrupting the important tasks that you perform”

Also, in an additional twist, the former French Minister of Culture, Christine Albanel, is now employed at orange as Executive of Communication.

Posted in

Comments

Re: French ISP Offers to Block File-Sharing, Exposes Users ...

Submitted by axiomatic on Tue, 06/15/2010 - 14:10.

How do people pull off stupid stuff like this? When I load Windows server applications I dont even use the local service account as the service account, I make a unique user for the services just so this kind of stupidity can not leveraged by a malicious user.

Sorry but this is security 101 stuff. The person who loaded this software needs to be terminated.

Re: French ISP Offers to Block File-Sharing, Exposes Users ...

Submitted by Neeneko on Tue, 06/15/2010 - 15:18.

I am not following how this would make a differnce in this case. It sounds like the sever application itself had the default username and password, so creating a unique user on the server would have no impact on the hole.

On the client side, I doubt most users are going to build a jail for a service that their ISP probably tells them to install via 'double click setup and never worry again'.

Re: French ISP Offers to Block File-Sharing, Exposes Users ...

Submitted by tallimar on Tue, 06/15/2010 - 18:42.

he said that he creates a customized account and uses that as the administrator in place of the default account, essentially replacing it.

Shout box

E. Zachary Knight: But what if I want to only watch over the air tv? I don't subscribe to pay tv. I never will. If that is a requirement, then MS wasted 45 minutes telling me how great TV will be.05/21/2013 - 2:08pm

james_fudge: EZK it will depend on your provider, just like HBO Go i'd imagine.05/21/2013 - 2:05pm

PHX Corp: @IanC there's also a chance that those titles might be Xbox one exclusive, but it's too early to tell afaik05/21/2013 - 2:03pm

IanC: @E. Zachary Knight - MS certainly got the checkbook out for EA, so no surprise on how negative they are over the Wii U.05/21/2013 - 1:54pm

MaskedPixelante: So now I have to wonder, how many of EA's games are skipping the PS4 because of their pro-used stance?05/21/2013 - 1:53pm

E. Zachary Knight: On the TV front, does the XBox One require a cable/satellite subscription or will I be able to use my over the air channels?05/21/2013 - 1:48pm

E. Zachary Knight: Also, that name was not one of the options on our poll.05/21/2013 - 1:42pm

E. Zachary Knight: This presentation also shows why EA has been so negative about the Wii U. They have had a massive hardon for the XBox One forever.05/21/2013 - 1:42pm

james_fudge: two female presenters05/21/2013 - 1:40pm

E. Zachary Knight: Quote: Are developers forced to create games that have these online features, and are thus not playable offline? They are not, Xbox exec Whitten said to Wired — but “I hope they do.”05/21/2013 - 1:40pm

E. Zachary Knight: The Wired article I linked to earlier has a different story. While it will be possible to play offline, that is a game to game thing, not standard. http://www.wired.com/gamelife/2013/05/xbox-one-analysis/05/21/2013 - 1:39pm

Andrew Eisen: According to Geoff Keighley, Don Mattrick says Xbox One is not always on. https://twitter.com/geoffkeighley/status/33690727595023155305/21/2013 - 1:35pm

Andrew Eisen: Just like how Sim City needs the cloud for various computations. (Note to anyone unaware: Sim City does not need the cloud for various computations. That was a barefaced lie by EA Maxis.)05/21/2013 - 1:24pm

MaskedPixelante: So all in all, more of the same, with the possibility of used game restrictions and always on DRM disguised as "cloud computing".05/21/2013 - 1:20pm

Andrew Eisen: Absolutly zero gameplay footage. Doesn't look like there are going to be a lot of games ready to launch by the end of the year.05/21/2013 - 1:12pm

E. Zachary Knight: They didn't talk about any of the other exclusives. I guess they are saving that for E3.05/21/2013 - 1:06pm

E. Zachary Knight: quicknoid, They have 15 exclusives coming in the first year with 8 of them being original franchises. I think Ghosts is at least a timed exclusive.05/21/2013 - 1:06pm

MaskedPixelante: Maybe they could stick some facial recognition software on the new Kinect to keep 12 year olds off of Xbox Live. That'd be nice.05/21/2013 - 1:06pm

ddrfr33k: I'm still not holding my breath05/21/2013 - 1:04pm

ddrfr33k: Hmm...If Ghosts has as much emphasis on the story as they say they do, they might be able to turn the series around...05/21/2013 - 1:04pm

All shouts

<< Return To Top

Forgot your password?
Username :
Password :