French ISP Offers to Block File-Sharing, Exposes Users to Attack

June 15, 2010 -

In response to the implementation of France’s “Hadopi” or three-strikes law, which targets illegal file sharers, a French ISP began offering its customers a service that would block file-sharing on their connections, but the software came with its own problems.

Orange was the ISP offering the service, for the small price of two Euros per month, and it was intended to allow users to “control the activity of computers connected to your internet line” by blocking access to an unknown series of blacklisted sites and addresses.

Unfortunately though, according to Torrent Freak, the Windows-only software, as detailed by a techie named Bluetouff, communicated with a public server that still had the default username and password of admin/admin. Oops.

Torrent Freak that it was:

... informed that people have accessed the server and have discovered that it’s possible to send malware to anyone using the software which makes a bit of a joke out of Orange when it claims: “The software runs in the background to ensure your safety without disrupting the important tasks that you perform”

Also, in an additional twist, the former French Minister of Culture, Christine Albanel, is now employed at orange as Executive of Communication.


Comments

Re: French ISP Offers to Block File-Sharing, Exposes Users ...

How do people pull off stupid stuff like this? When I load Windows server applications I dont even use the local service account as the service account, I make a unique user for the services just so this kind of stupidity can not leveraged by a malicious user.

Sorry but this is security 101 stuff. The person who loaded this software needs to be terminated.

Re: French ISP Offers to Block File-Sharing, Exposes Users ...

 I am not following how this would make a differnce in this case.  It sounds like the sever application itself had the default username and password, so creating a unique user on the server would have no impact on the hole.

On the client side, I doubt most users are going to build a jail for a service that their ISP probably tells them to install via 'double click setup and never worry again'.

Re: French ISP Offers to Block File-Sharing, Exposes Users ...

he said that he creates a customized account and uses that as the administrator in place of the default account, essentially replacing it.

 
Forgot your password?
Username :
Password :

Poll

Poll: Is it censorship when a private retailer decides not to sell a particular video game?:

Shout box

You're not permitted to post shouts.
PHX Corphttp://www.gamespot.com/articles/need-for-speed-will-require-an-online-connection/1100-6427672/ Need For Speed Will Require An Online Connection05/29/2015 - 7:54am
Wonderkarpjust be happy and encourage it.05/29/2015 - 7:37am
DocMelonheadSorry about that, but I'm surprise at what IP participate in this discussion.05/29/2015 - 7:25am
E. Zachary KnightIron, I did not Google Search because I figured the ESRB would publish such infor on their site, which is where I looked. http://www.esrb.org/ratings/ratings_process.jsp05/29/2015 - 7:22am
WonderkarpDocMelonHead, don't look a gift horse in the mouth05/29/2015 - 7:21am
E. Zachary KnightDoc, Uncalled for. Please keep things civil.05/29/2015 - 7:21am
MattsworknameThey were discussing the appeals process for Esrb ratings Doc.05/29/2015 - 7:21am
DocMelonheadDid IP post something that isn't related to White Supremecy?05/29/2015 - 7:13am
IronPatriotBut hey, you're welcome.05/29/2015 - 5:23am
Andrew EisenEZK did say he didn't find any info on the appeals process. And if all he did was look at the ratings process part of the ESRB's website, he wouldn't have. That's where I would have looked too. But hey, thanks for being thorough and finding the info.05/29/2015 - 5:01am
Andrew EisenDude, again. I am NOT saying there is no appeals process. THERE OBVIOUSLY IS. All I am saying is that the appeals process is not described in the ratings process part of the ESRB's website.05/29/2015 - 4:59am
IronPatriotI googled appeal esrb.org and it is the first and third hits. Second is esrb talking about appeals for web publishers. Gamefaqs is fourth.05/29/2015 - 4:01am
IronPatriotZachary said he did not find any information about a formal appeals process. I did a simple search and found two places on the esrb site with the info. Just sayin.05/29/2015 - 3:57am
IronPatriotOn Google I get "1 Written Testimony of Patricia E. Vance President ... - ESRB" http://www.esrb.org/about/news/downloads/pvtestimony_6_14_06.pdf05/29/2015 - 3:55am
Andrew EisenNow, that post on GameFAQs was made four years ago. It appears the ESRB has since moved the appeals process stuff behind the publisher login on its website.05/29/2015 - 3:32am
Andrew EisenOh, third link on the Google search. Okay. That leads to a GameFAQs message board which quotes a section of the ESRB website that includes a description of the appeals process. But when you follow the link, that quote doesn't exist.05/29/2015 - 3:30am
Andrew EisenThird link down from what? Look, I'm not arguing the existance of an appeals process. There obviously is one. I was merely noting that it's odd that it isn't described on the website's ratings process section but it is on the mobile site.05/29/2015 - 3:25am
IronPatriotOK, so use the third link down, which describes the appeals process and is not on the mobile site"Publishers also have the ability to appeal an ESRB rating assignment to an Appeals Board, which is made up of publishers, retailers and other professionals."05/29/2015 - 2:47am
Andrew EisenRight, which links to the ESRB's mobile site. On the website (again, unless I'm overlooking it) the appeals process is locked behind the publisher login.05/29/2015 - 2:37am
IronPatriotHuh? Google "appeals esrb". It is the first link. Click it. No login requested.05/29/2015 - 2:31am
 

Be Heard - Contact Your Politician