French ISP Offers to Block File-Sharing, Exposes Users to Attack

June 15, 2010 -

In response to the implementation of France’s “Hadopi” or three-strikes law, which targets illegal file sharers, a French ISP began offering its customers a service that would block file-sharing on their connections, but the software came with its own problems.

Orange was the ISP offering the service, for the small price of two Euros per month, and it was intended to allow users to “control the activity of computers connected to your internet line” by blocking access to an unknown series of blacklisted sites and addresses.

Unfortunately though, according to Torrent Freak, the Windows-only software, as detailed by a techie named Bluetouff, communicated with a public server that still had the default username and password of admin/admin. Oops.

Torrent Freak that it was:

... informed that people have accessed the server and have discovered that it’s possible to send malware to anyone using the software which makes a bit of a joke out of Orange when it claims: “The software runs in the background to ensure your safety without disrupting the important tasks that you perform”

Also, in an additional twist, the former French Minister of Culture, Christine Albanel, is now employed at orange as Executive of Communication.


Comments

Re: French ISP Offers to Block File-Sharing, Exposes Users ...

How do people pull off stupid stuff like this? When I load Windows server applications I dont even use the local service account as the service account, I make a unique user for the services just so this kind of stupidity can not leveraged by a malicious user.

Sorry but this is security 101 stuff. The person who loaded this software needs to be terminated.

Re: French ISP Offers to Block File-Sharing, Exposes Users ...

 I am not following how this would make a differnce in this case.  It sounds like the sever application itself had the default username and password, so creating a unique user on the server would have no impact on the hole.

On the client side, I doubt most users are going to build a jail for a service that their ISP probably tells them to install via 'double click setup and never worry again'.

Re: French ISP Offers to Block File-Sharing, Exposes Users ...

he said that he creates a customized account and uses that as the administrator in place of the default account, essentially replacing it.

 
Forgot your password?
Username :
Password :

Poll

Will Code Avarice's Paranautical Activity make its way back onto Steam?:

Shout box

You're not permitted to post shouts.
quiknkoldMarvel just made my nips hard10/22/2014 - 9:50pm
Andrew EisenMarvel also shows it understands that once it leaks, it's out there and went ahead and officially released the trailer. https://www.youtube.com/watch?v=tmeOjFno6Do10/22/2014 - 9:36pm
E. Zachary KnightMarvel's response is the best.10/22/2014 - 9:31pm
Andrew EisenI'll be streaming some games tonight at 8p PST in preparation for Saturday's marathon. twitch.tv/andreweisen10/22/2014 - 9:30pm
Adam802http://www.cbsnews.com/news/3d-video-games-surprising-concern/10/22/2014 - 9:16pm
MaskedPixelanteI'm not sure how to feel about Ultron's mouth. I'm sure he has one in the comics, but this is getting dangerously close to Transformers "Optimus has a defined mouth and it looks super weird" territory for me.10/22/2014 - 8:49pm
Andrew EisenMarvel on the leaked Avengers 2 trailer: https://twitter.com/Marvel/status/52507165630662656010/22/2014 - 8:09pm
E. Zachary KnightI squeed like a little girl when I watched the leaked Avengers Age of Ultron trailer. So much awesome.10/22/2014 - 6:47pm
quiknkoldI have a problem with games that use a digit for sequals when clearly they can be called something else. Five Nights at Freddy's 2? Nonono. Its "Another Five Nights at Freddy's" or "Five Nights Week 2"10/22/2014 - 5:30pm
E. Zachary KnightExtra Credits has come out against GamerGate. https://www.facebook.com/ExtraCredits/posts/86104175727438610/22/2014 - 5:28pm
E. Zachary Knightis it really that hard to answer a question, that to me seems fairly straight forward? I ask, because I have asked a specific question now 3 times without an actual answer in the wastebook thread.10/22/2014 - 5:20pm
Andrew EisenFive Nights at Freddy's 2! Yay! https://www.youtube.com/watch?v=lVPONdZBh6s10/22/2014 - 5:07pm
Matthew Wilsonyou guys know he doesnt work for ea anymore?10/22/2014 - 5:02pm
WymorenceYou forgot having to open Unity through Origin too. :p10/22/2014 - 4:37pm
MaskedPixelanteUnity will now be licensed out half finished, with remaining tools to be sold back to you for 10-15 dollars a piece.10/22/2014 - 3:23pm
E. Zachary KnightNot a big fan of this news, but Unity3D's CEO is stepping down and John Riccitiello steps up. http://gamasutra.com/view/news/228384/Helgason_steps_down_as_Unity_CEO_and_John_Riccitiello_steps_up.php10/22/2014 - 3:06pm
MaskedPixelanteIt's probably extremism.10/22/2014 - 12:07pm
Matthew Wilsonthat being said, they are more likely to blame religious extremists than games.10/22/2014 - 12:01pm
Matthew Wilsonlets just hope they dont try to blame video games.10/22/2014 - 12:00pm
MaskedPixelanteOh joy, Ottawa's on lockdown, this is going to be a fun couple of days...10/22/2014 - 11:56am
 

Be Heard - Contact Your Politician