French ISP Offers to Block File-Sharing, Exposes Users to Attack

June 15, 2010 -

In response to the implementation of France’s “Hadopi” or three-strikes law, which targets illegal file sharers, a French ISP began offering its customers a service that would block file-sharing on their connections, but the software came with its own problems.

Orange was the ISP offering the service, for the small price of two Euros per month, and it was intended to allow users to “control the activity of computers connected to your internet line” by blocking access to an unknown series of blacklisted sites and addresses.

Unfortunately though, according to Torrent Freak, the Windows-only software, as detailed by a techie named Bluetouff, communicated with a public server that still had the default username and password of admin/admin. Oops.

Torrent Freak that it was:

... informed that people have accessed the server and have discovered that it’s possible to send malware to anyone using the software which makes a bit of a joke out of Orange when it claims: “The software runs in the background to ensure your safety without disrupting the important tasks that you perform”

Also, in an additional twist, the former French Minister of Culture, Christine Albanel, is now employed at orange as Executive of Communication.


Comments

Re: French ISP Offers to Block File-Sharing, Exposes Users ...

How do people pull off stupid stuff like this? When I load Windows server applications I dont even use the local service account as the service account, I make a unique user for the services just so this kind of stupidity can not leveraged by a malicious user.

Sorry but this is security 101 stuff. The person who loaded this software needs to be terminated.

Re: French ISP Offers to Block File-Sharing, Exposes Users ...

 I am not following how this would make a differnce in this case.  It sounds like the sever application itself had the default username and password, so creating a unique user on the server would have no impact on the hole.

On the client side, I doubt most users are going to build a jail for a service that their ISP probably tells them to install via 'double click setup and never worry again'.

Re: French ISP Offers to Block File-Sharing, Exposes Users ...

he said that he creates a customized account and uses that as the administrator in place of the default account, essentially replacing it.

 
Forgot your password?
Username :
Password :

Shout box

You're not permitted to post shouts.
Matthew Wilsonalso, it looks like sony finally got a clue http://www.vg247.com/2014/11/26/sony-comes-to-senses-at-last-admits-playstation-is-going-to-save-it/11/25/2014 - 10:56pm
Matthew WilsonI wont say them, but there are other sites beyond youtube. it was a good move by HBO.11/25/2014 - 10:55pm
Papa Midnighthttp://www.pcgamer.com/dark-souls-to-move-from-gfwl-to-steam-a-month-later-than-expected/11/25/2014 - 10:30pm
Papa MidnightMatthew Wilson: Considering ContentID, I can't imagine that would necessarily be a problem for HBO.11/25/2014 - 10:19pm
Matthew Wilsonthey know if they dont, someone will.11/25/2014 - 8:40pm
Sora-ChanIt's a HBO show, which to be honest, considering it's HBO, it's actually surprising they even put any up on youtube.11/25/2014 - 8:36pm
Andrew EisenI imagine they hope the clips they do host (some of which are rather long) are enough to entice viewers to watch the show on whatever channel it airs on.11/25/2014 - 5:54pm
MaskedPixelanteIt's odd that these videos are missing from the official Last Week Tonight page.11/25/2014 - 5:51pm
Andrew EisenRelevant or not, the guy's pretty darn entertaining.11/25/2014 - 4:58pm
WonderkarpJohn Oliver : Corporations On Twitter https://www.youtube.com/watch?v=rG_7xur1iRc I feel like this is relevent11/25/2014 - 4:53pm
WonderkarpBurt Macklin, Anthropologist. I look forward to Jurassic Parks and Recreation.11/25/2014 - 4:36pm
Andrew EisenYep.11/25/2014 - 4:16pm
E. Zachary KnightDid Jaws 3 take place in a theme park?11/25/2014 - 4:14pm
Andrew EisenHey, they're remaking Jaws 3. Sweet! https://www.youtube.com/watch?v=RFinNxS5KN411/25/2014 - 3:22pm
MaskedPixelantehttp://www.joystiq.com/2014/11/25/sony-to-refund-vita-customers-in-ftc-settlement-over-false-ads/ Sony is offering a refund to Vita owners who fell for their false advertising during the Vita launch.11/25/2014 - 2:49pm
Matthew Wilsondoes not shock me. people have been representing this as right vs left, but in truth its more like left vs even more left. better put is social libertarianism vs liberal moralism.11/25/2014 - 2:36pm
WonderkarpOfficial Occupy WallStreet Twitter Supports GamerGate https://twitter.com/OccupyWallSt/status/536928387869474818 heh11/25/2014 - 2:11pm
Matthew WilsonI saw that given that the gc adapters have been sold out everywhere, I thought it was higher.11/25/2014 - 11:49am
MaskedPixelantehttp://www.joystiq.com/2014/11/25/smash-bros-sells-over-490k-on-wii-u-in-three-days/ Some good Nintendo news for a change.11/25/2014 - 11:48am
ZippyDSMleehttp://www.escapistmagazine.com/forums/read/7.865821-Irrational-Games-Rises-From-The-Dead-is-Hiring-Again11/25/2014 - 10:20am
 

Be Heard - Contact Your Politician