Hackers expose flaws of French 'three strikes' software

Hackers expose flaws of French 'three strikes' software
Software that would be used for France's 'three strikes' anti-piracy policy found to be tremendously flawed.

Last week, plans to implement a three strikes policy in France that could lead to the disconnection of file sharers caught sharing illegal files were put on hold after it was revealed the company tasked with tracking activity had been hacked.



TMG's server software could then be examined by hackers to understand how it works. The result shows that the software is very insecure, and should cause concerns about TMG's involvement in the three strikes policy.

TMG servers were running a custom administrative program written in Delphi, which didn't require any authentication at all. Basically, anyone could connect to port 8500 and start sending commands directly to the server.

While the commands supported were limited to shutting down, rebooting, start/stop P2P client, software updates and others, they were sufficient to allow hackers to do whatever they wanted with the servers.

For example, the update command connects to an FTP server, retrieves a file and then automatically executes it. Remarkably, it does not have a pre-set FTP server and literally allows for any FTP server to be specified as part of the update command.

This means hackers could more or less get the TMG server to run whatever software they wanted it to. TMG is the only company that has been authorized to collect the IP address data needed to take action against alleged Internet pirates.

Written by: James Delahunty @ 26 May 2011 17:08
Tags
France P2P
Advertisement - News comments available below the ad
  • 2 comments
  • hearme0

    HA HA HA.......nothin' like runnin' Homebrew on anti-piracy servers intended to bust people.


    As for the 3 strikes law..........I'm kinda tossed up about that. Not sure if it's good or bad because on one hand, you're a complete F'ing idiot if you're getting caught for piracy 3 times and since stupidity can't be punished, well.......punish this.

    On the other hand, it's awfully extreme.

    27.5.2011 12:29 #1

  • ChappyTTV

    Wow...basic admin policy completely ignored, what a joke.
    This would be like breaking into your 3 y/o's piggy bank while they're d'stairs watching cartoons, possibly even easier.

    And this is a company tasked with enforcing/monitoring an entire country's legal policy??
    Hey TMG...scotch tape doesn't make a secure firewall...

    6.6.2011 16:43 #2

© 2024 AfterDawn Oy

Hosted by
Powered by UpCloud