Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Privacy Security Software Your Rights Online

Earthstation5 Responds to Malware Claims 207

Zip In The Wire writes "Random Nut, AKA Shaun Garriok, the Author of Kazaalite, has been a vocal critic of Earthstation5 because of a continual online insult war between himself and some rowdy Earthstation5 fans. This has motivated him to be extremely critical of Earthstation5." (We reported yesterday Garriok's claims that Earthstation5 contains spyware.) "We at Earthstation5 desire and request criticism at any time in fact we demand it as we believe that is the only way to make software truly superior." Read on for the rest of Zip In The Wire (Filehoover, ES5's lead programmer)'s explanation, in which he also points to an updated version of the software, and challenges all takers to find spyware within it.

"We at Earthstation5 are not perfect, but we acknowledge that Shaun Garriok might be and thank him for helping us root out bugs.

The problem with the Earthstation5 software that Shaun Garriok found truly exists; however, the sordid motives he attributes to Earthstation5 are incorrect. The following functions were put into Earthstation5 to allow automatic, remote upgrade of the Earthstation5 software.

These functions are:

  1. Reload Earthstation5
  2. Shutdown Earthstation5
  3. Delete a File
All of these functions are necessary to perform when upgrading software.

We have long been admirers of Shaun Garriok's ability to superbly investigate even a fully compiled program. We believe that he is capable of finding ANY sort of trojan, worm, or bug inside a compiled program. We are relieved that all he could find was these remote upgrade functions. He didn't find any bugs that send user data anywhere, no spyware, no adware, nothing, in fact, that gives away any personal information about the user using Earthstation5.

It is also a fortunate fact that since Earthstation5 protects you from the RIAA lawsuits and hackers by hiding your ip address, the exploit program he wrote can only be used against your own computer, which he states in his exploit. If you want to delete files from your own computer, we feel you have the right to do that.

We are glad he found this bug and pointed it out. We completely removed the automatic software upgrade code because as it turns out automatic upgrade is no longer popular as it once was because it gives people an uneasy feeling and rightly so.

Since Shaun Garriok seems to be concerned about everyone's security, and is not on a personal quest for revenge, we would be grateful if he would download the latest Earthstation5 (version 1.1.31), and verify that we have truly removed the remote-update function which his exploit program accessed. We think his dedication to the good of all concerned would motivate him to do this. Anyone else who is concerned can do the same; download the latest Earthstation5 and test the exploit code against it.

-- Filehoover, Lead Programmer of ES5."

This discussion has been archived. No new comments can be posted.

Earthstation5 Responds to Malware Claims

Comments Filter:
  • by Anonymous Coward
    that these people are based in the middle east... their statements have a certain nigerian ring to them.

    I WISH THIS MY PROPOSAL WILL NOT COME TO YOU AS A SURPRISE... I CRAVE YOUR INDULGENCE AS I CONTACT YOU IN SUCH A SURPRISING MANNER. BUT I RESPECTFULLY INSIST YOU READ THIS LETTER CAREFULLY AS I AM OPTIMISTIC IT WILL OPEN DOORS FOR UNIMAGINABLE FINANCIAL REWARDS FOR BOTH OF US...

    # Important Stuff: Please try to keep posts on topic. # Try to reply to other people's comments instead of starting new th
    • A post with no point but to make fun of these guys' imperfect English gets modded up?

      Geez...

  • The original exploit was a method that let anybody delete any arbitrary file from your PC? Could it have just been a poorly implemented version of the "we need to delete specific files" thing mentioned above?

    I've seen worse things put into code on purpose, I might be able to accept this was a mistake, who knows?

    But I've also heard rumours they've been behind some DDOS of good people. That might make be question their motives.

    Either way, whenever you install anything that you didn't compile and read and
    • The original exploit was a method that let anybody delete any arbitrary file from your PC? Could it have just been a poorly implemented version of the "we need to delete specific files" thing mentioned above?

      An RPM package upgrade can, in principle, delete arbitrary files, so why shouldn't this upgrade code? Any code that performs remote upgrades may have to be able to perform pretty much arbitrary file system operations.

      The real issue is that application programs have to have this sort of thing in them
      • Re:Well? (Score:2, Insightful)

        by S.Lemmon ( 147743 )
        It's a bit different - RPMs may delete files but don't sit and listen on an open socket accepting delete requests from a remote server somewhere. That's a whole 'nother kettel of calling the fish black!

        A reasonable auto-upgrade would just have code for the client to delete itself and run the new install I'd think. Also just because ES5 hides IPs doesn't mean someone can't just scan to find people running it. If anyone can connect to you and delete any file, that's a little more than an auto-upgrade feature
        • A reasonable auto-upgrade would just have code for the client to delete itself and run the new install I'd think.

          No. They may have to remove old DLLs, temporary files, etc., for the same reason an RPM package does.

          RPMs may delete files but don't sit and listen on an open socket accepting delete requests from a remote server somewhere.

          Yes, that part is different and quite worrisome. But no matter who originates the upgrade, the code doing the upgrading needs to be able to perform pretty much arbitrar
          • Re:Well? (Score:2, Informative)

            by S.Lemmon ( 147743 )
            The original client can most certainly delete itself, including all DLLs and so forth, with no help from the "new" version. It may have to unload and run a temp process so its files aren't in use, but that's a common procedure. Most auto-update are in fact initiated from the client, not the server. Usually something like

            1) client looks for new version
            2) client downloads new version
            3) client check digital signature of download
            4) client runs temp program
            5) temp program uninstalls old client and installs new
            • It's also possible the old client may just run the install for the new one (and let the new one run the old one's uninstaller), but in any case everything's under the old client's control as much as possible. Never does the remote server tell it what to delete.

              Come on, think a little. If it can download an entire application over the net and then install it, that means it can run arbitrary code. In particular, it can delete whatever the user running it has permission to delete. There simply is no meani
      • An RPM package upgrade can, in principle, delete arbitrary files, so why shouldn't this upgrade code?

        An RPM package upgrade is performed only when and because the root user says so. This is quite different from arbitrary code downloading itself from a remote server, executing itself and deleting files without your say-so.

        I still stand by my earlier statement about closed-source code. Why should I trust any executable if the authors won't even let me look at the source code? Surely if they had nothin

        • You forgot to also mention that I can decompose an RPM into it's SPEC file and scripts and easily see if they do anything that I don't like. On the other hand, if someone comes along and realizes that I run ES5 and figures out my IP address (either because they have access to the central ES5 server or because they found out outside of ES5) they can then connect an beat my system to a pulp.

          I don't have to do anything to have it happen, and I can't do anything to stop it from happening (other than not runn

    • Re:Well? (Score:2, Interesting)

      by Lusa ( 153265 )
      Automatic update my ass. No way was this a mistake, if the program needs to delete files (be it for an upgrade or other reason) it should do it itself when the new program is run and not when a remote server instructs it to by sending a suitably encoded packet (out of curiosity, how does this remote server know when to delete the file for an upgrade, so to speak, or where if the IP is truly hidden?)
    • Overwrite the file, install a new file and ignore the old files, but why delete?
  • by LearningHard ( 612455 ) on Saturday October 04, 2003 @04:05PM (#7134175) Journal
    On the full-disclosure list. It seems that after ES5 found out people had discovered the malware contained in it. They decided to upload a new version which will probably have those functions taken out. I see this as a suspicious move and would be very hesitant to use any of their software myself.
    • You would rather they waited weeks or months to fix a problem they were told about? The idea, as I see it, is to fix problems as soon as they can be fixed. It seems a bit unreasonable to falt them for fixing it quickly when we gripe at others for fixing problems so slowly. They could have put it there with bad intent, or it could be exactly what they clame, a poorly made auto-upgrader. Lord knows they wouldn't be the first to let out a program with less then perfect code. BTW, if it is what they clame, then
    • Their intent is debatable, but assuming for just a moment its original intent was legit.. this is how it should work..

      'find a bug or an issue, they release a fix soon afterwards'..

      If they didn't, people would be bitching about that too.. Geez

      ( disclaimer" I'm NOT a supporter/user of the thing, but their treatment around here is rather hypocritical )

    • And herein lies the root of all conspriacy theory.

      If you do something nasty, get caught, and backpedal it looks suspicious.

      If you do something inadvertent for perfectly altruistic reasons and get accused of falling into the prior catagory and say, "Oh, shit. Ok, we fixed it," it looks just as suspicious.

      If you suspect conspiracy everything always looks like it.

      KFG
  • by AsherD ( 713407 ) on Saturday October 04, 2003 @04:07PM (#7134183)
    If the tone of that statement wasn't so sarcastic and flippant I might feel that RandomNut may have jumped the gun, but ES5 isn't making any more friends by being immature and insulting.
    • On the other hand Samuel Clemens made a damned fine living at it. You should read some of his letters to the editor and responses to various critics.

      Try his criticism of James Fennimore Cooper. Although the target was dead his fans were legion and rabid.

      Sometimes a flippant and well crafted sacastic reply is just what the situation calls for. My own experience is that the brighter the responder the more likely is sarcasm in a rebuttal.

      Unless you live in a world of gray flannel suits walking stiffly and a
    • Look at it from their point of view. (we'll assume for this post that it was not an intentional exploit, just a bug) If it WAS just a bug, and Garriok had just been spewing FUD to discredit them? I'd be more than a little pissed off. His little post led to, I'm sure, a lot of users deleting their software just on his say-so. (a lot of /.ers said as much) He didn't quietly alert them to the problem first, or issue a standard BugTraq style release - he lept straight from "hmm, here's an exploit that can d
  • by Anonymous Coward
    I am very suspicious of the claim that REMOTE deletion of a file is required when updating the software.

    To me, this sounds like damage control, not an honest representation of why that code was in their program. Until the company that makes Earthstation comes up with a plausible explanation for what that code was doing in their program, I will regard Earthstation software as suspect.
  • by Jameth ( 664111 ) on Saturday October 04, 2003 @04:08PM (#7134194)
    How do you not notice that being able to delete files remotely is a problem? Isn't that just about the most obvious thing ever?
    • Basically, there were 2 conceivable ways out of this:

      1. "I did not have sexual..." - deny, deny, deny! OR
      2. "It's, not a bug, it's a feature!"
      [there are other routes, but none as attractive]

      Both are very well known methods used widely in mainstream accusations. A lot of /. comments on the previous article were right in this regard, and we saw route (2) played out today.
      • "The senator refused to deny allegations that he has had sex with a donkey."

        This is also a well know method in mainstream accusations to accuse without being accussable of making accusations.

        The maker of the statement knows that the public will interpret any denial with suspicion that the nonaccusation is true, (otherwise why would he deny it so vehemently?)and any refusal to deny it with suspicion that the nonaccusation is true (otherwise why doesn't he just deny it?).

        KFG
        • "The senator refused to deny allegations that he has had sex with a donkey."

          [...]
          The maker of the statement knows that the public will interpret any denial with suspicion that the nonaccusation is true, (otherwise why would he deny it so vehemently?)and any refusal to deny it with suspicion that the nonaccusation is true (otherwise why doesn't he just deny it?).

          That's true in general terms, but in this case (if indeed that was the case), it could have been easily avoided if, for example, none of the files

  • by Eric_Cartman_South_P ( 594330 ) on Saturday October 04, 2003 @04:08PM (#7134195)
    I use VMWare. I have one VMWare image just for P2P, of WinXP Pro with Norton, Adaware, Sygate Firewall, and Spybot. Inside this VMWare session, I have KazaaLite, Bearshare, eMule, and a half dozen other P2P apps. They can do whatever the fuck they want, because when I shut down my VMWare image all changes are discarded. Every time I boot up the image, I have my fresh, clean install of all my apps. After downloading, I scan the hell out of files, and if good, I'll FTP it to the main box and scan again. I leave internet open for the vmware image, because the firewall will tell me about anything dialing out as nothing has permision and every connection must ask. IMO this is the ONLY way to use P2P safely. My main box has NOTHING P2P on it. It's all inside the VMWare session.

    :)

    • IMO this is the ONLY way to use P2P safely.

      You're not a record industry mole, are you? Just checking. Because how can anyone be so sure that free filesharing is here to stay if *this* is the only way to use P2P safely?

      If you're like most people, and just hunting for that cool song you heard on the radio... it would be easier to buy the CD (and cheaper, if your time has any value).
    • by Dr Reducto ( 665121 ) on Saturday October 04, 2003 @04:45PM (#7134350) Journal
      Unfortunately, sir, you are a leech if you do that.

      I am not trying to flame, but that's what the RIAA is trying to do: Make people afraid to share. If that happens, then the networks will die themselves. The RIAA doesn't give a flying fuck about downloaders, the same way cops don't really care about petty drug users. They both know that you must cut off supply.
      • by Eric_Cartman_South_P ( 594330 ) on Saturday October 04, 2003 @04:49PM (#7134368)
        I am not afraid to share. I just don't want Bearshare installing some 3rd party marketing tracker type stuff on my box. I guess I'm wearing a tin foil hat, but this one is easy to wear.

      • Except that stemming the supply without decreasing demand means an increase in price, and thus incentive for those suppliers who are left to increase their operations, and for new suppliers to enter the market.

        Trying to kill a thing by cutting off the supply is a Really Bad Idea.
        • stemming the supply without decreasing demand means an increase in price

          You're right! If the RIAA cuts the supplers off.. the amount that the downloaders are currently paying to get stuff might double... triple... maybe, just maybe, even increase a hundredfold!!

          I just don't know if I could still afford it.
          • *heh*. I knew that was coming.

            So the price isn't mandatory cost of the software -- but folks who build P2P systems still have *some* kind of motivation, right?

            Maybe it's ego -- doing something daring, dangerous and flashy. If there's plenty of supply of P2P software, folks running Yet Another P2P Network don't get nearly the ego boost as they would if they were one of a few and there were a huge crowd interested.

            Maybe it's banner advertising money. If there are fewer P2P programs out there to buy banner
            • I understand what you are saying.. but there's one minor (read fundemental) flaw with your logic: The P2P companies aren't sharing materials; the users of their software are.

              The RIAA shutting down the "sharers" has no (direct) effect on the P2P companies. The RIAA tried shutting down the P2P companies already and failed.
              • The P2P companies aren't sharing materials; the users of their software are.

                What's your point? The users are (largely) guilty of copyright violation; the companies are (largely) guilty of knowingly facilitating them in this. Either is a fine target, and both have been succesfully sued.

                The RIAA shutting down the "sharers" has no (direct) effect on the P2P companies.

                Whatever your motivation, be it ego or advertising dollars -- take away your user base, and you no longer get any.
                • Either is a fine target, and both have been succesfully sued.

                  Actually, that's not true. The RIAA has not won a single lawsuit against a P2P company since Napster.

                  Whatever your motivation, be it ego or advertising dollars -- take away your user base, and you no longer get any.

                  I think you are agreeing with me in a wholly interesting way. The argument that I thought was silly was "if you get rid of the sharers, the price of downloading will increase". When I made a joke about that, the argument quick
    • Or use an open source client [mldonkey.net] to connect to half a dozen p2p networks ( edonkey, overnet, bittorrent, gnutella, gnutella2, fasttrack, soulseek, direct-connect, and opennap)...
    • How much disk space do you give for each VMware session? You must have a lot of disk space assuming you only create disk space in the image and not sharing with the host's disk space.
  • Hiding IP Address (Score:3, Interesting)

    by augustz ( 18082 ) on Saturday October 04, 2003 @04:09PM (#7134200)
    "by hiding your ip address" they claim that this is not exploitable?

    Somone scans a network of cables users, and sends them all the packet and command to delete boot.ini. How does 'hiding' your IP address help?

    If they have the feature in for automatic updates (unsigned), then clearly they expect to be able to connect to it using, what else, an IP ADDRESS, "hidden" or not.

    Hard to beleive they have 15 million folks on at the same time.
    • by krumms ( 613921 )

      Article:

      It is also a fortunate fact that since Earthstation5 protects you from the RIAA lawsuits and hackers by hiding your ip address, the exploit program he wrote can only be used against your own computer, which he states in his exploit. If you want to delete files from your own computer, we feel you have the right to do that.

      augustz:

      How does 'hiding' your IP address help?

      It doesn't. He's full of shit - and I bet he's dumb enough to believe that shit.

      He screwed up rather badly, it's just a shame

    • by Izago909 ( 637084 ) <tauisgodNO@SPAMgmail.com> on Saturday October 04, 2003 @04:34PM (#7134295)
      I think they are implying that hiding your IP in the GUI makes it safe. It's based on the theory that RIAA spies are sitting around with copies of P2P apps and a notepad writing down IPs.

      In all honesty I really don't care if there is code that allows remote deletion of a file in ES5. I refused to use it long before this. Ignoring the horribly ugly GUI, there are still many other concerns. Who guarantees the proxies you use are safe and don't keep logs? Can't the RIAA's enforcers set up a bunch of "anonymous" proxies and advertise their presence on IRC, Usenet, and other file sharing circles? How is spouting propaganda about hiding the IPs in the GUI supposed to make me think you know jack about network security? Being based in such an unstable area may help protect the company and/or developers, but that doesn't say anything about the users. With the developers constantly taunting copyright enforcers, how long will it be before they start targeting users? An over inflated sense of security is the worst enemy of P2P users. Encrypted data transfers don't mean anything. The enforcers don't sniff packets anyway. All they do is download a shared file, verify it's copyrighted, and issue a subpoena. If they can't get past the proxy, they will just have it taken down. Just pray that it didn't keep some sort of log. Eventually, the only operating proxies will be so obscure, distant, slow, or overwhelmed that nobody will use them and he network would slow to a crawl. The only decent servers will be RIAA honey pots. All this because some developer got cocky and started running his mouth.
      • I think they are implying that hiding your IP in the GUI makes it safe. It's based on the theory that RIAA spies are sitting around with copies of P2P apps and a notepad writing down IPs.

        No, he didn't want to imply anything. The context of this sentece which matters for him is exactly this:

        It is also a fortunate fact that since Earthstation5 protects you from the RIAA lawsuits and hackers by hiding your ip address, bla bla bla bla

        IOW, in worst marketing/politician manner, he wanted to plug once ag

      • And lord help us if the RIAA were to discover the evil nasty "netstat -an" command that works on most every computer! Worse yet, if they were to download TCPView from sysinternals.com. Heavens forbid -- IP addresses all over the
        place! Nobody's safe!

        In all seriousness, anyone that thinks you can "scramble" an IP address and still use a protocol like TCP is full of shit. I'm sure you could think of all sorts of bizarro schemes to bounce packets around using raw sockets and UDP spoofed source addresses or
  • One question (Score:3, Interesting)

    by edxwelch ( 600979 ) on Saturday October 04, 2003 @04:12PM (#7134207)
    Before the usual Palestinian - Isreali flame war gets going, I would like to ask just one question:
    Does anyone use Earthstation and how does it compare to the other p2p networks?
    • Re:One question (Score:4, Informative)

      by mOoZik ( 698544 ) on Saturday October 04, 2003 @04:16PM (#7134225) Homepage
      I tried it out a while ago, and it sucked. Besides the horrible GUI and the constant "We're Israeli, Palestinian, Jordanian..." messages, the results for even common files were poor. The same searches on Kazaa yielded better results in my evaluation, which is ironic, because ES5 claims they have 3 or 4 times more people at any given time.
    • You'll have better search results with gnutella. That is, once you learn the GUI. Seriously, it's awkward, ugly, and just plain sucks. Most all of the "security" is actually useless and can be worked around. I'd say stick with K++ and shareaza.
  • by botzi ( 673768 ) on Saturday October 04, 2003 @04:14PM (#7134212)
    ...and it does seem believable. Random_Nut's comments with the exploit paper were a too influenced by his personal opinion....

    Anyway, ES5 has a *baaaad* name and this last exploit is by far not the only reason of it.
    Their claims of having zillions of users online(ever tried to use it???Well, not *exactly* true.), the chat snippet about DoS-ing bittorent sites(What kind of looser would do that???). A couple of "spammers" posting on the "concurrent" p2p tools boards.....
    To conclude... ES5 has never been an option for me, and even if their claims on absolute privacy are a nice dream, I prefer sticking to Klite and Bittorent experimental.
    • ..they have such a corny, geekified name. I mean doesn't Earth Station 5 sound like some lame sci-fi dream of a little geek who doesn't get out much? :)
    • No, it isn't reasonable at all. Try to figure how such an update would work:

      1. delete files
      2. ...
      3. profit

      (just joking).
      But seriously, given you have the methods he cites, i.e. reload, shutdown, delete, please explain to me how such an upgrade should work? Remember how windows locks files which are in use.

      And why on earth should it be necessary to remotely delete files for an upgrade?? And note that he just talks about reload (i.e. restart), delete, and shutdown, how did they intend to actually automatic
  • It is also a fortunate fact that since Earthstation5 protects you from the RIAA lawsuits and hackers by hiding your ip address

    If you are establishing connections to a remote machine, there is probably a method by which an individual can determine your IP address. "Intermediary proxy servers" are susceptible to compromise, too.
  • by Anonymous Coward on Saturday October 04, 2003 @04:15PM (#7134222)
    Just so ES5 PR doesn't get to have the only spin, perhaps people should see how other employees reacted to it such as:


    I think its pretty fucking pathetic that he made a crack instead of a patch, so like I said, if I were him, I'd look behind my back. You attack me or my users, and yes, I will send people to your front door. I dont fuck around because the responsibility that I have to my users does not allow me to fuck around. Rules changed, and he probably doesnt know how to play them. My identity is sealed, so again, he doesnt know who his enemy is. He is not anonymous nor is his family.


    This guy wants a patch to a closed application and would not listen to any one about exploits as the don't want to pay the $50,000 they would give to anyone finding an exploit. This guy posted Shaun's home address in the ES5 forums and threatened his family life.

    This is thier network admin doing this, would you trust him with your IP and thier fancy anonymous security? If they want to keep any standing, at a minimum they need to fire that guy as his comments.. well I just don't trust him and in most places threats like he made are illegal.
  • Show me the code! (Score:3, Interesting)

    by ccady ( 569355 ) on Saturday October 04, 2003 @04:18PM (#7134238) Journal
    This is all very nice, but if you want to convince me that EarthStation V is safe, show me the code.
  • by plj ( 673710 ) on Saturday October 04, 2003 @04:19PM (#7134240)
    ...unless you can explain this. [slashdot.org]

    Not that I'd trust that AC either, but be on your guard anyway.
    • Well, I'm not sure I see what the problem here is. It's pretty easy to explain.

      The RIAA has formed a shell company under their control to infiltrate and infect the music file sharing networks. They have outsourced it into the the extralegal hands of Hamas. They will be using this network to gather data on p2p users, spread malicious code to make people afraid of using p2p networks and generally raising mayhem.

      There. I've explained it. Does that mean I can trust them now?

      KFG

  • To be honest and blunt... Who gives a rat's ass? Let's be realistic about something here; if someone purchased a product which injures you, or doesn't work to your expectations, what do you do? You get your money back and move on to another program. So what's the big deal here?

    Firstly it's a free damn program, so it's not like nothing is lost unless someone is a moron knowing what they 'could' do, and still using the product.

    FYI do you know how many times I see emails from companies like Symantec, Windows

  • There are all kinds of fanboys who either love a program or hate a program so much that they will claim that it has/does not have Malware in it when the opposite is true. Take GameSpy Arcade, for instance. There are people coming in all the time with claims that GSA has spyware in it when it really isn't there.

    Why this is a story worthy of Slashdot confuses me in some ways. People make false claims all the time, and when it is one as inconsequential as this then why are we giving it so much attention?
    • False? (Score:2, Interesting)

      Yeh, I know that there are a lot people out there that take pride in the programs and everything, obviously Random_Nut liking his own K-Lite K++ a bit ;) But, the point was that these claims were not false, the lead programmer even admitted to them.

      Whether or not these were implemented for remote upgrading wasn't the point, Random_Nut was showing it as a vulnerability that could be exploited in an already 'shady' program. I will admit, that I haven't used ES5 though, because I simply believe it is a load
      • I wasn't really trying to pass judgement that the claims were false. I did wander off in that direction in the second part of the post, but I kind of missed out on trying to get my main point across that was that this is being blown out of proportion, at least it is IMO.

        We don't get a Slashdot story every time Microsoft finds vulnerabilities in its software, do we? No. And thank God for that.
      • I've never actually gotten any fake files on Kazaa. It's probably due to what I listen to, but it is proof that Kazaa can still be useful.
  • by Jugalator ( 259273 ) on Saturday October 04, 2003 @04:31PM (#7134285) Journal
    The following functions were put into Earthstation5 to allow automatic, remote upgrade of the Earthstation5 software.

    These functions are:
    Reload Earthstation5
    Shutdown Earthstation5

    Delete a File
    All of these functions are necessary to perform when upgrading software.


    Hell no.

    These guys should learn something about computer security. Funny that the same guys who're using a solution that screams "EXPLOIT ME" is developing some application that's supposed to be focused on extra security.

    This is how to perform a teeny bit safer automatic upgrade:

    - Server sends a packet containing a field that says it's an update packet, along with a version ID to update to, i.e. 110 for version 1.10 or whatever.

    - Client receives packet and uses a partial client-side URL to the place where the new version can be downloaded. For example, the client could use the partial URL "http://www.es5.com/files/es", attach the received version ID (that is: "110") to the string, and finally the file extension, to form the URL "http://www.es5.com/files/es110.zip". The client then takes care of its shutdown, auto-install, and restart sequence.

    Voila! Upgraded application without a RANDOM UNVERIFIED COMPUTER sending the CLIENT a message to DELETE something and it BLINDLY AGREES to. It's amazing that such poor programmers can even design something that compiles. Or are they hired by the RIAA to fool people into downloading their "new, cool and extra safe" application?

    I wouldn't recommend anyone to download the DNS-faking "we-have-more-users-than-Kazaa" dudes' software.
  • Bwahahaha (Score:5, Funny)

    by fluxrad ( 125130 ) on Saturday October 04, 2003 @04:31PM (#7134287)
    This is a laught riot.

    It is also a fortunate fact that since Earthstation5 protects you from the RIAA lawsuits and hackers by hiding your ip address, the exploit program he wrote can only be used against your own computer, which he states in his exploit.

    • Broadband connection: $50
    • 150GB Disk: $175
    • Realizing your OS was wiped after trying to grab Britney's latest album: priceless!

    There are some things money can't buy, for everything else, there's netstat -i
  • COINTELPRO (Score:2, Informative)

    by Anonymous Coward
    Go read about COINTELPRO and then realize that EarthStation 5 is the MPAA/RIAA version.
  • Has anyone read these [com.com] comments?

    I love how all the positives sound almost the same. It's as if maybe 2 or 3 people (the people involved in ESV?) wrote all the positive comments. The negative comments speak for themselves.
  • Open your code base up and we'll have a look.
  • by account_deleted ( 4530225 ) on Saturday October 04, 2003 @04:47PM (#7134361)
    Comment removed based on user account deletion
  • Is this accurate? Isn't this built into IPv6 that most systems use today and if not, it is built into the older IP standards, all part of the TCP/IP layers. I thought you would have to modify the kernel to make it such that a packet sent to your computer could not be traced back. And even if you do remove that part of TCP/IP protocol, the very next hop will attach it's IP so your IP is never more than 1 hop away. I should read their methods first I guess (proxy servers?), but if you send it, someone, so
    • IPv6 that most systems use today Welcome, visitor from the future! In the twenty-fourth-and-a-half century, does the Linux IPv6 implementation finally work? Unfortunately, our current primitive networking technology provides no method of communicating directly with other computers anonymously. On the other hand, if you connect to only a few computers directly, and those computers cooperate to disguise the origin of your traffic, it may well be the case that nobody else knows who you are.
      • IPv4, sorry :)

        Yeah, I thought about methods for doing that, but eventually someone is sending you a packet that can be read from the buffer and easily decoded to see whom is sending this file. No?
        • Yes, I don't think it's possible that "nobody" knows who you are. On the other hand, if you're connected directly to only a few people, it may be that only a few people know who you are, which is almost as good. (Contrast this with Napster, where anyone who wants to knows who you are.)
  • These functions are: 1. Reload Earthstation5 2. Shutdown Earthstation5 3. Delete a File All of these functions are necessary to perform when upgrading software. You dont need "delete", you can just overwrite pre-existing files to upgrade.
  • I have never heard a company like Real, for example, come right out and say, "hey, our code does a, b, and c, and that's because we want the following relevant functionality." Huge, chocolate-coated kudos to Earthstation for having the cajones to just state what their supposed "spyware" is actually doing. If only other software makers would state what their software is up to (or perhaps just make the source open so we can figure it out), maybe there'd be less security scares!
  • by aepervius ( 535155 ) on Saturday October 04, 2003 @05:52PM (#7134597)
    I mean, I programmed this last month a test tool application on a LAN network, and frankly I *DO NOT* need to have a delete file command in the client. I mean,the client pretty well know which files it has to update (it is included in the update message) and it launch an updater application in background and stop itself so as to allow the files to be deleted/copied.

    This is one solution, and I am pretty sure bunch of people here can come with others. But having a delete command is certainly a loosy way to do that. Heck on the net it OBVIOUSLY means that you open the door to an attacked reverse engineering your app for bad purpose and allow it a nice way to wreak havoc on a system. Either their application E.S.5 is not that great as they are hypping it (haha), or they really are searching excuse for obvious malware. If this is the second option which is true, the next malware code will be hidden behind encryption and packet won't be easily decoded.

    people go away from ES5. You will from now on have now way to determine if you are not installing a trojan on your computer UNLESS they give you the source code and a compiler to compare the final binaries md5 with what you can generate...
    • And, I may be wrong on that, but I doubt an application on windows is really able to delete itself while running, because of the file locking semantics on windows.
      I mean, nowhere I read that the network port was closed after the exploit code was issued, so the application continued to run. How could it then delete itself?
      If this isn't possible, an automatic update (which they incidentally didn't use to push their new corrected version, you have to download it yourself, it seems) had to start another process
  • The reason for ES5's inclusion of the function is as bad as the function itself; if ES5 is remotely upgradeable without the user's okay, then the upgrade may contain malicious code.
  • If you can't look at the source for a p2p system, then its not truly safe. It is as simple as that.

    P2P opens up a whole different degree of responsibility for local system resource usage, and in fact the primary function of a p2p app is to manage local system resources on behalf of a 'greater good' of bigger resources provided to the community.

    I wouldn't really put much faith in any p2p solution provider who didn't have full disclosure of source code as a priority in their front line for dealing with their users ...

    I mean this as a potential professional user of p2p [ampfea.org], as well as a personal user too.
  • 1. They spend a lot of energy attacking other P2P applications: much of their marketing is simply "we're better than such-and-such". I don't recall such hostility in the P2P camp before ES5 showed up.

    2. Their application does not work. Pure and simple.

    3. They lie about the number of users online.

    4. They have an high number of "features" with no obvious sense or meaning.

    5. They distract the user with chat, dating, movie downloads (?).

    6. They are highly aggressive: "declare war on the RIAA, Palestinian

If it wasn't for Newton, we wouldn't have to eat bruised apples.

Working...