Page 3 of 4 FirstFirst 1 2 3 4 LastLast
Results 21 to 30 of 36

Thread: A warning about FSLabs - Their installer logs your passwords!

  1. #21

    Default

    The fact that they would even do this is not only illegal but unethical. Once you give support to these kinds of things more company's will try it. Nope, not on my machine.

  2. #22
    Join Date
    Mar 2005
    Location
    It's a little cold outside right now.
    Posts
    7,610

    Default

    It was wrong when Sony tried something similar 12 years ago, and it is still wrong today. Piracy is also wrong, but two wrongs don't make a right.

    https://en.wikipedia.org/wiki/Sony_B...ootkit_scandal

  3. #23

    Default

    Well if were FS Labs I'd be reinforcing my files, servers and internet connections because where you get pirates you get hackers, and it's almost certain they'll be coming for them...

    The counterpoint to all this publicity is it raises their profile enough to make them targets - as individuals and as a group.

    Customers should back up their installer files before they get corrupted, or their site brought down by a DNS attack.

    Personally, I wouldn't touch `em with a barge pole. Any organisation or individual that thinks the rules don't apply to them is inherently untrustworthy.

    Vacuous apologies and minor tweaks to installers don't diminish the untrustworthiness.

  4. Default

    Eesh, the amount of people on their forums who really have trouble understanding the issue with what they did is absolutely frightening (and even more annoying, those on their forums who seem to think it being FSLabs' software means anything goes/they can do anything - ignoring that there are laws and social norms regarding data collection, etc) - from the shady way they added this software, to how it operates, to the fact that it will decrypt Chrome credentials for ANYONE who uses the computer in question, and sends it over HTTP, UNENCRYPTED (as opposed to HTTPS), which provides a HUGE potential for fraud, identity theft.

  5. #25

    Default

    Lost in all the noise and rampant hysteria is one singular fact:

    One and only one specific serial number activated this program. For everyone else, the .exe file was deleted completely, safely and silently.

    Don't believe me? Scan your system with any and all AV software as you wish. You will not find a trace of this anywhere...

    Before bringing out the pitchforks and lighting those torches, please understand that I too think what FS Labs did was incredibly stupid. In no way do I condone their actions!
    Last edited by n4gix; 02-24-2018 at 01:38 PM.
    Bill Leaming
    Gauge Programming - 3d Modeling Military Visualizations
    Flightsim.com Panels & Gauges Forum Moderator
    Flightsim Rig: Intel Core i7-2600K - 8GB DDR3 1333 - EVGA GTX770 4GB - Win7 64bit Home Premium
    Development Rig1: Intel Core i7-3770k - 16GB DDR3 - Dual Radeon HD7770 SLI 1GB - Win7 64bit Professional
    Development Rig2: Intel Core i7-860 - 8GB DDR3 Corsair - GeForce GTS240 1GB - Win7 64bit Home Premium
    NOTE: Unless explicitly stated in the post, everything written by my hand is MY opinion. I do NOT speak for any company, real or imagined...

  6. #26
    Join Date
    Mar 2005
    Location
    It's a little cold outside right now.
    Posts
    7,610

    Default

    Quote Originally Posted by n4gix View Post
    One and only one specific serial number activated this program. For everyone else, the .exe file was deleted completely, safely and silently.
    Can you or anyone else guarantee with 100% certainty that this will always be the case? Or that someone else couldn't find a way to take advantage of the situation, especially now that it is widely known? According to one review of the files and server the data was being sent too, the data wasn't encrypted and the server had the Windows RDP ports exposed to the internet. Not exactly reassuring. See the CCleaner infection from last summer for one example where malicious hackers broke into a legitimate company's servers through security holes and infected the downloads.

    https://www.fidusinfosec.com/fslabs-...combat-piracy/

    The backlash from the flight sim community and elsewhere, I think, is rightly justified to make it clear to all developers that installing malware is without question unacceptable.

    This is also a good time to highlight that one should not use the save password functionality in web browsers. Standalone password managers such as 1Password, Dashlane and Keepass are far better solutions.

  7. #27

    Default

    Quote Originally Posted by loki View Post
    Can you or anyone else guarantee with 100% certainty that this will always be the case? Or that someone else couldn't find a way to take advantage of the situation, especially now that it is widely known? According to one review of the files and server the data was being sent too, the data wasn't encrypted and the server had the Windows RDP ports exposed to the internet. Not exactly reassuring. See the CCleaner infection from last summer for one example where malicious hackers broke into a legitimate company's servers through security holes and infected the downloads.

    https://www.fidusinfosec.com/fslabs-...combat-piracy/

    The backlash from the flight sim community and elsewhere, I think, is rightly justified to make it clear to all developers that installing malware is without question unacceptable.

    This is also a good time to highlight that one should not use the save password functionality in web browsers. Standalone password managers such as 1Password, Dashlane and Keepass are far better solutions.
    Better still, UNPLUG: The sims only require a live connection at the whim of an aftermarket supplier, And FS Lapdogs prove they are inherently untrustworthy. Much like ORBX a few years ago. Everyone else should be subject to independent scrutiny.
    After all, they're using the world wide web to disseminate the products...

    It's time to separate the piracy of personal greed from the complicity of corporate gain. And if that means assessing the large proportion of innocent developers as potential criminals? Well THEY can blame the likes of FSlabs and ORBX for starting it...

  8. #28

    Default

    Quote Originally Posted by n4gix View Post
    One and only one specific serial number activated this program. For everyone else, the .exe file was deleted completely, safely and silently.

    Don't believe me? Scan your system with any and all AV software as you wish. You will not find a trace of this anywhere...

    Before bringing out the pitchforks and lighting those torches, please understand that I too think what FS Labs did was incredibly stupid. In no way do I condone their actions!
    First, we only have FSL's word for that and they've already been proven to be economical with the truth. Secondly, whilst the file may well be deleted after installation, the fact that malware was installed at all, even for a limited time, makes it an illegal act in many countries. Just because it's gone doesn't make it any less of a crime.

  9. Default

    Lesh, you are the one who is being economical with the truth.
    Malware?? Installed??

    Just read the statement FSLabs gave. the link was also posted in pst 7, I will post it again below so you can read it at your leasure.

    1) First of all - there are no tools used to reveal any sensitive information of any customer who has legitimately purchased our products. We all realize that you put a lot of trust in our products and this would be contrary to what we believe.

    2) There is a specific method used against specific serial numbers that have been identified as pirate copies and have been making the rounds on ThePirateBay, RuTracker and other such malicious sites.

    3) If such a specific serial number is used by a pirate (a person who has illegally obtained our software) and the installer verifies this against the pirate serial numbers stored in our server database, it takes specific measures to alert us. "Test.exe" is part of the DRM and is only targeted against specific pirate copies of copyrighted software obtained illegally. That program is only extracted temporarily and is never under any circumstances used in legitimate copies of the product. The only reason why this file would be detected after the installation completes is only if it was used with a pirate serial number (not blacklisted numbers).
    Source:
    https://forums.flightsimlabs.com/ind...clarification/

    See, only temporarily, so not "installed".
    And, not in legally purchased copies.

    Maybe Lesh you should complain to the companies such as ThePirateBay, RuTracker and other such malicious sites.
    Last edited by il88pp; 02-25-2018 at 07:07 AM.

  10. #30

    Default

    Quote Originally Posted by il88pp View Post
    Lesh, you are the one who is being economical with the truth.
    Malware?? Installed??

    Just read the statement FSLabs gave. the link was also posted in pst 7, I will post it again below so you can read it at your leasure.



    Source:
    https://forums.flightsimlabs.com/ind...clarification/

    See, only temporarily, so not "installed".
    And, not in legally purchased copies.

    Maybe Lesh you should complain to the companies such as ThePirateBay, RuTracker and other such malicious sites.
    You utterly miss the point: The crime is committed when it illegally transmits data to which it has no right of access to a source that has no right to receive it - and then corrupts that data.

    Two wrongs don't make a right.

    As had been proved time and again the pirates are considerably smarter than developers, and all this achieves is the potential victimisation of legitimate customers. And the undermining of the developers reputation.

Page 3 of 4 FirstFirst 1 2 3 4 LastLast

Similar Threads

  1. Replies: 2
    Last Post: 02-25-2018, 04:53 PM
  2. Replies: 1
    Last Post: 02-17-2018, 08:03 AM
  3. Replies: 0
    Last Post: 02-11-2018, 11:54 PM
  4. Replies: 12
    Last Post: 02-08-2018, 03:42 PM
  5. Why your flightsim has two different passwords?
    By Big777jet in forum PC Software Tech
    Replies: 1
    Last Post: 02-19-2010, 12:21 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •