Earthstation 5 Claimed to be Malware 548
Rob from RPI writes "You may remember the announcement about a company, or program, or both called Earthstation 5 who recently 'Declared War' on the MPAA. Well guess what? Turns out that it's got code in it that allows anyone to delete any file on your computer. I suggest that you un-install as soon as possible!"
Well yeah.. (Score:5, Insightful)
Tinfoil alarm! (Score:4, Insightful)
Battlestations... (Score:4, Insightful)
Indulging in paranoid speculation - tinfoil alert (Score:5, Insightful)
Let's say ES5 is an MPAA/RIAA front to discredit file sharing and harm filesharers.
Now, apparently, ES5 is in Palestine.
What better way to do "double damage" than to not only have a way to attack filesharers, but also to connect it to a location people associate with terrorism?
OK, tinfoil hat off now.
If you use a computer (Score:5, Insightful)
Not a buffer overflow? (Score:5, Insightful)
If it is malicious it seems odd that they would make it possible for ANYONE to delete someone elses files through crafted search strings, thus significantly increasing the chance of their nefarious plans being uncovered.
If it were me, and I was secretly working for the RIAA, I'd just code in a simple client/server protocol that the RIAA could use to delete people's files, entirely seperate from the normal operation of the program itself. This would be much harder to identify as malicious code.
Sorry, but this just looks to me like a bad "failure to chroot()" bug and not the big conspiracy theory its purported to be...
Re:BAH! THIS IS JUST FUD (Score:3, Insightful)
On the other side of that, $16-20 is unreasonable. $10 would be fair, I think. Considering the hours spent in the studio recording, AFM scale per musician per song being $50 (and that's for low grade musicians), the cost of a decent engineer, cost of using a decent studio (that's not cheap), mastering costs... Then you've got to either spend $$ on an expensive fast cd dup'er, or pay someone to burn 10,000 cd's in a week, artwork for the j-page, printing of the j-page, cd cases, shringwrapping, a UPC, distribution, etc....
Do you honestly think all of that can be done for $2.00 per? Get real.
Re:Stupid stupid people. (Score:2, Insightful)
In a computer's case, it's knowing as much about the program you're about to install as you can and monitoring your computer to see what's going on with it. That way, malware stands a smaller chance of screwing with your system.
Re:Not a buffer overflow? (Score:2, Insightful)
I dont think that its simply something like a missing chroot() bug, i cant think of any good reason why you would have "delete file" command implemented in a P2P client... Fellow slashdotters, anyone got an idea why one would implement this?
Re:Tinfoil alarm! (Score:5, Insightful)
I just get annoyed when I hear a computer attack referred to as an effective terrorist strategy. I certainly could survive if my computer didn't turn on today; no terror here, just kind of disappointment. Perhaps something like this could be called a "bummer. oh well" attack.
Re:Not a buffer overflow? (Score:5, Insightful)
Even in assembler its not too hard to see when an operation is a bug resulting from jumping to a bit
of code when some unexpected events coincide and jumping to the same bit of code when a SPECIFIC packet arrives.
Re:Tinfoil alarm! (Score:3, Insightful)
Nobody really cares if you can turn your computer on. However, a carefully planned attack on financial institutions/networks, military networks and other government systems could be quite effective. This is why said institutions are fanatical about security (or at least they should be).
Re:Tinfoil alarm! (Score:2, Insightful)
Re:Tinfoil alarm! (Score:1, Insightful)
Re:Let's be logical about it (Score:4, Insightful)
Stealing a book from a library == theft.
Photocopying the same book ==copyright infringement != theft.
Burning the book == damage.
See how simple logic is when you're not trolling
I was suspicious (Score:3, Insightful)
"The question then is 'why did they do it?' I'm sure they won't tell us, but here's a theory: They could be working for the RIAA, MPAA, or a similar organization. Once they have enough users on their ES5 network, they would start deleting all copyrighted files they own which their users are sharing. The users wouldn't know what hit them."
Can anyone come up with a plausible scenario where a P2P company would release software that destroys a computer, if it is not connected somehow to these groups?
Called it. (Score:4, Insightful)
-72
A bit tired of this argument... (Score:3, Insightful)
After all, there's probably a GPS tracking system, data recorders that records the times when you're over the speed limit, and other potentially privacy-compromising system hidden in any car you buy.
Do you trust the drinking water coming through your pipes? What, you filter it first? OK, have you bothered to take the filter apart yourself to verify its components work as advertised or do you accept that government regulations will keep them from selling a defective product?
Consider Joe Average. Give him an open source program--he has to trust that you personally went through the code and verified it's clean, or that a bunch of unknowns on the net verified it. He sure as hell isn't going to go through all the code and compile it himself. And do you yourself trust that C compiler? There's that theory about how the original C compiler could have a backdoor put in, and every subsequent C compiler or program compiled could have a backdoor built into it during compile time.
In truth you can't trust ANYTHING you don't make yourself. But it's not practical to make everything yourself because of time constraints or inexperience, so at some point everyone has to put their trust in some system they didn't make themselves. And yes, sometimes that trust is violated, like tires that blow apart for no reason or the water is tainted with e-coli. But in the real world most people can't afford to distrust absolutely everything and still live a real life. Neither can most people who have a computer.
Like I said, I agree with the principle. But this is the real world, and many personal, idealized principles just don't play into it.
Re:Tinfoil alarm! (Score:2, Insightful)
The Arabs living in the former British protectorate of Palestine basically decided in '48 that they'd just head out for a little bit, let their cousins next door clear the Jews out, and create an Arab state. They didn't bet on the Israelis (a) being able to leave behind their self-destructive infighting and (b) kicking the Jordanians', Egyptians' and Syrians' collective asses.
That's what makes the "refugee camps" such a joke, albeit a sad one. These people were voluntary refugees. The Israeli Jews didn't run away, they defended their homes. The Palestinians could have done the same, but they didn't. Case closed. When it became clear Israel wasn't going away, the rest of the Arab world should have accepted the Palestinians into their societies rather than keeping them in camps for 55 years. Their failure to do the same, and subsequent usage of the Palestinians for political purposes is an indictment on them.
Re:Not a buffer overflow? (Score:2, Insightful)
Sounds to me more like somebody forgot to check for "." at the beginning of the deletion path. If you can delete arbitrary files in this way, it would seem likely that you can retrieve arbitrary (not intentionally shared) files, too.
Re:Called it. (Score:1, Insightful)
Re:A bit tired of this argument... (Score:4, Insightful)
Re:Oh God not again... (Score:3, Insightful)
Because of what the implecations of the actions 5000 years ago that let to the current state of injustice, future attrocities 9 and 11 will be committed in anticipation of attrocity 8. And the other side will preemptivly perform attrocity 13 to prevent numbers 9 and 10, but in doing so will actually guarantee that numbers 9 and 10 occur.
Seriously: these people would do well to accept reality as it is, and start building their lives. Get rid of the leaders on both sides that are so hell bent on holding thier breath the longest. Exhale and get on with your lives. You only have so many years on earth, so why spend the rest of it fighting over things you have NO CONTROL OVER, DID NOT START AND REALISTICALLY CANNOT FINISH WITHOUT IT ENDING IN YET ANOTHER POMGROM? Neither side has the will or ability to kill off the other, and the world will not let that happen right now.
Re:Tinfoil alarm! (Score:2, Insightful)
Re:Tinfoil alarm! (Score:3, Insightful)
Because you just know that a well organized technologically sophisticated terrorist cell would target the average user's access to pr0n. Hit us where it hurts, right? Infidel western devils just gotta have that pr0n.
Perhaps it hasn't occurred to you, but computers run: air traffic control, banking, train switching, power production and distribution, water treatment purification and distribution, and pretty much all communication technology at this point.
Having your computer not turn on might be an "aw bummer" moment, but when you realize it's because your power isn't on... unfortunately when you try to report the outage you realize your phone can't get tone. Cellphone doesn't get service either. "Ah, well." you grumble, and get in your car to go get something to eat. Traffic is a bitch, though, all the lights are either out (due to lack of power) or behaving erratically. You stop at the ATM to get some cash for some food, but it doesn't seem to be working. You figure you could just use debit or credit card, but when you finally find a restaurant that's open they explain that they can't seem to process the cards that day. You sigh and content yourself to what you can afford with the few dollars on you: a small bowl of soup and a big glass of water. The glass of water was a bad idea, though, since a valve mix-up at the threatment plant (after they lost computer control and coordination) has contaminated half the water in the city. Your last thought a few days later as the dehydration from the sickness finally steals your conciousness for the last time? It's not about missed e-mail.
On topic (Score:3, Insightful)
I posted what was one of the few on topic posts, and asked if anyone had actually used this program and if it was any good.
Some kind slashdotter responded that it was very buggy and already installed many viruses on his PC and on that note I gave it a wide berth.
Meanwhile everyone else in the discussion was totally engrossed in the Isreali - Palestinian flamewar and seemingly forgot what the origonal story was about.
The moral of this all is:
Well, stay on topic and you might learn something, but then again, fuck it, a good flamewar is always fun too!