French "three strikes" anti-piracy software riddled with flaws

Found on Ars Technica on Wednesday, 25 May 2011

TMG's server was running a custom-written administration program coded in Delphi. It had the unusual security feature of not requiring any authentication at all, allowing anyone connecting to port 8500 to send commands to the server.

The update command connects to an FTP server, retrieves a file, and then executes it-all without authentication-and rather than connecting to a specific FTP server, it allows the server to be specified when the update command is given.

This could in turn allow the private networks used by TMG for sharing IP address information with the French authorities to be attacked and possibly compromised-a risk that led to the temporary cessation of data collection last week.

That's what you get when you let clueless politicians give instructions to incapable companies. It's like watching "Dumb and Dumber"; the only sad thing is that this is the reality.

Browse all articles« Previous « » Next »