SoylentNews is people
SoylentNews
The usually staid world of professional-grade flight simulations was rocked by controversy over the weekend, with fans accusing mod developer FlightSimLabs (FSLabs) of distributing "malware" with an add-on package for Lockheed Martin's popular Prepar3d simulation. The developer insists the hidden package was intended as an anti-piracy tool but has removed what it now acknowledges was a "heavy-handed" response to the threat of people stealing its add-on.
The controversy started Sunday when Reddit user crankyrecursion noticed that FSLabs' Airbus A320-X add-on package was setting off his antivirus scanner. FSLabs had already recommended users turn off their antivirus protection when installing the add-on, so this wasn't an isolated issue.
The reason for the warning, as crankyrecursion found, was that the installer seemed to be extracting a "test.exe" file that matched a "Chrome Password Dump" tool that can be found online. As the name implies, that tool appears to extract passwords saved in the Chrome Web browser—not something you'd expect to find in a flight-sim add-on. The fact that the installer necessarily needs to run with enhanced permissions increased the security threat from the "Password Dump."
[...] In a later update, Kalamaras acknowledges that some users were uncomfortable with "this particular method which might be considered to be a bit heavy-handed on our part." The company promptly released a new installer without the test.exe code included.
FlightSimLabs, a studio that specialises in custom add-ons for other company's flight sims, has been found to be secretly installing a program onto user's computers designed to check whether they're playing a pirated copy of their software.
The code—basically a Chrome password dumping tool— was discovered by Reddit user crankyrecursion on February 18, and as TorrentFreak report was designed to trigger "a process through which the company stole usernames and passwords from users' web browsers."
Rather than deny or challenge the discovery, FlightSimLabs boss Lefteris Kalamaras wrote on the company's forums that yes, the code is in there, but it's only designed to be used on pirated copies of their software (emphasis his).
Source: Kotaku
(Score: 4, Insightful) by Anonymous Coward on Wednesday February 21 2018, @06:08PM (2 children)
A dick move by a dick company elicits dick response from dick CEO. A real sausage-fest going on here.
(Score: 5, Insightful) by insanumingenium on Wednesday February 21 2018, @06:35PM (1 child)
At least I know to never give them any of my money now. The dicks have served their purpose.
(Score: 2) by JoeMerchant on Thursday February 22 2018, @02:43AM
Shades of the SONY rootkit [wikipedia.org].
Україна досі не є частиною Росії Слава Україні🌻 https://www.pravda.com.ua/eng/news/2023/06/24/7408365/
(Score: 5, Funny) by Zinho on Wednesday February 21 2018, @06:11PM (5 children)
So, what was their plan?
1 software detects that it doesn't have a license
2 software runs password cracker on the installed web browser to steal banking creds, transfers license fee to publisher
3 Profit!!!!
I think they've finally figured out what ??? stands for!
"Space Exploration is not endless circles in low earth orbit." -Buzz Aldrin
(Score: 4, Interesting) by EvilSS on Wednesday February 21 2018, @06:48PM (3 children)
They got the info they were after, BTW, but I have a feeling when the details emerge in court it's not going to be a good day fro them. Yes, they plan to use this info in court against the alleged pirate according to the company. Not to mention this could, if a state's or federal attorney is motivated to do it, result in criminal charges. At the very least they have opened themselves up to civil suits from their customers and trashed their reputation.
(Score: 4, Insightful) by All Your Lawn Are Belong To Us on Wednesday February 21 2018, @06:55PM
The didn't stop because they were consequentialists focused utterly on the ends of finding the "bad guy" and not realizing the means they employed made them the "bad guy".
This sig for rent.
(Score: 2) by SomeGuy on Wednesday February 21 2018, @08:27PM
ROFL. When was the last time anybody asked that?
Chances are even the end users were just told to STFU and put up with it. Except it exploded on social media (we can't say "Reddit", they only pay us to say "Twitter" and "Facebook")
Expect the future EULA to add a clause prohibiting talking about the product.
(Score: 2) by fido_dogstoyevsky on Thursday February 22 2018, @06:00AM
IF the judge decides to allow it [wikipedia.org].
It's NOT a conspiracy... it's a plot.
(Score: 3, Funny) by nitehawk214 on Wednesday February 21 2018, @09:42PM
??? = Do something illegal, aparently
"Don't you ever miss the days when you used to be nostalgic?" -Loiosh
(Score: 1, Funny) by Anonymous Coward on Wednesday February 21 2018, @06:29PM (3 children)
(Score: 3, Funny) by takyon on Wednesday February 21 2018, @06:29PM (2 children)
It's just code, bro. They accepted the EULA!
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0) by Anonymous Coward on Wednesday February 21 2018, @06:45PM
I was at a meeting recently and there was a debate as to whether EULAs applied to the installer of a program, if you assume they are enforceable at all. The end conclusion was that most EULAs did not cover the actual installer and companies could potentially find themselves in some trouble if the installer itself caused problems. This is even more so if you use something like .msi or third-party installers.
(Score: 2, Insightful) by Anonymous Coward on Wednesday February 21 2018, @07:07PM
"They just give you their passwords?"
"No, but they agreed to install the software because they trust us. Dumb fucks."
(Score: 3, Interesting) by Anonymous Coward on Wednesday February 21 2018, @06:48PM (1 child)
These people deserve to enjoy a prolonged stay in a federal holding institution.
(Score: 2) by FakeBeldin on Thursday February 22 2018, @10:18AM
Funnily enough, this *is* a CFAA violation.
IANAL, but IGCS (I got common sense).
(Score: 0) by Anonymous Coward on Wednesday February 21 2018, @06:54PM
so slaveware peddlers think they can use malware as a technical cat o' nine tails. big surprise.
(Score: 4, Informative) by requerdanos on Wednesday February 21 2018, @07:51PM
Stopping self-important, self-righteous evildoers from hacking a dozen/hundred/thousand/million people just to hack one person and violate their computer security is an important social good. (Also see: stingray [eff.org].)
To that end, perhaps someone will target FlightSimLabs with similar software in order to put a stop to any current and future evildoing. Or perhaps not.
In a later update,
Kalamaras acknowledgesthe attackers acknowledge that someusersvictims were uncomfortable with"this particular method which might be considered to be a bit heavy-handed on our part."both Sony's rootkit and being hacked by malicious criminals who make an obscure plugin for flight simulator software, because both are criminal acts that are the equivalent of targeting anthills with thermonuclear devices..(Score: 5, Insightful) by Arik on Wednesday February 21 2018, @07:59PM
So, under the CFAA they should be looking at about 5 years *per incident* - how many people did they hit with this? And civil penalties as well.
A simple refund is clearly insufficient as an alternative.
If laughter is the best medicine, who are the best doctors?
(Score: 3, Insightful) by FakeBeldin on Thursday February 22 2018, @10:25AM
This is a prime example of what happens when "we" (people who can make computers do things) don't stop to think about the consequences of what we're asked to code.
Coders, system architects, companies have a moral obligation to consider the impact of their work and call out when that impact is wrong.
Yes, I don't have a convenient definition or law proposal for that. That does not absolve anyone. We all know that the Sony rootkit was wrong, yet someone was asked to code it and someone made it. We all know that Lenovo's Superfish was a stupendously bad idea, yet someone made it. We all know that making a cracking tool that triggers upon some condition and package that into your flight sim is a clear example of a Trojan Horse, yet someone with the technical expertise to create such a thing did not call out his/her boss and say "this is not a thing we should be making."
Nor did the boss stop to think about it when giving the assignment.
That's just not good enough.