Slashdot Mirror

← Back to Stories (view on slashdot.org)

Earthstation5 Responds to Malware Claims

Posted by timothy on from the challenge-response dept.

Zip In The Wire writes "Random Nut, AKA Shaun Garriok, the Author of Kazaalite, has been a vocal critic of Earthstation5 because of a continual online insult war between himself and some rowdy Earthstation5 fans. This has motivated him to be extremely critical of Earthstation5." (We reported yesterday Garriok's claims that Earthstation5 contains spyware.) "We at Earthstation5 desire and request criticism at any time in fact we demand it as we believe that is the only way to make software truly superior." Read on for the rest of Zip In The Wire (Filehoover, ES5's lead programmer)'s explanation, in which he also points to an updated version of the software, and challenges all takers to find spyware within it.

"We at Earthstation5 are not perfect, but we acknowledge that Shaun Garriok might be and thank him for helping us root out bugs.

The problem with the Earthstation5 software that Shaun Garriok found truly exists; however, the sordid motives he attributes to Earthstation5 are incorrect. The following functions were put into Earthstation5 to allow automatic, remote upgrade of the Earthstation5 software.

These functions are:

  1. Reload Earthstation5
  2. Shutdown Earthstation5
  3. Delete a File
All of these functions are necessary to perform when upgrading software.

We have long been admirers of Shaun Garriok's ability to superbly investigate even a fully compiled program. We believe that he is capable of finding ANY sort of trojan, worm, or bug inside a compiled program. We are relieved that all he could find was these remote upgrade functions. He didn't find any bugs that send user data anywhere, no spyware, no adware, nothing, in fact, that gives away any personal information about the user using Earthstation5.

It is also a fortunate fact that since Earthstation5 protects you from the RIAA lawsuits and hackers by hiding your ip address, the exploit program he wrote can only be used against your own computer, which he states in his exploit. If you want to delete files from your own computer, we feel you have the right to do that.

We are glad he found this bug and pointed it out. We completely removed the automatic software upgrade code because as it turns out automatic upgrade is no longer popular as it once was because it gives people an uneasy feeling and rightly so.

Since Shaun Garriok seems to be concerned about everyone's security, and is not on a personal quest for revenge, we would be grateful if he would download the latest Earthstation5 (version 1.1.31), and verify that we have truly removed the remote-update function which his exploit program accessed. We think his dedication to the good of all concerned would motivate him to do this. Anyone else who is concerned can do the same; download the latest Earthstation5 and test the exploit code against it.

-- Filehoover, Lead Programmer of ES5."

12 of 207 comments (clear)

  1. Here is why I care, but it does NOT affect me... by Eric_Cartman_South_P · · Score: 5, Interesting
    I use VMWare. I have one VMWare image just for P2P, of WinXP Pro with Norton, Adaware, Sygate Firewall, and Spybot. Inside this VMWare session, I have KazaaLite, Bearshare, eMule, and a half dozen other P2P apps. They can do whatever the fuck they want, because when I shut down my VMWare image all changes are discarded. Every time I boot up the image, I have my fresh, clean install of all my apps. After downloading, I scan the hell out of files, and if good, I'll FTP it to the main box and scan again. I leave internet open for the vmware image, because the firewall will tell me about anything dialing out as nothing has permision and every connection must ask. IMO this is the ONLY way to use P2P safely. My main box has NOTHING P2P on it. It's all inside the VMWare session.

    :)

  2. Hiding IP Address by augustz · · Score: 2, Interesting

    "by hiding your ip address" they claim that this is not exploitable?

    Somone scans a network of cables users, and sends them all the packet and command to delete boot.ini. How does 'hiding' your IP address help?

    If they have the feature in for automatic updates (unsigned), then clearly they expect to be able to connect to it using, what else, an IP ADDRESS, "hidden" or not.

    Hard to beleive they have 15 million folks on at the same time.

  3. One question by edxwelch · · Score: 2, Interesting

    Before the usual Palestinian - Isreali flame war gets going, I would like to ask just one question:
    Does anyone use Earthstation and how does it compare to the other p2p networks?

  4. ES5 Other Employees Comments by Anonymous Coward · · Score: 5, Interesting
    Just so ES5 PR doesn't get to have the only spin, perhaps people should see how other employees reacted to it such as:


    I think its pretty fucking pathetic that he made a crack instead of a patch, so like I said, if I were him, I'd look behind my back. You attack me or my users, and yes, I will send people to your front door. I dont fuck around because the responsibility that I have to my users does not allow me to fuck around. Rules changed, and he probably doesnt know how to play them. My identity is sealed, so again, he doesnt know who his enemy is. He is not anonymous nor is his family.


    This guy wants a patch to a closed application and would not listen to any one about exploits as the don't want to pay the $50,000 they would give to anyone finding an exploit. This guy posted Shaun's home address in the ES5 forums and threatened his family life.

    This is thier network admin doing this, would you trust him with your IP and thier fancy anonymous security? If they want to keep any standing, at a minimum they need to fire that guy as his comments.. well I just don't trust him and in most places threats like he made are illegal.
  5. Show me the code! by ccady · · Score: 2, Interesting

    This is all very nice, but if you want to convince me that EarthStation V is safe, show me the code.

    --
    J'aime mieux les méchants que les imbéciles, parce qu'ils se reposent. -- Alexandre Dumas
  6. Don't trust ES5 anyway... by plj · · Score: 5, Interesting

    ...unless you can explain this.

    Not that I'd trust that AC either, but be on your guard anyway.

    --
    “Wait for Hurd if you want something real” –Linus
  7. Re:Adults or children? by r.future · · Score: 1, Interesting

    Granted the comments above by ES5 , which I believe were a diplomatic masterpiece of double speak, could be seen as humble at a surface glance, but in reality they were absolutely dripping with sarcasm.

    But, I think we also need to take into account that ES5, for better or for worse, is attempting to fight back against the RIAA --a group that takes children to court for downloading music! So for what it's worth my opinion is; if you want to call ES5 childish, and compare them to a grade school playground argument that's fine. Just be sure to keep in mind that the other metaphorical 3'rd grader is the RIAA.

    -r.future

    --
    Note: this has been posted by r.future (a person who spends way to much time on the internet!)
  8. Re:Here is why I care, but it does NOT affect me.. by Dr+Reducto · · Score: 4, Interesting

    Unfortunately, sir, you are a leech if you do that.

    I am not trying to flame, but that's what the RIAA is trying to do: Make people afraid to share. If that happens, then the networks will die themselves. The RIAA doesn't give a flying fuck about downloaders, the same way cops don't really care about petty drug users. They both know that you must cut off supply.

  9. False? by CharonIDRONES · · Score: 2, Interesting

    Yeh, I know that there are a lot people out there that take pride in the programs and everything, obviously Random_Nut liking his own K-Lite K++ a bit ;) But, the point was that these claims were not false, the lead programmer even admitted to them.

    Whether or not these were implemented for remote upgrading wasn't the point, Random_Nut was showing it as a vulnerability that could be exploited in an already 'shady' program. I will admit, that I haven't used ES5 though, because I simply believe it is a load of bs, 15 million users, when KaZaA, the most downloaded program (www.downloads.com) has had a PEAK of 6 million, someone is lying.

    KaZaA though is in its dying days, I no longer use it due to all the fake or corrupted files, its annoying when you have to download fifty different songs just to get one that works, which is why I started using Shareaza (yes, I am a fanboy, thank you) because of the higher quality and the support of four different P2P networks, plus its just cool ;) (www.shareaza.com)

    Thats my little fanboy part, but, the point was that while they may have been claims, they weren't false claims, the code was present, which made the program, not so high on many people's download lists.

  10. Not afraid to share, afraid of the apps' authors! by Eric_Cartman_South_P · · Score: 3, Interesting
    I am not afraid to share. I just don't want Bearshare installing some 3rd party marketing tracker type stuff on my box. I guess I'm wearing a tin foil hat, but this one is easy to wear.

  11. Re:Well? by Lusa · · Score: 2, Interesting

    Automatic update my ass. No way was this a mistake, if the program needs to delete files (be it for an upgrade or other reason) it should do it itself when the new program is run and not when a remote server instructs it to by sending a suitably encoded packet (out of curiosity, how does this remote server know when to delete the file for an upgrade, so to speak, or where if the IP is truly hidden?)

  12. These idiots cant code. by Adolph_Hitler · · Score: 2, Interesting

    These functions are: 1. Reload Earthstation5 2. Shutdown Earthstation5 3. Delete a File All of these functions are necessary to perform when upgrading software. You dont need "delete", you can just overwrite pre-existing files to upgrade.

    --
    People don't exist to serve systems, systems exist to serve people.