Slashdot Mirror

← Back to Stories (view on slashdot.org)

Earthstation5 Responds to Malware Claims

Posted by timothy on from the challenge-response dept.

Zip In The Wire writes "Random Nut, AKA Shaun Garriok, the Author of Kazaalite, has been a vocal critic of Earthstation5 because of a continual online insult war between himself and some rowdy Earthstation5 fans. This has motivated him to be extremely critical of Earthstation5." (We reported yesterday Garriok's claims that Earthstation5 contains spyware.) "We at Earthstation5 desire and request criticism at any time in fact we demand it as we believe that is the only way to make software truly superior." Read on for the rest of Zip In The Wire (Filehoover, ES5's lead programmer)'s explanation, in which he also points to an updated version of the software, and challenges all takers to find spyware within it.

"We at Earthstation5 are not perfect, but we acknowledge that Shaun Garriok might be and thank him for helping us root out bugs.

The problem with the Earthstation5 software that Shaun Garriok found truly exists; however, the sordid motives he attributes to Earthstation5 are incorrect. The following functions were put into Earthstation5 to allow automatic, remote upgrade of the Earthstation5 software.

These functions are:

  1. Reload Earthstation5
  2. Shutdown Earthstation5
  3. Delete a File
All of these functions are necessary to perform when upgrading software.

We have long been admirers of Shaun Garriok's ability to superbly investigate even a fully compiled program. We believe that he is capable of finding ANY sort of trojan, worm, or bug inside a compiled program. We are relieved that all he could find was these remote upgrade functions. He didn't find any bugs that send user data anywhere, no spyware, no adware, nothing, in fact, that gives away any personal information about the user using Earthstation5.

It is also a fortunate fact that since Earthstation5 protects you from the RIAA lawsuits and hackers by hiding your ip address, the exploit program he wrote can only be used against your own computer, which he states in his exploit. If you want to delete files from your own computer, we feel you have the right to do that.

We are glad he found this bug and pointed it out. We completely removed the automatic software upgrade code because as it turns out automatic upgrade is no longer popular as it once was because it gives people an uneasy feeling and rightly so.

Since Shaun Garriok seems to be concerned about everyone's security, and is not on a personal quest for revenge, we would be grateful if he would download the latest Earthstation5 (version 1.1.31), and verify that we have truly removed the remote-update function which his exploit program accessed. We think his dedication to the good of all concerned would motivate him to do this. Anyone else who is concerned can do the same; download the latest Earthstation5 and test the exploit code against it.

-- Filehoover, Lead Programmer of ES5."

10 of 207 comments (clear)

  1. This was addressed yesterday... by LearningHard · · Score: 5, Informative

    On the full-disclosure list. It seems that after ES5 found out people had discovered the malware contained in it. They decided to upload a new version which will probably have those functions taken out. I see this as a suspicious move and would be very hesitant to use any of their software myself.

  2. Here is why I care, but it does NOT affect me... by Eric_Cartman_South_P · · Score: 5, Interesting
    I use VMWare. I have one VMWare image just for P2P, of WinXP Pro with Norton, Adaware, Sygate Firewall, and Spybot. Inside this VMWare session, I have KazaaLite, Bearshare, eMule, and a half dozen other P2P apps. They can do whatever the fuck they want, because when I shut down my VMWare image all changes are discarded. Every time I boot up the image, I have my fresh, clean install of all my apps. After downloading, I scan the hell out of files, and if good, I'll FTP it to the main box and scan again. I leave internet open for the vmware image, because the firewall will tell me about anything dialing out as nothing has permision and every connection must ask. IMO this is the ONLY way to use P2P safely. My main box has NOTHING P2P on it. It's all inside the VMWare session.

    :)

  3. I admire their explanation... by botzi · · Score: 5, Insightful

    ...and it does seem believable. Random_Nut's comments with the exploit paper were a too influenced by his personal opinion....

    Anyway, ES5 has a *baaaad* name and this last exploit is by far not the only reason of it.
    Their claims of having zillions of users online(ever tried to use it???Well, not *exactly* true.), the chat snippet about DoS-ing bittorent sites(What kind of looser would do that???). A couple of "spammers" posting on the "concurrent" p2p tools boards.....
    To conclude... ES5 has never been an option for me, and even if their claims on absolute privacy are a nice dream, I prefer sticking to Klite and Bittorent experimental.

    --
    1. No sig. 2. ???? 3. Profit!!!
  4. ES5 Other Employees Comments by Anonymous Coward · · Score: 5, Interesting
    Just so ES5 PR doesn't get to have the only spin, perhaps people should see how other employees reacted to it such as:


    I think its pretty fucking pathetic that he made a crack instead of a patch, so like I said, if I were him, I'd look behind my back. You attack me or my users, and yes, I will send people to your front door. I dont fuck around because the responsibility that I have to my users does not allow me to fuck around. Rules changed, and he probably doesnt know how to play them. My identity is sealed, so again, he doesnt know who his enemy is. He is not anonymous nor is his family.


    This guy wants a patch to a closed application and would not listen to any one about exploits as the don't want to pay the $50,000 they would give to anyone finding an exploit. This guy posted Shaun's home address in the ES5 forums and threatened his family life.

    This is thier network admin doing this, would you trust him with your IP and thier fancy anonymous security? If they want to keep any standing, at a minimum they need to fire that guy as his comments.. well I just don't trust him and in most places threats like he made are illegal.
  5. Don't trust ES5 anyway... by plj · · Score: 5, Interesting

    ...unless you can explain this.

    Not that I'd trust that AC either, but be on your guard anyway.

    --
    “Wait for Hurd if you want something real” –Linus
  6. Need to be able to delete files to upgrade? by Jugalator · · Score: 4, Insightful

    The following functions were put into Earthstation5 to allow automatic, remote upgrade of the Earthstation5 software.

    These functions are:
    Reload Earthstation5
    Shutdown Earthstation5

    Delete a File
    All of these functions are necessary to perform when upgrading software.

    Hell no.

    These guys should learn something about computer security. Funny that the same guys who're using a solution that screams "EXPLOIT ME" is developing some application that's supposed to be focused on extra security.

    This is how to perform a teeny bit safer automatic upgrade:

    - Server sends a packet containing a field that says it's an update packet, along with a version ID to update to, i.e. 110 for version 1.10 or whatever.

    - Client receives packet and uses a partial client-side URL to the place where the new version can be downloaded. For example, the client could use the partial URL "http://www.es5.com/files/es", attach the received version ID (that is: "110") to the string, and finally the file extension, to form the URL "http://www.es5.com/files/es110.zip". The client then takes care of its shutdown, auto-install, and restart sequence.

    Voila! Upgraded application without a RANDOM UNVERIFIED COMPUTER sending the CLIENT a message to DELETE something and it BLINDLY AGREES to. It's amazing that such poor programmers can even design something that compiles. Or are they hired by the RIAA to fool people into downloading their "new, cool and extra safe" application?

    I wouldn't recommend anyone to download the DNS-faking "we-have-more-users-than-Kazaa" dudes' software.

    --
    Beware: In C++, your friends can see your privates!
  7. Bwahahaha by fluxrad · · Score: 4, Funny
    This is a laught riot.

    It is also a fortunate fact that since Earthstation5 protects you from the RIAA lawsuits and hackers by hiding your ip address, the exploit program he wrote can only be used against your own computer, which he states in his exploit.

    • Broadband connection: $50
    • 150GB Disk: $175
    • Realizing your OS was wiped after trying to grab Britney's latest album: priceless!

    There are some things money can't buy, for everything else, there's netstat -i
    --
    "It is seldom that liberty of any kind is lost all at once." -David Hume
  8. Re:Here is why I care, but it does NOT affect me.. by Dr+Reducto · · Score: 4, Interesting

    Unfortunately, sir, you are a leech if you do that.

    I am not trying to flame, but that's what the RIAA is trying to do: Make people afraid to share. If that happens, then the networks will die themselves. The RIAA doesn't give a flying fuck about downloaders, the same way cops don't really care about petty drug users. They both know that you must cut off supply.

  9. Oh man this seems a bit weak as excuse go. by aepervius · · Score: 4, Informative

    I mean, I programmed this last month a test tool application on a LAN network, and frankly I *DO NOT* need to have a delete file command in the client. I mean,the client pretty well know which files it has to update (it is included in the update message) and it launch an updater application in background and stop itself so as to allow the files to be deleted/copied.

    This is one solution, and I am pretty sure bunch of people here can come with others. But having a delete command is certainly a loosy way to do that. Heck on the net it OBVIOUSLY means that you open the door to an attacked reverse engineering your app for bad purpose and allow it a nice way to wreak havoc on a system. Either their application E.S.5 is not that great as they are hypping it (haha), or they really are searching excuse for obvious malware. If this is the second option which is true, the next malware code will be hidden behind encryption and packet won't be easily decoded.

    people go away from ES5. You will from now on have now way to determine if you are not installing a trojan on your computer UNLESS they give you the source code and a compiler to compare the final binaries md5 with what you can generate...

    --
    C. Sagan : A demon haunted world:
    http://www.amazon.com/gp/product/0345409469/
    visit randi.org
  10. This is why: ALL GOOD P2P APPS ARE **OPEN SOURCE** by torpor · · Score: 5, Insightful

    If you can't look at the source for a p2p system, then its not truly safe. It is as simple as that.

    P2P opens up a whole different degree of responsibility for local system resource usage, and in fact the primary function of a p2p app is to manage local system resources on behalf of a 'greater good' of bigger resources provided to the community.

    I wouldn't really put much faith in any p2p solution provider who didn't have full disclosure of source code as a priority in their front line for dealing with their users ...

    I mean this as a potential professional user of p2p, as well as a personal user too.

    --
    ; -- the corruption of government starts with its secrets. a truly free people keep no secrets. --