Flight Sim Labs Adds DRM aka Malware to its Airbus

[Deleted member 204526]

I hate pirates, but yikes.

 

[RealBeast]

Remind me how that's legal again?

It's not. It clearly violates multiple sections of the The Computer Fraud and Abuse Act, which include both criminal and civil remedies. Any evidence illegally obtained by them could not be used in any case they bring since they do not have a warrant or civil subpoena.

 

[Verge]

Remind me how that's legal again?

Sue em... of course they'll sue you, and after a few million in legal fee's maybe you'll call it a truce in arbitration?

 

[capt_cope]

Sue em... of course they'll sue you, and after a few million in legal fee's maybe you'll call it a truce in arbitration?

Considering the head of the company publicly announced criminal activity I was sort of assuming this was a criminal matter, not a civil one. I wonder if anyone heard him say "hold my beer" before he wrote that post?

 

[Dead Parrot]

So FSL has now made itself a high priority target for black hat hackers due to FSL having a database of high quality credentials?

Guess everyone they have working there is too young to remember how the Sony malware on CD thing turned out.

 

[ManofGod]

I really dont know about jail time, but a hefty fine, or better yet a court order to provide reasonably high end version for free, would be a good way to go. What they did was stupidly wrong and a message should be sent that if you do this sort of thing you loose the right to whatever you a developing! Outside of that X-Plane is the best sim out there, just use X-Plane

Oh crap, I thought we were talking about X Plane the whole time, LOL! Oh well, does not mean the event actually occurred, unless someone has proof that it happened to them. I am actually surprised people still develop things for Flight Sim X, an 11 year old sim.

 

[LightsOut41]

And this is exactly why I never store passwords in my damn browser.....I know they are exploitable, and not encrypted.

I did not know this. I always assumed they were encrypted in Chrome. What in the fuck is Google thinking?

 

[toddw]

I'd love to see this company get butt raped in court for this... they are pushing code to customers (paying or not) that's designed to steal sensitive information.... bank logons being the main one. I'd love to hear them answer the question why they think it would be okay to steal users private financial data because they "detected" someone didn't pay for a plane.

That's like saying: "you didn't yield to me in traffic and caused an accident, I now get to go through your house and take every bit of private bank logins you have"

Except one is an accident and the other is a deliberate premeditated action to steal, but yeah, other than that...


Note I'm not defending the company, just commenting on this analogy.

 

[Simmonz]

Yet another reason I buy DRM free games. This shit shouldn't be legal. If the average user was hiding software on your system that tried to access passwords they'd be facing jail time.

 

[Chebsy]

I am all for companies protecting their investments, but this is going too far and makes them no better than the virus writers !!

 

[sirmonkey1985]

Uhm, how in the world are passwords stored in Chrome able to be read by a 3rd party app? Are they not encrypted?? Wtf!

it's not a third party app.. it's part of the testing kit from google that developers can use. they just modified it to work for their use as an illegal DRM.

 

[WhoMe]

Another FS "fly by night" shit ware company. I know some people think these expensive planes are worth it...given the number of very good free and low cost planes, I'd say this company can take a flying leap...I'd certainly never buy anything from them even if were only a few dollars. I don't pirate but I've had legitimately purchased software foul up and think it's pirated before, mistakes happen, there is no excuse for this low flying crap.

 

[TAP]

Technically they are, but there are many programs which can decrypt them.

Awesomeness...

 

[TAP]

it's not a third party app.. it's part of the testing kit from google that developers can use. they just modified it to work for their use as an illegal DRM.

Glorious. So does Google know that they gave the keys to a person's passwords to developers?

 

[Cr4ckm0nk3y]

According to the dev the malware would only report back on a specific set of targeted pirates/crackers. If the data came from anyone other than the specific targets Flightsimlabs servers would refuse the data. This is according to them.

The tool that was used to dump the pirate's information will never execute on your machine - unless you were the particular person targeted that used that set of data mentioned above. Even if only some of the data matched, the installer would receive a negative response from our server and never execute it. Safe-guards on our servers ensured there was no possibility that any user other than the one targeted would actually have his personal details compromised. Even so, we realize that it doesn’t justify even temporarily extracting it via the installer on people uninvolved with this situation – this was a mistake.

I also want to reiterate there was no personal data sent or kept that would mean a breach of privacy, except for that subset of information regarding the web sites mentioned above.

We have already replaced the installer in question and can only promise you that we will do everything in our power to rectify the issue with those who feel offended, as well as never use any such heavy-handed approach in the future. Once again, we humbly apologize!

https://forums.flightsimlabs.com/index.php?/announcement/11-a320-x-drm-what-happened/

Frankly I think it's a BS excuse.

 

[arnemetis]

According to the dev the malware would only report back on a specific set of targeted pirates/crackers. If the data came from anyone other than the specific targets Flightsimlabs servers would refuse the data. This is according to them.





https://forums.flightsimlabs.com/index.php?/announcement/11-a320-x-drm-what-happened/

Frankly I think it's a BS excuse.

It totally is. It doesn't matter if you included some magic measures that you think would only expose the information of this particular person - you have no right to this information. A company cannot take law enforcement into their own hands, which is the closest thing I can associate this with. What were they going to do, put a hit out on the person? Turn the info over to the authorities, which they of course couldn't use anyway as it was illegally acquired? I REALLY want this story to fully develop and all the answers to come out.

 

[LightsOut41]

The largest flight sim forum out there, known as "Avsim", is censoring every single topic regarding this event. The topic is simply not allowed to be discussed nor posted. New topics get nuked within minutes.

A theory floating out there is Flight Sim Labs (who included malware in their installer) pays Avsim for advertising. Thus, Avsim is covering up any type of discussion which would make FSL look bad (allegedly).

 

[ManofGod]

The largest flight sim forum out there, known as "Avsim", is censoring every single topic regarding this event. The topic is simply not allowed to be discussed nor posted. New topics get nuked within minutes.

A theory floating out there is Flight Sim Labs (who included malware in their installer) pays Avsim for advertising. Thus, Avsim is covering up any type of discussion which would make FSL look bad (allegedly).

Most likely, AVSIM does not want to get involved in the situation and I cannot say I can blame them.

 

[Cr4ckm0nk3y]

The largest flight sim forum out there, known as "Avsim", is censoring every single topic regarding this event. The topic is simply not allowed to be discussed nor posted. New topics get nuked within minutes.

A theory floating out there is Flight Sim Labs (who included malware in their installer) pays Avsim for advertising. Thus, Avsim is covering up any type of discussion which would make FSL look bad (allegedly).

Even when Tom Allensworth was alive AVSIM always protected devs from critique. Any comments by users that could be taken as controversial against the dev would be deleted. It has been a precedent since Avsim's early days. If the dev is a commerical dev that advertises or hosts their support forum on AVSIM they are free from any criticism.

I have seen legitimate critiques of PMDG and other large devs get deleted shortly after posting. So its not shocking posts about FSL are being removed.

I don't think AVSIM is trying to not get involved, which being one of the largest FS communities it should get involved, but rather letting FSL sweep it under the rug. I am all for FSL admitting they screwed up but letting it die away quietly is wrong. AVSIM should call them out 100% to prevent other devs from doing equally stupid things.

Imagine if [H] let the Phantom and Infinium Labs off the hook. The articles on the Phantom is why I come to this site and trust reviews here. AVSIM needs to do the same and post about FSL.

 

[Makaveli@BETA]

I wonder if this will work on Firefox?

 

[zalazin]

arbitration?

NO the other A word

 

[sirmonkey1985]

Glorious. So does Google know that they gave the keys to a person's passwords to developers?

Only works if the user downloads it and only the user is suppose to be able to see the data. These guys modified it to then send the data back to them.

 

[Exavior]

Uhm, how in the world are passwords stored in Chrome able to be read by a 3rd party app? Are they not encrypted?? Wtf!

I wonder if this will work on Firefox?

There are all types of programs out there that can let you see the saved usernames and passwords for your browsers. This isn't anything special or new. None of the browsers save then in any type of secure way. They just have a file using their own format that they write to with either well known or no encryption to them as far as i can tell. I have recovered usernames and passwords from all browsers at some point in time for people that had a saved password on one machine and needed it to log into another machine or a different browser. Firefox is the easy one as you just go to options, password and click show passwords and you can see every username and password that is saved didn't even need a program to get those. However I had used a program the first time before i realized I didn't need one for that. Using the save username and password in a browser in my opinion is less secure than a post it note, at least the person would have to have physical access to your work space to see a post it note or sheet of paper.

 

[Uvaman2]

There are all types of programs out there that can let you see the saved usernames and passwords for your browsers. This isn't anything special or new. None of the browsers save then in any type of secure way. They just have a file using their own format that they write to with either well known or no encryption to them as far as i can tell. I have recovered usernames and passwords from all browsers at some point in time for people that had a saved password on one machine and needed it to log into another machine or a different browser. Firefox is the easy one as you just go to options, password and click show passwords and you can see every username and password that is saved didn't even need a program to get those. However I had used a program the first time before i realized I didn't need one for that. Using the save username and password in a browser in my opinion is less secure than a post it note, at least the person would have to have physical access to your work space to see a post it note or sheet of paper.

Shit, i had no idea... That shit keeps asking, i keep saying no for my bank and shit like that.

 

[wyqtor]

The Train and Flight Sim genres are DLC hell. There is no way to get a full game experience without paying thousands of dollars. Of course, for the extortion to be complete, you have to resort to such tactics, because otherwise no sane person is going to pay the combined price of a Titan V for all of those DLCs.

As a sim fan, I hope these established, bug-ridden simulations with ancient graphics and physics engines just die and open up a space for more reasonable companies (like SCS and their reasonably-priced Truck Simulators with FREE ProMods), but they probably won't as long as there are fools who easily part with their money.

I'll just stick to Kerbal Space Program and its FREE mods whenever I want to (semi-)realistically simulate atmospheric flight (even though this is not exactly the main focus of the game).

 

[MV75]

Using chrome browser... so basically they give themselves google level of access?

 

[motomonkey]

I am sure they did not lose a lot of customers over this. This is not some top gun shot up em vid game, these are highly sophisticated simulations of the real thing. Now, clearly, if the information is correct, that was the wrong this to do but, you are not going to find a more realistic PC flight simulator, anywhere or, even at all.

The company that did this, obviously isn't the one who makes Flight Sim X. Not buying an add on plane from these douchebags doesn't keep FSX from working. so, yeah, If criminal charges are filed it could put these bastards out of business. who is going to trust a company that would do this? Ever?

 

[B00nie]

let's not forget that they quite possibly now have a cache of people's passwords

They gave the list to me already. 123345, password, billybob qwerty - I know them all ha ha ha! Nobody can stop me now!

 

[Iratus]

Well that's some of the scummiest behaviour I've seen since the whole rootkit thing.

Mind boggling amount of laws they are going to be on the wrong end of.

 

[Spaceninja]

Hope their servers are secure, sounds to me like someone just became a target.

 

[Flogger23m]

The Train and Flight Sim genres are DLC hell. There is no way to get a full game experience without paying thousands of dollars. Of course, for the extortion to be complete, you have to resort to such tactics, because otherwise no sane person is going to pay the combined price of a Titan V for all of those DLCs.

As a sim fan, I hope these established, bug-ridden simulations with ancient graphics and physics engines just die and open up a space for more reasonable companies (like SCS and their reasonably-priced Truck Simulators with FREE ProMods), but they probably won't as long as there are fools who easily part with their money.

I'll just stick to Kerbal Space Program and its FREE mods whenever I want to (semi-)realistically simulate atmospheric flight (even though this is not exactly the main focus of the game).

Flight sims are expensive and the sale numbers are small. Plus the development time is long. Not to mention mountains of research, lots of back and fourth with legal requirements, aerospace companies, governments, ect. I can't imagine United Airlines would allow the use of their name for free. Dassault doesn't seem to even allow use of their name, period.

The amount of time and effort that goes into one plane's systems and flight model is far more than that of your typical 3rd person action game or floaty FPS game. So yeah, the price does need to be higher.

Pretty much every flight sim is fairly complete out of the box, you're just paying for additional aircraft. FSX goes a bit further though. DCS is kind of headed that route as I think the maps are too expensive, but IL-2 BoS is pretty decent in that maps comes with a few planes.

But what FSL did was nonsense, and highly illegal. And it seems as if it accidentally worked on legitimate customers.

 

[natos]

Shit, i had no idea... That shit keeps asking, i keep saying no for my bank and shit like that.

Yea man, you need open your eyes to the truth!!! LOL

 

[kju1]

Yea man, you need open your eyes to the truth!!! LOL

 

[velusip]

As a big anti-DRM, white hatter, FOSS supporting zealot... this pisses me off. I want to see a programmer go to prison.

 

[DF-1]

this isn't your average stupidity, its not even advanced stupidity, this is... i cant classify whatever this complete trainwreck is.
.

I wonder what their EULA says about this. My guess would be that there's some obscure paragraph that says " by using this blah blah we will scan blah blah might steal some shit blah blah"....That is, unless their counsel is just as retarded.

"By reading this message you must send me $100."

doesn't really work.

 

[kju1]

As a big anti-DRM, white hatter, FOSS supporting zealot... this pisses me off. I want to see a programmer go to prison.

Why the programmer and not the CEO of the company? Or at the very least the supervisor that made the programmer do it.

 

[velusip]

Sure why not? Credit where credit is due.

 

[JasonPC]

According to other developers at FSL (mostly non-English speaking), Lefteris Kalamaras injected this malware into the executable unbeknownst to them. It was obviously not found in internal builds. Apparently Lefteris has a history of pulling these kinds of shenanigans with other development companies that make plane add-ons. I really feel bad for the programmers and other talented people at that company. They should demand Lefteris's resignation over this. Laugh at the price, but you won't find a deeper simulation of the Airbus A320. Pretty much you won't find a deeper simulation of any plane in a simulator either. Basically all systems are 100% accurately modeled. You won't find anything close to that on freeware addons.