1. 9

  2. 6

    This is why every platform needs application (And even application instance) level sandboxing. It’s ridiculous that Firefox can inspect Chrome files and settings by default and vice versa. Any old rubbish you download off the internet can easily exfiltrate most of your home or user directory, why is this still the default? Apple has proven that “most” things won’t break with sandboxing. Things that do break just need to ask the user, “Can I do this…?”. If random scummy application off the internet is asking, can I read the rest of your home folder I’m going to reply “Hell no!”.

    1. 4


      Users on reddit discovered that FSLabs includes a password extraction utility. The company replied with it’s own statement.

      They backdoored their flight simulator to target a specific individual who has been cracking their games - they were successful at it..

      1. 4

        Following up on your link, the company says:

        we were made aware there is a reddit thread started tonight regarding our latest installer and how a tool is included in it, that indescriminantly dumps Chrome passwords. That is not correct information - in fact, the reddit thread was posted by a person who is not our customer and has somehow obtained our installer without purchasing.

        1. If such a specific serial number is used by a pirate (a person who has illegally obtained our software) and the installer verifies this against the pirate serial numbers stored in our server database, it takes specific measures to alert us. “Test.exe” is part of the DRM and is only targeted against specific pirate copies of copyrighted software obtained illegally. That program is only extracted temporarily and is never under any circumstances used in legitimate copies of the product. The only reason why this file would be detected after the installation completes is only if it was used with a pirate serial number (not blacklisted numbers).

        So, the company claims this is not a password extraction utility, but it presumably does something that exfiltrates (a long word I learned on this forum) personal information in a targeted manner, which is still disturbing.

        If they have a list of cracked serial numbers they SHOULD be blocking them, not trying to use potentially illegal means of tracking down the installer.

        1. 4

          Ah, thanks. Your comment made me realize that I didn’t link the meaty forum post from the company owner bragging how they actually hacked the hacker:


      2. 3

        Fight illegal practice with illegal practice. Now they can be cell mates!