|
本帖最后由 mr紫夜 于 2018-2-19 17:24 编辑
十个小时前(发帖时间2月19日 0830UTC),在FSL的官方Forum上有人爆出FSL320启动时会启动一个名为"test.exe"的可执行文件。
并且这个文件被确认会窃取用户的Chrome中保存的网页账号密码信息。
下面是此文件的Reddit信息:
此文件证实存在于232版本以及其之前的所有版本。
而官方在两个小时后也发布了对此的解释。以下为英文原文:
Hello all,
we were made aware there is a reddit thread started tonight regarding our latest installer and how a tool is included in it, that indescriminantly dumps Chrome passwords. That is not correct information - in fact, the reddit thread was posted by a person who is not our customer and has somehow obtained our installer without purchasing.
I'd like to shed some light on what is actually going on.
1) First of all - there are no tools used to reveal any sensitive information of any customer who has legitimately purchased our products. We all realize that you put a lot of trust in our products and this would be contrary to what we believe.
2) There is a specific method used against specific serial numbers that have been identified as pirate copies and have been making the rounds on ThePirateBay, RuTracker and other such malicious sites.
3) If such a specific serial number is used by a pirate (a person who has illegally obtained our software) and the installer verifies this against the pirate serial numbers stored in our server database, it takes specific measures to alert us. "Test.exe" is part of the DRM and is only targeted against specific pirate copies of copyrighted software obtained illegally. That program is only extracted temporarily and is never under any circumstances used in legitimate copies of the product. The only reason why this file would be detected after the installation completes is only if it was used with a pirate serial number.
This method has already successfully provided information that we're using in our ongoing legal battles against such criminals.
We will be happy to provide further information to ensure that no customer feels threatened by our security measures - we assure you that there is nothing in our products that would ever damage the trust you have placed in our company by being our customer.
Kind regards,
Lefteris
全文翻译各位飞友可以自行机翻。
简要大意是:
1.FSL官方证实植入了这么一个程序,而不是他人恶意所为。
2.FSL官方声称此程序是为打击盗版而提供信息,并且只会在使用进入了黑名单的序列号进行激活时才会启动。
—(不过据一些飞友反映某些时候在正版的软件中也会启动。)
3.FSL官方承认此程序已经收集到了信息。
从前后看,FSL对待盗版的态度一直非常严肃,也许这次也是不得已所为。但其收集用户隐私一事却是超出了反盗版范围。
事情的后续发展还不明朗,也许会有人报到欧洲消协或者有关部门。FSL如何处理此事,最好还是静观其变吧。
SINO2878
2月19日0830UTC
|
|