ProSoundWeb Community

Sound Reinforcement - Forums for Live Sound Professionals - Your Displayed Name Must Be Your Real Full Name To Post In The Live Sound Forums => LAB: The Classic Live Audio Board => Topic started by: Justice C. Bigler on April 17, 2014, 12:08:03 PM

Title: WARNING! iLok possibly hacked-DO NOT SYNC!!
Post by: Justice C. Bigler on April 17, 2014, 12:08:03 PM
Story developing over at the DUC. Possibly phony emails being sent out by someone claiming to be iLok talkkng about authorizations that were mistakenly deposited in accounts and telling you to sync to have them removed. See the DUC thread below:

http://duc.avid.com/showthread.php?t=353559

Possible that it has something to do with the Heartbleed security flaw.

Anyone here receieve one of these emails?
Title: Re: WARNING! iLok possibly hacked-DO NOT SYNC!!
Post by: Ned Ward on April 17, 2014, 01:21:42 PM
Thanks Justice; will definitely not fire up iLok over the weekend until this is resolved.
Title: Re: WARNING! iLok possibly hacked-DO NOT SYNC!!
Post by: Justice C. Bigler on April 17, 2014, 02:38:24 PM
Avid has posted that they are in contact with iLok and working to figure out what the issue is. No word yet. I'll post here if I hear anything.

Fortunately, the iLok auths for both my personal system and my work system have not been compromised yet. But I did log into the iLok accounts and change my passwords for both accounts and will not be syncing, until this is resolved.
Title: Re: WARNING! iLok possibly hacked-DO NOT SYNC!!
Post by: Mark McFarlane on April 17, 2014, 04:15:14 PM
Avid has posted that they are in contact with iLok and working to figure out what the issue is. No word yet. I'll post here if I hear anything.

Fortunately, the iLok auths for both my personal system and my work system have not been compromised yet. But I did log into the iLok accounts and change my passwords for both accounts and will not be syncing, until this is resolved.

Thanks for the heads up Justice, that's a scary thread. I just took my studio offline until I can learn more.
Title: Re: WARNING! iLok possibly hacked-DO NOT SYNC!!
Post by: Tim McCulloch on April 17, 2014, 04:41:23 PM
Thanks for the heads up Justice, that's a scary thread. I just took my studio offline until I can learn more.

Must be a thread not in the live forums... how about a link?
Title: Re: WARNING! iLok possibly hacked-DO NOT SYNC!!
Post by: Mark McFarlane on April 17, 2014, 04:45:55 PM
Must be a thread not in the live forums... how about a link?

It was in the first post, and here again: http://duc.avid.com/showthread.php?t=353559
Title: Re: WARNING! iLok possibly hacked-DO NOT SYNC!!
Post by: Bob Leonard on April 17, 2014, 05:27:50 PM
It would appear that the license is a bootleg coming out of Russia. I don't get why Iloc is responsible for that.
Title: Re: WARNING! iLok possibly hacked-DO NOT SYNC!!
Post by: Justice C. Bigler on April 17, 2014, 05:30:53 PM
It would appear that the license is a bootleg coming out of Russia. I don't get why Iloc is responsible for that.


It's not just the license in the original post which does not appear to be a bootleg license. Many others have had their licenses removed, including users that had iLok licenses for Waves version 8. There is something really wrong going on with the iLok system today.
Title: Re: WARNING! iLok possibly hacked-DO NOT SYNC!!
Post by: Justice C. Bigler on April 17, 2014, 08:38:49 PM
This response from the iLok folks (http://duc.avid.com/showthread.php?p=2149803#post2149803)

Title: Re: WARNING! iLok possibly hacked-DO NOT SYNC!!
Post by: Mark McFarlane on April 18, 2014, 12:25:41 AM
It would appear that the license is a bootleg coming out of Russia. I don't get why Iloc is responsible for that.

Bob, that was my first impression but you need to read beyond the first page of threads. 

In essence, iLok is saying that at some time in the past their servers created duplicate license copies in error. It *appears* that some nefarious people sold those duplicates on eBay (and perhaps elsewhere). Now Pace is repossessing the duplicates from the buyers.  Buyers are angry because they feel they did nothing wrong and want Pace to go after the sellers.  In the US the law is pretty clear: buy stolen goods and they are seized.

More may come out in the following days, but that's my Cliff Notes version of 9 pages of posts.
Title: Re: WARNING! iLok possibly hacked-DO NOT SYNC!!
Post by: Bob Leonard on April 18, 2014, 03:20:43 AM
Reading their explanation seems to justify their position. My concern are the Iloks I have for other products.
Title: Re: WARNING! iLok possibly hacked-DO NOT SYNC!!
Post by: Justice C. Bigler on April 18, 2014, 05:08:50 PM
Reading their explanation seems to justify their position. My concern are the Iloks I have for other products.

There are still a number of users who claim that they had original licenses, bought new from vendors that were removed. iLok has not publicly address their complaints, nor are they likely to ever do so as it would make them look incompetent in the eyes of both the end users and developers who use their services.
Title: Re: WARNING! iLok possibly hacked-DO NOT SYNC!!
Post by: Taylor Hall on April 21, 2014, 01:19:48 PM
...it would make them look incompetent in the eyes of both the end users and developers who use their services.

I think it's a little late for that...