AussieMan
May 5th, 2013, 14:46
Hi all,
As a registered user of FSUIPC I received this email from Sim-Market this morning.
Due to a breach in the security of the GlobalSign certificate used to confirm that FSUIPC is a valid and safe package, the certificate is being revoked. This will require ALL users of the software – whether registered or otherwise and using FSUIPC3 or FSUIPC4 – to need to download and install new versions.
Full details are available by clicking “Read more” below, or by visiting Pete Dowson’s post here on his support forum, here at simFlight. Download links are available at simFlight; here, or Schiratti.com; here. For a short time, the following direct links to FSUIPC3 (3.999z2) and FSUIPC4 (4.90) at Dropbox are also live.
https://dl.dropboxus...l_FSUIPC490.zip (https://dl.dropboxusercontent.com/u/475129/Install_FSUIPC490.zip)
https://dl.dropboxus...SUIPC3999z2.zip (https://dl.dropboxusercontent.com/u/475129/Install_FSUIPC3999z2.zip)
Please note that this is not a security breach within FSUIPC itself – it is only the security certificate that has been compromised.
If you aren’t sure what FSUIPC is, or whether you have it, full details can be found on the product pages at simMarket and it can be found within your Flight Simulator 9/modules, Microsoft Flight Simulator X/modules or Prepar3D/modules folder. If you have a file entitled “FSUIPCx.dll” (x is dependant on the FS version) then you need to update, in order for FSUIPC to keep working.
Full Press Release text:
FSUIPC will need replacing on all user systems!
For the last ten years FSUIPC has been protected against both unwanted alteration and virus infection by the use of a Code Signature, purchased from and protected by GlobalSign, an officially recognised Windows Certificate Authority.
It has come to my attention that within the last two weeks the same Code Signature has been used to sign malicious software, apparently in the form of Java updates, to make it look valid and safe. Whilst the FSUIPC packages themselves are not affected in any way by these, it does mean that we have had to ask GlobalSign to revoke the signature. This in turn will cause the signature to appear incorrect, and because FSUIPC actively checks it every time it is started the end result is that all versions of FSUIPC3 and FSUIPC4 before today’s date will cease to function.
After due consideration it has been decided that we will dispense with Code Signing henceforth, and over the next few days unsigned versions of all of my programs will be released, replacing the signed versions and with incremented version numbers, but with no other changes.
Because only FSUIPC has the Signature self-checking built in, it is the main priority, and versions 4.90 and 3.999z2 have been released today free of this check. All users will need to update for continued use of the program, and software producers who include FSUIPC in their packages are asked to update those as soon as is convenient and practical.
Apologies to all for this unprecedented event. We still don’t know how the break in the signature’s security occurred but we will be following this up with GlobalSign.
Best Regards
Pete
If you are a registered user of FSUIPC you can follow the links in the email to download a new version.
Also for users of ADE this email also came through.
As you will all know ADE uses FSUIPC for all versions. Pete Dowson (the author) has just announced a security issue. This is nothing to do with FSUIPC but appears to relate to an external problem. I feel greatly for Pete since this is pretty much a developers worst nightmare when the tool they use to secure their software becomes compromised.
In any case you can read Petes statement here: http://forum.simflig...l-user-systems/ (http://forum.simflight.com/topic/74354-fsuipc-will-need-replacing-on-all-user-systems/)
Those of you who have purchased a license should get an email from SimMarkets with some download links. Otherwise I recommend visiting Petes site: http://www.schiratti.com/dowson.html (http://www.schiratti.com/dowson.html%C2%A0%C2%A0) and download the latest versions which should deal with this problem
I want to re-iterate that there is nothing wrong with FSXUIPC and it does not represent a security threat to you or your computer.
Jon
As a registered user of FSUIPC I received this email from Sim-Market this morning.
Due to a breach in the security of the GlobalSign certificate used to confirm that FSUIPC is a valid and safe package, the certificate is being revoked. This will require ALL users of the software – whether registered or otherwise and using FSUIPC3 or FSUIPC4 – to need to download and install new versions.
Full details are available by clicking “Read more” below, or by visiting Pete Dowson’s post here on his support forum, here at simFlight. Download links are available at simFlight; here, or Schiratti.com; here. For a short time, the following direct links to FSUIPC3 (3.999z2) and FSUIPC4 (4.90) at Dropbox are also live.
https://dl.dropboxus...l_FSUIPC490.zip (https://dl.dropboxusercontent.com/u/475129/Install_FSUIPC490.zip)
https://dl.dropboxus...SUIPC3999z2.zip (https://dl.dropboxusercontent.com/u/475129/Install_FSUIPC3999z2.zip)
Please note that this is not a security breach within FSUIPC itself – it is only the security certificate that has been compromised.
If you aren’t sure what FSUIPC is, or whether you have it, full details can be found on the product pages at simMarket and it can be found within your Flight Simulator 9/modules, Microsoft Flight Simulator X/modules or Prepar3D/modules folder. If you have a file entitled “FSUIPCx.dll” (x is dependant on the FS version) then you need to update, in order for FSUIPC to keep working.
Full Press Release text:
FSUIPC will need replacing on all user systems!
For the last ten years FSUIPC has been protected against both unwanted alteration and virus infection by the use of a Code Signature, purchased from and protected by GlobalSign, an officially recognised Windows Certificate Authority.
It has come to my attention that within the last two weeks the same Code Signature has been used to sign malicious software, apparently in the form of Java updates, to make it look valid and safe. Whilst the FSUIPC packages themselves are not affected in any way by these, it does mean that we have had to ask GlobalSign to revoke the signature. This in turn will cause the signature to appear incorrect, and because FSUIPC actively checks it every time it is started the end result is that all versions of FSUIPC3 and FSUIPC4 before today’s date will cease to function.
After due consideration it has been decided that we will dispense with Code Signing henceforth, and over the next few days unsigned versions of all of my programs will be released, replacing the signed versions and with incremented version numbers, but with no other changes.
Because only FSUIPC has the Signature self-checking built in, it is the main priority, and versions 4.90 and 3.999z2 have been released today free of this check. All users will need to update for continued use of the program, and software producers who include FSUIPC in their packages are asked to update those as soon as is convenient and practical.
Apologies to all for this unprecedented event. We still don’t know how the break in the signature’s security occurred but we will be following this up with GlobalSign.
Best Regards
Pete
If you are a registered user of FSUIPC you can follow the links in the email to download a new version.
Also for users of ADE this email also came through.
As you will all know ADE uses FSUIPC for all versions. Pete Dowson (the author) has just announced a security issue. This is nothing to do with FSUIPC but appears to relate to an external problem. I feel greatly for Pete since this is pretty much a developers worst nightmare when the tool they use to secure their software becomes compromised.
In any case you can read Petes statement here: http://forum.simflig...l-user-systems/ (http://forum.simflight.com/topic/74354-fsuipc-will-need-replacing-on-all-user-systems/)
Those of you who have purchased a license should get an email from SimMarkets with some download links. Otherwise I recommend visiting Petes site: http://www.schiratti.com/dowson.html (http://www.schiratti.com/dowson.html%C2%A0%C2%A0) and download the latest versions which should deal with this problem
I want to re-iterate that there is nothing wrong with FSXUIPC and it does not represent a security threat to you or your computer.
Jon