«
»

Crunchyroll gave me herpes

But I got over it.

Crunchyroll, the anime streaming service, just went through a DNS hijack attack, and I fell for it. If I’d been using Windows, likely I’d have been toast. Thanks, Linux.

So, late last night, the entire staff of this $100 million company with a million paid users, took the phone off the hook and went to bed.

After 9 hours solid, their German staff woke up to find that they had a problem

which they then passed along to the head office.

What was happening was that a DNS hijack was redirecting traffic to a server in Russia, which was downloading a malicious Windows .exe file. If you tried to sign in, you got a splash screen and an auto-download.

This is where I came in. I couldn’t get past that screen, but I figured it was just CR being CR, so I finally said screwt and let it download. I figured it would just save the .exe and I could go about my business. I told you I have Linux, not Windows, yes?

Well, I’d forgotten about how helpful Linux can be. No sooner had the DL started than WINE fired up to install it in its own separate sandbox. And about five seconds into that, WINE crashed. That’s not unusual, with weird software packages that don’t follow the standards. You know, the kind you’d get from outfits like CR, who took five tries to get their new Roku interface approved.

People have tried to install viruses under WINE before. What usually happens is the sandbox fills up and WINE aborts it. Here, it didn’t even get that far, which saved me a lot of trouble.

When I went back to the website, still clueless, I got their standard Site Down, we’re working on it screen

That went on for a couple of hours.

Meanwhile, I bitched about it on Twitter

and got informed

Meanwhile, smarter people than I (not at CR) were working on what went wrong.

And what was the much-vaunted team of shinobi doing to keep their million paying users informed? They were retweeting other people’s postings

and showing two hours of pre-canned ads on what you should be watching.

Finally, they were back up, and gave us a typically uninformative all clear.

Meanwhile, this incident unleashed a storm of complaints on the forums, plus some interesting technical discussions of how badly broken CR security is. Yes, the login is encrypted,

but once you are past that, everything is in plaintext.

..and there’s a horde of other problems.

Crunchyroll is notoriously bad about keeping users informed. The most you get is a sorry about that, we’re back, tweet. I guess when you are a $100 million oligopolist brand of a wholly owned subsidiary (Ellation, very interesting, worth reading) of a holding company (Otter Media) of a media conglomerate (AT&T/Chernin Group), you don’t have to worry about these things.

It’s enough to make one switch to Anime Strike.

And there’s an update.

Tags: , , , , ,

This entry was posted on November 4, 2017 at Sat, 04 Nov 2017 18:28:31 -0700 and is filed under Anime. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.