| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 30 Nov 2007 12:35:00 -0000 From: coolshot@...spam_coolshot.net To: bugtraq@...urityfocus.com Subject: Re: Aria-Security.net: CoolShot E-Lite POS 1.0 Cheers guys :) I'll check and fix this issue asap, although i'd like to point out a couple things: * The tool itself isn't meant to be accessible from the internet when used in a production environment. It's been developed as an inventory management tool and POS system and as such it should be normally used in an intranet if not a local system completely disconnected from a network. Such a scenario would greatly reduce the chance of an external attack. * The tool is a beta and honestly not being developed anymore as there's little to no interest on it :) I decided to publish it on my site for free 'as is' * It would be actually cool if someone bothered to inform me of such security hole ;). I discovered it just by chance because i noticed that a few sites like this one were backlinking to my site... I am not developing the tool anymore and despite the fact there's still people who registers on my forum and downloads it i have no feedbacks or requests that might make me want to put my hands on it to develop it further. I'll just check this issue, as i find it challenging, and fix it but sure won't go any deeper than that :) bottom line: thanks for the info, even if i had to discover it myself. It will sure be a good exercise for me ;)
Powered by blists - more mailing lists