| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 30 May 2006 19:17:19 -0500 From: GulfTech Security Research <security@...ftech.org> To: bugtraq@...urityfocus.com Cc: support@...selscripts.com Subject: Re: [Info Disclosure] Diesel PHP Job Site Latest Version -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 "All of the php developers that sell products online use this method" Uh no, it doesn't work like that, sorry. If the original report is true and you were receiving the private database passwords etc of your customers then you are doing something that is negligent, deceiving, and possibly breaking some laws. I have worked for a large number of reputable software companies and their "phone home" scripts usually work like this. 1) The bit that phones home is usually encoded with something like zend accelerator or ion cube so that it is more difficult to tamper with. 2) When the script phones home it is usually with some sort of license key, and sometimes includes your domain name and other minor details. I have reviewed many proprietary code bases that use these phone home methods, and all of the ones I have seen are harmless, and justified in the data they are requesting. Never once have I seen a legitimate application use phone home methods to send database credentials. Would you please name for us one application that phones home with credential information? Kind Regards, James support@...selscripts.com wrote: > Hello, > > > > To explain this to all visitors, the information is used to prevent any unauthorized copies from running on the web. > > > > All of the php developers that sell products online use this method or even more methods. > > > > Please stop making such a big deal out of this because it's our way of protecting our work and business. > > > > Thank you for understanding ! > > > > DieselScripts Staff > > www.dieselscripts.com > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (MingW32) iQIVAwUBRHzggNR/maLeH1kRAQpdCA//fE/SbaGU2YPYNL3iZHp2DK9zOJHi+cKV 8Ln3g0F80Sj2jeETuLm6DvijS5E4xtXU1KzNHJpgMcQLKf+yI54LJWc3MxJDQeXE 9uW995J36xb5EBfSbdceI8QGK9XQUrG1C2AfXOM0JK1EeuSGd7O9LF+k8QAGh8Bk 9Jw2n6zopfFwxP1cP12dHZPbSPCk0wdwZrokn9jplZK4QIyH9mRBYG+XnnJlXtt8 /uj+5YS9U7KKuycM4WTwCUXiRI1vkFOudmpxv7qlSg7Cpbk7Jd+Efc+MvDcDBT6e iHSb14ivFna6sv02zg8Gg9bMllRSfLkucFgfUza9G4v5XfMmBh3BHDx5ujkGXml9 ZFrVmaX5mNgFYuEFQr638ZdvAOqEtnQ+xrjiQG623rNo8NFlIPJBlhviR2qaiupt go4HoH12x1D2Msi6dmI7OHr8i9DzKhOCs9InHoGVRNq2XJTPjljywSJgV1f+VFwh y8jZzjzTi1SD3e0HMEaSiGbkYv3wEgTTuWnLzSvfYLLZ3gJMpNOmGc1gd7Y6b9wF 8w+tjVMkdow8EU1PdKv0Pacbh7Qx39yDwomW15YNgt6aKYoCQp10XsCH9U3MNSql 9pEyLItMyy3oyiYyOilPz1nAeaI1rvEAatZ4ddvQHdXa4Ly1fCKSIsEd+AEOpGxx ua+s3V3PkSQ= =yeV+ -----END PGP SIGNATURE-----
Powered by blists - more mailing lists